diff --git a/.pulumi-java-gen.version b/.pulumi-java-gen.version new file mode 100644 index 00000000..6f060dcb --- /dev/null +++ b/.pulumi-java-gen.version @@ -0,0 +1 @@ +0.9.9 \ No newline at end of file diff --git a/examples/go.mod b/examples/go.mod index da26cd02..a2e0790b 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -2,21 +2,19 @@ module github.com/pulumiverse/pulumi-aquasec/examples go 1.19 -require github.com/pulumi/pulumi/pkg/v3 v3.54.0 +require github.com/pulumi/pulumi/pkg/v3 v3.103.1 require ( - cloud.google.com/go v0.103.0 // indirect - cloud.google.com/go/compute v1.7.0 // indirect - cloud.google.com/go/iam v0.3.0 // indirect - cloud.google.com/go/kms v1.4.0 // indirect - cloud.google.com/go/logging v1.0.0 // indirect - cloud.google.com/go/storage v1.24.0 // indirect - github.com/AlecAivazis/survey/v2 v2.0.5 // indirect + cloud.google.com/go v0.110.4 // indirect + cloud.google.com/go/compute v1.20.1 // indirect + cloud.google.com/go/compute/metadata v0.2.3 // indirect + cloud.google.com/go/iam v1.1.1 // indirect + cloud.google.com/go/kms v1.12.1 // indirect + cloud.google.com/go/logging v1.7.0 // indirect + cloud.google.com/go/longrunning v0.5.1 // indirect + cloud.google.com/go/storage v1.30.1 // indirect + dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go v66.0.0+incompatible // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.28 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect @@ -27,63 +25,61 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect - github.com/Microsoft/go-winio v0.5.2 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect - github.com/acomagu/bufpipe v1.0.3 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/armon/go-metrics v0.4.0 // indirect github.com/armon/go-radix v1.0.0 // indirect - github.com/aws/aws-sdk-go v1.44.68 // indirect + github.com/atotto/clipboard v0.1.4 // indirect + github.com/aws/aws-sdk-go v1.44.298 // indirect github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.3 // indirect github.com/aws/aws-sdk-go-v2/config v1.15.15 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.12.10 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.21 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.3.16 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.6 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.10 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.9 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.9 // indirect github.com/aws/aws-sdk-go-v2/service/kms v1.18.1 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.27.2 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.11.13 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.16.10 // indirect github.com/aws/smithy-go v1.13.5 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect + github.com/charmbracelet/bubbles v0.16.1 // indirect + github.com/charmbracelet/bubbletea v0.24.2 // indirect + github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect - github.com/cloudflare/circl v1.1.0 // indirect + github.com/cloudflare/circl v1.3.7 // indirect + github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/deckarep/golang-set/v2 v2.5.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/djherbis/times v1.5.0 // indirect - github.com/dustin/go-humanize v1.0.0 // indirect github.com/edsrzf/mmap-go v1.1.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fatih/color v1.13.0 // indirect - github.com/go-git/gcfg v1.5.0 // indirect - github.com/go-git/go-billy/v5 v5.3.1 // indirect - github.com/go-git/go-git/v5 v5.5.1 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.5.0 // indirect + github.com/go-git/go-git/v5 v5.11.0 // indirect github.com/gofrs/uuid v4.2.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt v3.2.1+incompatible // indirect github.com/golang-jwt/jwt/v4 v4.4.2 // indirect - github.com/golang/glog v1.0.0 // indirect + github.com/golang/glog v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.4 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect + github.com/google/s2a-go v0.1.4 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect - github.com/googleapis/gax-go/v2 v2.4.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -91,7 +87,7 @@ require ( github.com/hashicorp/go-hclog v1.2.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.4.5 // indirect + github.com/hashicorp/go-plugin v1.4.6 // indirect github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect @@ -102,23 +98,20 @@ require ( github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hashicorp/hcl/v2 v2.15.0 // indirect + github.com/hashicorp/hcl/v2 v2.17.0 // indirect github.com/hashicorp/vault/api v1.8.2 // indirect github.com/hashicorp/vault/sdk v0.6.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect - github.com/ijc/Gotty v0.0.0-20170406111628-a8b993ba6abd // indirect - github.com/imdario/mergo v0.3.13 // indirect - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mattn/go-colorable v0.1.12 // indirect - github.com/mattn/go-isatty v0.0.14 // indirect - github.com/mattn/go-runewidth v0.0.13 // indirect - github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-localereader v0.0.1 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect @@ -128,31 +121,36 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect + github.com/muesli/reflow v0.3.0 // indirect + github.com/muesli/termenv v0.15.2 // indirect github.com/natefinch/atomic v1.0.1 // indirect github.com/oklog/run v1.1.0 // indirect github.com/opentracing/basictracer-go v1.1.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/pgavlin/fx v0.1.6 // indirect github.com/pgavlin/goldmark v1.1.33-0.20200616210433-b5eb04559386 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect - github.com/pjbgf/sha1cd v0.2.3 // indirect - github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pkg/term v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.54.0 // indirect - github.com/rivo/uniseg v0.2.0 // indirect - github.com/rogpeppe/go-internal v1.9.0 // indirect + github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect + github.com/pulumi/esc v0.6.2 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.103.1 // indirect + github.com/rivo/uniseg v0.4.4 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect github.com/segmentio/asm v1.1.3 // indirect github.com/segmentio/encoding v0.3.5 // indirect - github.com/sergi/go-diff v1.2.0 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect - github.com/spf13/cobra v1.6.1 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/skeema/knownhosts v1.2.1 // indirect + github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/testify v1.8.1 // indirect + github.com/stretchr/testify v1.8.4 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect @@ -161,29 +159,32 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - github.com/zclconf/go-cty v1.12.1 // indirect - go.opencensus.io v0.23.0 // indirect + github.com/zclconf/go-cty v1.13.2 // indirect + go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.9.0 // indirect gocloud.dev v0.27.0 // indirect gocloud.dev/secrets/hashivault v0.27.0 // indirect - golang.org/x/crypto v0.3.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.2.0 // indirect - golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/sys v0.2.0 // indirect - golang.org/x/term v0.2.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/sync v0.5.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect - golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect - google.golang.org/api v0.91.0 // indirect + golang.org/x/tools v0.15.0 // indirect + golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect + google.golang.org/api v0.126.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 // indirect - google.golang.org/grpc v1.51.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 // indirect + google.golang.org/grpc v1.57.1 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect - sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 // indirect ) diff --git a/examples/go.sum b/examples/go.sum index 028ba1c7..199359cc 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -3,7 +3,6 @@ bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.43.0/go.mod h1:BOSR3VbTLkk6FDC/TcffxP4NF/FFBGA5ku+jvKOP7pg= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= @@ -34,8 +33,9 @@ cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= -cloud.google.com/go v0.103.0 h1:YXtxp9ymmZjlGzxV7VrYQ8aaQuAgcqxSy6YhDX4I458= cloud.google.com/go v0.103.0/go.mod h1:vwLx1nqLrzLX/fpwSMOXmFIqBOyHsvHbnAdbGSJ+mKk= +cloud.google.com/go v0.110.4 h1:1JYyxKMN9hd5dR2MYTPWkGUgcoxVVhg0LKNKEo0qvmk= +cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -47,19 +47,26 @@ cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJW cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= -cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg= +cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= +cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= -cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= -cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= +cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y= +cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= -cloud.google.com/go/logging v1.0.0 h1:kaunpnoEh9L4hu6JUsBa8Y20LBfKnCuDhKUgdZp7oK8= -cloud.google.com/go/logging v1.0.0/go.mod h1:V1cc3ogwobYzQq5f2R7DS/GvRIrI4FKj01Gs5glwAls= +cloud.google.com/go/kms v1.12.1 h1:xZmZuwy2cwzsocmKDOPu4BL7umg8QXagQx6fKVmf45U= +cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM= +cloud.google.com/go/logging v1.7.0 h1:CJYxlNNNNAMkHp9em/YEXcfJg+rPDg7YfwoRpMU+t5I= +cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= +cloud.google.com/go/longrunning v0.5.1 h1:Fr7TXftcqTudoyRJa113hyaqlGdiBQkp0Gq7tErFDWI= +cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc= cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4= cloud.google.com/go/monitoring v1.5.0/go.mod h1:/o9y8NYX5j91JjD/JvGLYbi86kL11OjyJXq2XziLJu4= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= @@ -75,18 +82,19 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= -cloud.google.com/go/storage v1.24.0 h1:a4N0gIkx83uoVFGz8B2eAV3OhN90QoWF5OZWLKl39ig= cloud.google.com/go/storage v1.24.0/go.mod h1:3xrJEFMXBsQLgxwThyjuD3aYlroL0TMRec1ypGUQ0KE= +cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/oNM= +cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM= code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8= contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/stackdriver v0.13.13/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= -github.com/AlecAivazis/survey/v2 v2.0.5 h1:xpZp+Q55wi5C7Iaze+40onHnEkex1jSc34CltJjOoPM= -github.com/AlecAivazis/survey/v2 v2.0.5/go.mod h1:WYBhg6f0y/fNYUuesWQc0PKbJcEliGcYHB9sNT3Bg74= github.com/Azure/azure-amqp-common-go/v3 v3.2.3/go.mod h1:7rPmbSfszeovxGfc5fSAXE4ehlXQZHpMja2OtxC2Tas= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -95,16 +103,17 @@ github.com/Azure/azure-sdk-for-go v66.0.0+incompatible h1:bmmC38SlE8/E81nNADlgmV github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 h1:rTnT/Jrcm+figWlYz4Ixzt0SJVR2cMC8lvZcimipiEY= github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 h1:Yoicul8bnVdQrhDMTHxdEckRGX01XvwXDHUT9zYZ3k0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8= github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 h1:leh5DwKv6Ihwi+h60uHtn6UWAxBbZ0q8DwQVMzf61zw= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.0.2/go.mod h1:LH9XQnMr2ZYxQdVdCrzLO9mxeDyrDFa6wbSI3x5zCZk= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 h1:QSdcrd/UFJv6Bp/CfoVf2SrENpFn9P6Yh8yb+xNhYMM= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA= github.com/Azure/go-amqp v0.17.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-amqp v0.17.5/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= @@ -148,8 +157,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 h1:WVsrXCnHlDDX8ls+tootqRE87/hL9S/g4ewig9RsD/c= github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= +github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 h1:BWe8a+f/t+7KY7zH2mqygeUD0t8hNFXe08p1Pb3/jKE= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= @@ -166,8 +175,9 @@ github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JP github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -183,11 +193,9 @@ github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/Netflix/go-expect v0.0.0-20180615182759-c93bf25de8e8/go.mod h1:oX5x61PbNXchhh0oikYAH+4Pcfw5LKv21+Jnpr6r6Pc= -github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= @@ -196,8 +204,6 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:H github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= @@ -212,7 +218,6 @@ github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8V github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= @@ -234,6 +239,8 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6l github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= +github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= @@ -242,8 +249,9 @@ github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2z github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.44.45/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.68 h1:7zNr5+HLG0TMq+ZcZ8KhT4eT2KyL7v+u7/jANKEIinM= github.com/aws/aws-sdk-go v1.44.68/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= +github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.16.8/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY= @@ -292,6 +300,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.16.10/go.mod h1:cftkHYN6tCDNfkSasAmc github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -312,7 +322,7 @@ github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx2 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= @@ -328,6 +338,12 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/charmbracelet/bubbles v0.16.1 h1:6uzpAAaT9ZqKssntbvZMlksWHruQLNxg49H5WdeuYSY= +github.com/charmbracelet/bubbles v0.16.1/go.mod h1:2QCp9LFlEsBQMvIYERr7Ww2H2bA7xen1idUDIzm/+Xc= +github.com/charmbracelet/bubbletea v0.24.2 h1:uaQIKx9Ai6Gdh5zpTbGiWpytMU+CfsPp06RaW2cx/SY= +github.com/charmbracelet/bubbletea v0.24.2/go.mod h1:XdrNrV4J8GiyshTtx3DNuYkR1FDaJmO3l2nejekbsgg= +github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E= +github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= @@ -349,8 +365,9 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -388,6 +405,8 @@ github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4g github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= +github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY= +github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= @@ -487,9 +506,10 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= @@ -497,6 +517,8 @@ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjI github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/deckarep/golang-set/v2 v2.5.0 h1:hn6cEZtQ0h3J8kFrHR/NrzyOoTnjgW1+FmNJzQ7y/sA= +github.com/deckarep/golang-set/v2 v2.5.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= github.com/denisenkom/go-mssqldb v0.12.2/go.mod h1:lnIw1mZukFRZDJYQ0Pb833QS2IaC3l5HkEfra2LJ+sk= github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= @@ -513,7 +535,6 @@ github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= @@ -534,7 +555,6 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNE github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= @@ -543,6 +563,7 @@ github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaB github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= @@ -598,16 +619,14 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.5.1 h1:5vtv2TB5PM/gPM+EvsHJ16hJh4uAkdGcKilcwY7FYwo= -github.com/go-git/go-git/v5 v5.5.1/go.mod h1:uz5PQ3d0gz7mSgzZhSJToM6ALPaKCdSnl58/Xb5hzr8= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= +github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -732,8 +751,9 @@ github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -766,8 +786,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -791,8 +812,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -830,6 +851,8 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= github.com/google/pprof v0.0.0-20220608213341-c488b8fa1db3/go.mod h1:gSuNB+gJaOiQKLEZ+q+PK9Mq3SOzhRcw2GsGS/FhYDk= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= +github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -840,16 +863,18 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8= github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= -github.com/googleapis/enterprise-certificate-proxy v0.1.0 h1:zO8WHNx/MYiAKJ3d5spxZXZE6KHmIQGQcAzwUzV7qQw= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= +github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= -github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= @@ -919,8 +944,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= -github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo= -github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= +github.com/hashicorp/go-plugin v1.4.6 h1:MDV3UrKQBM3du3G7MApDGvOsMYy3JQJ4exhSoKBAeVA= +github.com/hashicorp/go-plugin v1.4.6/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= @@ -959,8 +984,8 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.15.0 h1:CPDXO6+uORPjKflkWCCwoWc9uRp+zSIPcCQ+BrxV7m8= -github.com/hashicorp/hcl/v2 v2.15.0/go.mod h1:JRmR89jycNkrrqnMmvPDMd56n1rQJ2Q6KocSLCMCXng= +github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY= +github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= @@ -982,8 +1007,6 @@ github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/hetznercloud/hcloud-go v1.33.1/go.mod h1:XX/TQub3ge0yWR2yHWmnDVIrB+MQbda1pHxkUmDlUME= github.com/hetznercloud/hcloud-go v1.35.0/go.mod h1:mepQwR6va27S3UQthaEPGS86jtzSY9xWL1e9dyxXpgA= -github.com/hinshun/vt10x v0.0.0-20180616224451-1954e6464174/go.mod h1:DqJ97dSdRW1W22yXSB90986pcOyQ7r45iio1KN2ez1A= -github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -991,18 +1014,14 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= -github.com/ijc/Gotty v0.0.0-20170406111628-a8b993ba6abd h1:anPrsicrIi2ColgWTVPk+TrN42hJIWlfPHSBP9S0ZkM= -github.com/ijc/Gotty v0.0.0-20170406111628-a8b993ba6abd/go.mod h1:3LVOLeyx9XVvwPgrt2be44XgSqndprz1G18rSk8KD84= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/ionos-cloud/sdk-go/v6 v6.1.0/go.mod h1:Ox3W0iiEz0GHnfY9e5LmAxwklsxguuNFEUSu0gVRTME= @@ -1080,8 +1099,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= -github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= -github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -1105,7 +1122,6 @@ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.4/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -1125,6 +1141,8 @@ github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0U github.com/linode/linodego v1.4.0/go.mod h1:PVsRxSlOiJyvG4/scTszpmZDTdgS+to3X6eS8pRrWI8= github.com/linode/linodego v1.8.0/go.mod h1:heqhl91D8QTPVm2k9qZHP78zzbOdTFLXE9NJc3bcc50= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -1138,11 +1156,8 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= -github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= -github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -1157,20 +1172,22 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= +github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= -github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= @@ -1232,8 +1249,14 @@ github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJ github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= +github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= +github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= +github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= +github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -1281,6 +1304,7 @@ github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1332,6 +1356,8 @@ github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrap github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= +github.com/pgavlin/fx v0.1.6/go.mod h1:KWZJ6fqBBSh8GxHYqwYCf3rYE7Gp2p0N8tJp8xv9u9M= github.com/pgavlin/goldmark v1.1.33-0.20200616210433-b5eb04559386 h1:LoCV5cscNVWyK5ChN/uCoIFJz8jZD63VQiGJIRgr6uo= github.com/pgavlin/goldmark v1.1.33-0.20200616210433-b5eb04559386/go.mod h1:MRxHTJrf9FhdfNQ8Hdeh9gmHevC9RJE/fu8M3JIGjoE= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= @@ -1339,8 +1365,8 @@ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI= -github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= @@ -1414,22 +1440,28 @@ github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/prometheus v0.35.0/go.mod h1:7HaLx5kEPKJ0GDgbODG0fZgXbQ8K/XjZNJXQmbmgQlY= github.com/prometheus/prometheus v0.37.0/go.mod h1:egARUgz+K93zwqsVIAneFlLZefyGOON44WyAp4Xqbbk= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pulumi/pulumi/pkg/v3 v3.54.0 h1:zA/hK4q5/+A4KHztQyXXbzCAVBbn/7z/4kBz+DKrR9w= -github.com/pulumi/pulumi/pkg/v3 v3.54.0/go.mod h1:aWPriYODdAvSc8dJhen4xSjMC6+f/zqJY1pLe4ecuho= -github.com/pulumi/pulumi/sdk/v3 v3.54.0 h1:KVAvs+NaWeSziootpt+Lc0X3HJSsZjx/n/X24VKDdv4= -github.com/pulumi/pulumi/sdk/v3 v3.54.0/go.mod h1:j95a48tj0E2cTYUU7ZQPBHBR+saDFxp2nDQGJ+IGG6U= +github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= +github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= +github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= +github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= +github.com/pulumi/pulumi/pkg/v3 v3.103.1 h1:sxacPM2TyDSCufZkescZGnMR22t+REu9nhv68u9rLQ8= +github.com/pulumi/pulumi/pkg/v3 v3.103.1/go.mod h1:AotODpuSfN4XommpmMifBExNmucrnH84cbEhVOeqEQM= +github.com/pulumi/pulumi/sdk/v3 v3.103.1 h1:6o0zt5srgIjDsOI5JWNSwMqoB8vGiI3xow0RDZ3JX2c= +github.com/pulumi/pulumi/sdk/v3 v3.103.1/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -1458,9 +1490,8 @@ github.com/segmentio/asm v1.1.3 h1:WM03sfUOENvvKexOLp+pCqgb/WDjsi7EK8gIsICtzhc= github.com/segmentio/asm v1.1.3/go.mod h1:Ld3L4ZXGNcSLRg4JBsZ3//1+f/TjYl0Mzen/DQy1EJg= github.com/segmentio/encoding v0.3.5 h1:UZEiaZ55nlXGDL92scoVuw00RmiRCazIEmvPSbSvt8Y= github.com/segmentio/encoding v0.3.5/go.mod h1:n0JeuIqEQrQoPDGsjo8UNd1iA0U8d8+oHAA4E3G3OxM= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= @@ -1475,8 +1506,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= +github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= @@ -1494,8 +1525,8 @@ github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKv github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -1518,7 +1549,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1529,8 +1559,9 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -1595,8 +1626,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= -github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY= -github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA= +github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0= +github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -1624,8 +1655,9 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= @@ -1704,7 +1736,6 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1727,13 +1758,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1744,6 +1776,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1772,8 +1806,10 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1853,9 +1889,12 @@ golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1880,8 +1919,9 @@ golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220628200809-02e64fa58f26/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c h1:q3gFqPqH7NVofKo3c3yETAP//pPI+G5mvB7qqj1Y5kY= golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1895,8 +1935,10 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1916,7 +1958,6 @@ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190530182044-ad28b68e88f1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2040,17 +2081,24 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2060,8 +2108,12 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2158,6 +2210,9 @@ golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2166,8 +2221,9 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -2215,8 +2271,9 @@ google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3p google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= google.golang.org/api v0.86.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= -google.golang.org/api v0.91.0 h1:731+JzuwaJoZXRQGmPoBiV+SrsAfUaIkdMCWTcQNPyA= google.golang.org/api v0.91.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2235,8 +2292,6 @@ google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190708153700-3bdd9d9f5532/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190716160619-c506a9f90610/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -2327,8 +2382,13 @@ google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljW google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 h1:QntLWYqZeuBtJkth3m/6DLznnI0AHJr+AgJXvVh/izw= google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg= +google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108= +google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU= +google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 h1:2FZP5XuJY9zQyGM5N0rtovnoXjiMUEIUMvw0m9wlpLc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -2372,8 +2432,8 @@ google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= +google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2389,8 +2449,9 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -2434,7 +2495,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= @@ -2510,7 +2570,7 @@ k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= -pgregory.net/rapid v0.4.7 h1:MTNRktPuv5FNqOO151TM9mDTa+XHcX6ypYeISDVD14g= +pgregory.net/rapid v0.6.1 h1:4eyrDxyht86tT4Ztm+kvlyNBLIk071gR+ZQdhphc9dQ= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -2528,5 +2588,3 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= -sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 h1:hfyJ5ku9yFtLVOiSxa3IN+dx5eBQT9mPmKFypAmg8XM= -sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/provider/cmd/pulumi-resource-aquasec/bridge-metadata.json b/provider/cmd/pulumi-resource-aquasec/bridge-metadata.json index 7ba15785..b0aa2a0a 100644 --- a/provider/cmd/pulumi-resource-aquasec/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-aquasec/bridge-metadata.json @@ -139,14 +139,47 @@ "current": "aquasec:index/containerRuntimePolicy:ContainerRuntimePolicy", "fields": { "allowed_executables": { - "maxItemsOne": false + "maxItemsOne": false, + "elem": { + "fields": { + "allow_executables": { + "maxItemsOne": false + }, + "allow_root_executables": { + "maxItemsOne": false + } + } + } }, "allowed_registries": { - "maxItemsOne": false + "maxItemsOne": false, + "elem": { + "fields": { + "allowed_registries": { + "maxItemsOne": false + } + } + } }, "application_scopes": { "maxItemsOne": false }, + "auditing": { + "maxItemsOne": true + }, + "blacklisted_os_users": { + "maxItemsOne": true, + "elem": { + "fields": { + "group_black_list": { + "maxItemsOne": false + }, + "user_black_list": { + "maxItemsOne": false + } + } + } + }, "blocked_capabilities": { "maxItemsOne": false }, @@ -168,35 +201,130 @@ "blocked_volumes": { "maxItemsOne": false }, + "bypass_scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { + "maxItemsOne": false + } + } + } + } + } + } + }, + "container_exec": { + "maxItemsOne": true, + "elem": { + "fields": { + "container_exec_proc_white_list": { + "maxItemsOne": false + }, + "reverse_shell_ip_white_list": { + "maxItemsOne": false + } + } + } + }, "container_exec_allowed_processes": { "maxItemsOne": false }, - "exceptional_readonly_files_and_directories": { - "maxItemsOne": false + "drift_prevention": { + "maxItemsOne": false, + "elem": { + "fields": { + "exec_lockdown_white_list": { + "maxItemsOne": false + } + } + } }, - "exec_lockdown_white_list": { + "exclude_application_scopes": { "maxItemsOne": false }, + "executable_blacklist": { + "maxItemsOne": false, + "elem": { + "fields": { + "executables": { + "maxItemsOne": false + } + } + } + }, + "failed_kubernetes_checks": { + "maxItemsOne": true, + "elem": { + "fields": { + "failed_checks": { + "maxItemsOne": false + } + } + } + }, + "file_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_files_processes": { + "maxItemsOne": false + }, + "block_files_users": { + "maxItemsOne": false + }, + "exceptional_block_files": { + "maxItemsOne": false + }, + "exceptional_block_files_processes": { + "maxItemsOne": false + }, + "exceptional_block_files_users": { + "maxItemsOne": false + }, + "filename_block_list": { + "maxItemsOne": false + } + } + } + }, "file_integrity_monitoring": { "maxItemsOne": true, "elem": { "fields": { - "excluded_paths": { + "exceptional_monitored_files": { "maxItemsOne": false }, - "excluded_processes": { + "exceptional_monitored_files_processes": { "maxItemsOne": false }, - "excluded_users": { + "exceptional_monitored_files_users": { "maxItemsOne": false }, - "monitored_paths": { + "monitored_files": { "maxItemsOne": false }, - "monitored_processes": { + "monitored_files_processes": { "maxItemsOne": false }, - "monitored_users": { + "monitored_files_users": { + "maxItemsOne": false + } + } + } + }, + "limit_container_privileges": { + "maxItemsOne": false + }, + "linux_capabilities": { + "maxItemsOne": true, + "elem": { + "fields": { + "remove_linux_capabilities": { "maxItemsOne": false } } @@ -211,21 +339,187 @@ }, "exclude_processes": { "maxItemsOne": false + }, + "include_directories": { + "maxItemsOne": false } } } }, - "readonly_files_and_directories": { - "maxItemsOne": false + "package_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_packages_processes": { + "maxItemsOne": false + }, + "block_packages_users": { + "maxItemsOne": false + }, + "exceptional_block_packages_files": { + "maxItemsOne": false + }, + "exceptional_block_packages_processes": { + "maxItemsOne": false + }, + "exceptional_block_packages_users": { + "maxItemsOne": false + }, + "packages_black_list": { + "maxItemsOne": false + } + } + } }, - "reverse_shell_allowed_ips": { - "maxItemsOne": false + "port_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_inbound_ports": { + "maxItemsOne": false + }, + "block_outbound_ports": { + "maxItemsOne": false + } + } + } }, - "reverse_shell_allowed_processes": { - "maxItemsOne": false + "readonly_files": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_readonly_files": { + "maxItemsOne": false + }, + "exceptional_readonly_files_processes": { + "maxItemsOne": false + }, + "exceptional_readonly_files_users": { + "maxItemsOne": false + }, + "readonly_files": { + "maxItemsOne": false + }, + "readonly_files_processes": { + "maxItemsOne": false + }, + "readonly_files_users": { + "maxItemsOne": false + } + } + } + }, + "readonly_registry": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_readonly_registry_paths": { + "maxItemsOne": false + }, + "exceptional_readonly_registry_processes": { + "maxItemsOne": false + }, + "exceptional_readonly_registry_users": { + "maxItemsOne": false + }, + "readonly_registry_paths": { + "maxItemsOne": false + }, + "readonly_registry_processes": { + "maxItemsOne": false + }, + "readonly_registry_users": { + "maxItemsOne": false + } + } + } + }, + "registry_access_monitoring": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_monitored_registry_paths": { + "maxItemsOne": false + }, + "exceptional_monitored_registry_processes": { + "maxItemsOne": false + }, + "exceptional_monitored_registry_users": { + "maxItemsOne": false + }, + "monitored_registry_paths": { + "maxItemsOne": false + }, + "monitored_registry_processes": { + "maxItemsOne": false + }, + "monitored_registry_users": { + "maxItemsOne": false + } + } + } + }, + "restricted_volumes": { + "maxItemsOne": false, + "elem": { + "fields": { + "volumes": { + "maxItemsOne": false + } + } + } + }, + "reverse_shell": { + "maxItemsOne": true, + "elem": { + "fields": { + "reverse_shell_ip_white_list": { + "maxItemsOne": false + }, + "reverse_shell_proc_white_list": { + "maxItemsOne": false + } + } + } + }, + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { + "maxItemsOne": false + } + } + } }, "scope_variables": { "maxItemsOne": false + }, + "system_integrity_protection": { + "maxItemsOne": true + }, + "tripwire": { + "maxItemsOne": true, + "elem": { + "fields": { + "apply_on": { + "maxItemsOne": false + } + } + } + }, + "whitelisted_os_users": { + "maxItemsOne": true, + "elem": { + "fields": { + "group_white_list": { + "maxItemsOne": false + }, + "user_white_list": { + "maxItemsOne": false + } + } + } } } }, @@ -297,18 +591,36 @@ "cves_white_list": { "maxItemsOne": false }, + "disallow_exploit_types": { + "maxItemsOne": false + }, "exceptional_monitored_malware_paths": { "maxItemsOne": false }, + "exclude_application_scopes": { + "maxItemsOne": false + }, "forbidden_labels": { "maxItemsOne": false }, "ignored_risk_resources": { "maxItemsOne": false }, + "ignored_sensitive_resources": { + "maxItemsOne": false + }, "images": { "maxItemsOne": false }, + "kubernetes_controls": { + "maxItemsOne": false + }, + "kubernetes_controls_avd_ids": { + "maxItemsOne": false + }, + "kubernetes_controls_names": { + "maxItemsOne": false + }, "labels": { "maxItemsOne": false }, @@ -321,6 +633,9 @@ "packages_white_list": { "maxItemsOne": false }, + "policy_settings": { + "maxItemsOne": true + }, "registries": { "maxItemsOne": false }, @@ -343,6 +658,9 @@ "trusted_base_images": { "maxItemsOne": false }, + "vulnerability_score_range": { + "maxItemsOne": false + }, "whitelisted_licenses": { "maxItemsOne": false } @@ -351,20 +669,367 @@ "aquasec_function_runtime_policy": { "current": "aquasec:index/functionRuntimePolicy:FunctionRuntimePolicy", "fields": { + "allowed_executables": { + "maxItemsOne": false, + "elem": { + "fields": { + "allow_executables": { + "maxItemsOne": false + }, + "allow_root_executables": { + "maxItemsOne": false + } + } + } + }, + "allowed_registries": { + "maxItemsOne": false, + "elem": { + "fields": { + "allowed_registries": { + "maxItemsOne": false + } + } + } + }, "application_scopes": { "maxItemsOne": false }, - "block_malicious_executables_allowed_processes": { - "maxItemsOne": false + "auditing": { + "maxItemsOne": true }, - "blocked_executables": { + "blacklisted_os_users": { + "maxItemsOne": true, + "elem": { + "fields": { + "group_black_list": { + "maxItemsOne": false + }, + "user_black_list": { + "maxItemsOne": false + } + } + } + }, + "bypass_scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { + "maxItemsOne": false + } + } + } + } + } + } + }, + "container_exec": { + "maxItemsOne": true, + "elem": { + "fields": { + "container_exec_proc_white_list": { + "maxItemsOne": false + }, + "reverse_shell_ip_white_list": { + "maxItemsOne": false + } + } + } + }, + "drift_prevention": { + "maxItemsOne": false, + "elem": { + "fields": { + "exec_lockdown_white_list": { + "maxItemsOne": false + } + } + } + }, + "exclude_application_scopes": { "maxItemsOne": false }, + "executable_blacklist": { + "maxItemsOne": false, + "elem": { + "fields": { + "executables": { + "maxItemsOne": false + } + } + } + }, + "failed_kubernetes_checks": { + "maxItemsOne": true, + "elem": { + "fields": { + "failed_checks": { + "maxItemsOne": false + } + } + } + }, + "file_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_files_processes": { + "maxItemsOne": false + }, + "block_files_users": { + "maxItemsOne": false + }, + "exceptional_block_files": { + "maxItemsOne": false + }, + "exceptional_block_files_processes": { + "maxItemsOne": false + }, + "exceptional_block_files_users": { + "maxItemsOne": false + }, + "filename_block_list": { + "maxItemsOne": false + } + } + } + }, + "file_integrity_monitoring": { + "maxItemsOne": false, + "elem": { + "fields": { + "exceptional_monitored_files": { + "maxItemsOne": false + }, + "exceptional_monitored_files_processes": { + "maxItemsOne": false + }, + "exceptional_monitored_files_users": { + "maxItemsOne": false + }, + "monitored_files": { + "maxItemsOne": false + }, + "monitored_files_processes": { + "maxItemsOne": false + }, + "monitored_files_users": { + "maxItemsOne": false + } + } + } + }, "honeypot_apply_on": { "maxItemsOne": false }, + "limit_container_privileges": { + "maxItemsOne": false + }, + "linux_capabilities": { + "maxItemsOne": true, + "elem": { + "fields": { + "remove_linux_capabilities": { + "maxItemsOne": false + } + } + } + }, + "malware_scan_options": { + "maxItemsOne": true, + "elem": { + "fields": { + "exclude_directories": { + "maxItemsOne": false + }, + "exclude_processes": { + "maxItemsOne": false + }, + "include_directories": { + "maxItemsOne": false + } + } + } + }, + "package_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_packages_processes": { + "maxItemsOne": false + }, + "block_packages_users": { + "maxItemsOne": false + }, + "exceptional_block_packages_files": { + "maxItemsOne": false + }, + "exceptional_block_packages_processes": { + "maxItemsOne": false + }, + "exceptional_block_packages_users": { + "maxItemsOne": false + }, + "packages_black_list": { + "maxItemsOne": false + } + } + } + }, + "port_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_inbound_ports": { + "maxItemsOne": false + }, + "block_outbound_ports": { + "maxItemsOne": false + } + } + } + }, + "readonly_files": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_readonly_files": { + "maxItemsOne": false + }, + "exceptional_readonly_files_processes": { + "maxItemsOne": false + }, + "exceptional_readonly_files_users": { + "maxItemsOne": false + }, + "readonly_files": { + "maxItemsOne": false + }, + "readonly_files_processes": { + "maxItemsOne": false + }, + "readonly_files_users": { + "maxItemsOne": false + } + } + } + }, + "readonly_registry": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_readonly_registry_paths": { + "maxItemsOne": false + }, + "exceptional_readonly_registry_processes": { + "maxItemsOne": false + }, + "exceptional_readonly_registry_users": { + "maxItemsOne": false + }, + "readonly_registry_paths": { + "maxItemsOne": false + }, + "readonly_registry_processes": { + "maxItemsOne": false + }, + "readonly_registry_users": { + "maxItemsOne": false + } + } + } + }, + "registry_access_monitoring": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_monitored_registry_paths": { + "maxItemsOne": false + }, + "exceptional_monitored_registry_processes": { + "maxItemsOne": false + }, + "exceptional_monitored_registry_users": { + "maxItemsOne": false + }, + "monitored_registry_paths": { + "maxItemsOne": false + }, + "monitored_registry_processes": { + "maxItemsOne": false + }, + "monitored_registry_users": { + "maxItemsOne": false + } + } + } + }, + "restricted_volumes": { + "maxItemsOne": false, + "elem": { + "fields": { + "volumes": { + "maxItemsOne": false + } + } + } + }, + "reverse_shell": { + "maxItemsOne": true, + "elem": { + "fields": { + "reverse_shell_ip_white_list": { + "maxItemsOne": false + }, + "reverse_shell_proc_white_list": { + "maxItemsOne": false + } + } + } + }, + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { + "maxItemsOne": false + } + } + } + }, "scope_variables": { "maxItemsOne": false + }, + "system_integrity_protection": { + "maxItemsOne": true + }, + "tripwire": { + "maxItemsOne": true, + "elem": { + "fields": { + "apply_on": { + "maxItemsOne": false + } + } + } + }, + "whitelisted_os_users": { + "maxItemsOne": true, + "elem": { + "fields": { + "group_white_list": { + "maxItemsOne": false + }, + "user_white_list": { + "maxItemsOne": false + } + } + } } } }, @@ -405,18 +1070,36 @@ "cves_white_list": { "maxItemsOne": false }, + "disallow_exploit_types": { + "maxItemsOne": false + }, "exceptional_monitored_malware_paths": { "maxItemsOne": false }, + "exclude_application_scopes": { + "maxItemsOne": false + }, "forbidden_labels": { "maxItemsOne": false }, "ignored_risk_resources": { "maxItemsOne": false }, + "ignored_sensitive_resources": { + "maxItemsOne": false + }, "images": { "maxItemsOne": false }, + "kubernetes_controls": { + "maxItemsOne": false + }, + "kubernetes_controls_avd_ids": { + "maxItemsOne": false + }, + "kubernetes_controls_names": { + "maxItemsOne": false + }, "labels": { "maxItemsOne": false }, @@ -429,6 +1112,9 @@ "packages_white_list": { "maxItemsOne": false }, + "policy_settings": { + "maxItemsOne": true + }, "registries": { "maxItemsOne": false }, @@ -448,124 +1134,389 @@ } } }, - "trusted_base_images": { - "maxItemsOne": false - }, - "whitelisted_licenses": { - "maxItemsOne": false - } - } - }, - "aquasec_host_runtime_policy": { - "current": "aquasec:index/hostRuntimePolicy:HostRuntimePolicy", - "fields": { - "application_scopes": { - "maxItemsOne": false - }, - "blocked_files": { - "maxItemsOne": false - }, - "file_integrity_monitoring": { + "trusted_base_images": { + "maxItemsOne": false + }, + "vulnerability_score_range": { + "maxItemsOne": false + }, + "whitelisted_licenses": { + "maxItemsOne": false + } + } + }, + "aquasec_host_runtime_policy": { + "current": "aquasec:index/hostRuntimePolicy:HostRuntimePolicy", + "fields": { + "allowed_executables": { + "maxItemsOne": false, + "elem": { + "fields": { + "allow_executables": { + "maxItemsOne": false + }, + "allow_root_executables": { + "maxItemsOne": false + } + } + } + }, + "allowed_registries": { + "maxItemsOne": false, + "elem": { + "fields": { + "allowed_registries": { + "maxItemsOne": false + } + } + } + }, + "application_scopes": { + "maxItemsOne": false + }, + "auditing": { + "maxItemsOne": true + }, + "blacklisted_os_users": { + "maxItemsOne": true, + "elem": { + "fields": { + "group_black_list": { + "maxItemsOne": false + }, + "user_black_list": { + "maxItemsOne": false + } + } + } + }, + "blocked_files": { + "maxItemsOne": false + }, + "bypass_scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { + "maxItemsOne": false + } + } + } + } + } + } + }, + "container_exec": { + "maxItemsOne": true, + "elem": { + "fields": { + "container_exec_proc_white_list": { + "maxItemsOne": false + }, + "reverse_shell_ip_white_list": { + "maxItemsOne": false + } + } + } + }, + "drift_prevention": { + "maxItemsOne": false, + "elem": { + "fields": { + "exec_lockdown_white_list": { + "maxItemsOne": false + } + } + } + }, + "exclude_application_scopes": { + "maxItemsOne": false + }, + "executable_blacklist": { + "maxItemsOne": false, + "elem": { + "fields": { + "executables": { + "maxItemsOne": false + } + } + } + }, + "failed_kubernetes_checks": { + "maxItemsOne": true, + "elem": { + "fields": { + "failed_checks": { + "maxItemsOne": false + } + } + } + }, + "file_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_files_processes": { + "maxItemsOne": false + }, + "block_files_users": { + "maxItemsOne": false + }, + "exceptional_block_files": { + "maxItemsOne": false + }, + "exceptional_block_files_processes": { + "maxItemsOne": false + }, + "exceptional_block_files_users": { + "maxItemsOne": false + }, + "filename_block_list": { + "maxItemsOne": false + } + } + } + }, + "file_integrity_monitoring": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_monitored_files": { + "maxItemsOne": false + }, + "exceptional_monitored_files_processes": { + "maxItemsOne": false + }, + "exceptional_monitored_files_users": { + "maxItemsOne": false + }, + "monitored_files": { + "maxItemsOne": false + }, + "monitored_files_processes": { + "maxItemsOne": false + }, + "monitored_files_users": { + "maxItemsOne": false + } + } + } + }, + "limit_container_privileges": { + "maxItemsOne": false + }, + "linux_capabilities": { + "maxItemsOne": true, + "elem": { + "fields": { + "remove_linux_capabilities": { + "maxItemsOne": false + } + } + } + }, + "malware_scan_options": { + "maxItemsOne": true, + "elem": { + "fields": { + "exclude_directories": { + "maxItemsOne": false + }, + "exclude_processes": { + "maxItemsOne": false + }, + "include_directories": { + "maxItemsOne": false + } + } + } + }, + "os_groups_allowed": { + "maxItemsOne": false + }, + "os_groups_blocked": { + "maxItemsOne": false + }, + "os_users_allowed": { + "maxItemsOne": false + }, + "os_users_blocked": { + "maxItemsOne": false + }, + "package_block": { + "maxItemsOne": false, + "elem": { + "fields": { + "block_packages_processes": { + "maxItemsOne": false + }, + "block_packages_users": { + "maxItemsOne": false + }, + "exceptional_block_packages_files": { + "maxItemsOne": false + }, + "exceptional_block_packages_processes": { + "maxItemsOne": false + }, + "exceptional_block_packages_users": { + "maxItemsOne": false + }, + "packages_black_list": { + "maxItemsOne": false + } + } + } + }, + "port_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_inbound_ports": { + "maxItemsOne": false + }, + "block_outbound_ports": { + "maxItemsOne": false + } + } + } + }, + "readonly_files": { "maxItemsOne": true, "elem": { "fields": { - "excluded_paths": { + "exceptional_readonly_files": { "maxItemsOne": false }, - "excluded_processes": { + "exceptional_readonly_files_processes": { "maxItemsOne": false }, - "excluded_users": { + "exceptional_readonly_files_users": { "maxItemsOne": false }, - "monitored_paths": { + "readonly_files": { "maxItemsOne": false }, - "monitored_processes": { + "readonly_files_processes": { "maxItemsOne": false }, - "monitored_users": { + "readonly_files_users": { "maxItemsOne": false } } } }, - "malware_scan_options": { + "readonly_registry": { "maxItemsOne": true, "elem": { "fields": { - "exclude_directories": { + "exceptional_readonly_registry_paths": { "maxItemsOne": false }, - "exclude_processes": { + "exceptional_readonly_registry_processes": { + "maxItemsOne": false + }, + "exceptional_readonly_registry_users": { + "maxItemsOne": false + }, + "readonly_registry_paths": { + "maxItemsOne": false + }, + "readonly_registry_processes": { + "maxItemsOne": false + }, + "readonly_registry_users": { "maxItemsOne": false } } } }, - "os_groups_allowed": { - "maxItemsOne": false - }, - "os_groups_blocked": { - "maxItemsOne": false - }, - "os_users_allowed": { - "maxItemsOne": false - }, - "os_users_blocked": { - "maxItemsOne": false - }, - "package_block": { - "maxItemsOne": false - }, - "scope_variables": { - "maxItemsOne": false - }, - "windows_registry_monitoring": { + "registry_access_monitoring": { "maxItemsOne": true, "elem": { "fields": { - "excluded_paths": { + "exceptional_monitored_registry_paths": { "maxItemsOne": false }, - "excluded_processes": { + "exceptional_monitored_registry_processes": { "maxItemsOne": false }, - "excluded_users": { + "exceptional_monitored_registry_users": { "maxItemsOne": false }, - "monitored_paths": { + "monitored_registry_paths": { "maxItemsOne": false }, - "monitored_processes": { + "monitored_registry_processes": { "maxItemsOne": false }, - "monitored_users": { + "monitored_registry_users": { "maxItemsOne": false } } } }, - "windows_registry_protection": { + "restricted_volumes": { + "maxItemsOne": false, + "elem": { + "fields": { + "volumes": { + "maxItemsOne": false + } + } + } + }, + "reverse_shell": { "maxItemsOne": true, "elem": { "fields": { - "excluded_paths": { + "reverse_shell_ip_white_list": { "maxItemsOne": false }, - "excluded_processes": { + "reverse_shell_proc_white_list": { "maxItemsOne": false - }, - "excluded_users": { + } + } + } + }, + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { "maxItemsOne": false - }, - "protected_paths": { + } + } + } + }, + "scope_variables": { + "maxItemsOne": false + }, + "system_integrity_protection": { + "maxItemsOne": true + }, + "tripwire": { + "maxItemsOne": true, + "elem": { + "fields": { + "apply_on": { "maxItemsOne": false - }, - "protected_processes": { + } + } + } + }, + "whitelisted_os_users": { + "maxItemsOne": true, + "elem": { + "fields": { + "group_white_list": { "maxItemsOne": false }, - "protected_users": { + "user_white_list": { "maxItemsOne": false } } @@ -640,18 +1591,36 @@ "cves_white_list": { "maxItemsOne": false }, + "disallow_exploit_types": { + "maxItemsOne": false + }, "exceptional_monitored_malware_paths": { "maxItemsOne": false }, + "exclude_application_scopes": { + "maxItemsOne": false + }, "forbidden_labels": { "maxItemsOne": false }, "ignored_risk_resources": { "maxItemsOne": false }, + "ignored_sensitive_resources": { + "maxItemsOne": false + }, "images": { "maxItemsOne": false }, + "kubernetes_controls": { + "maxItemsOne": true + }, + "kubernetes_controls_avd_ids": { + "maxItemsOne": false + }, + "kubernetes_controls_names": { + "maxItemsOne": false + }, "labels": { "maxItemsOne": false }, @@ -664,6 +1633,9 @@ "packages_white_list": { "maxItemsOne": false }, + "policy_settings": { + "maxItemsOne": true + }, "registries": { "maxItemsOne": false }, @@ -686,6 +1658,9 @@ "trusted_base_images": { "maxItemsOne": false }, + "vulnerability_score_range": { + "maxItemsOne": false + }, "whitelisted_licenses": { "maxItemsOne": false } @@ -751,18 +1726,33 @@ "cves_white_list": { "maxItemsOne": false }, + "disallow_exploit_types": { + "maxItemsOne": false + }, "exceptional_monitored_malware_paths": { "maxItemsOne": false }, + "exclude_application_scopes": { + "maxItemsOne": false + }, "forbidden_labels": { "maxItemsOne": false }, "ignored_risk_resources": { "maxItemsOne": false }, + "ignored_sensitive_resources": { + "maxItemsOne": false + }, "images": { "maxItemsOne": false }, + "kubernetes_controls": { + "maxItemsOne": false + }, + "kubernetes_controls_avd_ids": { + "maxItemsOne": false + }, "kubernetes_controls_names": { "maxItemsOne": false }, @@ -778,6 +1768,9 @@ "packages_white_list": { "maxItemsOne": false }, + "policy_settings": { + "maxItemsOne": true + }, "registries": { "maxItemsOne": false }, @@ -800,6 +1793,9 @@ "trusted_base_images": { "maxItemsOne": false }, + "vulnerability_score_range": { + "maxItemsOne": false + }, "whitelisted_licenses": { "maxItemsOne": false } @@ -824,66 +1820,175 @@ "fields": { "scopes": { "maxItemsOne": false - } - } - }, - "aquasec_role_mapping": { - "current": "aquasec:index/roleMapping:RoleMapping", - "fields": { - "ldap": { - "maxItemsOne": true + } + } + }, + "aquasec_role_mapping": { + "current": "aquasec:index/roleMapping:RoleMapping", + "fields": { + "ldap": { + "maxItemsOne": true + }, + "oauth2": { + "maxItemsOne": true + }, + "openid": { + "maxItemsOne": true + }, + "saml": { + "maxItemsOne": true + } + } + }, + "aquasec_role_mapping_saas": { + "current": "aquasec:index/roleMappingSaas:RoleMappingSaas", + "fields": { + "saml_groups": { + "maxItemsOne": false + } + } + }, + "aquasec_service": { + "current": "aquasec:index/service:Service", + "fields": { + "application_scopes": { + "maxItemsOne": false + }, + "policies": { + "maxItemsOne": false + }, + "scope_variables": { + "maxItemsOne": false + } + } + }, + "aquasec_user": { + "current": "aquasec:index/user:User", + "fields": { + "roles": { + "maxItemsOne": false + } + } + }, + "aquasec_user_saas": { + "current": "aquasec:index/userSaas:UserSaas", + "fields": { + "csp_roles": { + "maxItemsOne": false + }, + "groups": { + "maxItemsOne": false + }, + "logins": { + "maxItemsOne": false + } + } + }, + "aquasec_vmware_assurance_policy": { + "current": "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy", + "fields": { + "allowed_images": { + "maxItemsOne": false + }, + "application_scopes": { + "maxItemsOne": false + }, + "auto_scan_time": { + "maxItemsOne": false, + "elem": { + "fields": { + "week_days": { + "maxItemsOne": false + } + } + } + }, + "blacklist_permissions": { + "maxItemsOne": false + }, + "blacklisted_licenses": { + "maxItemsOne": false + }, + "custom_checks": { + "maxItemsOne": false + }, + "cves_black_list": { + "maxItemsOne": false + }, + "cves_white_list": { + "maxItemsOne": false + }, + "disallow_exploit_types": { + "maxItemsOne": false + }, + "exceptional_monitored_malware_paths": { + "maxItemsOne": false + }, + "exclude_application_scopes": { + "maxItemsOne": false + }, + "forbidden_labels": { + "maxItemsOne": false + }, + "ignored_risk_resources": { + "maxItemsOne": false + }, + "ignored_sensitive_resources": { + "maxItemsOne": false + }, + "images": { + "maxItemsOne": false + }, + "kubernetes_controls": { + "maxItemsOne": false + }, + "kubernetes_controls_avd_ids": { + "maxItemsOne": false + }, + "kubernetes_controls_names": { + "maxItemsOne": false }, - "oauth2": { - "maxItemsOne": true + "labels": { + "maxItemsOne": false }, - "openid": { - "maxItemsOne": true + "monitored_malware_paths": { + "maxItemsOne": false }, - "saml": { - "maxItemsOne": true - } - } - }, - "aquasec_role_mapping_saas": { - "current": "aquasec:index/roleMappingSaas:RoleMappingSaas", - "fields": { - "saml_groups": { + "packages_black_list": { "maxItemsOne": false - } - } - }, - "aquasec_service": { - "current": "aquasec:index/service:Service", - "fields": { - "application_scopes": { + }, + "packages_white_list": { "maxItemsOne": false }, - "policies": { + "policy_settings": { + "maxItemsOne": true + }, + "registries": { "maxItemsOne": false }, - "scope_variables": { + "required_labels": { "maxItemsOne": false - } - } - }, - "aquasec_user": { - "current": "aquasec:index/user:User", - "fields": { - "roles": { + }, + "scap_files": { "maxItemsOne": false - } - } - }, - "aquasec_user_saas": { - "current": "aquasec:index/userSaas:UserSaas", - "fields": { - "csp_roles": { + }, + "scope": { + "maxItemsOne": false, + "elem": { + "fields": { + "variables": { + "maxItemsOne": false + } + } + } + }, + "trusted_base_images": { "maxItemsOne": false }, - "groups": { + "vulnerability_score_range": { "maxItemsOne": false }, - "logins": { + "whitelisted_licenses": { "maxItemsOne": false } } @@ -1033,14 +2138,34 @@ "current": "aquasec:index/getContainerRuntimePolicy:getContainerRuntimePolicy", "fields": { "allowed_executables": { - "maxItemsOne": false + "maxItemsOne": false, + "elem": { + "fields": { + "allow_executables": { + "maxItemsOne": false + }, + "allow_root_executables": { + "maxItemsOne": false + } + } + } }, "allowed_registries": { - "maxItemsOne": false + "maxItemsOne": false, + "elem": { + "fields": { + "allowed_registries": { + "maxItemsOne": false + } + } + } }, "application_scopes": { "maxItemsOne": false }, + "auditing": { + "maxItemsOne": true + }, "blocked_capabilities": { "maxItemsOne": false }, @@ -1062,6 +2187,19 @@ "blocked_volumes": { "maxItemsOne": false }, + "container_exec": { + "maxItemsOne": true, + "elem": { + "fields": { + "container_exec_proc_white_list": { + "maxItemsOne": false + }, + "reverse_shell_ip_white_list": { + "maxItemsOne": false + } + } + } + }, "container_exec_allowed_processes": { "maxItemsOne": false }, @@ -1071,31 +2209,59 @@ "exec_lockdown_white_list": { "maxItemsOne": false }, + "file_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_files_processes": { + "maxItemsOne": false + }, + "block_files_users": { + "maxItemsOne": false + }, + "exceptional_block_files": { + "maxItemsOne": false + }, + "exceptional_block_files_processes": { + "maxItemsOne": false + }, + "exceptional_block_files_users": { + "maxItemsOne": false + }, + "filename_block_list": { + "maxItemsOne": false + } + } + } + }, "file_integrity_monitoring": { "maxItemsOne": false, "elem": { "fields": { - "excluded_paths": { + "exceptional_monitored_files": { "maxItemsOne": false }, - "excluded_processes": { + "exceptional_monitored_files_processes": { "maxItemsOne": false }, - "excluded_users": { + "exceptional_monitored_files_users": { "maxItemsOne": false }, - "monitored_paths": { + "monitored_files": { "maxItemsOne": false }, - "monitored_processes": { + "monitored_files_processes": { "maxItemsOne": false }, - "monitored_users": { + "monitored_files_users": { "maxItemsOne": false } } } }, + "limit_container_privileges": { + "maxItemsOne": false + }, "malware_scan_options": { "maxItemsOne": false, "elem": { @@ -1105,6 +2271,47 @@ }, "exclude_processes": { "maxItemsOne": false + }, + "include_directories": { + "maxItemsOne": false + } + } + } + }, + "port_block": { + "maxItemsOne": true, + "elem": { + "fields": { + "block_inbound_ports": { + "maxItemsOne": false + }, + "block_outbound_ports": { + "maxItemsOne": false + } + } + } + }, + "readonly_files": { + "maxItemsOne": true, + "elem": { + "fields": { + "exceptional_readonly_files": { + "maxItemsOne": false + }, + "exceptional_readonly_files_processes": { + "maxItemsOne": false + }, + "exceptional_readonly_files_users": { + "maxItemsOne": false + }, + "readonly_files": { + "maxItemsOne": false + }, + "readonly_files_processes": { + "maxItemsOne": false + }, + "readonly_files_users": { + "maxItemsOne": false } } } @@ -1112,6 +2319,16 @@ "readonly_files_and_directories": { "maxItemsOne": false }, + "restricted_volumes": { + "maxItemsOne": false, + "elem": { + "fields": { + "volumes": { + "maxItemsOne": false + } + } + } + }, "reverse_shell_allowed_ips": { "maxItemsOne": false }, @@ -1254,6 +2471,26 @@ "blocked_executables": { "maxItemsOne": false }, + "drift_prevention": { + "maxItemsOne": false, + "elem": { + "fields": { + "exec_lockdown_white_list": { + "maxItemsOne": false + } + } + } + }, + "executable_blacklist": { + "maxItemsOne": false, + "elem": { + "fields": { + "executables": { + "maxItemsOne": false + } + } + } + }, "honeypot_apply_on": { "maxItemsOne": false }, @@ -1369,6 +2606,9 @@ "application_scopes": { "maxItemsOne": false }, + "auditing": { + "maxItemsOne": true + }, "blocked_files": { "maxItemsOne": false }, @@ -1376,22 +2616,22 @@ "maxItemsOne": false, "elem": { "fields": { - "excluded_paths": { + "exceptional_monitored_files": { "maxItemsOne": false }, - "excluded_processes": { + "exceptional_monitored_files_processes": { "maxItemsOne": false }, - "excluded_users": { + "exceptional_monitored_files_users": { "maxItemsOne": false }, - "monitored_paths": { + "monitored_files": { "maxItemsOne": false }, - "monitored_processes": { + "monitored_files_processes": { "maxItemsOne": false }, - "monitored_users": { + "monitored_files_users": { "maxItemsOne": false } } @@ -1401,6 +2641,9 @@ "maxItemsOne": false, "elem": { "fields": { + "exclude_directories": { + "maxItemsOne": false + }, "exclude_processes": { "maxItemsOne": false }, @@ -1423,7 +2666,29 @@ "maxItemsOne": false }, "package_block": { - "maxItemsOne": false + "maxItemsOne": false, + "elem": { + "fields": { + "block_packages_processes": { + "maxItemsOne": false + }, + "block_packages_users": { + "maxItemsOne": false + }, + "exceptional_block_packages_files": { + "maxItemsOne": false + }, + "exceptional_block_packages_processes": { + "maxItemsOne": false + }, + "exceptional_block_packages_users": { + "maxItemsOne": false + }, + "packages_black_list": { + "maxItemsOne": false + } + } + } }, "scope_variables": { "maxItemsOne": false @@ -1863,7 +3128,31 @@ } }, "auto-settings": { + "resources": { + "aquasec_container_runtime_policy": { + "maxItemsOneOverrides": { + "file_integrity_monitoring": true + } + }, + "aquasec_host_runtime_policy": { + "maxItemsOneOverrides": { + "file_integrity_monitoring": true, + "package_block": false + } + } + }, "datasources": { + "aquasec_container_runtime_policy": { + "maxItemsOneOverrides": { + "malware_scan_options": false + } + }, + "aquasec_host_runtime_policy": { + "maxItemsOneOverrides": { + "malware_scan_options": false, + "package_block": false + } + }, "aquasec_integration_registries": { "renames": [ "aquasec:index/getIntegrationRegistry:getIntegrationRegistry" @@ -1896,7 +3185,8 @@ "aquasec:index/roleMappingSaas:RoleMappingSaas": "aquasec_role_mapping_saas", "aquasec:index/service:Service": "aquasec_service", "aquasec:index/user:User": "aquasec_user", - "aquasec:index/userSaas:UserSaas": "aquasec_user_saas" + "aquasec:index/userSaas:UserSaas": "aquasec_user_saas", + "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": "aquasec_vmware_assurance_policy" }, "functions": { "aquasec:index/getAcknowledges:getAcknowledges": "aquasec_acknowledges", @@ -1958,22 +3248,138 @@ "aquasec:index/ApplicationScopeCategoryWorkload:ApplicationScopeCategoryWorkload": { "cfs": "cf" }, + "aquasec:index/ContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable": { + "allowExecutables": "allow_executables", + "allowRootExecutables": "allow_root_executables", + "separateExecutables": "separate_executables" + }, + "aquasec:index/ContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry": { + "allowedRegistries": "allowed_registries" + }, + "aquasec:index/ContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing": { + "auditAllNetwork": "audit_all_network", + "auditAllProcesses": "audit_all_processes", + "auditFailedLogin": "audit_failed_login", + "auditOsUserActivity": "audit_os_user_activity", + "auditProcessCmdline": "audit_process_cmdline", + "auditSuccessLogin": "audit_success_login", + "auditUserAccountManagement": "audit_user_account_management" + }, + "aquasec:index/ContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers": { + "groupBlackLists": "group_black_list", + "userBlackLists": "user_black_list" + }, + "aquasec:index/ContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope": { + "scopes": "scope" + }, + "aquasec:index/ContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec": { + "blockContainerExec": "block_container_exec", + "containerExecProcWhiteLists": "container_exec_proc_white_list", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list" + }, + "aquasec:index/ContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention": { + "execLockdown": "exec_lockdown", + "execLockdownWhiteLists": "exec_lockdown_white_list", + "imageLockdown": "image_lockdown" + }, + "aquasec:index/ContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks": { + "failedChecks": "failed_checks" + }, + "aquasec:index/ContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock": { + "blockFilesProcesses": "block_files_processes", + "blockFilesUsers": "block_files_users", + "exceptionalBlockFiles": "exceptional_block_files", + "exceptionalBlockFilesProcesses": "exceptional_block_files_processes", + "exceptionalBlockFilesUsers": "exceptional_block_files_users", + "filenameBlockLists": "filename_block_list" + }, "aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring": { - "excludedPaths": "excluded_paths", - "excludedProcesses": "excluded_processes", - "excludedUsers": "excluded_users", - "monitorAttributes": "monitor_attributes", - "monitorCreate": "monitor_create", - "monitorDelete": "monitor_delete", - "monitorModify": "monitor_modify", - "monitorRead": "monitor_read", - "monitoredPaths": "monitored_paths", - "monitoredProcesses": "monitored_processes", - "monitoredUsers": "monitored_users" + "exceptionalMonitoredFiles": "exceptional_monitored_files", + "exceptionalMonitoredFilesProcesses": "exceptional_monitored_files_processes", + "exceptionalMonitoredFilesUsers": "exceptional_monitored_files_users", + "monitoredFiles": "monitored_files", + "monitoredFilesAttributes": "monitored_files_attributes", + "monitoredFilesCreate": "monitored_files_create", + "monitoredFilesDelete": "monitored_files_delete", + "monitoredFilesModify": "monitored_files_modify", + "monitoredFilesProcesses": "monitored_files_processes", + "monitoredFilesRead": "monitored_files_read", + "monitoredFilesUsers": "monitored_files_users" + }, + "aquasec:index/ContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege": { + "blockAddCapabilities": "block_add_capabilities", + "preventLowPortBinding": "prevent_low_port_binding", + "preventRootUser": "prevent_root_user", + "useHostUser": "use_host_user" + }, + "aquasec:index/ContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities": { + "removeLinuxCapabilities": "remove_linux_capabilities" }, "aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions": { "excludeDirectories": "exclude_directories", - "excludeProcesses": "exclude_processes" + "excludeProcesses": "exclude_processes", + "includeDirectories": "include_directories" + }, + "aquasec:index/ContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock": { + "blockPackagesProcesses": "block_packages_processes", + "blockPackagesUsers": "block_packages_users", + "exceptionalBlockPackagesFiles": "exceptional_block_packages_files", + "exceptionalBlockPackagesProcesses": "exceptional_block_packages_processes", + "exceptionalBlockPackagesUsers": "exceptional_block_packages_users", + "packagesBlackLists": "packages_black_list" + }, + "aquasec:index/ContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock": { + "blockInboundPorts": "block_inbound_ports", + "blockOutboundPorts": "block_outbound_ports" + }, + "aquasec:index/ContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles": { + "exceptionalReadonlyFiles": "exceptional_readonly_files", + "exceptionalReadonlyFilesProcesses": "exceptional_readonly_files_processes", + "exceptionalReadonlyFilesUsers": "exceptional_readonly_files_users", + "readonlyFiles": "readonly_files", + "readonlyFilesProcesses": "readonly_files_processes", + "readonlyFilesUsers": "readonly_files_users" + }, + "aquasec:index/ContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry": { + "exceptionalReadonlyRegistryPaths": "exceptional_readonly_registry_paths", + "exceptionalReadonlyRegistryProcesses": "exceptional_readonly_registry_processes", + "exceptionalReadonlyRegistryUsers": "exceptional_readonly_registry_users", + "readonlyRegistryPaths": "readonly_registry_paths", + "readonlyRegistryProcesses": "readonly_registry_processes", + "readonlyRegistryUsers": "readonly_registry_users" + }, + "aquasec:index/ContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring": { + "exceptionalMonitoredRegistryPaths": "exceptional_monitored_registry_paths", + "exceptionalMonitoredRegistryProcesses": "exceptional_monitored_registry_processes", + "exceptionalMonitoredRegistryUsers": "exceptional_monitored_registry_users", + "monitoredRegistryAttributes": "monitored_registry_attributes", + "monitoredRegistryCreate": "monitored_registry_create", + "monitoredRegistryDelete": "monitored_registry_delete", + "monitoredRegistryModify": "monitored_registry_modify", + "monitoredRegistryPaths": "monitored_registry_paths", + "monitoredRegistryProcesses": "monitored_registry_processes", + "monitoredRegistryRead": "monitored_registry_read", + "monitoredRegistryUsers": "monitored_registry_users" + }, + "aquasec:index/ContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell": { + "blockReverseShell": "block_reverse_shell", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list", + "reverseShellProcWhiteLists": "reverse_shell_proc_white_list" + }, + "aquasec:index/ContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection": { + "auditSystemtimeChange": "audit_systemtime_change", + "monitorAuditLogIntegrity": "monitor_audit_log_integrity", + "windowsServicesMonitoring": "windows_services_monitoring" + }, + "aquasec:index/ContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire": { + "applyOns": "apply_on", + "serverlessApp": "serverless_app", + "userId": "user_id", + "userPassword": "user_password" + }, + "aquasec:index/ContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers": { + "groupWhiteLists": "group_white_list", + "userWhiteLists": "user_white_list" }, "aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator": { "serviceAccount": "service_account" @@ -1995,12 +3401,153 @@ "readOnly": "read_only", "scriptId": "script_id" }, + "aquasec:index/FunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl": { + "avdId": "avd_id", + "scriptId": "script_id" + }, "aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList": { "versionRange": "version_range" }, "aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList": { "versionRange": "version_range" }, + "aquasec:index/FunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings": { + "isAuditChecked": "is_audit_checked", + "warningMessage": "warning_message" + }, + "aquasec:index/FunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable": { + "allowExecutables": "allow_executables", + "allowRootExecutables": "allow_root_executables", + "separateExecutables": "separate_executables" + }, + "aquasec:index/FunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry": { + "allowedRegistries": "allowed_registries" + }, + "aquasec:index/FunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing": { + "auditAllNetwork": "audit_all_network", + "auditAllProcesses": "audit_all_processes", + "auditFailedLogin": "audit_failed_login", + "auditOsUserActivity": "audit_os_user_activity", + "auditProcessCmdline": "audit_process_cmdline", + "auditSuccessLogin": "audit_success_login", + "auditUserAccountManagement": "audit_user_account_management" + }, + "aquasec:index/FunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers": { + "groupBlackLists": "group_black_list", + "userBlackLists": "user_black_list" + }, + "aquasec:index/FunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope": { + "scopes": "scope" + }, + "aquasec:index/FunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec": { + "blockContainerExec": "block_container_exec", + "containerExecProcWhiteLists": "container_exec_proc_white_list", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list" + }, + "aquasec:index/FunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention": { + "execLockdown": "exec_lockdown", + "execLockdownWhiteLists": "exec_lockdown_white_list", + "imageLockdown": "image_lockdown" + }, + "aquasec:index/FunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks": { + "failedChecks": "failed_checks" + }, + "aquasec:index/FunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock": { + "blockFilesProcesses": "block_files_processes", + "blockFilesUsers": "block_files_users", + "exceptionalBlockFiles": "exceptional_block_files", + "exceptionalBlockFilesProcesses": "exceptional_block_files_processes", + "exceptionalBlockFilesUsers": "exceptional_block_files_users", + "filenameBlockLists": "filename_block_list" + }, + "aquasec:index/FunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring": { + "exceptionalMonitoredFiles": "exceptional_monitored_files", + "exceptionalMonitoredFilesProcesses": "exceptional_monitored_files_processes", + "exceptionalMonitoredFilesUsers": "exceptional_monitored_files_users", + "monitoredFiles": "monitored_files", + "monitoredFilesAttributes": "monitored_files_attributes", + "monitoredFilesCreate": "monitored_files_create", + "monitoredFilesDelete": "monitored_files_delete", + "monitoredFilesModify": "monitored_files_modify", + "monitoredFilesProcesses": "monitored_files_processes", + "monitoredFilesRead": "monitored_files_read", + "monitoredFilesUsers": "monitored_files_users" + }, + "aquasec:index/FunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege": { + "blockAddCapabilities": "block_add_capabilities", + "preventLowPortBinding": "prevent_low_port_binding", + "preventRootUser": "prevent_root_user", + "useHostUser": "use_host_user" + }, + "aquasec:index/FunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities": { + "removeLinuxCapabilities": "remove_linux_capabilities" + }, + "aquasec:index/FunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions": { + "excludeDirectories": "exclude_directories", + "excludeProcesses": "exclude_processes", + "includeDirectories": "include_directories" + }, + "aquasec:index/FunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock": { + "blockPackagesProcesses": "block_packages_processes", + "blockPackagesUsers": "block_packages_users", + "exceptionalBlockPackagesFiles": "exceptional_block_packages_files", + "exceptionalBlockPackagesProcesses": "exceptional_block_packages_processes", + "exceptionalBlockPackagesUsers": "exceptional_block_packages_users", + "packagesBlackLists": "packages_black_list" + }, + "aquasec:index/FunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock": { + "blockInboundPorts": "block_inbound_ports", + "blockOutboundPorts": "block_outbound_ports" + }, + "aquasec:index/FunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles": { + "exceptionalReadonlyFiles": "exceptional_readonly_files", + "exceptionalReadonlyFilesProcesses": "exceptional_readonly_files_processes", + "exceptionalReadonlyFilesUsers": "exceptional_readonly_files_users", + "readonlyFiles": "readonly_files", + "readonlyFilesProcesses": "readonly_files_processes", + "readonlyFilesUsers": "readonly_files_users" + }, + "aquasec:index/FunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry": { + "exceptionalReadonlyRegistryPaths": "exceptional_readonly_registry_paths", + "exceptionalReadonlyRegistryProcesses": "exceptional_readonly_registry_processes", + "exceptionalReadonlyRegistryUsers": "exceptional_readonly_registry_users", + "readonlyRegistryPaths": "readonly_registry_paths", + "readonlyRegistryProcesses": "readonly_registry_processes", + "readonlyRegistryUsers": "readonly_registry_users" + }, + "aquasec:index/FunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring": { + "exceptionalMonitoredRegistryPaths": "exceptional_monitored_registry_paths", + "exceptionalMonitoredRegistryProcesses": "exceptional_monitored_registry_processes", + "exceptionalMonitoredRegistryUsers": "exceptional_monitored_registry_users", + "monitoredRegistryAttributes": "monitored_registry_attributes", + "monitoredRegistryCreate": "monitored_registry_create", + "monitoredRegistryDelete": "monitored_registry_delete", + "monitoredRegistryModify": "monitored_registry_modify", + "monitoredRegistryPaths": "monitored_registry_paths", + "monitoredRegistryProcesses": "monitored_registry_processes", + "monitoredRegistryRead": "monitored_registry_read", + "monitoredRegistryUsers": "monitored_registry_users" + }, + "aquasec:index/FunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell": { + "blockReverseShell": "block_reverse_shell", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list", + "reverseShellProcWhiteLists": "reverse_shell_proc_white_list" + }, + "aquasec:index/FunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection": { + "auditSystemtimeChange": "audit_systemtime_change", + "monitorAuditLogIntegrity": "monitor_audit_log_integrity", + "windowsServicesMonitoring": "windows_services_monitoring" + }, + "aquasec:index/FunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire": { + "applyOns": "apply_on", + "serverlessApp": "serverless_app", + "userId": "user_id", + "userPassword": "user_password" + }, + "aquasec:index/FunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers": { + "groupWhiteLists": "group_white_list", + "userWhiteLists": "user_white_list" + }, "aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime": { "iterationType": "iteration_type", "weekDays": "week_days" @@ -2016,43 +3563,142 @@ "aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList": { "versionRange": "version_range" }, + "aquasec:index/HostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings": { + "isAuditChecked": "is_audit_checked", + "warningMessage": "warning_message" + }, + "aquasec:index/HostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable": { + "allowExecutables": "allow_executables", + "allowRootExecutables": "allow_root_executables", + "separateExecutables": "separate_executables" + }, + "aquasec:index/HostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry": { + "allowedRegistries": "allowed_registries" + }, + "aquasec:index/HostRuntimePolicyAuditing:HostRuntimePolicyAuditing": { + "auditAllNetwork": "audit_all_network", + "auditAllProcesses": "audit_all_processes", + "auditFailedLogin": "audit_failed_login", + "auditOsUserActivity": "audit_os_user_activity", + "auditProcessCmdline": "audit_process_cmdline", + "auditSuccessLogin": "audit_success_login", + "auditUserAccountManagement": "audit_user_account_management" + }, + "aquasec:index/HostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers": { + "groupBlackLists": "group_black_list", + "userBlackLists": "user_black_list" + }, + "aquasec:index/HostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope": { + "scopes": "scope" + }, + "aquasec:index/HostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec": { + "blockContainerExec": "block_container_exec", + "containerExecProcWhiteLists": "container_exec_proc_white_list", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list" + }, + "aquasec:index/HostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention": { + "execLockdown": "exec_lockdown", + "execLockdownWhiteLists": "exec_lockdown_white_list", + "imageLockdown": "image_lockdown" + }, + "aquasec:index/HostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks": { + "failedChecks": "failed_checks" + }, + "aquasec:index/HostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock": { + "blockFilesProcesses": "block_files_processes", + "blockFilesUsers": "block_files_users", + "exceptionalBlockFiles": "exceptional_block_files", + "exceptionalBlockFilesProcesses": "exceptional_block_files_processes", + "exceptionalBlockFilesUsers": "exceptional_block_files_users", + "filenameBlockLists": "filename_block_list" + }, "aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring": { - "excludedPaths": "excluded_paths", - "excludedProcesses": "excluded_processes", - "excludedUsers": "excluded_users", - "monitorAttributes": "monitor_attributes", - "monitorCreate": "monitor_create", - "monitorDelete": "monitor_delete", - "monitorModify": "monitor_modify", - "monitorRead": "monitor_read", - "monitoredPaths": "monitored_paths", - "monitoredProcesses": "monitored_processes", - "monitoredUsers": "monitored_users" + "exceptionalMonitoredFiles": "exceptional_monitored_files", + "exceptionalMonitoredFilesProcesses": "exceptional_monitored_files_processes", + "exceptionalMonitoredFilesUsers": "exceptional_monitored_files_users", + "monitoredFiles": "monitored_files", + "monitoredFilesAttributes": "monitored_files_attributes", + "monitoredFilesCreate": "monitored_files_create", + "monitoredFilesDelete": "monitored_files_delete", + "monitoredFilesModify": "monitored_files_modify", + "monitoredFilesProcesses": "monitored_files_processes", + "monitoredFilesRead": "monitored_files_read", + "monitoredFilesUsers": "monitored_files_users" + }, + "aquasec:index/HostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege": { + "blockAddCapabilities": "block_add_capabilities", + "preventLowPortBinding": "prevent_low_port_binding", + "preventRootUser": "prevent_root_user", + "useHostUser": "use_host_user" + }, + "aquasec:index/HostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities": { + "removeLinuxCapabilities": "remove_linux_capabilities" }, "aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions": { "excludeDirectories": "exclude_directories", - "excludeProcesses": "exclude_processes" + "excludeProcesses": "exclude_processes", + "includeDirectories": "include_directories" }, - "aquasec:index/HostRuntimePolicyWindowsRegistryMonitoring:HostRuntimePolicyWindowsRegistryMonitoring": { - "excludedPaths": "excluded_paths", - "excludedProcesses": "excluded_processes", - "excludedUsers": "excluded_users", - "monitorAttributes": "monitor_attributes", - "monitorCreate": "monitor_create", - "monitorDelete": "monitor_delete", - "monitorModify": "monitor_modify", - "monitorRead": "monitor_read", - "monitoredPaths": "monitored_paths", - "monitoredProcesses": "monitored_processes", - "monitoredUsers": "monitored_users" + "aquasec:index/HostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock": { + "blockPackagesProcesses": "block_packages_processes", + "blockPackagesUsers": "block_packages_users", + "exceptionalBlockPackagesFiles": "exceptional_block_packages_files", + "exceptionalBlockPackagesProcesses": "exceptional_block_packages_processes", + "exceptionalBlockPackagesUsers": "exceptional_block_packages_users", + "packagesBlackLists": "packages_black_list" + }, + "aquasec:index/HostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock": { + "blockInboundPorts": "block_inbound_ports", + "blockOutboundPorts": "block_outbound_ports" + }, + "aquasec:index/HostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles": { + "exceptionalReadonlyFiles": "exceptional_readonly_files", + "exceptionalReadonlyFilesProcesses": "exceptional_readonly_files_processes", + "exceptionalReadonlyFilesUsers": "exceptional_readonly_files_users", + "readonlyFiles": "readonly_files", + "readonlyFilesProcesses": "readonly_files_processes", + "readonlyFilesUsers": "readonly_files_users" + }, + "aquasec:index/HostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry": { + "exceptionalReadonlyRegistryPaths": "exceptional_readonly_registry_paths", + "exceptionalReadonlyRegistryProcesses": "exceptional_readonly_registry_processes", + "exceptionalReadonlyRegistryUsers": "exceptional_readonly_registry_users", + "readonlyRegistryPaths": "readonly_registry_paths", + "readonlyRegistryProcesses": "readonly_registry_processes", + "readonlyRegistryUsers": "readonly_registry_users" + }, + "aquasec:index/HostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring": { + "exceptionalMonitoredRegistryPaths": "exceptional_monitored_registry_paths", + "exceptionalMonitoredRegistryProcesses": "exceptional_monitored_registry_processes", + "exceptionalMonitoredRegistryUsers": "exceptional_monitored_registry_users", + "monitoredRegistryAttributes": "monitored_registry_attributes", + "monitoredRegistryCreate": "monitored_registry_create", + "monitoredRegistryDelete": "monitored_registry_delete", + "monitoredRegistryModify": "monitored_registry_modify", + "monitoredRegistryPaths": "monitored_registry_paths", + "monitoredRegistryProcesses": "monitored_registry_processes", + "monitoredRegistryRead": "monitored_registry_read", + "monitoredRegistryUsers": "monitored_registry_users" + }, + "aquasec:index/HostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell": { + "blockReverseShell": "block_reverse_shell", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list", + "reverseShellProcWhiteLists": "reverse_shell_proc_white_list" }, - "aquasec:index/HostRuntimePolicyWindowsRegistryProtection:HostRuntimePolicyWindowsRegistryProtection": { - "excludedPaths": "excluded_paths", - "excludedProcesses": "excluded_processes", - "excludedUsers": "excluded_users", - "protectedPaths": "protected_paths", - "protectedProcesses": "protected_processes", - "protectedUsers": "protected_users" + "aquasec:index/HostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection": { + "auditSystemtimeChange": "audit_systemtime_change", + "monitorAuditLogIntegrity": "monitor_audit_log_integrity", + "windowsServicesMonitoring": "windows_services_monitoring" + }, + "aquasec:index/HostRuntimePolicyTripwire:HostRuntimePolicyTripwire": { + "applyOns": "apply_on", + "serverlessApp": "serverless_app", + "userId": "user_id", + "userPassword": "user_password" + }, + "aquasec:index/HostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers": { + "groupWhiteLists": "group_white_list", + "userWhiteLists": "user_white_list" }, "aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed": { "assuranceType": "assurance_type", @@ -2069,12 +3715,20 @@ "readOnly": "read_only", "scriptId": "script_id" }, + "aquasec:index/ImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls": { + "avdId": "avd_id", + "scriptId": "script_id" + }, "aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList": { "versionRange": "version_range" }, "aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList": { "versionRange": "version_range" }, + "aquasec:index/ImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings": { + "isAuditChecked": "is_audit_checked", + "warningMessage": "warning_message" + }, "aquasec:index/ImageHistory:ImageHistory": { "createdBy": "created_by" }, @@ -2150,12 +3804,20 @@ "readOnly": "read_only", "scriptId": "script_id" }, + "aquasec:index/KubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl": { + "avdId": "avd_id", + "scriptId": "script_id" + }, "aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList": { "versionRange": "version_range" }, "aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList": { "versionRange": "version_range" }, + "aquasec:index/KubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings": { + "isAuditChecked": "is_audit_checked", + "warningMessage": "warning_message" + }, "aquasec:index/RoleMappingLdap:RoleMappingLdap": { "roleMapping": "role_mapping" }, @@ -2175,6 +3837,29 @@ "ipAddress": "ip_address", "userId": "user_id" }, + "aquasec:index/VmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime": { + "iterationType": "iteration_type", + "weekDays": "week_days" + }, + "aquasec:index/VmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck": { + "lastModified": "last_modified", + "readOnly": "read_only", + "scriptId": "script_id" + }, + "aquasec:index/VmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl": { + "avdId": "avd_id", + "scriptId": "script_id" + }, + "aquasec:index/VmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList": { + "versionRange": "version_range" + }, + "aquasec:index/VmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList": { + "versionRange": "version_range" + }, + "aquasec:index/VmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings": { + "isAuditChecked": "is_audit_checked", + "warningMessage": "warning_message" + }, "aquasec:index/applicationScope:ApplicationScope": { "ownerEmail": "owner_email" }, @@ -2184,20 +3869,20 @@ "applicationScopes": "application_scopes", "auditAllNetworkActivity": "audit_all_network_activity", "auditAllProcessesActivity": "audit_all_processes_activity", + "auditBruteForceLogin": "audit_brute_force_login", "auditFullCommandArguments": "audit_full_command_arguments", + "blacklistedOsUsers": "blacklisted_os_users", "blockAccessHostNetwork": "block_access_host_network", "blockAddingCapabilities": "block_adding_capabilities", "blockContainerExec": "block_container_exec", "blockCryptocurrencyMining": "block_cryptocurrency_mining", + "blockDisallowedImages": "block_disallowed_images", "blockFilelessExec": "block_fileless_exec", "blockLowPortBinding": "block_low_port_binding", - "blockNonCompliantImages": "block_non_compliant_images", "blockNonCompliantWorkloads": "block_non_compliant_workloads", "blockNonK8sContainers": "block_non_k8s_containers", "blockPrivilegedContainers": "block_privileged_containers", - "blockReverseShell": "block_reverse_shell", "blockRootUser": "block_root_user", - "blockUnregisteredImages": "block_unregistered_images", "blockUseIpcNamespace": "block_use_ipc_namespace", "blockUsePidNamespace": "block_use_pid_namespace", "blockUseUserNamespace": "block_use_user_namespace", @@ -2209,24 +3894,52 @@ "blockedOutboundPorts": "blocked_outbound_ports", "blockedPackages": "blocked_packages", "blockedVolumes": "blocked_volumes", + "bypassScopes": "bypass_scope", + "containerExec": "container_exec", "containerExecAllowedProcesses": "container_exec_allowed_processes", - "enableDriftPrevention": "enable_drift_prevention", + "defaultSecurityProfile": "default_security_profile", + "driftPreventions": "drift_prevention", + "enableCryptoMiningDns": "enable_crypto_mining_dns", "enableForkGuard": "enable_fork_guard", - "enableIpReputationSecurity": "enable_ip_reputation_security", - "enablePortScanDetection": "enable_port_scan_detection", + "enableIpReputation": "enable_ip_reputation", + "enablePortScanProtection": "enable_port_scan_protection", "enforceAfterDays": "enforce_after_days", - "exceptionalReadonlyFilesAndDirectories": "exceptional_readonly_files_and_directories", - "execLockdownWhiteLists": "exec_lockdown_white_list", + "enforceSchedulerAddedOn": "enforce_scheduler_added_on", + "excludeApplicationScopes": "exclude_application_scopes", + "executableBlacklists": "executable_blacklist", + "failedKubernetesChecks": "failed_kubernetes_checks", + "fileBlock": "file_block", "fileIntegrityMonitoring": "file_integrity_monitoring", "forkGuardProcessLimit": "fork_guard_process_limit", + "imageName": "image_name", + "isAuditChecked": "is_audit_checked", + "isAutoGenerated": "is_auto_generated", + "isOotbPolicy": "is_ootb_policy", + "limitContainerPrivileges": "limit_container_privileges", "limitNewPrivileges": "limit_new_privileges", + "linuxCapabilities": "linux_capabilities", "malwareScanOptions": "malware_scan_options", "monitorSystemTimeChanges": "monitor_system_time_changes", - "readonlyFilesAndDirectories": "readonly_files_and_directories", - "reverseShellAllowedIps": "reverse_shell_allowed_ips", - "reverseShellAllowedProcesses": "reverse_shell_allowed_processes", + "noNewPrivileges": "no_new_privileges", + "onlyRegisteredImages": "only_registered_images", + "packageBlock": "package_block", + "portBlock": "port_block", + "readonlyFiles": "readonly_files", + "readonlyRegistry": "readonly_registry", + "registryAccessMonitoring": "registry_access_monitoring", + "repoName": "repo_name", + "resourceName": "resource_name", + "resourceType": "resource_type", + "restrictedVolumes": "restricted_volumes", + "reverseShell": "reverse_shell", + "runtimeMode": "runtime_mode", + "runtimeType": "runtime_type", "scopeExpression": "scope_expression", - "scopeVariables": "scope_variables" + "scopeVariables": "scope_variables", + "scopes": "scope", + "systemIntegrityProtection": "system_integrity_protection", + "vpatchVersion": "vpatch_version", + "whitelistedOsUsers": "whitelisted_os_users" }, "aquasec:index/enforcerGroups:EnforcerGroups": { "admissionControl": "admission_control", @@ -2290,8 +4003,10 @@ "outboundNetworks": "outbound_networks" }, "aquasec:index/functionAssurancePolicy:FunctionAssurancePolicy": { + "aggregatedVulnerability": "aggregated_vulnerability", "allowedImages": "allowed_images", "applicationScopes": "application_scopes", + "assuranceType": "assurance_type", "auditOnFailure": "audit_on_failure", "autoScanConfigured": "auto_scan_configured", "autoScanEnabled": "auto_scan_enabled", @@ -2304,6 +4019,7 @@ "controlExcludeNoFix": "control_exclude_no_fix", "customChecks": "custom_checks", "customChecksEnabled": "custom_checks_enabled", + "customSeverity": "custom_severity", "customSeverityEnabled": "custom_severity_enabled", "cvesBlackListEnabled": "cves_black_list_enabled", "cvesBlackLists": "cves_black_list", @@ -2312,6 +4028,7 @@ "cvssSeverity": "cvss_severity", "cvssSeverityEnabled": "cvss_severity_enabled", "cvssSeverityExcludeNoFix": "cvss_severity_exclude_no_fix", + "disallowExploitTypes": "disallow_exploit_types", "disallowMalware": "disallow_malware", "dockerCisEnabled": "docker_cis_enabled", "domainName": "domain_name", @@ -2320,52 +4037,112 @@ "enforceAfterDays": "enforce_after_days", "enforceExcessivePermissions": "enforce_excessive_permissions", "exceptionalMonitoredMalwarePaths": "exceptional_monitored_malware_paths", + "excludeApplicationScopes": "exclude_application_scopes", "failCicd": "fail_cicd", "forbiddenLabels": "forbidden_labels", "forbiddenLabelsEnabled": "forbidden_labels_enabled", "forceMicroenforcer": "force_microenforcer", "functionIntegrityEnabled": "function_integrity_enabled", + "ignoreBaseImageVln": "ignore_base_image_vln", "ignoreRecentlyPublishedVln": "ignore_recently_published_vln", "ignoreRecentlyPublishedVlnPeriod": "ignore_recently_published_vln_period", "ignoreRiskResourcesEnabled": "ignore_risk_resources_enabled", "ignoredRiskResources": "ignored_risk_resources", + "ignoredSensitiveResources": "ignored_sensitive_resources", "kubeCisEnabled": "kube_cis_enabled", + "kubernetesControls": "kubernetes_controls", + "kubernetesControlsAvdIds": "kubernetes_controls_avd_ids", + "kubernetesControlsNames": "kubernetes_controls_names", + "linuxCisEnabled": "linux_cis_enabled", "malwareAction": "malware_action", "maximumScore": "maximum_score", "maximumScoreEnabled": "maximum_score_enabled", "maximumScoreExcludeNoFix": "maximum_score_exclude_no_fix", "monitoredMalwarePaths": "monitored_malware_paths", "onlyNoneRootUsers": "only_none_root_users", + "openshiftHardeningEnabled": "openshift_hardening_enabled", "packagesBlackListEnabled": "packages_black_list_enabled", "packagesBlackLists": "packages_black_list", "packagesWhiteListEnabled": "packages_white_list_enabled", "packagesWhiteLists": "packages_white_list", "partialResultsImageFail": "partial_results_image_fail", + "policySettings": "policy_settings", "readOnly": "read_only", "requiredLabels": "required_labels", "requiredLabelsEnabled": "required_labels_enabled", + "scanMalwareInArchives": "scan_malware_in_archives", "scanNfsMounts": "scan_nfs_mounts", + "scanProcessMemory": "scan_process_memory", "scanSensitiveData": "scan_sensitive_data", + "scanWindowsRegistry": "scan_windows_registry", "scapEnabled": "scap_enabled", "scapFiles": "scap_files", "scopes": "scope", "trustedBaseImages": "trusted_base_images", "trustedBaseImagesEnabled": "trusted_base_images_enabled", + "vulnerabilityExploitability": "vulnerability_exploitability", + "vulnerabilityScoreRanges": "vulnerability_score_range", "whitelistedLicenses": "whitelisted_licenses", "whitelistedLicensesEnabled": "whitelisted_licenses_enabled" }, "aquasec:index/functionRuntimePolicy:FunctionRuntimePolicy": { + "allowedExecutables": "allowed_executables", + "allowedRegistries": "allowed_registries", "applicationScopes": "application_scopes", - "blockMaliciousExecutables": "block_malicious_executables", - "blockMaliciousExecutablesAllowedProcesses": "block_malicious_executables_allowed_processes", - "blockRunningExecutablesInTmpFolder": "block_running_executables_in_tmp_folder", - "blockedExecutables": "blocked_executables", + "auditBruteForceLogin": "audit_brute_force_login", + "blacklistedOsUsers": "blacklisted_os_users", + "blockContainerExec": "block_container_exec", + "blockDisallowedImages": "block_disallowed_images", + "blockFilelessExec": "block_fileless_exec", + "blockNonCompliantWorkloads": "block_non_compliant_workloads", + "blockNonK8sContainers": "block_non_k8s_containers", + "bypassScopes": "bypass_scope", + "containerExec": "container_exec", + "defaultSecurityProfile": "default_security_profile", + "driftPreventions": "drift_prevention", + "enableCryptoMiningDns": "enable_crypto_mining_dns", + "enableForkGuard": "enable_fork_guard", + "enableIpReputation": "enable_ip_reputation", + "enablePortScanProtection": "enable_port_scan_protection", + "enforceAfterDays": "enforce_after_days", + "enforceSchedulerAddedOn": "enforce_scheduler_added_on", + "excludeApplicationScopes": "exclude_application_scopes", + "executableBlacklists": "executable_blacklist", + "failedKubernetesChecks": "failed_kubernetes_checks", + "fileBlock": "file_block", + "fileIntegrityMonitorings": "file_integrity_monitoring", + "forkGuardProcessLimit": "fork_guard_process_limit", "honeypotAccessKey": "honeypot_access_key", "honeypotApplyOns": "honeypot_apply_on", "honeypotSecretKey": "honeypot_secret_key", "honeypotServerlessAppName": "honeypot_serverless_app_name", + "imageName": "image_name", + "isAuditChecked": "is_audit_checked", + "isAutoGenerated": "is_auto_generated", + "isOotbPolicy": "is_ootb_policy", + "limitContainerPrivileges": "limit_container_privileges", + "linuxCapabilities": "linux_capabilities", + "malwareScanOptions": "malware_scan_options", + "noNewPrivileges": "no_new_privileges", + "onlyRegisteredImages": "only_registered_images", + "packageBlock": "package_block", + "portBlock": "port_block", + "readonlyFiles": "readonly_files", + "readonlyRegistry": "readonly_registry", + "registryAccessMonitoring": "registry_access_monitoring", + "repoName": "repo_name", + "resourceName": "resource_name", + "resourceType": "resource_type", + "restrictedVolumes": "restricted_volumes", + "reverseShell": "reverse_shell", + "runtimeMode": "runtime_mode", + "runtimeType": "runtime_type", "scopeExpression": "scope_expression", - "scopeVariables": "scope_variables" + "scopeVariables": "scope_variables", + "scopes": "scope", + "systemIntegrityProtection": "system_integrity_protection", + "vpatchVersion": "vpatch_version", + "whitelistedOsUsers": "whitelisted_os_users" }, "aquasec:index/getAcknowledgesAcknowledge:getAcknowledgesAcknowledge": { "dockerId": "docker_id", @@ -2435,6 +4212,7 @@ "blockedOutboundPorts": "blocked_outbound_ports", "blockedPackages": "blocked_packages", "blockedVolumes": "blocked_volumes", + "containerExec": "container_exec", "containerExecAllowedProcesses": "container_exec_allowed_processes", "enableDriftPrevention": "enable_drift_prevention", "enableForkGuard": "enable_fork_guard", @@ -2443,33 +4221,87 @@ "enforceAfterDays": "enforce_after_days", "exceptionalReadonlyFilesAndDirectories": "exceptional_readonly_files_and_directories", "execLockdownWhiteLists": "exec_lockdown_white_list", + "fileBlock": "file_block", "fileIntegrityMonitorings": "file_integrity_monitoring", "forkGuardProcessLimit": "fork_guard_process_limit", + "limitContainerPrivileges": "limit_container_privileges", "limitNewPrivileges": "limit_new_privileges", "malwareScanOptions": "malware_scan_options", "monitorSystemTimeChanges": "monitor_system_time_changes", + "portBlock": "port_block", + "readonlyFiles": "readonly_files", "readonlyFilesAndDirectories": "readonly_files_and_directories", + "restrictedVolumes": "restricted_volumes", "reverseShellAllowedIps": "reverse_shell_allowed_ips", "reverseShellAllowedProcesses": "reverse_shell_allowed_processes", "scopeExpression": "scope_expression", "scopeVariables": "scope_variables" }, + "aquasec:index/getContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable": { + "allowExecutables": "allow_executables", + "allowRootExecutables": "allow_root_executables", + "separateExecutables": "separate_executables" + }, + "aquasec:index/getContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry": { + "allowedRegistries": "allowed_registries" + }, + "aquasec:index/getContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing": { + "auditAllNetwork": "audit_all_network", + "auditAllProcesses": "audit_all_processes", + "auditFailedLogin": "audit_failed_login", + "auditOsUserActivity": "audit_os_user_activity", + "auditProcessCmdline": "audit_process_cmdline", + "auditSuccessLogin": "audit_success_login", + "auditUserAccountManagement": "audit_user_account_management" + }, + "aquasec:index/getContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec": { + "blockContainerExec": "block_container_exec", + "containerExecProcWhiteLists": "container_exec_proc_white_list", + "reverseShellIpWhiteLists": "reverse_shell_ip_white_list" + }, + "aquasec:index/getContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock": { + "blockFilesProcesses": "block_files_processes", + "blockFilesUsers": "block_files_users", + "exceptionalBlockFiles": "exceptional_block_files", + "exceptionalBlockFilesProcesses": "exceptional_block_files_processes", + "exceptionalBlockFilesUsers": "exceptional_block_files_users", + "filenameBlockLists": "filename_block_list" + }, "aquasec:index/getContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring": { - "excludedPaths": "excluded_paths", - "excludedProcesses": "excluded_processes", - "excludedUsers": "excluded_users", - "monitorAttributes": "monitor_attributes", - "monitorCreate": "monitor_create", - "monitorDelete": "monitor_delete", - "monitorModify": "monitor_modify", - "monitorRead": "monitor_read", - "monitoredPaths": "monitored_paths", - "monitoredProcesses": "monitored_processes", - "monitoredUsers": "monitored_users" + "exceptionalMonitoredFiles": "exceptional_monitored_files", + "exceptionalMonitoredFilesProcesses": "exceptional_monitored_files_processes", + "exceptionalMonitoredFilesUsers": "exceptional_monitored_files_users", + "monitoredFiles": "monitored_files", + "monitoredFilesAttributes": "monitored_files_attributes", + "monitoredFilesCreate": "monitored_files_create", + "monitoredFilesDelete": "monitored_files_delete", + "monitoredFilesModify": "monitored_files_modify", + "monitoredFilesProcesses": "monitored_files_processes", + "monitoredFilesRead": "monitored_files_read", + "monitoredFilesUsers": "monitored_files_users" + }, + "aquasec:index/getContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege": { + "blockAddCapabilities": "block_add_capabilities", + "preventLowPortBinding": "prevent_low_port_binding", + "preventRootUser": "prevent_root_user", + "useHostUser": "use_host_user" }, "aquasec:index/getContainerRuntimePolicyMalwareScanOption:getContainerRuntimePolicyMalwareScanOption": { "excludeDirectories": "exclude_directories", - "excludeProcesses": "exclude_processes" + "excludeProcesses": "exclude_processes", + "includeDirectories": "include_directories" + }, + "aquasec:index/getContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock": { + "blockInboundPorts": "block_inbound_ports", + "blockOutboundPorts": "block_outbound_ports" + }, + "aquasec:index/getContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles": { + "exceptionalReadonlyFiles": "exceptional_readonly_files", + "exceptionalReadonlyFilesProcesses": "exceptional_readonly_files_processes", + "exceptionalReadonlyFilesUsers": "exceptional_readonly_files_users", + "readonlyFiles": "readonly_files", + "readonlyFilesProcesses": "readonly_files_processes", + "readonlyFilesUsers": "readonly_files_users" }, "aquasec:index/getEnforcerGroups:getEnforcerGroups": { "admissionControl": "admission_control", @@ -2629,6 +4461,8 @@ "blockMaliciousExecutablesAllowedProcesses": "block_malicious_executables_allowed_processes", "blockRunningExecutablesInTmpFolder": "block_running_executables_in_tmp_folder", "blockedExecutables": "blocked_executables", + "driftPreventions": "drift_prevention", + "executableBlacklists": "executable_blacklist", "honeypotAccessKey": "honeypot_access_key", "honeypotApplyOns": "honeypot_apply_on", "honeypotSecretKey": "honeypot_secret_key", @@ -2636,6 +4470,11 @@ "scopeExpression": "scope_expression", "scopeVariables": "scope_variables" }, + "aquasec:index/getFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention": { + "execLockdown": "exec_lockdown", + "execLockdownWhiteLists": "exec_lockdown_white_list", + "imageLockdown": "image_lockdown" + }, "aquasec:index/getGatewaysGateway:getGatewaysGateway": { "grpcAddress": "grpc_address", "publicAddress": "public_address" @@ -2733,7 +4572,7 @@ "auditUserAccountManagement": "audit_user_account_management", "blockCryptocurrencyMining": "block_cryptocurrency_mining", "blockedFiles": "blocked_files", - "enableIpReputationSecurity": "enable_ip_reputation_security", + "enableIpReputation": "enable_ip_reputation", "enforceAfterDays": "enforce_after_days", "fileIntegrityMonitorings": "file_integrity_monitoring", "malwareScanOptions": "malware_scan_options", @@ -2751,23 +4590,41 @@ "windowsRegistryMonitorings": "windows_registry_monitoring", "windowsRegistryProtections": "windows_registry_protection" }, + "aquasec:index/getHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing": { + "auditAllNetwork": "audit_all_network", + "auditAllProcesses": "audit_all_processes", + "auditFailedLogin": "audit_failed_login", + "auditOsUserActivity": "audit_os_user_activity", + "auditProcessCmdline": "audit_process_cmdline", + "auditSuccessLogin": "audit_success_login", + "auditUserAccountManagement": "audit_user_account_management" + }, "aquasec:index/getHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring": { - "excludedPaths": "excluded_paths", - "excludedProcesses": "excluded_processes", - "excludedUsers": "excluded_users", - "monitorAttributes": "monitor_attributes", - "monitorCreate": "monitor_create", - "monitorDelete": "monitor_delete", - "monitorModify": "monitor_modify", - "monitorRead": "monitor_read", - "monitoredPaths": "monitored_paths", - "monitoredProcesses": "monitored_processes", - "monitoredUsers": "monitored_users" + "exceptionalMonitoredFiles": "exceptional_monitored_files", + "exceptionalMonitoredFilesProcesses": "exceptional_monitored_files_processes", + "exceptionalMonitoredFilesUsers": "exceptional_monitored_files_users", + "monitoredFiles": "monitored_files", + "monitoredFilesAttributes": "monitored_files_attributes", + "monitoredFilesCreate": "monitored_files_create", + "monitoredFilesDelete": "monitored_files_delete", + "monitoredFilesModify": "monitored_files_modify", + "monitoredFilesProcesses": "monitored_files_processes", + "monitoredFilesRead": "monitored_files_read", + "monitoredFilesUsers": "monitored_files_users" }, "aquasec:index/getHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption": { + "excludeDirectories": "exclude_directories", "excludeProcesses": "exclude_processes", "includeDirectories": "include_directories" }, + "aquasec:index/getHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock": { + "blockPackagesProcesses": "block_packages_processes", + "blockPackagesUsers": "block_packages_users", + "exceptionalBlockPackagesFiles": "exceptional_block_packages_files", + "exceptionalBlockPackagesProcesses": "exceptional_block_packages_processes", + "exceptionalBlockPackagesUsers": "exceptional_block_packages_users", + "packagesBlackLists": "packages_black_list" + }, "aquasec:index/getHostRuntimePolicyWindowsRegistryMonitoring:getHostRuntimePolicyWindowsRegistryMonitoring": { "excludedPaths": "excluded_paths", "excludedProcesses": "excluded_processes", @@ -3210,8 +5067,10 @@ "groupId": "group_id" }, "aquasec:index/hostAssurancePolicy:HostAssurancePolicy": { + "aggregatedVulnerability": "aggregated_vulnerability", "allowedImages": "allowed_images", "applicationScopes": "application_scopes", + "assuranceType": "assurance_type", "auditOnFailure": "audit_on_failure", "autoScanConfigured": "auto_scan_configured", "autoScanEnabled": "auto_scan_enabled", @@ -3224,6 +5083,7 @@ "controlExcludeNoFix": "control_exclude_no_fix", "customChecks": "custom_checks", "customChecksEnabled": "custom_checks_enabled", + "customSeverity": "custom_severity", "customSeverityEnabled": "custom_severity_enabled", "cvesBlackListEnabled": "cves_black_list_enabled", "cvesBlackLists": "cves_black_list", @@ -3232,6 +5092,7 @@ "cvssSeverity": "cvss_severity", "cvssSeverityEnabled": "cvss_severity_enabled", "cvssSeverityExcludeNoFix": "cvss_severity_exclude_no_fix", + "disallowExploitTypes": "disallow_exploit_types", "disallowMalware": "disallow_malware", "dockerCisEnabled": "docker_cis_enabled", "domainName": "domain_name", @@ -3240,67 +5101,122 @@ "enforceAfterDays": "enforce_after_days", "enforceExcessivePermissions": "enforce_excessive_permissions", "exceptionalMonitoredMalwarePaths": "exceptional_monitored_malware_paths", + "excludeApplicationScopes": "exclude_application_scopes", "failCicd": "fail_cicd", "forbiddenLabels": "forbidden_labels", "forbiddenLabelsEnabled": "forbidden_labels_enabled", "forceMicroenforcer": "force_microenforcer", "functionIntegrityEnabled": "function_integrity_enabled", + "ignoreBaseImageVln": "ignore_base_image_vln", "ignoreRecentlyPublishedVln": "ignore_recently_published_vln", "ignoreRecentlyPublishedVlnPeriod": "ignore_recently_published_vln_period", "ignoreRiskResourcesEnabled": "ignore_risk_resources_enabled", "ignoredRiskResources": "ignored_risk_resources", + "ignoredSensitiveResources": "ignored_sensitive_resources", "kubeCisEnabled": "kube_cis_enabled", + "kubernetesControls": "kubernetes_controls", + "kubernetesControlsAvdIds": "kubernetes_controls_avd_ids", + "kubernetesControlsNames": "kubernetes_controls_names", + "linuxCisEnabled": "linux_cis_enabled", "malwareAction": "malware_action", "maximumScore": "maximum_score", "maximumScoreEnabled": "maximum_score_enabled", "maximumScoreExcludeNoFix": "maximum_score_exclude_no_fix", "monitoredMalwarePaths": "monitored_malware_paths", "onlyNoneRootUsers": "only_none_root_users", + "openshiftHardeningEnabled": "openshift_hardening_enabled", "packagesBlackListEnabled": "packages_black_list_enabled", "packagesBlackLists": "packages_black_list", "packagesWhiteListEnabled": "packages_white_list_enabled", "packagesWhiteLists": "packages_white_list", "partialResultsImageFail": "partial_results_image_fail", + "policySettings": "policy_settings", "readOnly": "read_only", "requiredLabels": "required_labels", "requiredLabelsEnabled": "required_labels_enabled", + "scanMalwareInArchives": "scan_malware_in_archives", "scanNfsMounts": "scan_nfs_mounts", + "scanProcessMemory": "scan_process_memory", "scanSensitiveData": "scan_sensitive_data", + "scanWindowsRegistry": "scan_windows_registry", "scapEnabled": "scap_enabled", "scapFiles": "scap_files", "scopes": "scope", "trustedBaseImages": "trusted_base_images", "trustedBaseImagesEnabled": "trusted_base_images_enabled", + "vulnerabilityExploitability": "vulnerability_exploitability", + "vulnerabilityScoreRanges": "vulnerability_score_range", "whitelistedLicenses": "whitelisted_licenses", - "whitelistedLicensesEnabled": "whitelisted_licenses_enabled" + "whitelistedLicensesEnabled": "whitelisted_licenses_enabled", + "windowsCisEnabled": "windows_cis_enabled" }, "aquasec:index/hostRuntimePolicy:HostRuntimePolicy": { + "allowedExecutables": "allowed_executables", + "allowedRegistries": "allowed_registries", "applicationScopes": "application_scopes", - "auditAllOsUserActivity": "audit_all_os_user_activity", "auditBruteForceLogin": "audit_brute_force_login", "auditFullCommandArguments": "audit_full_command_arguments", "auditHostFailedLoginEvents": "audit_host_failed_login_events", "auditHostSuccessfulLoginEvents": "audit_host_successful_login_events", "auditUserAccountManagement": "audit_user_account_management", + "blacklistedOsUsers": "blacklisted_os_users", + "blockContainerExec": "block_container_exec", "blockCryptocurrencyMining": "block_cryptocurrency_mining", + "blockDisallowedImages": "block_disallowed_images", + "blockFilelessExec": "block_fileless_exec", + "blockNonCompliantWorkloads": "block_non_compliant_workloads", + "blockNonK8sContainers": "block_non_k8s_containers", "blockedFiles": "blocked_files", - "enableIpReputationSecurity": "enable_ip_reputation_security", + "bypassScopes": "bypass_scope", + "containerExec": "container_exec", + "defaultSecurityProfile": "default_security_profile", + "driftPreventions": "drift_prevention", + "enableCryptoMiningDns": "enable_crypto_mining_dns", + "enableForkGuard": "enable_fork_guard", + "enableIpReputation": "enable_ip_reputation", + "enablePortScanProtection": "enable_port_scan_protection", "enforceAfterDays": "enforce_after_days", + "enforceSchedulerAddedOn": "enforce_scheduler_added_on", + "excludeApplicationScopes": "exclude_application_scopes", + "executableBlacklists": "executable_blacklist", + "failedKubernetesChecks": "failed_kubernetes_checks", + "fileBlock": "file_block", "fileIntegrityMonitoring": "file_integrity_monitoring", + "forkGuardProcessLimit": "fork_guard_process_limit", + "imageName": "image_name", + "isAuditChecked": "is_audit_checked", + "isAutoGenerated": "is_auto_generated", + "isOotbPolicy": "is_ootb_policy", + "limitContainerPrivileges": "limit_container_privileges", + "linuxCapabilities": "linux_capabilities", "malwareScanOptions": "malware_scan_options", "monitorSystemLogIntegrity": "monitor_system_log_integrity", "monitorSystemTimeChanges": "monitor_system_time_changes", "monitorWindowsServices": "monitor_windows_services", + "noNewPrivileges": "no_new_privileges", + "onlyRegisteredImages": "only_registered_images", "osGroupsAlloweds": "os_groups_allowed", "osGroupsBlockeds": "os_groups_blocked", "osUsersAlloweds": "os_users_allowed", "osUsersBlockeds": "os_users_blocked", "packageBlocks": "package_block", - "portScanningDetection": "port_scanning_detection", + "portBlock": "port_block", + "readonlyFiles": "readonly_files", + "readonlyRegistry": "readonly_registry", + "registryAccessMonitoring": "registry_access_monitoring", + "repoName": "repo_name", + "resourceName": "resource_name", + "resourceType": "resource_type", + "restrictedVolumes": "restricted_volumes", + "reverseShell": "reverse_shell", + "runtimeMode": "runtime_mode", + "runtimeType": "runtime_type", "scopeExpression": "scope_expression", "scopeVariables": "scope_variables", - "windowsRegistryMonitoring": "windows_registry_monitoring", - "windowsRegistryProtection": "windows_registry_protection" + "scopes": "scope", + "systemIntegrityProtection": "system_integrity_protection", + "vpatchVersion": "vpatch_version", + "whitelistedOsUsers": "whitelisted_os_users" }, "aquasec:index/image:Image": { "allowImage": "allow_image", @@ -3340,8 +5256,10 @@ "virtualSize": "virtual_size" }, "aquasec:index/imageAssurancePolicy:ImageAssurancePolicy": { + "aggregatedVulnerability": "aggregated_vulnerability", "allowedImages": "allowed_images", "applicationScopes": "application_scopes", + "assuranceType": "assurance_type", "auditOnFailure": "audit_on_failure", "autoScanConfigured": "auto_scan_configured", "autoScanEnabled": "auto_scan_enabled", @@ -3354,6 +5272,7 @@ "controlExcludeNoFix": "control_exclude_no_fix", "customChecks": "custom_checks", "customChecksEnabled": "custom_checks_enabled", + "customSeverity": "custom_severity", "customSeverityEnabled": "custom_severity_enabled", "cvesBlackListEnabled": "cves_black_list_enabled", "cvesBlackLists": "cves_black_list", @@ -3362,6 +5281,7 @@ "cvssSeverity": "cvss_severity", "cvssSeverityEnabled": "cvss_severity_enabled", "cvssSeverityExcludeNoFix": "cvss_severity_exclude_no_fix", + "disallowExploitTypes": "disallow_exploit_types", "disallowMalware": "disallow_malware", "dockerCisEnabled": "docker_cis_enabled", "domainName": "domain_name", @@ -3370,37 +5290,51 @@ "enforceAfterDays": "enforce_after_days", "enforceExcessivePermissions": "enforce_excessive_permissions", "exceptionalMonitoredMalwarePaths": "exceptional_monitored_malware_paths", + "excludeApplicationScopes": "exclude_application_scopes", "failCicd": "fail_cicd", "forbiddenLabels": "forbidden_labels", "forbiddenLabelsEnabled": "forbidden_labels_enabled", "forceMicroenforcer": "force_microenforcer", "functionIntegrityEnabled": "function_integrity_enabled", + "ignoreBaseImageVln": "ignore_base_image_vln", "ignoreRecentlyPublishedVln": "ignore_recently_published_vln", "ignoreRecentlyPublishedVlnPeriod": "ignore_recently_published_vln_period", "ignoreRiskResourcesEnabled": "ignore_risk_resources_enabled", "ignoredRiskResources": "ignored_risk_resources", + "ignoredSensitiveResources": "ignored_sensitive_resources", "kubeCisEnabled": "kube_cis_enabled", + "kubernetesControls": "kubernetes_controls", + "kubernetesControlsAvdIds": "kubernetes_controls_avd_ids", + "kubernetesControlsNames": "kubernetes_controls_names", + "linuxCisEnabled": "linux_cis_enabled", "malwareAction": "malware_action", "maximumScore": "maximum_score", "maximumScoreEnabled": "maximum_score_enabled", "maximumScoreExcludeNoFix": "maximum_score_exclude_no_fix", "monitoredMalwarePaths": "monitored_malware_paths", "onlyNoneRootUsers": "only_none_root_users", + "openshiftHardeningEnabled": "openshift_hardening_enabled", "packagesBlackListEnabled": "packages_black_list_enabled", "packagesBlackLists": "packages_black_list", "packagesWhiteListEnabled": "packages_white_list_enabled", "packagesWhiteLists": "packages_white_list", "partialResultsImageFail": "partial_results_image_fail", + "policySettings": "policy_settings", "readOnly": "read_only", "requiredLabels": "required_labels", "requiredLabelsEnabled": "required_labels_enabled", + "scanMalwareInArchives": "scan_malware_in_archives", "scanNfsMounts": "scan_nfs_mounts", + "scanProcessMemory": "scan_process_memory", "scanSensitiveData": "scan_sensitive_data", + "scanWindowsRegistry": "scan_windows_registry", "scapEnabled": "scap_enabled", "scapFiles": "scap_files", "scopes": "scope", "trustedBaseImages": "trusted_base_images", "trustedBaseImagesEnabled": "trusted_base_images_enabled", + "vulnerabilityExploitability": "vulnerability_exploitability", + "vulnerabilityScoreRanges": "vulnerability_score_range", "whitelistedLicenses": "whitelisted_licenses", "whitelistedLicensesEnabled": "whitelisted_licenses_enabled" }, @@ -3424,8 +5358,10 @@ "webhooks": "webhook" }, "aquasec:index/kubernetesAssurancePolicy:KubernetesAssurancePolicy": { + "aggregatedVulnerability": "aggregated_vulnerability", "allowedImages": "allowed_images", "applicationScopes": "application_scopes", + "assuranceType": "assurance_type", "auditOnFailure": "audit_on_failure", "autoScanConfigured": "auto_scan_configured", "autoScanEnabled": "auto_scan_enabled", @@ -3438,6 +5374,7 @@ "controlExcludeNoFix": "control_exclude_no_fix", "customChecks": "custom_checks", "customChecksEnabled": "custom_checks_enabled", + "customSeverity": "custom_severity", "customSeverityEnabled": "custom_severity_enabled", "cvesBlackListEnabled": "cves_black_list_enabled", "cvesBlackLists": "cves_black_list", @@ -3446,6 +5383,7 @@ "cvssSeverity": "cvss_severity", "cvssSeverityEnabled": "cvss_severity_enabled", "cvssSeverityExcludeNoFix": "cvss_severity_exclude_no_fix", + "disallowExploitTypes": "disallow_exploit_types", "disallowMalware": "disallow_malware", "dockerCisEnabled": "docker_cis_enabled", "domainName": "domain_name", @@ -3454,37 +5392,51 @@ "enforceAfterDays": "enforce_after_days", "enforceExcessivePermissions": "enforce_excessive_permissions", "exceptionalMonitoredMalwarePaths": "exceptional_monitored_malware_paths", + "excludeApplicationScopes": "exclude_application_scopes", + "failCicd": "fail_cicd", "forbiddenLabels": "forbidden_labels", "forbiddenLabelsEnabled": "forbidden_labels_enabled", "forceMicroenforcer": "force_microenforcer", "functionIntegrityEnabled": "function_integrity_enabled", + "ignoreBaseImageVln": "ignore_base_image_vln", "ignoreRecentlyPublishedVln": "ignore_recently_published_vln", "ignoreRecentlyPublishedVlnPeriod": "ignore_recently_published_vln_period", "ignoreRiskResourcesEnabled": "ignore_risk_resources_enabled", "ignoredRiskResources": "ignored_risk_resources", + "ignoredSensitiveResources": "ignored_sensitive_resources", "kubeCisEnabled": "kube_cis_enabled", + "kubernetesControls": "kubernetes_controls", + "kubernetesControlsAvdIds": "kubernetes_controls_avd_ids", "kubernetesControlsNames": "kubernetes_controls_names", + "linuxCisEnabled": "linux_cis_enabled", "malwareAction": "malware_action", "maximumScore": "maximum_score", "maximumScoreEnabled": "maximum_score_enabled", "maximumScoreExcludeNoFix": "maximum_score_exclude_no_fix", "monitoredMalwarePaths": "monitored_malware_paths", "onlyNoneRootUsers": "only_none_root_users", + "openshiftHardeningEnabled": "openshift_hardening_enabled", "packagesBlackListEnabled": "packages_black_list_enabled", "packagesBlackLists": "packages_black_list", "packagesWhiteListEnabled": "packages_white_list_enabled", "packagesWhiteLists": "packages_white_list", "partialResultsImageFail": "partial_results_image_fail", + "policySettings": "policy_settings", "readOnly": "read_only", "requiredLabels": "required_labels", "requiredLabelsEnabled": "required_labels_enabled", + "scanMalwareInArchives": "scan_malware_in_archives", "scanNfsMounts": "scan_nfs_mounts", + "scanProcessMemory": "scan_process_memory", "scanSensitiveData": "scan_sensitive_data", + "scanWindowsRegistry": "scan_windows_registry", "scapEnabled": "scap_enabled", "scapFiles": "scap_files", "scopes": "scope", "trustedBaseImages": "trusted_base_images", "trustedBaseImagesEnabled": "trusted_base_images_enabled", + "vulnerabilityExploitability": "vulnerability_exploitability", + "vulnerabilityScoreRanges": "vulnerability_score_range", "whitelistedLicenses": "whitelisted_licenses", "whitelistedLicensesEnabled": "whitelisted_licenses_enabled" }, @@ -3546,6 +5498,89 @@ "sendScanResults": "send_scan_results", "userId": "user_id" }, + "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": { + "aggregatedVulnerability": "aggregated_vulnerability", + "allowedImages": "allowed_images", + "applicationScopes": "application_scopes", + "assuranceType": "assurance_type", + "auditOnFailure": "audit_on_failure", + "autoScanConfigured": "auto_scan_configured", + "autoScanEnabled": "auto_scan_enabled", + "autoScanTimes": "auto_scan_time", + "blacklistPermissions": "blacklist_permissions", + "blacklistPermissionsEnabled": "blacklist_permissions_enabled", + "blacklistedLicenses": "blacklisted_licenses", + "blacklistedLicensesEnabled": "blacklisted_licenses_enabled", + "blockFailed": "block_failed", + "controlExcludeNoFix": "control_exclude_no_fix", + "customChecks": "custom_checks", + "customChecksEnabled": "custom_checks_enabled", + "customSeverity": "custom_severity", + "customSeverityEnabled": "custom_severity_enabled", + "cvesBlackListEnabled": "cves_black_list_enabled", + "cvesBlackLists": "cves_black_list", + "cvesWhiteListEnabled": "cves_white_list_enabled", + "cvesWhiteLists": "cves_white_list", + "cvssSeverity": "cvss_severity", + "cvssSeverityEnabled": "cvss_severity_enabled", + "cvssSeverityExcludeNoFix": "cvss_severity_exclude_no_fix", + "disallowExploitTypes": "disallow_exploit_types", + "disallowMalware": "disallow_malware", + "dockerCisEnabled": "docker_cis_enabled", + "domainName": "domain_name", + "dtaEnabled": "dta_enabled", + "dtaSeverity": "dta_severity", + "enforceAfterDays": "enforce_after_days", + "enforceExcessivePermissions": "enforce_excessive_permissions", + "exceptionalMonitoredMalwarePaths": "exceptional_monitored_malware_paths", + "excludeApplicationScopes": "exclude_application_scopes", + "failCicd": "fail_cicd", + "forbiddenLabels": "forbidden_labels", + "forbiddenLabelsEnabled": "forbidden_labels_enabled", + "forceMicroenforcer": "force_microenforcer", + "functionIntegrityEnabled": "function_integrity_enabled", + "ignoreBaseImageVln": "ignore_base_image_vln", + "ignoreRecentlyPublishedVln": "ignore_recently_published_vln", + "ignoreRecentlyPublishedVlnPeriod": "ignore_recently_published_vln_period", + "ignoreRiskResourcesEnabled": "ignore_risk_resources_enabled", + "ignoredRiskResources": "ignored_risk_resources", + "ignoredSensitiveResources": "ignored_sensitive_resources", + "kubeCisEnabled": "kube_cis_enabled", + "kubernetesControls": "kubernetes_controls", + "kubernetesControlsAvdIds": "kubernetes_controls_avd_ids", + "kubernetesControlsNames": "kubernetes_controls_names", + "linuxCisEnabled": "linux_cis_enabled", + "malwareAction": "malware_action", + "maximumScore": "maximum_score", + "maximumScoreEnabled": "maximum_score_enabled", + "maximumScoreExcludeNoFix": "maximum_score_exclude_no_fix", + "monitoredMalwarePaths": "monitored_malware_paths", + "onlyNoneRootUsers": "only_none_root_users", + "openshiftHardeningEnabled": "openshift_hardening_enabled", + "packagesBlackListEnabled": "packages_black_list_enabled", + "packagesBlackLists": "packages_black_list", + "packagesWhiteListEnabled": "packages_white_list_enabled", + "packagesWhiteLists": "packages_white_list", + "partialResultsImageFail": "partial_results_image_fail", + "policySettings": "policy_settings", + "readOnly": "read_only", + "requiredLabels": "required_labels", + "requiredLabelsEnabled": "required_labels_enabled", + "scanMalwareInArchives": "scan_malware_in_archives", + "scanNfsMounts": "scan_nfs_mounts", + "scanProcessMemory": "scan_process_memory", + "scanSensitiveData": "scan_sensitive_data", + "scanWindowsRegistry": "scan_windows_registry", + "scapEnabled": "scap_enabled", + "scapFiles": "scap_files", + "scopes": "scope", + "trustedBaseImages": "trusted_base_images", + "trustedBaseImagesEnabled": "trusted_base_images_enabled", + "vulnerabilityExploitability": "vulnerability_exploitability", + "vulnerabilityScoreRanges": "vulnerability_score_range", + "whitelistedLicenses": "whitelisted_licenses", + "whitelistedLicensesEnabled": "whitelisted_licenses_enabled" + }, "aquasec:index:Provider": { "aquaUrl": "aqua_url", "caCertificatePath": "ca_certificate_path", diff --git a/provider/cmd/pulumi-resource-aquasec/schema.json b/provider/cmd/pulumi-resource-aquasec/schema.json index 5462be54..f88dd451 100644 --- a/provider/cmd/pulumi-resource-aquasec/schema.json +++ b/provider/cmd/pulumi-resource-aquasec/schema.json @@ -114,7 +114,7 @@ "default": true, "defaultInfo": { "environment": [ - "AQUA_VERIFY_TLS" + "AQUA_TLS_VERIFY" ] } } @@ -573,763 +573,703 @@ }, "type": "object" }, - "aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring": { + "aquasec:index/ContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable": { "properties": { - "excludedPaths": { + "allowExecutables": { "type": "array", "items": { "type": "string" }, - "description": "List of paths to be excluded from being monitored.\n" + "description": "List of allowed executables.\n" }, - "excludedProcesses": { + "allowRootExecutables": { "type": "array", "items": { "type": "string" }, - "description": "List of processes to be excluded from being monitored.\n" + "description": "List of allowed root executables.\n" }, - "excludedUsers": { + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "separateExecutables": { + "type": "boolean", + "description": "Whether to treat executables separately.\n" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry": { + "properties": { + "allowedRegistries": { "type": "array", "items": { "type": "string" }, - "description": "List of users to be excluded from being monitored.\n" + "description": "List of allowed registries.\n" }, - "monitorAttributes": { + "enabled": { "type": "boolean", - "description": "If true, add attributes operations will be monitored.\n" + "description": "Whether allowed registries are enabled.\n" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing": { + "properties": { + "auditAllNetwork": { + "type": "boolean" }, - "monitorCreate": { - "type": "boolean", - "description": "If true, create operations will be monitored.\n" + "auditAllProcesses": { + "type": "boolean" }, - "monitorDelete": { - "type": "boolean", - "description": "If true, deletion operations will be monitored.\n" + "auditFailedLogin": { + "type": "boolean" }, - "monitorModify": { - "type": "boolean", - "description": "If true, modification operations will be monitored.\n" + "auditOsUserActivity": { + "type": "boolean" }, - "monitorRead": { - "type": "boolean", - "description": "If true, read operations will be monitored.\n" + "auditProcessCmdline": { + "type": "boolean" }, - "monitoredPaths": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of paths to be monitored.\n" + "auditSuccessLogin": { + "type": "boolean" }, - "monitoredProcesses": { + "auditUserAccountManagement": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers": { + "properties": { + "enabled": { + "type": "boolean" + }, + "groupBlackLists": { "type": "array", "items": { "type": "string" - }, - "description": "List of processes to be monitored.\n" + } }, - "monitoredUsers": { + "userBlackLists": { "type": "array", "items": { "type": "string" - }, - "description": "List of users to be monitored.\n" + } } }, "type": "object" }, - "aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions": { + "aquasec:index/ContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope": { "properties": { - "action": { - "type": "string", - "description": "Set Action, Defaults to 'Alert' when empty\n" - }, "enabled": { "type": "boolean", - "description": "Defines if enabled or not\n" + "description": "Whether bypassing the scope is enabled.\n" }, - "excludeDirectories": { + "scopes": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBypassScopeScope:ContainerRuntimePolicyBypassScopeScope" }, - "description": "List of registry paths to be excluded from being protected.\n" + "description": "Scope configuration.\n" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyBypassScopeScope:ContainerRuntimePolicyBypassScopeScope": { + "properties": { + "expression": { + "type": "string", + "description": "Scope expression.\n" }, - "excludeProcesses": { + "variables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBypassScopeScopeVariable:ContainerRuntimePolicyBypassScopeScopeVariable" }, - "description": "List of registry processes to be excluded from being protected.\n" + "description": "List of variables in the scope.\n" } }, "type": "object" }, - "aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable": { + "aquasec:index/ContainerRuntimePolicyBypassScopeScopeVariable:ContainerRuntimePolicyBypassScopeScopeVariable": { "properties": { "attribute": { "type": "string", - "description": "Class of supported scope.\n" - }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n" + "description": "Variable attribute.\n" }, "value": { "type": "string", - "description": "Value assigned to the attribute.\n" - } - }, - "type": "object", - "required": [ - "attribute", - "value" - ] - }, - "aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand": { - "properties": { - "default": { - "type": "string" - }, - "kubernetes": { - "type": "string" - }, - "swarm": { - "type": "string" - }, - "windows": { - "type": "string" + "description": "Variable value.\n" } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "default", - "kubernetes", - "swarm", - "windows" - ] - } - } + "type": "object" }, - "aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator": { + "aquasec:index/ContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec": { "properties": { - "master": { + "blockContainerExec": { "type": "boolean" }, - "namespace": { - "type": "string", - "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" + "containerExecProcWhiteLists": { + "type": "array", + "items": { + "type": "string" + } }, - "serviceAccount": { - "type": "string", - "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" + "enabled": { + "type": "boolean" }, - "type": { - "type": "string" + "reverseShellIpWhiteLists": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork": { + "aquasec:index/ContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention": { "properties": { - "allow": { + "enabled": { "type": "boolean", - "description": "Indicates whether the specified resources are allowed to pass in data or requests.\n" + "description": "Whether drift prevention is enabled.\n" }, - "portRange": { - "type": "string", - "description": "Range of ports affected by firewall.\n" + "execLockdown": { + "type": "boolean", + "description": "Whether to lockdown execution drift.\n" }, - "resource": { - "type": "string", - "description": "Information of the resource.\n" + "execLockdownWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of items in the execution lockdown white list.\n" }, - "resourceType": { - "type": "string", - "description": "Type of the resource\n" + "imageLockdown": { + "type": "boolean", + "description": "Whether to lockdown image drift.\n" } }, - "type": "object", - "required": [ - "allow", - "portRange", - "resourceType" - ], - "language": { - "nodejs": { - "requiredOutputs": [ - "allow", - "portRange", - "resource", - "resourceType" - ] - } - } + "type": "object" }, - "aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork": { + "aquasec:index/ContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist": { "properties": { - "allow": { + "enabled": { "type": "boolean", - "description": "Indicates whether the specified resources are allowed to receive data or requests.\n" - }, - "portRange": { - "type": "string", - "description": "Range of ports affected by firewall.\n" - }, - "resource": { - "type": "string", - "description": "Information of the resource.\n" + "description": "Whether the executable blacklist is enabled.\n" }, - "resourceType": { - "type": "string", - "description": "Type of the resource.\n" + "executables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted executables.\n" } }, - "type": "object", - "required": [ - "allow", - "portRange", - "resourceType" - ], - "language": { - "nodejs": { - "requiredOutputs": [ - "allow", - "portRange", - "resource", - "resourceType" - ] - } - } + "type": "object" }, - "aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime": { + "aquasec:index/ContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks": { "properties": { - "iteration": { - "type": "integer" - }, - "iterationType": { - "type": "string" - }, - "time": { - "type": "string" + "enabled": { + "type": "boolean" }, - "weekDays": { + "failedChecks": { "type": "array", "items": { "type": "string" } } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "iteration", - "weekDays" - ] - } - } + "type": "object" }, - "aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck": { + "aquasec:index/ContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock": { "properties": { - "author": { - "type": "string", - "description": "Name of user account that created the policy.\n" + "blockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "description": { - "type": "string" + "blockFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "engine": { - "type": "string" + "enabled": { + "type": "boolean" }, - "lastModified": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" + "exceptionalBlockFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "scriptId": { - "type": "string" + "exceptionalBlockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "severity": { - "type": "string" + "exceptionalBlockFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "snippet": { - "type": "string" + "filenameBlockLists": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel": { + "aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring": { "properties": { - "key": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "If true, file integrity monitoring is enabled.\n" }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList": { - "properties": { - "arch": { - "type": "string" + "exceptionalMonitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be excluded from monitoring.\n" }, - "display": { - "type": "string" + "exceptionalMonitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes to be excluded from monitoring.\n" }, - "epoch": { - "type": "string" + "exceptionalMonitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users to be excluded from monitoring.\n" }, - "format": { - "type": "string" + "monitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be monitored.\n" }, - "license": { - "type": "string" + "monitoredFilesAttributes": { + "type": "boolean", + "description": "Whether to monitor file attribute operations.\n" }, - "name": { - "type": "string" + "monitoredFilesCreate": { + "type": "boolean", + "description": "Whether to monitor file create operations.\n" }, - "release": { - "type": "string" + "monitoredFilesDelete": { + "type": "boolean", + "description": "Whether to monitor file delete operations.\n" }, - "version": { - "type": "string" + "monitoredFilesModify": { + "type": "boolean", + "description": "Whether to monitor file modify operations.\n" }, - "versionRange": { - "type": "string" + "monitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes associated with monitored files.\n" + }, + "monitoredFilesRead": { + "type": "boolean", + "description": "Whether to monitor file read operations.\n" + }, + "monitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users associated with monitored files.\n" } }, "type": "object" }, - "aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList": { + "aquasec:index/ContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege": { "properties": { - "arch": { - "type": "string" + "blockAddCapabilities": { + "type": "boolean", + "description": "Whether to block adding capabilities.\n" }, - "display": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether container privilege limitations are enabled.\n" }, - "epoch": { - "type": "string" + "ipcmode": { + "type": "boolean", + "description": "Whether to limit IPC-related capabilities.\n" }, - "format": { - "type": "string" + "netmode": { + "type": "boolean", + "description": "Whether to limit network-related capabilities.\n" }, - "license": { - "type": "string" + "pidmode": { + "type": "boolean", + "description": "Whether to limit process-related capabilities.\n" }, - "name": { - "type": "string" + "preventLowPortBinding": { + "type": "boolean", + "description": "Whether to prevent low port binding.\n" }, - "release": { - "type": "string" + "preventRootUser": { + "type": "boolean", + "description": "Whether to prevent the use of the root user.\n" }, - "version": { - "type": "string" + "privileged": { + "type": "boolean", + "description": "Whether the container is run in privileged mode.\n" }, - "versionRange": { - "type": "string" - } - }, - "type": "object" - }, - "aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel": { - "properties": { - "key": { - "type": "string" + "useHostUser": { + "type": "boolean", + "description": "Whether to use the host user.\n" }, - "value": { - "type": "string" + "usermode": { + "type": "boolean", + "description": "Whether to limit user-related capabilities.\n" + }, + "utsmode": { + "type": "boolean", + "description": "Whether to limit UTS-related capabilities.\n" } }, "type": "object" }, - "aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope": { + "aquasec:index/ContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities": { "properties": { - "expression": { - "type": "string" + "enabled": { + "type": "boolean" }, - "variables": { + "removeLinuxCapabilities": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScopeVariable:FunctionAssurancePolicyScopeVariable" + "type": "string" } } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "expression" - ] - } - } + "type": "object" }, - "aquasec:index/FunctionAssurancePolicyScopeVariable:FunctionAssurancePolicyScopeVariable": { + "aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions": { "properties": { - "attribute": { - "type": "string" + "action": { + "type": "string", + "description": "Set Action, Defaults to 'Alert' when empty\n" }, - "name": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Defines if enabled or not\n" }, - "value": { - "type": "string" - } - }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "attribute", - "value" - ] - } - } - }, - "aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage": { - "properties": { - "imagename": { - "type": "string" + "excludeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" }, - "registry": { - "type": "string" + "excludeProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry processes to be excluded from being protected.\n" + }, + "includeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" } }, "type": "object" }, - "aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable": { + "aquasec:index/ContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock": { "properties": { - "attribute": { - "type": "string", - "description": "Class of supported scope.\n" + "blockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n" + "blockPackagesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "type": "string", - "description": "Value assigned to the attribute.\n" - } - }, - "type": "object", - "required": [ - "attribute", - "value" - ] - }, - "aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime": { - "properties": { - "iteration": { - "type": "integer" + "enabled": { + "type": "boolean" }, - "iterationType": { - "type": "string" + "exceptionalBlockPackagesFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "time": { - "type": "string" + "exceptionalBlockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "weekDays": { + "exceptionalBlockPackagesUsers": { "type": "array", "items": { "type": "string" } - } - }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "iteration", - "weekDays" - ] - } - } - }, - "aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck": { - "properties": { - "author": { - "type": "string", - "description": "Name of user account that created the policy.\n" - }, - "description": { - "type": "string" - }, - "engine": { - "type": "string" - }, - "lastModified": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "scriptId": { - "type": "string" - }, - "severity": { - "type": "string" - }, - "snippet": { - "type": "string" - } - }, - "type": "object" - }, - "aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel": { - "properties": { - "key": { - "type": "string" }, - "value": { - "type": "string" + "packagesBlackLists": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList": { + "aquasec:index/ContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock": { "properties": { - "arch": { - "type": "string" - }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" - }, - "format": { - "type": "string" - }, - "license": { - "type": "string" - }, - "name": { - "type": "string" - }, - "release": { - "type": "string" + "blockInboundPorts": { + "type": "array", + "items": { + "type": "string" + } }, - "version": { - "type": "string" + "blockOutboundPorts": { + "type": "array", + "items": { + "type": "string" + } }, - "versionRange": { - "type": "string" + "enabled": { + "type": "boolean" } }, "type": "object" }, - "aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList": { + "aquasec:index/ContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles": { "properties": { - "arch": { - "type": "string" - }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" + "enabled": { + "type": "boolean" }, - "format": { - "type": "string" + "exceptionalReadonlyFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "license": { - "type": "string" + "exceptionalReadonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "name": { - "type": "string" + "exceptionalReadonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "release": { - "type": "string" + "readonlyFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "version": { - "type": "string" + "readonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "versionRange": { - "type": "string" + "readonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel": { + "aquasec:index/ContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry": { "properties": { - "key": { - "type": "string" + "enabled": { + "type": "boolean" }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope": { - "properties": { - "expression": { - "type": "string" + "exceptionalReadonlyRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } }, - "variables": { + "exceptionalReadonlyRegistryProcesses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyScopeVariable:HostAssurancePolicyScopeVariable" + "type": "string" } - } - }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "expression" - ] - } - } - }, - "aquasec:index/HostAssurancePolicyScopeVariable:HostAssurancePolicyScopeVariable": { - "properties": { - "attribute": { - "type": "string" }, - "name": { - "type": "string" + "exceptionalReadonlyRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "type": "string" - } - }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "attribute", - "value" - ] - } - } - }, - "aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage": { - "properties": { - "imagename": { - "type": "string" + "readonlyRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } }, - "registry": { - "type": "string" + "readonlyRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring": { + "aquasec:index/ContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring": { "properties": { - "excludedPaths": { + "enabled": { + "type": "boolean" + }, + "exceptionalMonitoredRegistryPaths": { "type": "array", "items": { "type": "string" - }, - "description": "List of paths to be excluded from being monitored.\n" + } }, - "excludedProcesses": { + "exceptionalMonitoredRegistryProcesses": { "type": "array", "items": { "type": "string" - }, - "description": "List of processes to be excluded from being monitored.\n" + } }, - "excludedUsers": { + "exceptionalMonitoredRegistryUsers": { "type": "array", "items": { "type": "string" - }, - "description": "List of users to be excluded from being monitored.\n" - }, - "monitorAttributes": { - "type": "boolean", - "description": "If true, add attributes operations will be monitored.\n" + } }, - "monitorCreate": { - "type": "boolean", - "description": "If true, create operations will be monitored.\n" + "monitoredRegistryAttributes": { + "type": "boolean" }, - "monitorDelete": { - "type": "boolean", - "description": "If true, deletion operations will be monitored.\n" + "monitoredRegistryCreate": { + "type": "boolean" }, - "monitorModify": { - "type": "boolean", - "description": "If true, modification operations will be monitored.\n" + "monitoredRegistryDelete": { + "type": "boolean" }, - "monitorRead": { - "type": "boolean", - "description": "If true, read operations will be monitored.\n" + "monitoredRegistryModify": { + "type": "boolean" }, - "monitoredPaths": { + "monitoredRegistryPaths": { "type": "array", "items": { "type": "string" - }, - "description": "List of paths to be monitored.\n" + } }, - "monitoredProcesses": { + "monitoredRegistryProcesses": { "type": "array", "items": { "type": "string" - }, - "description": "List of processes to be monitored.\n" + } }, - "monitoredUsers": { + "monitoredRegistryRead": { + "type": "boolean" + }, + "monitoredRegistryUsers": { "type": "array", "items": { "type": "string" - }, - "description": "List of users to be monitored.\n" + } } }, "type": "object" }, - "aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions": { + "aquasec:index/ContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume": { "properties": { - "action": { - "type": "string", - "description": "Set Action, Defaults to 'Alert' when empty\n" - }, "enabled": { "type": "boolean", - "description": "Defines if enabled or not\n" + "description": "Whether restricted volumes are enabled.\n" }, - "excludeDirectories": { + "volumes": { "type": "array", "items": { "type": "string" }, - "description": "List of registry paths to be excluded from being protected.\n" + "description": "List of restricted volumes.\n" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell": { + "properties": { + "blockReverseShell": { + "type": "boolean" }, - "excludeProcesses": { + "enabled": { + "type": "boolean" + }, + "reverseShellIpWhiteLists": { "type": "array", "items": { "type": "string" - }, - "description": "List of registry processes to be excluded from being protected.\n" + } + }, + "reverseShellProcWhiteLists": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable": { + "aquasec:index/ContainerRuntimePolicyScope:ContainerRuntimePolicyScope": { + "properties": { + "expression": { + "type": "string", + "description": "Scope expression.\n" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" + }, + "description": "List of variables in the scope.\n" + } + }, + "type": "object", + "required": [ + "expression", + "variables" + ] + }, + "aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable": { "properties": { "attribute": { "type": "string", @@ -1350,160 +1290,185 @@ "value" ] }, - "aquasec:index/HostRuntimePolicyWindowsRegistryMonitoring:HostRuntimePolicyWindowsRegistryMonitoring": { + "aquasec:index/ContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection": { "properties": { - "excludedPaths": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of paths to be excluded from being monitored.\n" + "auditSystemtimeChange": { + "type": "boolean" }, - "excludedProcesses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry processes to be excluded from being monitored.\n" + "enabled": { + "type": "boolean" }, - "excludedUsers": { + "monitorAuditLogIntegrity": { + "type": "boolean" + }, + "windowsServicesMonitoring": { + "type": "boolean" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire": { + "properties": { + "applyOns": { "type": "array", "items": { "type": "string" - }, - "description": "List of registry users to be excluded from being monitored.\n" - }, - "monitorAttributes": { - "type": "boolean", - "description": "If true, add attributes operations will be monitored.\n" - }, - "monitorCreate": { - "type": "boolean", - "description": "If true, create operations will be monitored.\n" + } }, - "monitorDelete": { - "type": "boolean", - "description": "If true, deletion operations will be monitored.\n" + "enabled": { + "type": "boolean" }, - "monitorModify": { - "type": "boolean", - "description": "If true, modification operations will be monitored.\n" + "serverlessApp": { + "type": "string" }, - "monitorRead": { - "type": "boolean", - "description": "If true, read operations will be monitored.\n" + "userId": { + "type": "string" }, - "monitoredPaths": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of paths to be monitored.\n" + "userPassword": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/ContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers": { + "properties": { + "enabled": { + "type": "boolean" }, - "monitoredProcesses": { + "groupWhiteLists": { "type": "array", "items": { "type": "string" - }, - "description": "List of registry processes to be monitored.\n" + } }, - "monitoredUsers": { + "userWhiteLists": { "type": "array", "items": { "type": "string" - }, - "description": "List of registry users to be monitored.\n" + } } }, "type": "object" }, - "aquasec:index/HostRuntimePolicyWindowsRegistryProtection:HostRuntimePolicyWindowsRegistryProtection": { + "aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand": { "properties": { - "excludedPaths": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry paths to be excluded from being protected.\n" + "default": { + "type": "string" }, - "excludedProcesses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry processes to be excluded from being protected.\n" + "kubernetes": { + "type": "string" }, - "excludedUsers": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry paths to be users from being protected.\n" + "swarm": { + "type": "string" }, - "protectedPaths": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry paths to be protected.\n" + "windows": { + "type": "string" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "default", + "kubernetes", + "swarm", + "windows" + ] + } + } + }, + "aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator": { + "properties": { + "master": { + "type": "boolean" }, - "protectedProcesses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry processes to be protected.\n" + "namespace": { + "type": "string", + "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" }, - "protectedUsers": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registry users to be protected.\n" + "serviceAccount": { + "type": "string", + "description": "May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS).\n" + }, + "type": { + "type": "string" } }, "type": "object" }, - "aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed": { + "aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork": { "properties": { - "assuranceType": { - "type": "string" + "allow": { + "type": "boolean", + "description": "Indicates whether the specified resources are allowed to pass in data or requests.\n" }, - "blocking": { - "type": "boolean" + "portRange": { + "type": "string", + "description": "Range of ports affected by firewall.\n" }, - "control": { - "type": "string" + "resource": { + "type": "string", + "description": "Information of the resource.\n" }, - "dtaSkipped": { - "type": "boolean" + "resourceType": { + "type": "string", + "description": "Type of the resource\n" + } + }, + "type": "object", + "required": [ + "allow", + "portRange", + "resourceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "allow", + "portRange", + "resource", + "resourceType" + ] + } + } + }, + "aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork": { + "properties": { + "allow": { + "type": "boolean", + "description": "Indicates whether the specified resources are allowed to receive data or requests.\n" }, - "dtaSkippedReason": { - "type": "string" + "portRange": { + "type": "string", + "description": "Range of ports affected by firewall.\n" }, - "failed": { - "type": "boolean" + "resource": { + "type": "string", + "description": "Information of the resource.\n" }, - "policyName": { - "type": "string" + "resourceType": { + "type": "string", + "description": "Type of the resource.\n" } }, "type": "object", + "required": [ + "allow", + "portRange", + "resourceType" + ], "language": { "nodejs": { "requiredOutputs": [ - "assuranceType", - "blocking", - "control", - "dtaSkipped", - "dtaSkippedReason", - "failed", - "policyName" + "allow", + "portRange", + "resource", + "resourceType" ] } } }, - "aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime": { + "aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime": { "properties": { "iteration": { "type": "integer" @@ -1531,7 +1496,7 @@ } } }, - "aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck": { + "aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck": { "properties": { "author": { "type": "string", @@ -1567,7 +1532,7 @@ }, "type": "object" }, - "aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel": { + "aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" @@ -1578,12 +1543,41 @@ }, "type": "object" }, - "aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList": { + "aquasec:index/FunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl": { "properties": { - "arch": { + "avdId": { "type": "string" }, - "display": { + "description": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "ootb": { + "type": "boolean" + }, + "scriptId": { + "type": "integer" + }, + "severity": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList": { + "properties": { + "arch": { + "type": "string" + }, + "display": { "type": "string" }, "epoch": { @@ -1610,7 +1604,7 @@ }, "type": "object" }, - "aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList": { + "aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" @@ -1642,7 +1636,24 @@ }, "type": "object" }, - "aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel": { + "aquasec:index/FunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings": { + "properties": { + "enforce": { + "type": "boolean" + }, + "isAuditChecked": { + "type": "boolean" + }, + "warn": { + "type": "boolean" + }, + "warningMessage": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" @@ -1653,7 +1664,7 @@ }, "type": "object" }, - "aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope": { + "aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope": { "properties": { "expression": { "type": "string" @@ -1661,7 +1672,7 @@ "variables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyScopeVariable:ImageAssurancePolicyScopeVariable" + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScopeVariable:FunctionAssurancePolicyScopeVariable" } } }, @@ -1674,7 +1685,7 @@ } } }, - "aquasec:index/ImageAssurancePolicyScopeVariable:ImageAssurancePolicyScopeVariable": { + "aquasec:index/FunctionAssurancePolicyScopeVariable:FunctionAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" @@ -1696,7 +1707,7 @@ } } }, - "aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage": { + "aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" @@ -1707,445 +1718,877 @@ }, "type": "object" }, - "aquasec:index/ImageHistory:ImageHistory": { + "aquasec:index/FunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable": { "properties": { - "comment": { - "type": "string" - }, - "created": { - "type": "string" + "allowExecutables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed executables.\n" }, - "createdBy": { - "type": "string" + "allowRootExecutables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed root executables.\n" }, - "id": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" }, - "size": { - "type": "integer" + "separateExecutables": { + "type": "boolean", + "description": "Whether to treat executables separately.\n" } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "comment", - "created", - "createdBy", - "id", - "size" - ] - } - } + "type": "object" }, - "aquasec:index/ImageVulnerability:ImageVulnerability": { + "aquasec:index/FunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry": { "properties": { - "ackAuthor": { - "type": "string" - }, - "ackComment": { - "type": "string" - }, - "ackExpirationConfiguredAt": { - "type": "string" + "allowedRegistries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed registries.\n" }, - "ackExpirationConfiguredBy": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether allowed registries are enabled.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing": { + "properties": { + "auditAllNetwork": { + "type": "boolean" }, - "ackExpirationDays": { - "type": "integer" + "auditAllProcesses": { + "type": "boolean" }, - "ackScope": { - "type": "string" + "auditFailedLogin": { + "type": "boolean" }, - "acknowledgeDate": { - "type": "string" + "auditOsUserActivity": { + "type": "boolean" }, - "ancestorPkg": { - "type": "string" + "auditProcessCmdline": { + "type": "boolean" }, - "aquaScore": { - "type": "number" + "auditSuccessLogin": { + "type": "boolean" }, - "aquaScoreClassification": { - "type": "string" + "auditUserAccountManagement": { + "type": "boolean" }, - "aquaScoringSystem": { - "type": "string" + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers": { + "properties": { + "enabled": { + "type": "boolean" }, - "aquaSeverity": { - "type": "string" + "groupBlackLists": { + "type": "array", + "items": { + "type": "string" + } }, - "aquaSeverityClassification": { - "type": "string" + "userBlackLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether bypassing the scope is enabled.\n" }, - "aquaVectors": { - "type": "string" + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBypassScopeScope:FunctionRuntimePolicyBypassScopeScope" + }, + "description": "Scope configuration.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyBypassScopeScope:FunctionRuntimePolicyBypassScopeScope": { + "properties": { + "expression": { + "type": "string", + "description": "Scope expression.\n" }, - "auditEventsCount": { - "type": "integer" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBypassScopeScopeVariable:FunctionRuntimePolicyBypassScopeScopeVariable" + }, + "description": "List of variables in the scope.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyBypassScopeScopeVariable:FunctionRuntimePolicyBypassScopeScopeVariable": { + "properties": { + "attribute": { + "type": "string", + "description": "Variable attribute.\n" }, - "blockEventsCount": { - "type": "integer" + "value": { + "type": "string", + "description": "Variable value.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec": { + "properties": { + "blockContainerExec": { + "type": "boolean" }, - "classification": { - "type": "string" + "containerExecProcWhiteLists": { + "type": "array", + "items": { + "type": "string" + } }, - "description": { - "type": "string" + "enabled": { + "type": "boolean" }, - "digest": { - "type": "string" + "reverseShellIpWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether drift prevention is enabled.\n" }, - "exploitReference": { - "type": "string" + "execLockdown": { + "type": "boolean", + "description": "Whether to lockdown execution drift.\n" }, - "exploitType": { - "type": "string" + "execLockdownWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of items in the execution lockdown white list.\n" }, - "firstFoundDate": { - "type": "string" + "imageLockdown": { + "type": "boolean", + "description": "Whether to lockdown image drift.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether the executable blacklist is enabled.\n" }, - "fixVersion": { - "type": "string" + "executables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted executables.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks": { + "properties": { + "enabled": { + "type": "boolean" }, - "imageName": { - "type": "string" - }, - "lastFoundDate": { - "type": "string" - }, - "modificationDate": { - "type": "string" - }, - "name": { - "type": "string" - }, - "nvdCvss2Score": { - "type": "number" + "failedChecks": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock": { + "properties": { + "blockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "nvdCvss2Vectors": { - "type": "string" + "blockFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "nvdCvss3Score": { - "type": "number" + "enabled": { + "type": "boolean" }, - "nvdCvss3Severity": { - "type": "string" + "exceptionalBlockFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "nvdCvss3Vectors": { - "type": "string" + "exceptionalBlockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "nvdSeverity": { - "type": "string" + "exceptionalBlockFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "nvdUrl": { - "type": "string" + "filenameBlockLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring": { + "properties": { + "enabled": { + "type": "boolean", + "description": "If true, file integrity monitoring is enabled.\n" }, - "os": { - "type": "string" + "exceptionalMonitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be excluded from monitoring.\n" }, - "osVersion": { - "type": "string" + "exceptionalMonitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes to be excluded from monitoring.\n" }, - "permission": { - "type": "string" + "exceptionalMonitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users to be excluded from monitoring.\n" }, - "publishDate": { - "type": "string" + "monitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be monitored.\n" }, - "registry": { - "type": "string" + "monitoredFilesAttributes": { + "type": "boolean", + "description": "Whether to monitor file attribute operations.\n" }, - "repository": { - "type": "string" + "monitoredFilesCreate": { + "type": "boolean", + "description": "Whether to monitor file create operations.\n" }, - "resourceArchitecture": { - "type": "string" + "monitoredFilesDelete": { + "type": "boolean", + "description": "Whether to monitor file delete operations.\n" }, - "resourceCpe": { - "type": "string" + "monitoredFilesModify": { + "type": "boolean", + "description": "Whether to monitor file modify operations.\n" }, - "resourceFormat": { - "type": "string" + "monitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes associated with monitored files.\n" }, - "resourceHash": { - "type": "string" + "monitoredFilesRead": { + "type": "boolean", + "description": "Whether to monitor file read operations.\n" }, - "resourceLicenses": { + "monitoredFilesUsers": { "type": "array", "items": { "type": "string" - } + }, + "description": "List of users associated with monitored files.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege": { + "properties": { + "blockAddCapabilities": { + "type": "boolean", + "description": "Whether to block adding capabilities.\n" }, - "resourceName": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether container privilege limitations are enabled.\n" }, - "resourcePath": { - "type": "string" + "ipcmode": { + "type": "boolean", + "description": "Whether to limit IPC-related capabilities.\n" }, - "resourceType": { - "type": "string" + "netmode": { + "type": "boolean", + "description": "Whether to limit network-related capabilities.\n" }, - "resourceVersion": { - "type": "string" + "pidmode": { + "type": "boolean", + "description": "Whether to limit process-related capabilities.\n" }, - "severityClassification": { - "type": "string" + "preventLowPortBinding": { + "type": "boolean", + "description": "Whether to prevent low port binding.\n" }, - "solution": { - "type": "string" + "preventRootUser": { + "type": "boolean", + "description": "Whether to prevent the use of the root user.\n" }, - "temporalVector": { - "type": "string" + "privileged": { + "type": "boolean", + "description": "Whether the container is run in privileged mode.\n" }, - "vPatchAppliedBy": { - "type": "string" + "useHostUser": { + "type": "boolean", + "description": "Whether to use the host user.\n" }, - "vPatchAppliedOn": { - "type": "string" + "usermode": { + "type": "boolean", + "description": "Whether to limit user-related capabilities.\n" }, - "vPatchEnforcedBy": { - "type": "string" + "utsmode": { + "type": "boolean", + "description": "Whether to limit UTS-related capabilities.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities": { + "properties": { + "enabled": { + "type": "boolean" }, - "vPatchEnforcedOn": { - "type": "string" + "removeLinuxCapabilities": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions": { + "properties": { + "action": { + "type": "string", + "description": "Set Action, Defaults to 'Alert' when empty\n" }, - "vPatchPolicyEnforce": { - "type": "boolean" + "enabled": { + "type": "boolean", + "description": "Defines if enabled or not\n" }, - "vPatchPolicyName": { - "type": "string" + "excludeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" }, - "vPatchRevertedBy": { - "type": "string" + "excludeProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry processes to be excluded from being protected.\n" }, - "vPatchRevertedOn": { - "type": "string" + "includeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock": { + "properties": { + "blockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "vPatchStatus": { - "type": "string" + "blockPackagesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "vendorCvss2Score": { - "type": "number" + "enabled": { + "type": "boolean" }, - "vendorCvss2Vectors": { - "type": "string" + "exceptionalBlockPackagesFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "vendorSeverity": { - "type": "string" + "exceptionalBlockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "vendorStatement": { - "type": "string" + "exceptionalBlockPackagesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "vendorUrl": { - "type": "string" + "packagesBlackLists": { + "type": "array", + "items": { + "type": "string" + } } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "ackAuthor", - "ackComment", - "ackExpirationConfiguredAt", - "ackExpirationConfiguredBy", - "ackExpirationDays", - "ackScope", - "acknowledgeDate", - "ancestorPkg", - "aquaScore", - "aquaScoreClassification", - "aquaScoringSystem", - "aquaSeverity", - "aquaSeverityClassification", - "aquaVectors", - "auditEventsCount", - "blockEventsCount", - "classification", - "description", - "digest", - "exploitReference", - "exploitType", - "firstFoundDate", - "fixVersion", - "imageName", - "lastFoundDate", - "modificationDate", - "name", - "nvdCvss2Score", - "nvdCvss2Vectors", - "nvdCvss3Score", - "nvdCvss3Severity", - "nvdCvss3Vectors", - "nvdSeverity", - "nvdUrl", - "os", - "osVersion", - "permission", - "publishDate", - "registry", - "repository", - "resourceArchitecture", - "resourceCpe", - "resourceFormat", - "resourceHash", - "resourceLicenses", - "resourceName", - "resourcePath", - "resourceType", - "resourceVersion", - "severityClassification", - "solution", - "temporalVector", - "vPatchAppliedBy", - "vPatchAppliedOn", - "vPatchEnforcedBy", - "vPatchEnforcedOn", - "vPatchPolicyEnforce", - "vPatchPolicyName", - "vPatchRevertedBy", - "vPatchRevertedOn", - "vPatchStatus", - "vendorCvss2Score", - "vendorCvss2Vectors", - "vendorSeverity", - "vendorStatement", - "vendorUrl" - ] - } - } + "type": "object" }, - "aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption": { + "aquasec:index/FunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock": { "properties": { - "option": { - "type": "string" + "blockInboundPorts": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "type": "string" + "blockOutboundPorts": { + "type": "array", + "items": { + "type": "string" + } + }, + "enabled": { + "type": "boolean" } }, "type": "object" }, - "aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook": { + "aquasec:index/FunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles": { "properties": { - "authToken": { - "type": "string" - }, "enabled": { "type": "boolean" }, - "unQuarantine": { - "type": "boolean" + "exceptionalReadonlyFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "url": { - "type": "string" + "exceptionalReadonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "exceptionalReadonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyFiles": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "enabled", - "unQuarantine" - ] - } - } + "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime": { + "aquasec:index/FunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry": { "properties": { - "iteration": { - "type": "integer" + "enabled": { + "type": "boolean" }, - "iterationType": { - "type": "string" + "exceptionalReadonlyRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } }, - "time": { - "type": "string" + "exceptionalReadonlyRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "weekDays": { + "exceptionalReadonlyRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyRegistryUsers": { "type": "array", "items": { "type": "string" } } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "iteration", - "weekDays" - ] - } - } + "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck": { + "aquasec:index/FunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring": { "properties": { - "author": { - "type": "string", - "description": "Name of user account that created the policy.\n" + "enabled": { + "type": "boolean" }, - "description": { - "type": "string" + "exceptionalMonitoredRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } }, - "engine": { - "type": "string" + "exceptionalMonitoredRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "lastModified": { - "type": "integer" + "exceptionalMonitoredRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "name": { - "type": "string" + "monitoredRegistryAttributes": { + "type": "boolean" }, - "path": { - "type": "string" + "monitoredRegistryCreate": { + "type": "boolean" }, - "readOnly": { + "monitoredRegistryDelete": { "type": "boolean" }, - "scriptId": { - "type": "string" + "monitoredRegistryModify": { + "type": "boolean" }, - "severity": { - "type": "string" + "monitoredRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } }, - "snippet": { - "type": "string" + "monitoredRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "monitoredRegistryRead": { + "type": "boolean" + }, + "monitoredRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel": { + "aquasec:index/FunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume": { "properties": { - "key": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether restricted volumes are enabled.\n" }, - "value": { - "type": "string" + "volumes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of restricted volumes.\n" } }, "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList": { + "aquasec:index/FunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell": { "properties": { - "arch": { - "type": "string" - }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" + "blockReverseShell": { + "type": "boolean" }, - "format": { - "type": "string" + "enabled": { + "type": "boolean" }, - "license": { - "type": "string" + "reverseShellIpWhiteLists": { + "type": "array", + "items": { + "type": "string" + } }, - "name": { - "type": "string" + "reverseShellProcWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyScope:FunctionRuntimePolicyScope": { + "properties": { + "expression": { + "type": "string", + "description": "Scope expression.\n" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" + }, + "description": "List of variables in the scope.\n" + } + }, + "type": "object", + "required": [ + "expression", + "variables" + ] + }, + "aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string", + "description": "Class of supported scope.\n" + }, + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n" + }, + "value": { + "type": "string", + "description": "Value assigned to the attribute.\n" + } + }, + "type": "object", + "required": [ + "attribute", + "value" + ] + }, + "aquasec:index/FunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection": { + "properties": { + "auditSystemtimeChange": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "monitorAuditLogIntegrity": { + "type": "boolean" + }, + "windowsServicesMonitoring": { + "type": "boolean" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire": { + "properties": { + "applyOns": { + "type": "array", + "items": { + "type": "string" + } + }, + "enabled": { + "type": "boolean" + }, + "serverlessApp": { + "type": "string" + }, + "userId": { + "type": "string" + }, + "userPassword": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/FunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers": { + "properties": { + "enabled": { + "type": "boolean" + }, + "groupWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + }, + "userWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime": { + "properties": { + "iteration": { + "type": "integer" + }, + "iterationType": { + "type": "string" + }, + "time": { + "type": "string" + }, + "weekDays": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "iteration", + "weekDays" + ] + } + } + }, + "aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck": { + "properties": { + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "description": { + "type": "string" + }, + "engine": { + "type": "string" + }, + "lastModified": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "scriptId": { + "type": "string" + }, + "severity": { + "type": "string" + }, + "snippet": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList": { + "properties": { + "arch": { + "type": "string" + }, + "display": { + "type": "string" + }, + "epoch": { + "type": "string" + }, + "format": { + "type": "string" + }, + "license": { + "type": "string" + }, + "name": { + "type": "string" }, "release": { "type": "string" @@ -2159,7 +2602,7 @@ }, "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList": { + "aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" @@ -2191,7 +2634,24 @@ }, "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel": { + "aquasec:index/HostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings": { + "properties": { + "enforce": { + "type": "boolean" + }, + "isAuditChecked": { + "type": "boolean" + }, + "warn": { + "type": "boolean" + }, + "warningMessage": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" @@ -2202,7 +2662,7 @@ }, "type": "object" }, - "aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope": { + "aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope": { "properties": { "expression": { "type": "string" @@ -2210,7 +2670,7 @@ "variables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScopeVariable:KubernetesAssurancePolicyScopeVariable" + "$ref": "#/types/aquasec:index/HostAssurancePolicyScopeVariable:HostAssurancePolicyScopeVariable" } } }, @@ -2223,7 +2683,7 @@ } } }, - "aquasec:index/KubernetesAssurancePolicyScopeVariable:KubernetesAssurancePolicyScopeVariable": { + "aquasec:index/HostAssurancePolicyScopeVariable:HostAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" @@ -2245,7 +2705,7 @@ } } }, - "aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage": { + "aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" @@ -2256,994 +2716,847 @@ }, "type": "object" }, - "aquasec:index/RoleMappingLdap:RoleMappingLdap": { + "aquasec:index/HostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable": { "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { + "allowExecutables": { + "type": "array", + "items": { "type": "string" }, - "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n", - "willReplaceOnChanges": true - } - }, - "type": "object", - "required": [ - "roleMapping" - ] - }, - "aquasec:index/RoleMappingOauth2:RoleMappingOauth2": { - "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { + "description": "List of allowed executables.\n" + }, + "allowRootExecutables": { + "type": "array", + "items": { "type": "string" }, - "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n", - "willReplaceOnChanges": true + "description": "List of allowed root executables.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "separateExecutables": { + "type": "boolean", + "description": "Whether to treat executables separately.\n" } }, - "type": "object", - "required": [ - "roleMapping" - ] + "type": "object" }, - "aquasec:index/RoleMappingOpenid:RoleMappingOpenid": { + "aquasec:index/HostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry": { "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { + "allowedRegistries": { + "type": "array", + "items": { "type": "string" }, - "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n", - "willReplaceOnChanges": true + "description": "List of allowed registries.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed registries are enabled.\n" } }, - "type": "object", - "required": [ - "roleMapping" - ] + "type": "object" }, - "aquasec:index/RoleMappingSaml:RoleMappingSaml": { + "aquasec:index/HostRuntimePolicyAuditing:HostRuntimePolicyAuditing": { "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua\n", - "willReplaceOnChanges": true + "auditAllNetwork": { + "type": "boolean" + }, + "auditAllProcesses": { + "type": "boolean" + }, + "auditFailedLogin": { + "type": "boolean" + }, + "auditOsUserActivity": { + "type": "boolean" + }, + "auditProcessCmdline": { + "type": "boolean" + }, + "auditSuccessLogin": { + "type": "boolean" + }, + "auditUserAccountManagement": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" } }, - "type": "object", - "required": [ - "roleMapping" - ] + "type": "object" }, - "aquasec:index/ServiceScopeVariable:ServiceScopeVariable": { + "aquasec:index/HostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers": { "properties": { - "attribute": { - "type": "string", - "description": "Class of supported scope.\n" + "enabled": { + "type": "boolean" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n" + "groupBlackLists": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "type": "string", - "description": "Value assigned to the attribute.\n" + "userBlackLists": { + "type": "array", + "items": { + "type": "string" + } } }, "type": "object" }, - "aquasec:index/UserSaasGroup:UserSaasGroup": { + "aquasec:index/HostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope": { "properties": { - "groupAdmin": { - "type": "boolean" + "enabled": { + "type": "boolean", + "description": "Whether bypassing the scope is enabled.\n" }, - "name": { - "type": "string" + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyBypassScopeScope:HostRuntimePolicyBypassScopeScope" + }, + "description": "Scope configuration.\n" } }, "type": "object" }, - "aquasec:index/UserSaasLogin:UserSaasLogin": { + "aquasec:index/HostRuntimePolicyBypassScopeScope:HostRuntimePolicyBypassScopeScope": { "properties": { - "created": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "ipAddress": { - "type": "string" + "expression": { + "type": "string", + "description": "Scope expression.\n" }, - "userId": { - "type": "integer" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyBypassScopeScopeVariable:HostRuntimePolicyBypassScopeScopeVariable" + }, + "description": "List of variables in the scope.\n" } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "created", - "id", - "ipAddress", - "userId" - ] - } - } + "type": "object" }, - "aquasec:index/getAcknowledgesAcknowledge:getAcknowledgesAcknowledge": { + "aquasec:index/HostRuntimePolicyBypassScopeScopeVariable:HostRuntimePolicyBypassScopeScopeVariable": { "properties": { - "author": { - "type": "string" - }, - "comment": { - "type": "string" - }, - "date": { - "type": "string" - }, - "dockerId": { - "type": "string" - }, - "expirationConfiguredAt": { - "type": "string" - }, - "expirationConfiguredBy": { - "type": "string" - }, - "expirationDays": { - "type": "integer" - }, - "fixVersion": { - "type": "string" - }, - "imageName": { - "type": "string" - }, - "issueName": { - "type": "string" - }, - "issueType": { - "type": "string" - }, - "os": { - "type": "string" - }, - "osVersion": { - "type": "string" - }, - "permission": { - "type": "string" - }, - "registryName": { - "type": "string" - }, - "resourceCpe": { - "type": "string" - }, - "resourceFormat": { - "type": "string" - }, - "resourceHash": { - "type": "string" - }, - "resourceName": { - "type": "string" - }, - "resourcePath": { - "type": "string" - }, - "resourceType": { - "type": "string" + "attribute": { + "type": "string", + "description": "Variable attribute.\n" }, - "resourceVersion": { - "type": "string" + "value": { + "type": "string", + "description": "Variable value.\n" } }, - "type": "object", - "required": [ - "author", - "comment", - "date", - "dockerId", - "expirationConfiguredAt", - "expirationConfiguredBy", - "expirationDays", - "fixVersion", - "imageName", - "issueName", - "issueType", - "os", - "osVersion", - "permission", - "registryName", - "resourceCpe", - "resourceFormat", - "resourceHash", - "resourceName", - "resourcePath", - "resourceType", - "resourceVersion" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategory:getApplicationScopeCategory": { + "aquasec:index/HostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec": { "properties": { - "artifacts": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifact:getApplicationScopeCategoryArtifact" - } + "blockContainerExec": { + "type": "boolean" }, - "entityScopes": { + "containerExecProcWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryEntityScope:getApplicationScopeCategoryEntityScope" + "type": "string" } }, - "infrastructures": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructure:getApplicationScopeCategoryInfrastructure" - } + "enabled": { + "type": "boolean" }, - "workloads": { + "reverseShellIpWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkload:getApplicationScopeCategoryWorkload" + "type": "string" } } }, "type": "object" }, - "aquasec:index/getApplicationScopeCategoryArtifact:getApplicationScopeCategoryArtifact": { + "aquasec:index/HostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention": { "properties": { - "cfs": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactCf:getApplicationScopeCategoryArtifactCf" - } + "enabled": { + "type": "boolean", + "description": "Whether drift prevention is enabled.\n" }, - "functions": { + "execLockdown": { + "type": "boolean", + "description": "Whether to lockdown execution drift.\n" + }, + "execLockdownWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactFunction:getApplicationScopeCategoryArtifactFunction" - } + "type": "string" + }, + "description": "List of items in the execution lockdown white list.\n" }, - "images": { + "imageLockdown": { + "type": "boolean", + "description": "Whether to lockdown image drift.\n" + } + }, + "type": "object" + }, + "aquasec:index/HostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether the executable blacklist is enabled.\n" + }, + "executables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactImage:getApplicationScopeCategoryArtifactImage" - } + "type": "string" + }, + "description": "List of blacklisted executables.\n" } }, "type": "object" }, - "aquasec:index/getApplicationScopeCategoryArtifactCf:getApplicationScopeCategoryArtifactCf": { + "aquasec:index/HostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks": { "properties": { - "expression": { - "type": "string" + "enabled": { + "type": "boolean" }, - "variables": { + "failedChecks": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactCfVariable:getApplicationScopeCategoryArtifactCfVariable" + "type": "string" } } }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategoryArtifactCfVariable:getApplicationScopeCategoryArtifactCfVariable": { + "aquasec:index/HostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock": { "properties": { - "attribute": { - "type": "string" + "blockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "value": { - "type": "string" - } - }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryArtifactFunction:getApplicationScopeCategoryArtifactFunction": { - "properties": { - "expression": { - "type": "string" + "blockFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "variables": { + "enabled": { + "type": "boolean" + }, + "exceptionalBlockFiles": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactFunctionVariable:getApplicationScopeCategoryArtifactFunctionVariable" + "type": "string" } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryArtifactFunctionVariable:getApplicationScopeCategoryArtifactFunctionVariable": { - "properties": { - "attribute": { - "type": "string" }, - "value": { - "type": "string" + "exceptionalBlockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "exceptionalBlockFilesUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "filenameBlockLists": { + "type": "array", + "items": { + "type": "string" + } } }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategoryArtifactImage:getApplicationScopeCategoryArtifactImage": { + "aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring": { "properties": { - "expression": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "If true, file integrity monitoring is enabled.\n" }, - "variables": { + "exceptionalMonitoredFiles": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactImageVariable:getApplicationScopeCategoryArtifactImageVariable" - } + "type": "string" + }, + "description": "List of paths to be excluded from monitoring.\n" + }, + "exceptionalMonitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes to be excluded from monitoring.\n" + }, + "exceptionalMonitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users to be excluded from monitoring.\n" + }, + "monitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be monitored.\n" + }, + "monitoredFilesAttributes": { + "type": "boolean", + "description": "Whether to monitor file attribute operations.\n" + }, + "monitoredFilesCreate": { + "type": "boolean", + "description": "Whether to monitor file create operations.\n" + }, + "monitoredFilesDelete": { + "type": "boolean", + "description": "Whether to monitor file delete operations.\n" + }, + "monitoredFilesModify": { + "type": "boolean", + "description": "Whether to monitor file modify operations.\n" + }, + "monitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes associated with monitored files.\n" + }, + "monitoredFilesRead": { + "type": "boolean", + "description": "Whether to monitor file read operations.\n" + }, + "monitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users associated with monitored files.\n" } }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategoryArtifactImageVariable:getApplicationScopeCategoryArtifactImageVariable": { + "aquasec:index/HostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege": { "properties": { - "attribute": { - "type": "string" + "blockAddCapabilities": { + "type": "boolean", + "description": "Whether to block adding capabilities.\n" }, - "value": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether container privilege limitations are enabled.\n" + }, + "ipcmode": { + "type": "boolean", + "description": "Whether to limit IPC-related capabilities.\n" + }, + "netmode": { + "type": "boolean", + "description": "Whether to limit network-related capabilities.\n" + }, + "pidmode": { + "type": "boolean", + "description": "Whether to limit process-related capabilities.\n" + }, + "preventLowPortBinding": { + "type": "boolean", + "description": "Whether to prevent low port binding.\n" + }, + "preventRootUser": { + "type": "boolean", + "description": "Whether to prevent the use of the root user.\n" + }, + "privileged": { + "type": "boolean", + "description": "Whether the container is run in privileged mode.\n" + }, + "useHostUser": { + "type": "boolean", + "description": "Whether to use the host user.\n" + }, + "usermode": { + "type": "boolean", + "description": "Whether to limit user-related capabilities.\n" + }, + "utsmode": { + "type": "boolean", + "description": "Whether to limit UTS-related capabilities.\n" } }, "type": "object" }, - "aquasec:index/getApplicationScopeCategoryEntityScope:getApplicationScopeCategoryEntityScope": { + "aquasec:index/HostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities": { "properties": { - "expression": { - "type": "string" + "enabled": { + "type": "boolean" }, - "variables": { + "removeLinuxCapabilities": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryEntityScopeVariable:getApplicationScopeCategoryEntityScopeVariable" + "type": "string" } } }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategoryEntityScopeVariable:getApplicationScopeCategoryEntityScopeVariable": { + "aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions": { "properties": { - "attribute": { - "type": "string" + "action": { + "type": "string", + "description": "Set Action, Defaults to 'Alert' when empty\n" }, - "value": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Defines if enabled or not\n" + }, + "excludeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" + }, + "excludeProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry processes to be excluded from being protected.\n" + }, + "includeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" } }, - "type": "object", - "required": [ - "attribute", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategoryInfrastructure:getApplicationScopeCategoryInfrastructure": { + "aquasec:index/HostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock": { "properties": { - "kubernetes": { + "blockPackagesProcesses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureKubernete:getApplicationScopeCategoryInfrastructureKubernete" + "type": "string" } }, - "os": { + "blockPackagesUsers": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureO:getApplicationScopeCategoryInfrastructureO" + "type": "string" } - } - }, - "type": "object" - }, - "aquasec:index/getApplicationScopeCategoryInfrastructureKubernete:getApplicationScopeCategoryInfrastructureKubernete": { - "properties": { - "expression": { - "type": "string" }, - "variables": { + "enabled": { + "type": "boolean" + }, + "exceptionalBlockPackagesFiles": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureKuberneteVariable:getApplicationScopeCategoryInfrastructureKuberneteVariable" + "type": "string" } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryInfrastructureKuberneteVariable:getApplicationScopeCategoryInfrastructureKuberneteVariable": { - "properties": { - "attribute": { - "type": "string" }, - "value": { - "type": "string" - } - }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryInfrastructureO:getApplicationScopeCategoryInfrastructureO": { - "properties": { - "expression": { - "type": "string" + "exceptionalBlockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "variables": { + "exceptionalBlockPackagesUsers": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureOVariable:getApplicationScopeCategoryInfrastructureOVariable" + "type": "string" } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryInfrastructureOVariable:getApplicationScopeCategoryInfrastructureOVariable": { - "properties": { - "attribute": { - "type": "string" }, - "value": { - "type": "string" + "packagesBlackLists": { + "type": "array", + "items": { + "type": "string" + } } }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getApplicationScopeCategoryWorkload:getApplicationScopeCategoryWorkload": { + "aquasec:index/HostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock": { "properties": { - "cfs": { + "blockInboundPorts": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadCf:getApplicationScopeCategoryWorkloadCf" + "type": "string" } }, - "kubernetes": { + "blockOutboundPorts": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadKubernete:getApplicationScopeCategoryWorkloadKubernete" + "type": "string" } }, - "os": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadO:getApplicationScopeCategoryWorkloadO" - } + "enabled": { + "type": "boolean" } }, "type": "object" }, - "aquasec:index/getApplicationScopeCategoryWorkloadCf:getApplicationScopeCategoryWorkloadCf": { + "aquasec:index/HostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles": { "properties": { - "expression": { - "type": "string" + "enabled": { + "type": "boolean" }, - "variables": { + "exceptionalReadonlyFiles": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadCfVariable:getApplicationScopeCategoryWorkloadCfVariable" + "type": "string" } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryWorkloadCfVariable:getApplicationScopeCategoryWorkloadCfVariable": { - "properties": { - "attribute": { - "type": "string" }, - "value": { - "type": "string" - } - }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryWorkloadKubernete:getApplicationScopeCategoryWorkloadKubernete": { - "properties": { - "expression": { - "type": "string" + "exceptionalReadonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "variables": { + "exceptionalReadonlyFilesUsers": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadKuberneteVariable:getApplicationScopeCategoryWorkloadKuberneteVariable" + "type": "string" } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryWorkloadKuberneteVariable:getApplicationScopeCategoryWorkloadKuberneteVariable": { - "properties": { - "attribute": { - "type": "string" }, - "value": { - "type": "string" - } - }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryWorkloadO:getApplicationScopeCategoryWorkloadO": { - "properties": { - "expression": { - "type": "string" + "readonlyFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "variables": { + "readonlyFilesProcesses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadOVariable:getApplicationScopeCategoryWorkloadOVariable" + "type": "string" } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getApplicationScopeCategoryWorkloadOVariable:getApplicationScopeCategoryWorkloadOVariable": { - "properties": { - "attribute": { - "type": "string" }, - "value": { - "type": "string" + "readonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } } }, - "type": "object", - "required": [ - "attribute" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getAquaLabelsAquaLabel:getAquaLabelsAquaLabel": { + "aquasec:index/HostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry": { "properties": { - "author": { - "type": "string" - }, - "created": { - "type": "string" - }, - "description": { - "type": "string" + "enabled": { + "type": "boolean" }, - "name": { - "type": "string" - } - }, - "type": "object", - "required": [ - "author", - "created", - "description", - "name" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring": { - "properties": { - "excludedPaths": { + "exceptionalReadonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, - "excludedProcesses": { + "exceptionalReadonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, - "excludedUsers": { + "exceptionalReadonlyRegistryUsers": { "type": "array", "items": { "type": "string" } }, - "monitorAttributes": { - "type": "boolean" - }, - "monitorCreate": { - "type": "boolean" - }, - "monitorDelete": { - "type": "boolean" - }, - "monitorModify": { - "type": "boolean" - }, - "monitorRead": { - "type": "boolean" - }, - "monitoredPaths": { + "readonlyRegistryPaths": { "type": "array", "items": { "type": "string" } }, - "monitoredProcesses": { + "readonlyRegistryProcesses": { "type": "array", "items": { "type": "string" } }, - "monitoredUsers": { + "readonlyRegistryUsers": { "type": "array", "items": { "type": "string" } } }, - "type": "object", - "required": [ - "excludedPaths", - "excludedProcesses", - "excludedUsers", - "monitorAttributes", - "monitorCreate", - "monitorDelete", - "monitorModify", - "monitorRead", - "monitoredPaths", - "monitoredProcesses", - "monitoredUsers" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getContainerRuntimePolicyMalwareScanOption:getContainerRuntimePolicyMalwareScanOption": { + "aquasec:index/HostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring": { "properties": { - "action": { - "type": "string", - "description": "Set Action, Defaults to 'Alert' when empty\n" + "enabled": { + "type": "boolean" + }, + "exceptionalMonitoredRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "exceptionalMonitoredRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "exceptionalMonitoredRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "monitoredRegistryAttributes": { + "type": "boolean" + }, + "monitoredRegistryCreate": { + "type": "boolean" + }, + "monitoredRegistryDelete": { + "type": "boolean" + }, + "monitoredRegistryModify": { + "type": "boolean" }, + "monitoredRegistryPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "monitoredRegistryProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "monitoredRegistryRead": { + "type": "boolean" + }, + "monitoredRegistryUsers": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/HostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume": { + "properties": { "enabled": { "type": "boolean", - "description": "Defines if enabled or not\n" + "description": "Whether restricted volumes are enabled.\n" }, - "excludeDirectories": { + "volumes": { "type": "array", "items": { "type": "string" }, - "description": "List of registry paths to be excluded from being protected.\n" + "description": "List of restricted volumes.\n" + } + }, + "type": "object" + }, + "aquasec:index/HostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell": { + "properties": { + "blockReverseShell": { + "type": "boolean" }, - "excludeProcesses": { + "enabled": { + "type": "boolean" + }, + "reverseShellIpWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + }, + "reverseShellProcWhiteLists": { "type": "array", "items": { "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/HostRuntimePolicyScope:HostRuntimePolicyScope": { + "properties": { + "expression": { + "type": "string", + "description": "Scope expression.\n" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, - "description": "List of registry processes to be excluded from being protected.\n" + "description": "List of variables in the scope.\n" } }, "type": "object", "required": [ - "action", - "enabled", - "excludeDirectories", - "excludeProcesses" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "expression", + "variables" + ] }, - "aquasec:index/getContainerRuntimePolicyScopeVariable:getContainerRuntimePolicyScopeVariable": { + "aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable": { "properties": { "attribute": { - "type": "string" + "type": "string", + "description": "Class of supported scope.\n" }, "name": { - "type": "string" + "type": "string", + "description": "Name assigned to the attribute.\n" }, "value": { - "type": "string" + "type": "string", + "description": "Value assigned to the attribute.\n" } }, "type": "object", "required": [ "attribute", - "name", "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + ] }, - "aquasec:index/getEnforcerGroupsCommand:getEnforcerGroupsCommand": { + "aquasec:index/HostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection": { "properties": { - "default": { - "type": "string" + "auditSystemtimeChange": { + "type": "boolean" }, - "kubernetes": { - "type": "string" + "enabled": { + "type": "boolean" }, - "swarm": { - "type": "string" + "monitorAuditLogIntegrity": { + "type": "boolean" }, - "windows": { - "type": "string" + "windowsServicesMonitoring": { + "type": "boolean" } }, - "type": "object", - "required": [ - "default", - "kubernetes", - "swarm", - "windows" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getEnforcerGroupsOrchestrator:getEnforcerGroupsOrchestrator": { + "aquasec:index/HostRuntimePolicyTripwire:HostRuntimePolicyTripwire": { "properties": { - "master": { + "applyOns": { + "type": "array", + "items": { + "type": "string" + } + }, + "enabled": { "type": "boolean" }, - "namespace": { + "serverlessApp": { "type": "string" }, - "serviceAccount": { + "userId": { "type": "string" }, - "type": { + "userPassword": { "type": "string" } }, - "type": "object", - "required": [ - "master", - "namespace", - "serviceAccount", - "type" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "type": "object" + }, + "aquasec:index/HostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers": { + "properties": { + "enabled": { + "type": "boolean" + }, + "groupWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + }, + "userWhiteLists": { + "type": "array", + "items": { + "type": "string" + } } - } + }, + "type": "object" }, - "aquasec:index/getFirewallPolicyInboundNetwork:getFirewallPolicyInboundNetwork": { + "aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed": { "properties": { - "allow": { + "assuranceType": { + "type": "string" + }, + "blocking": { "type": "boolean" }, - "portRange": { + "control": { "type": "string" }, - "resource": { + "dtaSkipped": { + "type": "boolean" + }, + "dtaSkippedReason": { "type": "string" }, - "resourceType": { + "failed": { + "type": "boolean" + }, + "policyName": { "type": "string" } }, "type": "object", - "required": [ - "allow", - "portRange", - "resource", - "resourceType" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "assuranceType", + "blocking", + "control", + "dtaSkipped", + "dtaSkippedReason", + "failed", + "policyName" + ] } } }, - "aquasec:index/getFirewallPolicyOutboundNetwork:getFirewallPolicyOutboundNetwork": { + "aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime": { "properties": { - "allow": { - "type": "boolean", - "description": "Indicates whether the specified resources are allowed to receive data or requests.\n" + "iteration": { + "type": "integer" }, - "portRange": { - "type": "string", - "description": "Range of ports affected by firewall.\n" + "iterationType": { + "type": "string" }, - "resource": { - "type": "string", - "description": "Information of the resource.\n" + "time": { + "type": "string" }, - "resourceType": { - "type": "string", - "description": "Type of the resource.\n" + "weekDays": { + "type": "array", + "items": { + "type": "string" + } } }, - "type": "object", - "required": [ - "allow", - "portRange", - "resource", - "resourceType" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getFunctionAssurancePolicyAutoScanTime:getFunctionAssurancePolicyAutoScanTime": { - "properties": { - "iteration": { - "type": "integer" - }, - "iterationType": { - "type": "string" - }, - "time": { - "type": "string" - }, - "weekDays": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "type": "object", - "required": [ - "iteration", - "iterationType", - "time", - "weekDays" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getFunctionAssurancePolicyCustomCheck:getFunctionAssurancePolicyCustomCheck": { + "aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck": { "properties": { "author": { - "type": "string" + "type": "string", + "description": "Name of user account that created the policy.\n" }, "description": { "type": "string" @@ -3273,26 +3586,9 @@ "type": "string" } }, - "type": "object", - "required": [ - "author", - "description", - "engine", - "lastModified", - "name", - "path", - "readOnly", - "scriptId", - "severity", - "snippet" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getFunctionAssurancePolicyForbiddenLabel:getFunctionAssurancePolicyForbiddenLabel": { + "aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel": { "properties": { "key": { "type": "string" @@ -3301,18 +3597,38 @@ "type": "string" } }, - "type": "object", - "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "type": "object" + }, + "aquasec:index/ImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls": { + "properties": { + "avdId": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "ootb": { + "type": "boolean" + }, + "scriptId": { + "type": "integer" + }, + "severity": { + "type": "string" } - } + }, + "type": "object" }, - "aquasec:index/getFunctionAssurancePolicyPackagesBlackList:getFunctionAssurancePolicyPackagesBlackList": { + "aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList": { "properties": { "arch": { "type": "string" @@ -3342,25 +3658,9 @@ "type": "string" } }, - "type": "object", - "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getFunctionAssurancePolicyPackagesWhiteList:getFunctionAssurancePolicyPackagesWhiteList": { + "aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList": { "properties": { "arch": { "type": "string" @@ -3390,25 +3690,26 @@ "type": "string" } }, - "type": "object", - "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "type": "object" + }, + "aquasec:index/ImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings": { + "properties": { + "enforce": { + "type": "boolean" + }, + "isAuditChecked": { + "type": "boolean" + }, + "warn": { + "type": "boolean" + }, + "warningMessage": { + "type": "string" } - } + }, + "type": "object" }, - "aquasec:index/getFunctionAssurancePolicyRequiredLabel:getFunctionAssurancePolicyRequiredLabel": { + "aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" @@ -3417,18 +3718,9 @@ "type": "string" } }, - "type": "object", - "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getFunctionAssurancePolicyScope:getFunctionAssurancePolicyScope": { + "aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope": { "properties": { "expression": { "type": "string" @@ -3436,21 +3728,20 @@ "variables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getFunctionAssurancePolicyScopeVariable:getFunctionAssurancePolicyScopeVariable" + "$ref": "#/types/aquasec:index/ImageAssurancePolicyScopeVariable:ImageAssurancePolicyScopeVariable" } } }, "type": "object", - "required": [ - "expression" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "expression" + ] } } }, - "aquasec:index/getFunctionAssurancePolicyScopeVariable:getFunctionAssurancePolicyScopeVariable": { + "aquasec:index/ImageAssurancePolicyScopeVariable:ImageAssurancePolicyScopeVariable": { "properties": { "attribute": { "type": "string" @@ -3463,18 +3754,16 @@ } }, "type": "object", - "required": [ - "attribute", - "name", - "value" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "attribute", + "value" + ] } } }, - "aquasec:index/getFunctionAssurancePolicyTrustedBaseImage:getFunctionAssurancePolicyTrustedBaseImage": { + "aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage": { "properties": { "imagename": { "type": "string" @@ -3483,483 +3772,365 @@ "type": "string" } }, - "type": "object", - "required": [ - "imagename", - "registry" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getFunctionRuntimePolicyScopeVariable:getFunctionRuntimePolicyScopeVariable": { + "aquasec:index/ImageHistory:ImageHistory": { "properties": { - "attribute": { + "comment": { "type": "string" }, - "name": { + "created": { "type": "string" }, - "value": { + "createdBy": { "type": "string" + }, + "id": { + "type": "string" + }, + "size": { + "type": "integer" } }, "type": "object", - "required": [ - "attribute", - "name", - "value" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "comment", + "created", + "createdBy", + "id", + "size" + ] } } }, - "aquasec:index/getGatewaysGateway:getGatewaysGateway": { + "aquasec:index/ImageVulnerability:ImageVulnerability": { "properties": { - "description": { + "ackAuthor": { "type": "string" }, - "grpcAddress": { + "ackComment": { "type": "string" }, - "hostname": { + "ackExpirationConfiguredAt": { "type": "string" }, - "id": { + "ackExpirationConfiguredBy": { "type": "string" }, - "logicalname": { + "ackExpirationDays": { + "type": "integer" + }, + "ackScope": { "type": "string" }, - "publicAddress": { + "acknowledgeDate": { "type": "string" }, - "status": { + "ancestorPkg": { "type": "string" }, - "version": { + "aquaScore": { + "type": "number" + }, + "aquaScoreClassification": { "type": "string" - } - }, - "type": "object", - "required": [ - "description", - "grpcAddress", - "hostname", - "id", - "logicalname", - "publicAddress", - "status", - "version" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getGroupsGroup:getGroupsGroup": { - "properties": { - "created": { + }, + "aquaScoringSystem": { "type": "string" }, - "groupId": { + "aquaSeverity": { "type": "string" }, - "name": { + "aquaSeverityClassification": { "type": "string" - } - }, - "type": "object", - "required": [ - "created", - "groupId", - "name" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyAutoScanTime:getHostAssurancePolicyAutoScanTime": { - "properties": { - "iteration": { + }, + "aquaVectors": { + "type": "string" + }, + "auditEventsCount": { "type": "integer" }, - "iterationType": { + "blockEventsCount": { + "type": "integer" + }, + "classification": { "type": "string" }, - "time": { + "description": { "type": "string" }, - "weekDays": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "type": "object", - "required": [ - "iteration", - "iterationType", - "time", - "weekDays" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyCustomCheck:getHostAssurancePolicyCustomCheck": { - "properties": { - "author": { + "digest": { "type": "string" }, - "description": { + "exploitReference": { "type": "string" }, - "engine": { + "exploitType": { "type": "string" }, - "lastModified": { - "type": "integer" + "firstFoundDate": { + "type": "string" + }, + "fixVersion": { + "type": "string" + }, + "imageName": { + "type": "string" + }, + "lastFoundDate": { + "type": "string" + }, + "modificationDate": { + "type": "string" }, "name": { "type": "string" }, - "path": { + "nvdCvss2Score": { + "type": "number" + }, + "nvdCvss2Vectors": { "type": "string" }, - "readOnly": { - "type": "boolean" + "nvdCvss3Score": { + "type": "number" }, - "scriptId": { + "nvdCvss3Severity": { "type": "string" }, - "severity": { + "nvdCvss3Vectors": { "type": "string" }, - "snippet": { + "nvdSeverity": { "type": "string" - } - }, - "type": "object", - "required": [ - "author", - "description", - "engine", - "lastModified", - "name", - "path", - "readOnly", - "scriptId", - "severity", - "snippet" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyForbiddenLabel:getHostAssurancePolicyForbiddenLabel": { - "properties": { - "key": { + }, + "nvdUrl": { "type": "string" }, - "value": { + "os": { "type": "string" - } - }, - "type": "object", - "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyPackagesBlackList:getHostAssurancePolicyPackagesBlackList": { - "properties": { - "arch": { + }, + "osVersion": { "type": "string" }, - "display": { + "permission": { "type": "string" }, - "epoch": { + "publishDate": { "type": "string" }, - "format": { + "registry": { "type": "string" }, - "license": { + "repository": { "type": "string" }, - "name": { + "resourceArchitecture": { "type": "string" }, - "release": { + "resourceCpe": { "type": "string" }, - "version": { + "resourceFormat": { "type": "string" }, - "versionRange": { + "resourceHash": { "type": "string" - } - }, - "type": "object", - "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyPackagesWhiteList:getHostAssurancePolicyPackagesWhiteList": { - "properties": { - "arch": { + }, + "resourceLicenses": { + "type": "array", + "items": { + "type": "string" + } + }, + "resourceName": { "type": "string" }, - "display": { + "resourcePath": { "type": "string" }, - "epoch": { + "resourceType": { "type": "string" }, - "format": { + "resourceVersion": { "type": "string" }, - "license": { + "severityClassification": { "type": "string" }, - "name": { + "solution": { "type": "string" }, - "release": { + "temporalVector": { "type": "string" }, - "version": { + "vPatchAppliedBy": { "type": "string" }, - "versionRange": { + "vPatchAppliedOn": { "type": "string" - } - }, - "type": "object", - "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyRequiredLabel:getHostAssurancePolicyRequiredLabel": { - "properties": { - "key": { + }, + "vPatchEnforcedBy": { "type": "string" }, - "value": { + "vPatchEnforcedOn": { "type": "string" - } - }, - "type": "object", - "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyScope:getHostAssurancePolicyScope": { - "properties": { - "expression": { + }, + "vPatchPolicyEnforce": { + "type": "boolean" + }, + "vPatchPolicyName": { "type": "string" }, - "variables": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/getHostAssurancePolicyScopeVariable:getHostAssurancePolicyScopeVariable" - } - } - }, - "type": "object", - "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostAssurancePolicyScopeVariable:getHostAssurancePolicyScopeVariable": { - "properties": { - "attribute": { + "vPatchRevertedBy": { "type": "string" }, - "name": { + "vPatchRevertedOn": { "type": "string" }, - "value": { + "vPatchStatus": { + "type": "string" + }, + "vendorCvss2Score": { + "type": "number" + }, + "vendorCvss2Vectors": { + "type": "string" + }, + "vendorSeverity": { + "type": "string" + }, + "vendorStatement": { + "type": "string" + }, + "vendorUrl": { "type": "string" } }, "type": "object", - "required": [ - "attribute", - "name", - "value" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "ackAuthor", + "ackComment", + "ackExpirationConfiguredAt", + "ackExpirationConfiguredBy", + "ackExpirationDays", + "ackScope", + "acknowledgeDate", + "ancestorPkg", + "aquaScore", + "aquaScoreClassification", + "aquaScoringSystem", + "aquaSeverity", + "aquaSeverityClassification", + "aquaVectors", + "auditEventsCount", + "blockEventsCount", + "classification", + "description", + "digest", + "exploitReference", + "exploitType", + "firstFoundDate", + "fixVersion", + "imageName", + "lastFoundDate", + "modificationDate", + "name", + "nvdCvss2Score", + "nvdCvss2Vectors", + "nvdCvss3Score", + "nvdCvss3Severity", + "nvdCvss3Vectors", + "nvdSeverity", + "nvdUrl", + "os", + "osVersion", + "permission", + "publishDate", + "registry", + "repository", + "resourceArchitecture", + "resourceCpe", + "resourceFormat", + "resourceHash", + "resourceLicenses", + "resourceName", + "resourcePath", + "resourceType", + "resourceVersion", + "severityClassification", + "solution", + "temporalVector", + "vPatchAppliedBy", + "vPatchAppliedOn", + "vPatchEnforcedBy", + "vPatchEnforcedOn", + "vPatchPolicyEnforce", + "vPatchPolicyName", + "vPatchRevertedBy", + "vPatchRevertedOn", + "vPatchStatus", + "vendorCvss2Score", + "vendorCvss2Vectors", + "vendorSeverity", + "vendorStatement", + "vendorUrl" + ] } } }, - "aquasec:index/getHostAssurancePolicyTrustedBaseImage:getHostAssurancePolicyTrustedBaseImage": { + "aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption": { "properties": { - "imagename": { + "option": { "type": "string" }, - "registry": { + "value": { "type": "string" } }, - "type": "object", - "required": [ - "imagename", - "registry" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring": { + "aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook": { "properties": { - "excludedPaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "excludedProcesses": { - "type": "array", - "items": { - "type": "string" - } - }, - "excludedUsers": { - "type": "array", - "items": { - "type": "string" - } - }, - "monitorAttributes": { - "type": "boolean" - }, - "monitorCreate": { - "type": "boolean" - }, - "monitorDelete": { - "type": "boolean" + "authToken": { + "type": "string" }, - "monitorModify": { + "enabled": { "type": "boolean" }, - "monitorRead": { + "unQuarantine": { "type": "boolean" }, - "monitoredPaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "monitoredProcesses": { - "type": "array", - "items": { - "type": "string" - } - }, - "monitoredUsers": { - "type": "array", - "items": { - "type": "string" - } + "url": { + "type": "string" } }, "type": "object", - "required": [ - "excludedPaths", - "excludedProcesses", - "excludedUsers", - "monitorAttributes", - "monitorCreate", - "monitorDelete", - "monitorModify", - "monitorRead", - "monitoredPaths", - "monitoredProcesses", - "monitoredUsers" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "enabled", + "unQuarantine" + ] } } }, - "aquasec:index/getHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption": { + "aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime": { "properties": { - "action": { - "type": "string" + "iteration": { + "type": "integer" }, - "enabled": { - "type": "boolean" + "iterationType": { + "type": "string" }, - "excludeProcesses": { - "type": "array", - "items": { - "type": "string" - } + "time": { + "type": "string" }, - "includeDirectories": { + "weekDays": { "type": "array", "items": { "type": "string" @@ -3967,294 +4138,181 @@ } }, "type": "object", - "required": [ - "action", - "enabled", - "excludeProcesses", - "includeDirectories" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "iteration", + "weekDays" + ] } } }, - "aquasec:index/getHostRuntimePolicyScopeVariable:getHostRuntimePolicyScopeVariable": { + "aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck": { "properties": { - "attribute": { - "type": "string" + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" }, - "name": { + "description": { "type": "string" }, - "value": { + "engine": { "type": "string" - } - }, - "type": "object", - "required": [ - "attribute", - "name", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getHostRuntimePolicyWindowsRegistryMonitoring:getHostRuntimePolicyWindowsRegistryMonitoring": { - "properties": { - "excludedPaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "excludedProcesses": { - "type": "array", - "items": { - "type": "string" - } - }, - "excludedUsers": { - "type": "array", - "items": { - "type": "string" - } - }, - "monitorAttributes": { - "type": "boolean" }, - "monitorCreate": { - "type": "boolean" + "lastModified": { + "type": "integer" }, - "monitorDelete": { - "type": "boolean" + "name": { + "type": "string" }, - "monitorModify": { - "type": "boolean" + "path": { + "type": "string" }, - "monitorRead": { + "readOnly": { "type": "boolean" }, - "monitoredPaths": { - "type": "array", - "items": { - "type": "string" - } + "scriptId": { + "type": "string" }, - "monitoredProcesses": { - "type": "array", - "items": { - "type": "string" - } + "severity": { + "type": "string" }, - "monitoredUsers": { - "type": "array", - "items": { - "type": "string" - } + "snippet": { + "type": "string" } }, - "type": "object", - "required": [ - "excludedPaths", - "excludedProcesses", - "excludedUsers", - "monitorAttributes", - "monitorCreate", - "monitorDelete", - "monitorModify", - "monitorRead", - "monitoredPaths", - "monitoredProcesses", - "monitoredUsers" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "type": "object" + }, + "aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" } - } + }, + "type": "object" }, - "aquasec:index/getHostRuntimePolicyWindowsRegistryProtection:getHostRuntimePolicyWindowsRegistryProtection": { + "aquasec:index/KubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl": { "properties": { - "excludedPaths": { - "type": "array", - "items": { - "type": "string" - } + "avdId": { + "type": "string", + "description": "AVD ID.\n" }, - "excludedProcesses": { - "type": "array", - "items": { - "type": "string" - } + "description": { + "type": "string", + "description": "Description of the control.\n" }, - "excludedUsers": { - "type": "array", - "items": { - "type": "string" - } + "enabled": { + "type": "boolean", + "description": "Is the control enabled?\n" }, - "protectedPaths": { - "type": "array", - "items": { - "type": "string" - } + "kind": { + "type": "string", + "description": "Kind of the control.\n" }, - "protectedProcesses": { - "type": "array", - "items": { - "type": "string" - } + "name": { + "type": "string", + "description": "Name of the control.\n" }, - "protectedUsers": { - "type": "array", - "items": { - "type": "string" - } + "ootb": { + "type": "boolean", + "description": "Out-of-the-box status of the control.\n" + }, + "scriptId": { + "type": "integer", + "description": "Script ID.\n" + }, + "severity": { + "type": "string", + "description": "Severity of the control.\n" } }, - "type": "object", - "required": [ - "excludedPaths", - "excludedProcesses", - "excludedUsers", - "protectedPaths", - "protectedProcesses", - "protectedUsers" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getImageAssuranceChecksPerformed:getImageAssuranceChecksPerformed": { + "aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList": { "properties": { - "assuranceType": { + "arch": { "type": "string" }, - "blocking": { - "type": "boolean" - }, - "control": { + "display": { "type": "string" }, - "dtaSkipped": { - "type": "boolean" + "epoch": { + "type": "string" }, - "dtaSkippedReason": { + "format": { "type": "string" }, - "failed": { - "type": "boolean" + "license": { + "type": "string" }, - "policyName": { + "name": { "type": "string" - } - }, - "type": "object", - "required": [ - "assuranceType", - "blocking", - "control", - "dtaSkipped", - "dtaSkippedReason", - "failed", - "policyName" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getImageAssurancePolicyAutoScanTime:getImageAssurancePolicyAutoScanTime": { - "properties": { - "iteration": { - "type": "integer" }, - "iterationType": { + "release": { "type": "string" }, - "time": { + "version": { "type": "string" }, - "weekDays": { - "type": "array", - "items": { - "type": "string" - } + "versionRange": { + "type": "string" } }, - "type": "object", - "required": [ - "iteration", - "iterationType", - "time", - "weekDays" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getImageAssurancePolicyCustomCheck:getImageAssurancePolicyCustomCheck": { + "aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList": { "properties": { - "author": { + "arch": { "type": "string" }, - "description": { + "display": { "type": "string" }, - "engine": { + "epoch": { "type": "string" }, - "lastModified": { - "type": "integer" - }, - "name": { + "format": { "type": "string" }, - "path": { + "license": { "type": "string" }, - "readOnly": { - "type": "boolean" + "name": { + "type": "string" }, - "scriptId": { + "release": { "type": "string" }, - "severity": { + "version": { "type": "string" }, - "snippet": { + "versionRange": { "type": "string" } }, - "type": "object", - "required": [ - "author", - "description", - "engine", - "lastModified", - "name", - "path", - "readOnly", - "scriptId", - "severity", - "snippet" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "type": "object" + }, + "aquasec:index/KubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings": { + "properties": { + "enforce": { + "type": "boolean" + }, + "isAuditChecked": { + "type": "boolean" + }, + "warn": { + "type": "boolean" + }, + "warningMessage": { + "type": "string" } - } + }, + "type": "object" }, - "aquasec:index/getImageAssurancePolicyForbiddenLabel:getImageAssurancePolicyForbiddenLabel": { + "aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel": { "properties": { "key": { "type": "string" @@ -4263,503 +4321,524 @@ "type": "string" } }, - "type": "object", - "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getImageAssurancePolicyPackagesBlackList:getImageAssurancePolicyPackagesBlackList": { + "aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope": { "properties": { - "arch": { - "type": "string" - }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" - }, - "format": { - "type": "string" - }, - "license": { - "type": "string" - }, - "name": { - "type": "string" - }, - "release": { - "type": "string" - }, - "version": { + "expression": { "type": "string" }, - "versionRange": { - "type": "string" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScopeVariable:KubernetesAssurancePolicyScopeVariable" + } } }, "type": "object", - "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "expression" + ] } } }, - "aquasec:index/getImageAssurancePolicyPackagesWhiteList:getImageAssurancePolicyPackagesWhiteList": { + "aquasec:index/KubernetesAssurancePolicyScopeVariable:KubernetesAssurancePolicyScopeVariable": { "properties": { - "arch": { - "type": "string" - }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" - }, - "format": { - "type": "string" - }, - "license": { + "attribute": { "type": "string" }, "name": { "type": "string" }, - "release": { - "type": "string" - }, - "version": { - "type": "string" - }, - "versionRange": { + "value": { "type": "string" } }, "type": "object", - "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "attribute", + "value" + ] } } }, - "aquasec:index/getImageAssurancePolicyRequiredLabel:getImageAssurancePolicyRequiredLabel": { + "aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage": { "properties": { - "key": { + "imagename": { "type": "string" }, - "value": { + "registry": { "type": "string" } }, + "type": "object" + }, + "aquasec:index/RoleMappingLdap:RoleMappingLdap": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", + "willReplaceOnChanges": true + } + }, "type": "object", "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "roleMapping" + ] + }, + "aquasec:index/RoleMappingOauth2:RoleMappingOauth2": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", + "willReplaceOnChanges": true } - } + }, + "type": "object", + "required": [ + "roleMapping" + ] }, - "aquasec:index/getImageAssurancePolicyScope:getImageAssurancePolicyScope": { + "aquasec:index/RoleMappingOpenid:RoleMappingOpenid": { "properties": { - "expression": { - "type": "string" - }, - "variables": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/getImageAssurancePolicyScopeVariable:getImageAssurancePolicyScopeVariable" - } + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", + "willReplaceOnChanges": true } }, "type": "object", "required": [ - "expression" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "roleMapping" + ] + }, + "aquasec:index/RoleMappingSaml:RoleMappingSaml": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles.\n", + "willReplaceOnChanges": true } - } + }, + "type": "object", + "required": [ + "roleMapping" + ] }, - "aquasec:index/getImageAssurancePolicyScopeVariable:getImageAssurancePolicyScopeVariable": { + "aquasec:index/ServiceScopeVariable:ServiceScopeVariable": { "properties": { "attribute": { - "type": "string" + "type": "string", + "description": "Class of supported scope.\n" }, "name": { - "type": "string" + "type": "string", + "description": "Name assigned to the attribute.\n" }, "value": { - "type": "string" + "type": "string", + "description": "Value assigned to the attribute.\n" } }, - "type": "object", - "required": [ - "attribute", - "name", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getImageAssurancePolicyTrustedBaseImage:getImageAssurancePolicyTrustedBaseImage": { + "aquasec:index/UserSaasGroup:UserSaasGroup": { "properties": { - "imagename": { - "type": "string" + "groupAdmin": { + "type": "boolean" }, - "registry": { + "name": { "type": "string" } }, - "type": "object", - "required": [ - "imagename", - "registry" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getImageHistory:getImageHistory": { + "aquasec:index/UserSaasLogin:UserSaasLogin": { "properties": { - "comment": { - "type": "string" - }, "created": { "type": "string" }, - "createdBy": { - "type": "string" - }, "id": { + "type": "integer" + }, + "ipAddress": { "type": "string" }, - "size": { + "userId": { "type": "integer" } }, "type": "object", - "required": [ - "comment", - "created", - "createdBy", - "id", - "size" - ], "language": { "nodejs": { - "requiredInputs": [] + "requiredOutputs": [ + "created", + "id", + "ipAddress", + "userId" + ] } } }, - "aquasec:index/getImageVulnerability:getImageVulnerability": { + "aquasec:index/VmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime": { "properties": { - "ackAuthor": { + "iteration": { + "type": "integer" + }, + "iterationType": { "type": "string" }, - "ackComment": { + "time": { "type": "string" }, - "ackExpirationConfiguredAt": { + "weekDays": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "iteration", + "weekDays" + ] + } + } + }, + "aquasec:index/VmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck": { + "properties": { + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "description": { "type": "string" }, - "ackExpirationConfiguredBy": { + "engine": { "type": "string" }, - "ackExpirationDays": { + "lastModified": { "type": "integer" }, - "ackScope": { - "type": "string" - }, - "acknowledgeDate": { + "name": { "type": "string" }, - "ancestorPkg": { + "path": { "type": "string" }, - "aquaScore": { - "type": "number" + "readOnly": { + "type": "boolean" }, - "aquaScoreClassification": { + "scriptId": { "type": "string" }, - "aquaScoringSystem": { + "severity": { "type": "string" }, - "aquaSeverity": { + "snippet": { "type": "string" - }, - "aquaSeverityClassification": { + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel": { + "properties": { + "key": { "type": "string" }, - "aquaVectors": { + "value": { "type": "string" - }, - "auditEventsCount": { - "type": "integer" - }, - "blockEventsCount": { - "type": "integer" - }, - "classification": { + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl": { + "properties": { + "avdId": { "type": "string" }, "description": { "type": "string" }, - "digest": { - "type": "string" + "enabled": { + "type": "boolean" }, - "exploitReference": { + "kind": { "type": "string" }, - "exploitType": { + "name": { "type": "string" }, - "firstFoundDate": { + "ootb": { + "type": "boolean" + }, + "scriptId": { + "type": "integer" + }, + "severity": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList": { + "properties": { + "arch": { "type": "string" }, - "fixVersion": { + "display": { "type": "string" }, - "imageName": { + "epoch": { "type": "string" }, - "lastFoundDate": { + "format": { "type": "string" }, - "modificationDate": { + "license": { "type": "string" }, "name": { "type": "string" }, - "nvdCvss2Score": { - "type": "number" - }, - "nvdCvss2Vectors": { + "release": { "type": "string" }, - "nvdCvss3Score": { - "type": "number" - }, - "nvdCvss3Severity": { + "version": { "type": "string" }, - "nvdCvss3Vectors": { + "versionRange": { "type": "string" - }, - "nvdSeverity": { + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList": { + "properties": { + "arch": { "type": "string" }, - "nvdUrl": { + "display": { "type": "string" }, - "os": { + "epoch": { "type": "string" }, - "osVersion": { + "format": { "type": "string" }, - "permission": { + "license": { "type": "string" }, - "publishDate": { + "name": { "type": "string" }, - "registry": { + "release": { "type": "string" }, - "repository": { + "version": { "type": "string" }, - "resourceArchitecture": { + "versionRange": { "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings": { + "properties": { + "enforce": { + "type": "boolean" }, - "resourceCpe": { - "type": "string" + "isAuditChecked": { + "type": "boolean" }, - "resourceFormat": { + "warn": { + "type": "boolean" + }, + "warningMessage": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel": { + "properties": { + "key": { "type": "string" }, - "resourceHash": { + "value": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/VmwareAssurancePolicyScope:VmwareAssurancePolicyScope": { + "properties": { + "expression": { "type": "string" }, - "resourceLicenses": { + "variables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyScopeVariable:VmwareAssurancePolicyScopeVariable" } - }, - "resourceName": { + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "expression" + ] + } + } + }, + "aquasec:index/VmwareAssurancePolicyScopeVariable:VmwareAssurancePolicyScopeVariable": { + "properties": { + "attribute": { "type": "string" }, - "resourcePath": { + "name": { "type": "string" }, - "resourceType": { + "value": { "type": "string" - }, - "resourceVersion": { + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "attribute", + "value" + ] + } + } + }, + "aquasec:index/VmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage": { + "properties": { + "imagename": { "type": "string" }, - "severityClassification": { + "registry": { "type": "string" - }, - "solution": { + } + }, + "type": "object" + }, + "aquasec:index/getAcknowledgesAcknowledge:getAcknowledgesAcknowledge": { + "properties": { + "author": { "type": "string" }, - "temporalVector": { + "comment": { "type": "string" }, - "vPatchAppliedBy": { + "date": { "type": "string" }, - "vPatchAppliedOn": { + "dockerId": { "type": "string" }, - "vPatchEnforcedBy": { + "expirationConfiguredAt": { "type": "string" }, - "vPatchEnforcedOn": { + "expirationConfiguredBy": { "type": "string" }, - "vPatchPolicyEnforce": { - "type": "boolean" + "expirationDays": { + "type": "integer" }, - "vPatchPolicyName": { + "fixVersion": { "type": "string" }, - "vPatchRevertedBy": { + "imageName": { "type": "string" }, - "vPatchRevertedOn": { + "issueName": { "type": "string" }, - "vPatchStatus": { + "issueType": { "type": "string" }, - "vendorCvss2Score": { - "type": "number" + "os": { + "type": "string" }, - "vendorCvss2Vectors": { + "osVersion": { "type": "string" }, - "vendorSeverity": { + "permission": { "type": "string" }, - "vendorStatement": { + "registryName": { "type": "string" }, - "vendorUrl": { + "resourceCpe": { + "type": "string" + }, + "resourceFormat": { + "type": "string" + }, + "resourceHash": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourcePath": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "resourceVersion": { "type": "string" } }, "type": "object", "required": [ - "ackAuthor", - "ackComment", - "ackExpirationConfiguredAt", - "ackExpirationConfiguredBy", - "ackExpirationDays", - "ackScope", - "acknowledgeDate", - "ancestorPkg", - "aquaScore", - "aquaScoreClassification", - "aquaScoringSystem", - "aquaSeverity", - "aquaSeverityClassification", - "aquaVectors", - "auditEventsCount", - "blockEventsCount", - "classification", - "description", - "digest", - "exploitReference", - "exploitType", - "firstFoundDate", + "author", + "comment", + "date", + "dockerId", + "expirationConfiguredAt", + "expirationConfiguredBy", + "expirationDays", "fixVersion", "imageName", - "lastFoundDate", - "modificationDate", - "name", - "nvdCvss2Score", - "nvdCvss2Vectors", - "nvdCvss3Score", - "nvdCvss3Severity", - "nvdCvss3Vectors", - "nvdSeverity", - "nvdUrl", + "issueName", + "issueType", "os", "osVersion", "permission", - "publishDate", - "registry", - "repository", - "resourceArchitecture", + "registryName", "resourceCpe", "resourceFormat", "resourceHash", - "resourceLicenses", "resourceName", "resourcePath", "resourceType", - "resourceVersion", - "severityClassification", - "solution", - "temporalVector", - "vPatchAppliedBy", - "vPatchAppliedOn", - "vPatchEnforcedBy", - "vPatchEnforcedOn", - "vPatchPolicyEnforce", - "vPatchPolicyName", - "vPatchRevertedBy", - "vPatchRevertedOn", - "vPatchStatus", - "vendorCvss2Score", - "vendorCvss2Vectors", - "vendorSeverity", - "vendorStatement", - "vendorUrl" + "resourceVersion" ], "language": { "nodejs": { @@ -4767,86 +4846,73 @@ } } }, - "aquasec:index/getIntegrationRegistriesOption:getIntegrationRegistriesOption": { - "properties": { - "option": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "aquasec:index/getIntegrationRegistriesWebhook:getIntegrationRegistriesWebhook": { + "aquasec:index/getApplicationScopeCategory:getApplicationScopeCategory": { "properties": { - "authToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" + "artifacts": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifact:getApplicationScopeCategoryArtifact" + } }, - "unQuarantine": { - "type": "boolean" + "entityScopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryEntityScope:getApplicationScopeCategoryEntityScope" + } }, - "url": { - "type": "string" - } - }, - "type": "object" - }, - "aquasec:index/getIntegrationRegistryOption:getIntegrationRegistryOption": { - "properties": { - "option": { - "type": "string" + "infrastructures": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructure:getApplicationScopeCategoryInfrastructure" + } }, - "value": { - "type": "string" + "workloads": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkload:getApplicationScopeCategoryWorkload" + } } }, "type": "object" }, - "aquasec:index/getIntegrationRegistryWebhook:getIntegrationRegistryWebhook": { + "aquasec:index/getApplicationScopeCategoryArtifact:getApplicationScopeCategoryArtifact": { "properties": { - "authToken": { - "type": "string" - }, - "enabled": { - "type": "boolean" + "cfs": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactCf:getApplicationScopeCategoryArtifactCf" + } }, - "unQuarantine": { - "type": "boolean" + "functions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactFunction:getApplicationScopeCategoryArtifactFunction" + } }, - "url": { - "type": "string" + "images": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactImage:getApplicationScopeCategoryArtifactImage" + } } }, "type": "object" }, - "aquasec:index/getKubernetesAssurancePolicyAutoScanTime:getKubernetesAssurancePolicyAutoScanTime": { + "aquasec:index/getApplicationScopeCategoryArtifactCf:getApplicationScopeCategoryArtifactCf": { "properties": { - "iteration": { - "type": "integer" - }, - "iterationType": { - "type": "string" - }, - "time": { + "expression": { "type": "string" }, - "weekDays": { + "variables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactCfVariable:getApplicationScopeCategoryArtifactCfVariable" } } }, "type": "object", "required": [ - "iteration", - "iterationType", - "time", - "weekDays" + "expression" ], "language": { "nodejs": { @@ -4854,51 +4920,18 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyCustomCheck:getKubernetesAssurancePolicyCustomCheck": { + "aquasec:index/getApplicationScopeCategoryArtifactCfVariable:getApplicationScopeCategoryArtifactCfVariable": { "properties": { - "author": { - "type": "string" - }, - "description": { - "type": "string" - }, - "engine": { - "type": "string" - }, - "lastModified": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "path": { - "type": "string" - }, - "readOnly": { - "type": "boolean" - }, - "scriptId": { - "type": "string" - }, - "severity": { + "attribute": { "type": "string" }, - "snippet": { + "value": { "type": "string" } }, "type": "object", "required": [ - "author", - "description", - "engine", - "lastModified", - "name", - "path", - "readOnly", - "scriptId", - "severity", - "snippet" + "attribute" ], "language": { "nodejs": { @@ -4906,19 +4939,21 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyForbiddenLabel:getKubernetesAssurancePolicyForbiddenLabel": { + "aquasec:index/getApplicationScopeCategoryArtifactFunction:getApplicationScopeCategoryArtifactFunction": { "properties": { - "key": { + "expression": { "type": "string" }, - "value": { - "type": "string" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactFunctionVariable:getApplicationScopeCategoryArtifactFunctionVariable" + } } }, "type": "object", "required": [ - "key", - "value" + "expression" ], "language": { "nodejs": { @@ -4926,47 +4961,18 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyPackagesBlackList:getKubernetesAssurancePolicyPackagesBlackList": { + "aquasec:index/getApplicationScopeCategoryArtifactFunctionVariable:getApplicationScopeCategoryArtifactFunctionVariable": { "properties": { - "arch": { + "attribute": { "type": "string" }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" - }, - "format": { - "type": "string" - }, - "license": { - "type": "string" - }, - "name": { - "type": "string" - }, - "release": { - "type": "string" - }, - "version": { - "type": "string" - }, - "versionRange": { + "value": { "type": "string" } }, "type": "object", "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" + "attribute" ], "language": { "nodejs": { @@ -4974,47 +4980,21 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyPackagesWhiteList:getKubernetesAssurancePolicyPackagesWhiteList": { + "aquasec:index/getApplicationScopeCategoryArtifactImage:getApplicationScopeCategoryArtifactImage": { "properties": { - "arch": { - "type": "string" - }, - "display": { - "type": "string" - }, - "epoch": { - "type": "string" - }, - "format": { - "type": "string" - }, - "license": { - "type": "string" - }, - "name": { - "type": "string" - }, - "release": { - "type": "string" - }, - "version": { + "expression": { "type": "string" }, - "versionRange": { - "type": "string" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryArtifactImageVariable:getApplicationScopeCategoryArtifactImageVariable" + } } }, "type": "object", "required": [ - "arch", - "display", - "epoch", - "format", - "license", - "name", - "release", - "version", - "versionRange" + "expression" ], "language": { "nodejs": { @@ -5022,27 +5002,18 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyRequiredLabel:getKubernetesAssurancePolicyRequiredLabel": { + "aquasec:index/getApplicationScopeCategoryArtifactImageVariable:getApplicationScopeCategoryArtifactImageVariable": { "properties": { - "key": { + "attribute": { "type": "string" }, "value": { "type": "string" } }, - "type": "object", - "required": [ - "key", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getKubernetesAssurancePolicyScope:getKubernetesAssurancePolicyScope": { + "aquasec:index/getApplicationScopeCategoryEntityScope:getApplicationScopeCategoryEntityScope": { "properties": { "expression": { "type": "string" @@ -5050,7 +5021,7 @@ "variables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getKubernetesAssurancePolicyScopeVariable:getKubernetesAssurancePolicyScopeVariable" + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryEntityScopeVariable:getApplicationScopeCategoryEntityScopeVariable" } } }, @@ -5064,14 +5035,11 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyScopeVariable:getKubernetesAssurancePolicyScopeVariable": { + "aquasec:index/getApplicationScopeCategoryEntityScopeVariable:getApplicationScopeCategoryEntityScopeVariable": { "properties": { "attribute": { "type": "string" }, - "name": { - "type": "string" - }, "value": { "type": "string" } @@ -5079,7 +5047,6 @@ "type": "object", "required": [ "attribute", - "name", "value" ], "language": { @@ -5088,19 +5055,38 @@ } } }, - "aquasec:index/getKubernetesAssurancePolicyTrustedBaseImage:getKubernetesAssurancePolicyTrustedBaseImage": { + "aquasec:index/getApplicationScopeCategoryInfrastructure:getApplicationScopeCategoryInfrastructure": { "properties": { - "imagename": { - "type": "string" + "kubernetes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureKubernete:getApplicationScopeCategoryInfrastructureKubernete" + } }, - "registry": { + "os": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureO:getApplicationScopeCategoryInfrastructureO" + } + } + }, + "type": "object" + }, + "aquasec:index/getApplicationScopeCategoryInfrastructureKubernete:getApplicationScopeCategoryInfrastructureKubernete": { + "properties": { + "expression": { "type": "string" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureKuberneteVariable:getApplicationScopeCategoryInfrastructureKuberneteVariable" + } } }, "type": "object", "required": [ - "imagename", - "registry" + "expression" ], "language": { "nodejs": { @@ -5108,45 +5094,18 @@ } } }, - "aquasec:index/getNotificationsEmail:getNotificationsEmail": { + "aquasec:index/getApplicationScopeCategoryInfrastructureKuberneteVariable:getApplicationScopeCategoryInfrastructureKuberneteVariable": { "properties": { - "author": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "lastUpdated": { - "type": "string" - }, - "name": { + "attribute": { "type": "string" }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "type": { + "value": { "type": "string" } }, "type": "object", "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" + "attribute" ], "language": { "nodejs": { @@ -5154,45 +5113,21 @@ } } }, - "aquasec:index/getNotificationsJira:getNotificationsJira": { + "aquasec:index/getApplicationScopeCategoryInfrastructureO:getApplicationScopeCategoryInfrastructureO": { "properties": { - "author": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "lastUpdated": { - "type": "string" - }, - "name": { + "expression": { "type": "string" }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryInfrastructureOVariable:getApplicationScopeCategoryInfrastructureOVariable" } - }, - "type": { - "type": "string" } }, "type": "object", "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" + "expression" ], "language": { "nodejs": { @@ -5200,45 +5135,18 @@ } } }, - "aquasec:index/getNotificationsServicenow:getNotificationsServicenow": { + "aquasec:index/getApplicationScopeCategoryInfrastructureOVariable:getApplicationScopeCategoryInfrastructureOVariable": { "properties": { - "author": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "lastUpdated": { - "type": "string" - }, - "name": { + "attribute": { "type": "string" }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "type": { + "value": { "type": "string" } }, "type": "object", "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" + "attribute" ], "language": { "nodejs": { @@ -5246,91 +5154,44 @@ } } }, - "aquasec:index/getNotificationsSlack:getNotificationsSlack": { + "aquasec:index/getApplicationScopeCategoryWorkload:getApplicationScopeCategoryWorkload": { "properties": { - "author": { - "type": "string" + "cfs": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadCf:getApplicationScopeCategoryWorkloadCf" + } }, - "id": { - "type": "integer" + "kubernetes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadKubernete:getApplicationScopeCategoryWorkloadKubernete" + } }, - "lastUpdated": { - "type": "string" - }, - "name": { - "type": "string" - }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" + "os": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadO:getApplicationScopeCategoryWorkloadO" } - }, - "type": { - "type": "string" } }, - "type": "object", - "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getNotificationsSplunk:getNotificationsSplunk": { + "aquasec:index/getApplicationScopeCategoryWorkloadCf:getApplicationScopeCategoryWorkloadCf": { "properties": { - "author": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "lastUpdated": { - "type": "string" - }, - "name": { + "expression": { "type": "string" }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadCfVariable:getApplicationScopeCategoryWorkloadCfVariable" } - }, - "type": { - "type": "string" } }, "type": "object", "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" + "expression" ], "language": { "nodejs": { @@ -5338,45 +5199,18 @@ } } }, - "aquasec:index/getNotificationsTeam:getNotificationsTeam": { + "aquasec:index/getApplicationScopeCategoryWorkloadCfVariable:getApplicationScopeCategoryWorkloadCfVariable": { "properties": { - "author": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "lastUpdated": { - "type": "string" - }, - "name": { + "attribute": { "type": "string" }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "type": { + "value": { "type": "string" } }, "type": "object", "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" + "attribute" ], "language": { "nodejs": { @@ -5384,45 +5218,21 @@ } } }, - "aquasec:index/getNotificationsWebhook:getNotificationsWebhook": { + "aquasec:index/getApplicationScopeCategoryWorkloadKubernete:getApplicationScopeCategoryWorkloadKubernete": { "properties": { - "author": { - "type": "string" - }, - "id": { - "type": "integer" - }, - "lastUpdated": { - "type": "string" - }, - "name": { + "expression": { "type": "string" }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadKuberneteVariable:getApplicationScopeCategoryWorkloadKuberneteVariable" } - }, - "type": { - "type": "string" } }, "type": "object", "required": [ - "author", - "id", - "lastUpdated", - "name", - "properties", - "template", - "type" + "expression" ], "language": { "nodejs": { @@ -5430,61 +5240,18 @@ } } }, - "aquasec:index/getPermissionsSetsPermissionsSet:getPermissionsSetsPermissionsSet": { + "aquasec:index/getApplicationScopeCategoryWorkloadKuberneteVariable:getApplicationScopeCategoryWorkloadKuberneteVariable": { "properties": { - "actions": { - "type": "array", - "items": { - "type": "string" - } - }, - "author": { - "type": "string" - }, - "description": { - "type": "string" - }, - "isSuper": { - "type": "boolean" - }, - "name": { + "attribute": { "type": "string" }, - "uiAccess": { - "type": "boolean" - }, - "updatedAt": { + "value": { "type": "string" } }, "type": "object", "required": [ - "actions", - "author", - "description", - "isSuper", - "name", - "uiAccess", - "updatedAt" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getRolesMappingLdap:getRolesMappingLdap": { - "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "type": "object", - "required": [ - "roleMapping" + "attribute" ], "language": { "nodejs": { @@ -5492,18 +5259,21 @@ } } }, - "aquasec:index/getRolesMappingOauth2:getRolesMappingOauth2": { + "aquasec:index/getApplicationScopeCategoryWorkloadO:getApplicationScopeCategoryWorkloadO": { "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { - "type": "string" + "expression": { + "type": "string" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getApplicationScopeCategoryWorkloadOVariable:getApplicationScopeCategoryWorkloadOVariable" } } }, "type": "object", "required": [ - "roleMapping" + "expression" ], "language": { "nodejs": { @@ -5511,18 +5281,18 @@ } } }, - "aquasec:index/getRolesMappingOpenid:getRolesMappingOpenid": { + "aquasec:index/getApplicationScopeCategoryWorkloadOVariable:getApplicationScopeCategoryWorkloadOVariable": { "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { - "type": "string" - } + "attribute": { + "type": "string" + }, + "value": { + "type": "string" } }, "type": "object", "required": [ - "roleMapping" + "attribute" ], "language": { "nodejs": { @@ -5530,34 +5300,27 @@ } } }, - "aquasec:index/getRolesMappingSaasRolesMapping:getRolesMappingSaasRolesMapping": { + "aquasec:index/getAquaLabelsAquaLabel:getAquaLabelsAquaLabel": { "properties": { - "accountId": { - "type": "integer" + "author": { + "type": "string" }, "created": { "type": "string" }, - "cspRole": { + "description": { "type": "string" }, - "id": { - "type": "integer" - }, - "samlGroups": { - "type": "array", - "items": { - "type": "string" - } + "name": { + "type": "string" } }, "type": "object", "required": [ - "accountId", + "author", "created", - "cspRole", - "id", - "samlGroups" + "description", + "name" ], "language": { "nodejs": { @@ -5565,2290 +5328,7883 @@ } } }, - "aquasec:index/getRolesMappingSaml:getRolesMappingSaml": { + "aquasec:index/getContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable": { "properties": { - "roleMapping": { - "type": "object", - "additionalProperties": { + "allowExecutables": { + "type": "array", + "items": { "type": "string" - } + }, + "description": "List of allowed executables.\n" + }, + "allowRootExecutables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed root executables.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "separateExecutables": { + "type": "boolean", + "description": "Whether to treat executables separately.\n" } }, - "type": "object", - "required": [ - "roleMapping" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getRolesRole:getRolesRole": { + "aquasec:index/getContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry": { "properties": { - "description": { - "type": "string" - }, - "name": { - "type": "string" - }, - "permission": { - "type": "string" - }, - "scopes": { + "allowedRegistries": { "type": "array", "items": { "type": "string" - } + }, + "description": "List of allowed registries.\n" }, - "updatedAt": { - "type": "string" + "enabled": { + "type": "boolean", + "description": "Whether allowed registries are enabled.\n" } }, - "type": "object", - "required": [ - "description", - "name", - "permission", - "scopes", - "updatedAt" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getServiceScopeVariable:getServiceScopeVariable": { + "aquasec:index/getContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing": { "properties": { - "attribute": { - "type": "string" + "auditAllNetwork": { + "type": "boolean" }, - "name": { - "type": "string" + "auditAllProcesses": { + "type": "boolean" }, - "value": { - "type": "string" + "auditFailedLogin": { + "type": "boolean" + }, + "auditOsUserActivity": { + "type": "boolean" + }, + "auditProcessCmdline": { + "type": "boolean" + }, + "auditSuccessLogin": { + "type": "boolean" + }, + "auditUserAccountManagement": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" } }, - "type": "object", - "required": [ - "attribute", - "name", - "value" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getUsersSaasUser:getUsersSaasUser": { + "aquasec:index/getContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec": { "properties": { - "accountAdmin": { + "blockContainerExec": { "type": "boolean" }, - "confirmed": { + "containerExecProcWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + }, + "enabled": { "type": "boolean" }, - "created": { - "type": "string" + "reverseShellIpWhiteLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/getContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock": { + "properties": { + "blockFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "cspRoles": { + "blockFilesUsers": { "type": "array", "items": { "type": "string" } }, - "dashboard": { + "enabled": { "type": "boolean" }, - "email": { - "type": "string" + "exceptionalBlockFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "groups": { + "exceptionalBlockFilesProcesses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getUsersSaasUserGroup:getUsersSaasUserGroup" + "type": "string" } }, - "logins": { + "exceptionalBlockFilesUsers": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/getUsersSaasUserLogin:getUsersSaasUserLogin" + "type": "string" } }, - "multiaccount": { - "type": "boolean" + "filenameBlockLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/getContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring": { + "properties": { + "enabled": { + "type": "boolean", + "description": "If true, file integrity monitoring is enabled.\n" }, - "passwordReset": { - "type": "boolean" + "exceptionalMonitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be excluded from monitoring.\n" }, - "provider": { - "type": "string" + "exceptionalMonitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes to be excluded from monitoring.\n" }, - "sendAnnouncements": { - "type": "boolean" + "exceptionalMonitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users to be excluded from monitoring.\n" }, - "sendNewPlugins": { - "type": "boolean" + "monitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be monitored.\n" }, - "sendNewRisks": { - "type": "boolean" + "monitoredFilesAttributes": { + "type": "boolean", + "description": "Whether to monitor file attribute operations.\n" }, - "sendScanResults": { - "type": "boolean" + "monitoredFilesCreate": { + "type": "boolean", + "description": "Whether to monitor file create operations.\n" }, - "userId": { - "type": "string" - } - }, - "type": "object", - "required": [ - "accountAdmin", - "confirmed", - "created", - "cspRoles", - "dashboard", - "email", - "groups", - "logins", - "multiaccount", - "passwordReset", - "provider", - "sendAnnouncements", - "sendNewPlugins", - "sendNewRisks", - "sendScanResults", - "userId" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } - }, - "aquasec:index/getUsersSaasUserGroup:getUsersSaasUserGroup": { - "properties": { - "created": { - "type": "string" + "monitoredFilesDelete": { + "type": "boolean", + "description": "Whether to monitor file delete operations.\n" }, - "id": { - "type": "integer" + "monitoredFilesModify": { + "type": "boolean", + "description": "Whether to monitor file modify operations.\n" }, - "name": { - "type": "string" + "monitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes associated with monitored files.\n" + }, + "monitoredFilesRead": { + "type": "boolean", + "description": "Whether to monitor file read operations.\n" + }, + "monitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users associated with monitored files.\n" } }, - "type": "object", - "required": [ - "created", - "id", - "name" - ], - "language": { - "nodejs": { - "requiredInputs": [] - } - } + "type": "object" }, - "aquasec:index/getUsersSaasUserLogin:getUsersSaasUserLogin": { + "aquasec:index/getContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege": { "properties": { - "created": { - "type": "string" + "blockAddCapabilities": { + "type": "boolean", + "description": "Whether to block adding capabilities.\n" }, - "id": { - "type": "integer" + "enabled": { + "type": "boolean", + "description": "Whether container privilege limitations are enabled.\n" }, - "ipAddress": { - "type": "string" + "ipcmode": { + "type": "boolean", + "description": "Whether to limit IPC-related capabilities.\n" }, - "userId": { - "type": "integer" - } - }, - "type": "object", - "required": [ - "created", - "id", - "ipAddress", - "userId" - ], - "language": { - "nodejs": { - "requiredInputs": [] + "netmode": { + "type": "boolean", + "description": "Whether to limit network-related capabilities.\n" + }, + "pidmode": { + "type": "boolean", + "description": "Whether to limit process-related capabilities.\n" + }, + "preventLowPortBinding": { + "type": "boolean", + "description": "Whether to prevent low port binding.\n" + }, + "preventRootUser": { + "type": "boolean", + "description": "Whether to prevent the use of the root user.\n" + }, + "privileged": { + "type": "boolean", + "description": "Whether the container is run in privileged mode.\n" + }, + "useHostUser": { + "type": "boolean", + "description": "Whether to use the host user.\n" + }, + "usermode": { + "type": "boolean", + "description": "Whether to limit user-related capabilities.\n" + }, + "utsmode": { + "type": "boolean", + "description": "Whether to limit UTS-related capabilities.\n" } - } + }, + "type": "object" }, - "aquasec:index/getUsersUser:getUsersUser": { + "aquasec:index/getContainerRuntimePolicyMalwareScanOption:getContainerRuntimePolicyMalwareScanOption": { "properties": { - "email": { - "type": "string" + "action": { + "type": "string", + "description": "Set Action, Defaults to 'Alert' when empty\n" }, - "firstTime": { - "type": "boolean" + "enabled": { + "type": "boolean", + "description": "Defines if enabled or not\n" }, - "isSuper": { + "excludeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" + }, + "excludeProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry processes to be excluded from being protected.\n" + }, + "includeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" + } + }, + "type": "object" + }, + "aquasec:index/getContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock": { + "properties": { + "blockInboundPorts": { + "type": "array", + "items": { + "type": "string" + } + }, + "blockOutboundPorts": { + "type": "array", + "items": { + "type": "string" + } + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "aquasec:index/getContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles": { + "properties": { + "enabled": { "type": "boolean" }, - "name": { - "type": "string" + "exceptionalReadonlyFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "plan": { - "type": "string" + "exceptionalReadonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "role": { - "type": "string" + "exceptionalReadonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "roles": { + "readonlyFiles": { "type": "array", "items": { "type": "string" } }, - "type": { + "readonlyFilesProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "readonlyFilesUsers": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/getContainerRuntimePolicyRestrictedVolume:getContainerRuntimePolicyRestrictedVolume": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether restricted volumes are enabled.\n" + }, + "volumes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of restricted volumes.\n" + } + }, + "type": "object" + }, + "aquasec:index/getContainerRuntimePolicyScopeVariable:getContainerRuntimePolicyScopeVariable": { + "properties": { + "attribute": { "type": "string" }, - "uiAccess": { - "type": "boolean" + "name": { + "type": "string" }, - "userId": { + "value": { "type": "string" } }, "type": "object", "required": [ - "email", - "firstTime", - "isSuper", + "attribute", "name", - "plan", - "role", - "roles", - "type", - "uiAccess", - "userId" + "value" ], "language": { "nodejs": { "requiredInputs": [] } } - } - }, - "provider": { - "description": "The provider type for the aquasec package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", - "properties": { - "aquaUrl": { - "type": "string", - "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n" - }, - "caCertificatePath": { - "type": "string", - "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n" - }, - "configPath": { - "type": "string", - "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n" - }, - "password": { - "type": "string", - "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", - "secret": true - }, - "username": { - "type": "string", - "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", - "secret": true + }, + "aquasec:index/getEnforcerGroupsCommand:getEnforcerGroupsCommand": { + "properties": { + "default": { + "type": "string" + }, + "kubernetes": { + "type": "string" + }, + "swarm": { + "type": "string" + }, + "windows": { + "type": "string" + } }, - "verifyTls": { - "type": "boolean", - "description": "If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can\nalternatively be sourced from the `AQUA_TLS_VERIFY` environment variable.\n" + "type": "object", + "required": [ + "default", + "kubernetes", + "swarm", + "windows" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } } }, - "inputProperties": { - "aquaUrl": { - "type": "string", - "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n", - "defaultInfo": { - "environment": [ - "AQUA_URL" - ] + "aquasec:index/getEnforcerGroupsOrchestrator:getEnforcerGroupsOrchestrator": { + "properties": { + "master": { + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "serviceAccount": { + "type": "string" + }, + "type": { + "type": "string" } }, - "caCertificatePath": { - "type": "string", - "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n", - "defaultInfo": { - "environment": [ - "AQUA_CA_CERT_PATH" - ] + "type": "object", + "required": [ + "master", + "namespace", + "serviceAccount", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFirewallPolicyInboundNetwork:getFirewallPolicyInboundNetwork": { + "properties": { + "allow": { + "type": "boolean" + }, + "portRange": { + "type": "string" + }, + "resource": { + "type": "string" + }, + "resourceType": { + "type": "string" } }, - "configPath": { - "type": "string", - "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n", - "defaultInfo": { - "environment": [ - "AQUA_CONFIG" - ] - } - }, - "password": { - "type": "string", - "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", - "defaultInfo": { - "environment": [ - "AQUA_PASSWORD" - ] - }, - "secret": true - }, - "username": { - "type": "string", - "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", - "defaultInfo": { - "environment": [ - "AQUA_USER" - ] - }, - "secret": true - }, - "verifyTls": { - "type": "boolean", - "description": "If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can\nalternatively be sourced from the `AQUA_TLS_VERIFY` environment variable.\n", - "default": true, - "defaultInfo": { - "environment": [ - "AQUA_VERIFY_TLS" - ] + "type": "object", + "required": [ + "allow", + "portRange", + "resource", + "resourceType" + ], + "language": { + "nodejs": { + "requiredInputs": [] } } - } - }, - "resources": { - "aquasec:index/acknowledge:Acknowledge": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst acknowledge = new aquasec.Acknowledge(\"acknowledge\", {\n comment: \"comment\",\n issues: [\n {\n dockerId: \"\",\n imageName: \"image:latest\",\n issueName: \"CVE-2022-1271\",\n issueType: \"vulnerability\",\n registryName: \"registry\",\n resourceCpe: \"cpe:/a:gnu:gzip:1.10\",\n resourceName: \"gzip\",\n resourcePath: \"/usr/bin/gzip\",\n resourceType: \"executable\",\n resourceVersion: \"1.10\",\n },\n {\n dockerId: \"docker-id\",\n imageName: \"image-name\",\n issueName: \"ALAS2-2021-1722\",\n issueType: \"vulnerability\",\n registryName: \"registry-name\",\n resourceCpe: \"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n resourceName: \"nss-softokn\",\n resourcePath: \"\",\n resourceType: \"package\",\n resourceVersion: \"3.44.0-8.amzn2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nacknowledge = aquasec.Acknowledge(\"acknowledge\",\n comment=\"comment\",\n issues=[\n aquasec.AcknowledgeIssueArgs(\n docker_id=\"\",\n image_name=\"image:latest\",\n issue_name=\"CVE-2022-1271\",\n issue_type=\"vulnerability\",\n registry_name=\"registry\",\n resource_cpe=\"cpe:/a:gnu:gzip:1.10\",\n resource_name=\"gzip\",\n resource_path=\"/usr/bin/gzip\",\n resource_type=\"executable\",\n resource_version=\"1.10\",\n ),\n aquasec.AcknowledgeIssueArgs(\n docker_id=\"docker-id\",\n image_name=\"image-name\",\n issue_name=\"ALAS2-2021-1722\",\n issue_type=\"vulnerability\",\n registry_name=\"registry-name\",\n resource_cpe=\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n resource_name=\"nss-softokn\",\n resource_path=\"\",\n resource_type=\"package\",\n resource_version=\"3.44.0-8.amzn2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var acknowledge = new Aquasec.Acknowledge(\"acknowledge\", new()\n {\n Comment = \"comment\",\n Issues = new[]\n {\n new Aquasec.Inputs.AcknowledgeIssueArgs\n {\n DockerId = \"\",\n ImageName = \"image:latest\",\n IssueName = \"CVE-2022-1271\",\n IssueType = \"vulnerability\",\n RegistryName = \"registry\",\n ResourceCpe = \"cpe:/a:gnu:gzip:1.10\",\n ResourceName = \"gzip\",\n ResourcePath = \"/usr/bin/gzip\",\n ResourceType = \"executable\",\n ResourceVersion = \"1.10\",\n },\n new Aquasec.Inputs.AcknowledgeIssueArgs\n {\n DockerId = \"docker-id\",\n ImageName = \"image-name\",\n IssueName = \"ALAS2-2021-1722\",\n IssueType = \"vulnerability\",\n RegistryName = \"registry-name\",\n ResourceCpe = \"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n ResourceName = \"nss-softokn\",\n ResourcePath = \"\",\n ResourceType = \"package\",\n ResourceVersion = \"3.44.0-8.amzn2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewAcknowledge(ctx, \"acknowledge\", \u0026aquasec.AcknowledgeArgs{\n\t\t\tComment: pulumi.String(\"comment\"),\n\t\t\tIssues: aquasec.AcknowledgeIssueArray{\n\t\t\t\t\u0026aquasec.AcknowledgeIssueArgs{\n\t\t\t\t\tDockerId: pulumi.String(\"\"),\n\t\t\t\t\tImageName: pulumi.String(\"image:latest\"),\n\t\t\t\t\tIssueName: pulumi.String(\"CVE-2022-1271\"),\n\t\t\t\t\tIssueType: pulumi.String(\"vulnerability\"),\n\t\t\t\t\tRegistryName: pulumi.String(\"registry\"),\n\t\t\t\t\tResourceCpe: pulumi.String(\"cpe:/a:gnu:gzip:1.10\"),\n\t\t\t\t\tResourceName: pulumi.String(\"gzip\"),\n\t\t\t\t\tResourcePath: pulumi.String(\"/usr/bin/gzip\"),\n\t\t\t\t\tResourceType: pulumi.String(\"executable\"),\n\t\t\t\t\tResourceVersion: pulumi.String(\"1.10\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.AcknowledgeIssueArgs{\n\t\t\t\t\tDockerId: pulumi.String(\"docker-id\"),\n\t\t\t\t\tImageName: pulumi.String(\"image-name\"),\n\t\t\t\t\tIssueName: pulumi.String(\"ALAS2-2021-1722\"),\n\t\t\t\t\tIssueType: pulumi.String(\"vulnerability\"),\n\t\t\t\t\tRegistryName: pulumi.String(\"registry-name\"),\n\t\t\t\t\tResourceCpe: pulumi.String(\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\"),\n\t\t\t\t\tResourceName: pulumi.String(\"nss-softokn\"),\n\t\t\t\t\tResourcePath: pulumi.String(\"\"),\n\t\t\t\t\tResourceType: pulumi.String(\"package\"),\n\t\t\t\t\tResourceVersion: pulumi.String(\"3.44.0-8.amzn2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Acknowledge;\nimport com.pulumi.aquasec.AcknowledgeArgs;\nimport com.pulumi.aquasec.inputs.AcknowledgeIssueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var acknowledge = new Acknowledge(\"acknowledge\", AcknowledgeArgs.builder() \n .comment(\"comment\")\n .issues( \n AcknowledgeIssueArgs.builder()\n .dockerId(\"\")\n .imageName(\"image:latest\")\n .issueName(\"CVE-2022-1271\")\n .issueType(\"vulnerability\")\n .registryName(\"registry\")\n .resourceCpe(\"cpe:/a:gnu:gzip:1.10\")\n .resourceName(\"gzip\")\n .resourcePath(\"/usr/bin/gzip\")\n .resourceType(\"executable\")\n .resourceVersion(\"1.10\")\n .build(),\n AcknowledgeIssueArgs.builder()\n .dockerId(\"docker-id\")\n .imageName(\"image-name\")\n .issueName(\"ALAS2-2021-1722\")\n .issueType(\"vulnerability\")\n .registryName(\"registry-name\")\n .resourceCpe(\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\")\n .resourceName(\"nss-softokn\")\n .resourcePath(\"\")\n .resourceType(\"package\")\n .resourceVersion(\"3.44.0-8.amzn2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acknowledge:\n type: aquasec:Acknowledge\n properties:\n comment: comment\n issues:\n - dockerId:\n imageName: image:latest\n issueName: CVE-2022-1271\n issueType: vulnerability\n registryName: registry\n resourceCpe: cpe:/a:gnu:gzip:1.10\n resourceName: gzip\n resourcePath: /usr/bin/gzip\n resourceType: executable\n resourceVersion: '1.10'\n - dockerId: docker-id\n imageName: image-name\n issueName: ALAS2-2021-1722\n issueType: vulnerability\n registryName: registry-name\n resourceCpe: pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\n resourceName: nss-softokn\n resourcePath:\n resourceType: package\n resourceVersion: 3.44.0-8.amzn2\n```\n{{% /example %}}\n{{% /examples %}}", + }, + "aquasec:index/getFirewallPolicyOutboundNetwork:getFirewallPolicyOutboundNetwork": { "properties": { - "comment": { + "allow": { + "type": "boolean", + "description": "Indicates whether the specified resources are allowed to receive data or requests.\n" + }, + "portRange": { "type": "string", - "description": "A comment describing the reason for the acknowledgment\n" + "description": "Range of ports affected by firewall.\n" }, - "issues": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/AcknowledgeIssue:AcknowledgeIssue" - }, - "description": "A list of existing security acknowledges.\n" + "resource": { + "type": "string", + "description": "Information of the resource.\n" + }, + "resourceType": { + "type": "string", + "description": "Type of the resource.\n" } }, + "type": "object", "required": [ - "comment", - "issues" + "allow", + "portRange", + "resource", + "resourceType" ], - "inputProperties": { - "comment": { - "type": "string", - "description": "A comment describing the reason for the acknowledgment\n" + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyAutoScanTime:getFunctionAssurancePolicyAutoScanTime": { + "properties": { + "iteration": { + "type": "integer" }, - "issues": { + "iterationType": { + "type": "string" + }, + "time": { + "type": "string" + }, + "weekDays": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/AcknowledgeIssue:AcknowledgeIssue" - }, - "description": "A list of existing security acknowledges.\n" + "type": "string" + } } }, - "requiredInputs": [ - "comment", - "issues" + "type": "object", + "required": [ + "iteration", + "iterationType", + "time", + "weekDays" ], - "stateInputs": { - "description": "Input properties used for looking up and filtering Acknowledge resources.\n", - "properties": { - "comment": { - "type": "string", - "description": "A comment describing the reason for the acknowledgment\n" - }, - "issues": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/AcknowledgeIssue:AcknowledgeIssue" - }, - "description": "A list of existing security acknowledges.\n" - } - }, - "type": "object" + "language": { + "nodejs": { + "requiredInputs": [] + } } }, - "aquasec:index/applicationScope:ApplicationScope": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.ApplicationScope;\nimport com.pulumi.aquasec.ApplicationScopeArgs;\nimport com.pulumi.aquasec.inputs.ApplicationScopeCategoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var terraformiap = new ApplicationScope(\"terraformiap\", ApplicationScopeArgs.builder() \n .categories(ApplicationScopeCategoryArgs.builder()\n .artifacts(ApplicationScopeCategoryArtifactArgs.builder()\n .image(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build())\n .infrastructures(ApplicationScopeCategoryInfrastructureArgs.builder()\n .kubernetes(ApplicationScopeCategoryInfrastructureKuberneteArgs.builder()\n .expression(\"v1\")\n .variables(ApplicationScopeCategoryInfrastructureKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"aqua\")\n .build())\n .build())\n .build())\n .workloads(ApplicationScopeCategoryWorkloadArgs.builder()\n .kubernetes(ApplicationScopeCategoryWorkloadKuberneteArgs.builder()\n .expression(\"v1 \u0026\u0026 v2\")\n .variables( \n ApplicationScopeCategoryWorkloadKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"aqua\")\n .build(),\n ApplicationScopeCategoryWorkloadKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.namespace\")\n .value(\"aqua\")\n .build())\n .build())\n .build())\n .build())\n .description(\"test123\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n terraformiap:\n type: aquasec:ApplicationScope\n properties:\n # Categories is a nested block of artifacts, workloads and infrastructure\n categories:\n - artifacts:\n - image:\n - expression: v1 \u0026\u0026 v2\n variables:\n - attribute: aqua.registry\n value: test-registry\n - attribute: image.repo\n value: nginx\n infrastructures:\n - kubernetes:\n - expression: v1\n variables:\n - attribute: kubernetes.cluster\n value: aqua\n workloads:\n - kubernetes:\n - expression: v1 \u0026\u0026 v2\n variables:\n - attribute: kubernetes.cluster\n value: aqua\n - attribute: kubernetes.namespace\n value: aqua\n description: test123\n```\n{{% /example %}}\n{{% /examples %}}", + "aquasec:index/getFunctionAssurancePolicyCustomCheck:getFunctionAssurancePolicyCustomCheck": { "properties": { "author": { - "type": "string", - "description": "Username of the account that created the service.\n" - }, - "categories": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory" - }, - "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" + "type": "string" }, "description": { - "type": "string", - "description": "Description of the application scope.\n" - }, - "name": { - "type": "string", - "description": "Name of an application scope.\n" + "type": "string" }, - "ownerEmail": { - "type": "string", - "description": "Name of an application scope.\n" - } - }, - "required": [ - "author", - "categories", - "name" - ], - "inputProperties": { - "categories": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory" - }, - "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" + "engine": { + "type": "string" }, - "description": { - "type": "string", - "description": "Description of the application scope.\n" + "lastModified": { + "type": "integer" }, "name": { - "type": "string", - "description": "Name of an application scope.\n", - "willReplaceOnChanges": true + "type": "string" }, - "ownerEmail": { - "type": "string", - "description": "Name of an application scope.\n" - } - }, - "stateInputs": { - "description": "Input properties used for looking up and filtering ApplicationScope resources.\n", - "properties": { - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" - }, - "categories": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory" - }, - "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" - }, - "description": { - "type": "string", - "description": "Description of the application scope.\n" - }, - "name": { - "type": "string", - "description": "Name of an application scope.\n", - "willReplaceOnChanges": true - }, - "ownerEmail": { - "type": "string", - "description": "Name of an application scope.\n" - } + "path": { + "type": "string" }, - "type": "object" - } - }, - "aquasec:index/aquaLabel:AquaLabel": { - "properties": { - "author": { - "type": "string", - "description": "The name of the user who created the Aqua label.\n" + "readOnly": { + "type": "boolean" }, - "created": { - "type": "string", - "description": "The creation date of the Aqua label.\n" + "scriptId": { + "type": "string" }, - "description": { - "type": "string", - "description": "Aqua label description.\n" + "severity": { + "type": "string" }, - "name": { - "type": "string", - "description": "Aqua label name.\n" + "snippet": { + "type": "string" } }, + "type": "object", "required": [ "author", - "created", - "name" + "description", + "engine", + "lastModified", + "name", + "path", + "readOnly", + "scriptId", + "severity", + "snippet" ], - "inputProperties": { - "description": { - "type": "string", - "description": "Aqua label description.\n" + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyForbiddenLabel:getFunctionAssurancePolicyForbiddenLabel": { + "properties": { + "key": { + "type": "string" }, - "name": { - "type": "string", - "description": "Aqua label name.\n" + "value": { + "type": "string" } }, - "stateInputs": { - "description": "Input properties used for looking up and filtering AquaLabel resources.\n", - "properties": { - "author": { - "type": "string", - "description": "The name of the user who created the Aqua label.\n" - }, - "created": { - "type": "string", - "description": "The creation date of the Aqua label.\n" - }, - "description": { - "type": "string", - "description": "Aqua label description.\n" - }, - "name": { - "type": "string", - "description": "Aqua label name.\n" - } - }, - "type": "object" + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } } }, - "aquasec:index/containerRuntimePolicy:ContainerRuntimePolicy": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst containerRuntimePolicy = new aquasec.ContainerRuntimePolicy(\"containerRuntimePolicy\", {\n allowedExecutables: [\n \"exe\",\n \"bin\",\n ],\n allowedRegistries: [\n \"registry1\",\n \"registry2\",\n ],\n applicationScopes: [\"Global\"],\n auditAllNetworkActivity: true,\n auditAllProcessesActivity: true,\n auditFullCommandArguments: true,\n blockAccessHostNetwork: true,\n blockAddingCapabilities: true,\n blockContainerExec: true,\n blockCryptocurrencyMining: true,\n blockFilelessExec: true,\n blockLowPortBinding: true,\n blockNonCompliantImages: true,\n blockNonCompliantWorkloads: true,\n blockNonK8sContainers: true,\n blockPrivilegedContainers: true,\n blockReverseShell: true,\n blockRootUser: true,\n blockUnregisteredImages: true,\n blockUseIpcNamespace: true,\n blockUsePidNamespace: true,\n blockUseUserNamespace: true,\n blockUseUtsNamespace: true,\n blockedCapabilities: [\n \"AUDIT_CONTROL\",\n \"AUDIT_WRITE\",\n ],\n blockedExecutables: [\n \"exe1\",\n \"exe2\",\n ],\n blockedFiles: [\n \"test1\",\n \"test2\",\n ],\n blockedInboundPorts: [\n \"80\",\n \"8080\",\n ],\n blockedOutboundPorts: [\n \"90\",\n \"9090\",\n ],\n blockedPackages: [\n \"pkg\",\n \"pkg2\",\n ],\n blockedVolumes: [\n \"blocked\",\n \"vol\",\n ],\n containerExecAllowedProcesses: [\n \"proc1\",\n \"proc2\",\n ],\n description: \"container_runtime_policy\",\n enableDriftPrevention: true,\n enableForkGuard: true,\n enableIpReputationSecurity: true,\n enablePortScanDetection: true,\n enabled: true,\n enforce: false,\n exceptionalReadonlyFilesAndDirectories: [\n \"readonly2\",\n \"/dir2/\",\n ],\n fileIntegrityMonitoring: {\n excludedPaths: [\"expaths\"],\n excludedProcesses: [\"exprocess\"],\n excludedUsers: [\"expuser\"],\n monitorAttributes: true,\n monitorCreate: true,\n monitorDelete: true,\n monitorModify: true,\n monitorRead: true,\n monitoredPaths: [\"paths\"],\n monitoredProcesses: [\"process\"],\n monitoredUsers: [\"user\"],\n },\n forkGuardProcessLimit: 13,\n limitNewPrivileges: true,\n malwareScanOptions: {\n action: \"alert\",\n enabled: true,\n },\n monitorSystemTimeChanges: true,\n readonlyFilesAndDirectories: [\n \"readonly\",\n \"/dir/\",\n ],\n reverseShellAllowedIps: [\n \"ip1\",\n \"ip2\",\n ],\n reverseShellAllowedProcesses: [\n \"proc1\",\n \"proc2\",\n ],\n scopeExpression: \"v1 || v2\",\n scopeVariables: [\n {\n attribute: \"kubernetes.cluster\",\n value: \"default\",\n },\n {\n attribute: \"kubernetes.label\",\n name: \"app\",\n value: \"aqua\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ncontainer_runtime_policy = aquasec.ContainerRuntimePolicy(\"containerRuntimePolicy\",\n allowed_executables=[\n \"exe\",\n \"bin\",\n ],\n allowed_registries=[\n \"registry1\",\n \"registry2\",\n ],\n application_scopes=[\"Global\"],\n audit_all_network_activity=True,\n audit_all_processes_activity=True,\n audit_full_command_arguments=True,\n block_access_host_network=True,\n block_adding_capabilities=True,\n block_container_exec=True,\n block_cryptocurrency_mining=True,\n block_fileless_exec=True,\n block_low_port_binding=True,\n block_non_compliant_images=True,\n block_non_compliant_workloads=True,\n block_non_k8s_containers=True,\n block_privileged_containers=True,\n block_reverse_shell=True,\n block_root_user=True,\n block_unregistered_images=True,\n block_use_ipc_namespace=True,\n block_use_pid_namespace=True,\n block_use_user_namespace=True,\n block_use_uts_namespace=True,\n blocked_capabilities=[\n \"AUDIT_CONTROL\",\n \"AUDIT_WRITE\",\n ],\n blocked_executables=[\n \"exe1\",\n \"exe2\",\n ],\n blocked_files=[\n \"test1\",\n \"test2\",\n ],\n blocked_inbound_ports=[\n \"80\",\n \"8080\",\n ],\n blocked_outbound_ports=[\n \"90\",\n \"9090\",\n ],\n blocked_packages=[\n \"pkg\",\n \"pkg2\",\n ],\n blocked_volumes=[\n \"blocked\",\n \"vol\",\n ],\n container_exec_allowed_processes=[\n \"proc1\",\n \"proc2\",\n ],\n description=\"container_runtime_policy\",\n enable_drift_prevention=True,\n enable_fork_guard=True,\n enable_ip_reputation_security=True,\n enable_port_scan_detection=True,\n enabled=True,\n enforce=False,\n exceptional_readonly_files_and_directories=[\n \"readonly2\",\n \"/dir2/\",\n ],\n file_integrity_monitoring=aquasec.ContainerRuntimePolicyFileIntegrityMonitoringArgs(\n excluded_paths=[\"expaths\"],\n excluded_processes=[\"exprocess\"],\n excluded_users=[\"expuser\"],\n monitor_attributes=True,\n monitor_create=True,\n monitor_delete=True,\n monitor_modify=True,\n monitor_read=True,\n monitored_paths=[\"paths\"],\n monitored_processes=[\"process\"],\n monitored_users=[\"user\"],\n ),\n fork_guard_process_limit=13,\n limit_new_privileges=True,\n malware_scan_options=aquasec.ContainerRuntimePolicyMalwareScanOptionsArgs(\n action=\"alert\",\n enabled=True,\n ),\n monitor_system_time_changes=True,\n readonly_files_and_directories=[\n \"readonly\",\n \"/dir/\",\n ],\n reverse_shell_allowed_ips=[\n \"ip1\",\n \"ip2\",\n ],\n reverse_shell_allowed_processes=[\n \"proc1\",\n \"proc2\",\n ],\n scope_expression=\"v1 || v2\",\n scope_variables=[\n aquasec.ContainerRuntimePolicyScopeVariableArgs(\n attribute=\"kubernetes.cluster\",\n value=\"default\",\n ),\n aquasec.ContainerRuntimePolicyScopeVariableArgs(\n attribute=\"kubernetes.label\",\n name=\"app\",\n value=\"aqua\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var containerRuntimePolicy = new Aquasec.ContainerRuntimePolicy(\"containerRuntimePolicy\", new()\n {\n AllowedExecutables = new[]\n {\n \"exe\",\n \"bin\",\n },\n AllowedRegistries = new[]\n {\n \"registry1\",\n \"registry2\",\n },\n ApplicationScopes = new[]\n {\n \"Global\",\n },\n AuditAllNetworkActivity = true,\n AuditAllProcessesActivity = true,\n AuditFullCommandArguments = true,\n BlockAccessHostNetwork = true,\n BlockAddingCapabilities = true,\n BlockContainerExec = true,\n BlockCryptocurrencyMining = true,\n BlockFilelessExec = true,\n BlockLowPortBinding = true,\n BlockNonCompliantImages = true,\n BlockNonCompliantWorkloads = true,\n BlockNonK8sContainers = true,\n BlockPrivilegedContainers = true,\n BlockReverseShell = true,\n BlockRootUser = true,\n BlockUnregisteredImages = true,\n BlockUseIpcNamespace = true,\n BlockUsePidNamespace = true,\n BlockUseUserNamespace = true,\n BlockUseUtsNamespace = true,\n BlockedCapabilities = new[]\n {\n \"AUDIT_CONTROL\",\n \"AUDIT_WRITE\",\n },\n BlockedExecutables = new[]\n {\n \"exe1\",\n \"exe2\",\n },\n BlockedFiles = new[]\n {\n \"test1\",\n \"test2\",\n },\n BlockedInboundPorts = new[]\n {\n \"80\",\n \"8080\",\n },\n BlockedOutboundPorts = new[]\n {\n \"90\",\n \"9090\",\n },\n BlockedPackages = new[]\n {\n \"pkg\",\n \"pkg2\",\n },\n BlockedVolumes = new[]\n {\n \"blocked\",\n \"vol\",\n },\n ContainerExecAllowedProcesses = new[]\n {\n \"proc1\",\n \"proc2\",\n },\n Description = \"container_runtime_policy\",\n EnableDriftPrevention = true,\n EnableForkGuard = true,\n EnableIpReputationSecurity = true,\n EnablePortScanDetection = true,\n Enabled = true,\n Enforce = false,\n ExceptionalReadonlyFilesAndDirectories = new[]\n {\n \"readonly2\",\n \"/dir2/\",\n },\n FileIntegrityMonitoring = new Aquasec.Inputs.ContainerRuntimePolicyFileIntegrityMonitoringArgs\n {\n ExcludedPaths = new[]\n {\n \"expaths\",\n },\n ExcludedProcesses = new[]\n {\n \"exprocess\",\n },\n ExcludedUsers = new[]\n {\n \"expuser\",\n },\n MonitorAttributes = true,\n MonitorCreate = true,\n MonitorDelete = true,\n MonitorModify = true,\n MonitorRead = true,\n MonitoredPaths = new[]\n {\n \"paths\",\n },\n MonitoredProcesses = new[]\n {\n \"process\",\n },\n MonitoredUsers = new[]\n {\n \"user\",\n },\n },\n ForkGuardProcessLimit = 13,\n LimitNewPrivileges = true,\n MalwareScanOptions = new Aquasec.Inputs.ContainerRuntimePolicyMalwareScanOptionsArgs\n {\n Action = \"alert\",\n Enabled = true,\n },\n MonitorSystemTimeChanges = true,\n ReadonlyFilesAndDirectories = new[]\n {\n \"readonly\",\n \"/dir/\",\n },\n ReverseShellAllowedIps = new[]\n {\n \"ip1\",\n \"ip2\",\n },\n ReverseShellAllowedProcesses = new[]\n {\n \"proc1\",\n \"proc2\",\n },\n ScopeExpression = \"v1 || v2\",\n ScopeVariables = new[]\n {\n new Aquasec.Inputs.ContainerRuntimePolicyScopeVariableArgs\n {\n Attribute = \"kubernetes.cluster\",\n Value = \"default\",\n },\n new Aquasec.Inputs.ContainerRuntimePolicyScopeVariableArgs\n {\n Attribute = \"kubernetes.label\",\n Name = \"app\",\n Value = \"aqua\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewContainerRuntimePolicy(ctx, \"containerRuntimePolicy\", \u0026aquasec.ContainerRuntimePolicyArgs{\n\t\t\tAllowedExecutables: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"exe\"),\n\t\t\t\tpulumi.String(\"bin\"),\n\t\t\t},\n\t\t\tAllowedRegistries: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"registry1\"),\n\t\t\t\tpulumi.String(\"registry2\"),\n\t\t\t},\n\t\t\tApplicationScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Global\"),\n\t\t\t},\n\t\t\tAuditAllNetworkActivity: pulumi.Bool(true),\n\t\t\tAuditAllProcessesActivity: pulumi.Bool(true),\n\t\t\tAuditFullCommandArguments: pulumi.Bool(true),\n\t\t\tBlockAccessHostNetwork: pulumi.Bool(true),\n\t\t\tBlockAddingCapabilities: pulumi.Bool(true),\n\t\t\tBlockContainerExec: pulumi.Bool(true),\n\t\t\tBlockCryptocurrencyMining: pulumi.Bool(true),\n\t\t\tBlockFilelessExec: pulumi.Bool(true),\n\t\t\tBlockLowPortBinding: pulumi.Bool(true),\n\t\t\tBlockNonCompliantImages: pulumi.Bool(true),\n\t\t\tBlockNonCompliantWorkloads: pulumi.Bool(true),\n\t\t\tBlockNonK8sContainers: pulumi.Bool(true),\n\t\t\tBlockPrivilegedContainers: pulumi.Bool(true),\n\t\t\tBlockReverseShell: pulumi.Bool(true),\n\t\t\tBlockRootUser: pulumi.Bool(true),\n\t\t\tBlockUnregisteredImages: pulumi.Bool(true),\n\t\t\tBlockUseIpcNamespace: pulumi.Bool(true),\n\t\t\tBlockUsePidNamespace: pulumi.Bool(true),\n\t\t\tBlockUseUserNamespace: pulumi.Bool(true),\n\t\t\tBlockUseUtsNamespace: pulumi.Bool(true),\n\t\t\tBlockedCapabilities: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"AUDIT_CONTROL\"),\n\t\t\t\tpulumi.String(\"AUDIT_WRITE\"),\n\t\t\t},\n\t\t\tBlockedExecutables: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"exe1\"),\n\t\t\t\tpulumi.String(\"exe2\"),\n\t\t\t},\n\t\t\tBlockedFiles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"test1\"),\n\t\t\t\tpulumi.String(\"test2\"),\n\t\t\t},\n\t\t\tBlockedInboundPorts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"80\"),\n\t\t\t\tpulumi.String(\"8080\"),\n\t\t\t},\n\t\t\tBlockedOutboundPorts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"90\"),\n\t\t\t\tpulumi.String(\"9090\"),\n\t\t\t},\n\t\t\tBlockedPackages: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"pkg\"),\n\t\t\t\tpulumi.String(\"pkg2\"),\n\t\t\t},\n\t\t\tBlockedVolumes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"blocked\"),\n\t\t\t\tpulumi.String(\"vol\"),\n\t\t\t},\n\t\t\tContainerExecAllowedProcesses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"proc1\"),\n\t\t\t\tpulumi.String(\"proc2\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"container_runtime_policy\"),\n\t\t\tEnableDriftPrevention: pulumi.Bool(true),\n\t\t\tEnableForkGuard: pulumi.Bool(true),\n\t\t\tEnableIpReputationSecurity: pulumi.Bool(true),\n\t\t\tEnablePortScanDetection: pulumi.Bool(true),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(false),\n\t\t\tExceptionalReadonlyFilesAndDirectories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"readonly2\"),\n\t\t\t\tpulumi.String(\"/dir2/\"),\n\t\t\t},\n\t\t\tFileIntegrityMonitoring: \u0026aquasec.ContainerRuntimePolicyFileIntegrityMonitoringArgs{\n\t\t\t\tExcludedPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expaths\"),\n\t\t\t\t},\n\t\t\t\tExcludedProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"exprocess\"),\n\t\t\t\t},\n\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expuser\"),\n\t\t\t\t},\n\t\t\t\tMonitorAttributes: pulumi.Bool(true),\n\t\t\t\tMonitorCreate: pulumi.Bool(true),\n\t\t\t\tMonitorDelete: pulumi.Bool(true),\n\t\t\t\tMonitorModify: pulumi.Bool(true),\n\t\t\t\tMonitorRead: pulumi.Bool(true),\n\t\t\t\tMonitoredPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"paths\"),\n\t\t\t\t},\n\t\t\t\tMonitoredProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"process\"),\n\t\t\t\t},\n\t\t\t\tMonitoredUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tForkGuardProcessLimit: pulumi.Int(13),\n\t\t\tLimitNewPrivileges: pulumi.Bool(true),\n\t\t\tMalwareScanOptions: \u0026aquasec.ContainerRuntimePolicyMalwareScanOptionsArgs{\n\t\t\t\tAction: pulumi.String(\"alert\"),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMonitorSystemTimeChanges: pulumi.Bool(true),\n\t\t\tReadonlyFilesAndDirectories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"readonly\"),\n\t\t\t\tpulumi.String(\"/dir/\"),\n\t\t\t},\n\t\t\tReverseShellAllowedIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ip1\"),\n\t\t\t\tpulumi.String(\"ip2\"),\n\t\t\t},\n\t\t\tReverseShellAllowedProcesses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"proc1\"),\n\t\t\t\tpulumi.String(\"proc2\"),\n\t\t\t},\n\t\t\tScopeExpression: pulumi.String(\"v1 || v2\"),\n\t\t\tScopeVariables: aquasec.ContainerRuntimePolicyScopeVariableArray{\n\t\t\t\t\u0026aquasec.ContainerRuntimePolicyScopeVariableArgs{\n\t\t\t\t\tAttribute: pulumi.String(\"kubernetes.cluster\"),\n\t\t\t\t\tValue: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.ContainerRuntimePolicyScopeVariableArgs{\n\t\t\t\t\tAttribute: pulumi.String(\"kubernetes.label\"),\n\t\t\t\t\tName: pulumi.String(\"app\"),\n\t\t\t\t\tValue: pulumi.String(\"aqua\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.ContainerRuntimePolicy;\nimport com.pulumi.aquasec.ContainerRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyFileIntegrityMonitoringArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyMalwareScanOptionsArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyScopeVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var containerRuntimePolicy = new ContainerRuntimePolicy(\"containerRuntimePolicy\", ContainerRuntimePolicyArgs.builder() \n .allowedExecutables( \n \"exe\",\n \"bin\")\n .allowedRegistries( \n \"registry1\",\n \"registry2\")\n .applicationScopes(\"Global\")\n .auditAllNetworkActivity(true)\n .auditAllProcessesActivity(true)\n .auditFullCommandArguments(true)\n .blockAccessHostNetwork(true)\n .blockAddingCapabilities(true)\n .blockContainerExec(true)\n .blockCryptocurrencyMining(true)\n .blockFilelessExec(true)\n .blockLowPortBinding(true)\n .blockNonCompliantImages(true)\n .blockNonCompliantWorkloads(true)\n .blockNonK8sContainers(true)\n .blockPrivilegedContainers(true)\n .blockReverseShell(true)\n .blockRootUser(true)\n .blockUnregisteredImages(true)\n .blockUseIpcNamespace(true)\n .blockUsePidNamespace(true)\n .blockUseUserNamespace(true)\n .blockUseUtsNamespace(true)\n .blockedCapabilities( \n \"AUDIT_CONTROL\",\n \"AUDIT_WRITE\")\n .blockedExecutables( \n \"exe1\",\n \"exe2\")\n .blockedFiles( \n \"test1\",\n \"test2\")\n .blockedInboundPorts( \n \"80\",\n \"8080\")\n .blockedOutboundPorts( \n \"90\",\n \"9090\")\n .blockedPackages( \n \"pkg\",\n \"pkg2\")\n .blockedVolumes( \n \"blocked\",\n \"vol\")\n .containerExecAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .description(\"container_runtime_policy\")\n .enableDriftPrevention(true)\n .enableForkGuard(true)\n .enableIpReputationSecurity(true)\n .enablePortScanDetection(true)\n .enabled(true)\n .enforce(false)\n .exceptionalReadonlyFilesAndDirectories( \n \"readonly2\",\n \"/dir2/\")\n .fileIntegrityMonitoring(ContainerRuntimePolicyFileIntegrityMonitoringArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .monitorAttributes(true)\n .monitorCreate(true)\n .monitorDelete(true)\n .monitorModify(true)\n .monitorRead(true)\n .monitoredPaths(\"paths\")\n .monitoredProcesses(\"process\")\n .monitoredUsers(\"user\")\n .build())\n .forkGuardProcessLimit(13)\n .limitNewPrivileges(true)\n .malwareScanOptions(ContainerRuntimePolicyMalwareScanOptionsArgs.builder()\n .action(\"alert\")\n .enabled(true)\n .build())\n .monitorSystemTimeChanges(\"true\")\n .readonlyFilesAndDirectories( \n \"readonly\",\n \"/dir/\")\n .reverseShellAllowedIps( \n \"ip1\",\n \"ip2\")\n .reverseShellAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .scopeExpression(\"v1 || v2\")\n .scopeVariables( \n ContainerRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n ContainerRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n containerRuntimePolicy:\n type: aquasec:ContainerRuntimePolicy\n properties:\n allowedExecutables:\n - exe\n - bin\n allowedRegistries:\n - registry1\n - registry2\n applicationScopes:\n - Global\n auditAllNetworkActivity: true\n auditAllProcessesActivity: true\n auditFullCommandArguments: true\n blockAccessHostNetwork: true\n blockAddingCapabilities: true\n blockContainerExec: true\n blockCryptocurrencyMining: true\n blockFilelessExec: true\n blockLowPortBinding: true\n blockNonCompliantImages: true\n blockNonCompliantWorkloads: true\n blockNonK8sContainers: true\n blockPrivilegedContainers: true\n blockReverseShell: true\n blockRootUser: true\n blockUnregisteredImages: true\n blockUseIpcNamespace: true\n blockUsePidNamespace: true\n blockUseUserNamespace: true\n blockUseUtsNamespace: true\n blockedCapabilities:\n - AUDIT_CONTROL\n - AUDIT_WRITE\n blockedExecutables:\n - exe1\n - exe2\n blockedFiles:\n - test1\n - test2\n blockedInboundPorts:\n - '80'\n - '8080'\n blockedOutboundPorts:\n - '90'\n - '9090'\n blockedPackages:\n - pkg\n - pkg2\n blockedVolumes:\n - blocked\n - vol\n containerExecAllowedProcesses:\n - proc1\n - proc2\n description: container_runtime_policy\n enableDriftPrevention: true\n enableForkGuard: true\n enableIpReputationSecurity: true\n enablePortScanDetection: true\n enabled: true\n enforce: false\n exceptionalReadonlyFilesAndDirectories:\n - readonly2\n - /dir2/\n fileIntegrityMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n forkGuardProcessLimit: 13\n limitNewPrivileges: true\n malwareScanOptions:\n action: alert\n enabled: true\n monitorSystemTimeChanges: 'true'\n readonlyFilesAndDirectories:\n - readonly\n - /dir/\n reverseShellAllowedIps:\n - ip1\n - ip2\n reverseShellAllowedProcesses:\n - proc1\n - proc2\n scopeExpression: v1 || v2\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n{{% /example %}}\n{{% /examples %}}", + "aquasec:index/getFunctionAssurancePolicyPackagesBlackList:getFunctionAssurancePolicyPackagesBlackList": { "properties": { - "allowedExecutables": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of executables that are allowed for the user.\n" - }, - "allowedRegistries": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registries that allowed for running containers.\n" - }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Indicates the application scope of the service.\n" - }, - "auditAllNetworkActivity": { - "type": "boolean", - "description": "If true, all network activity will be audited.\n" - }, - "auditAllProcessesActivity": { - "type": "boolean", - "description": "If true, all process activity will be audited.\n" - }, - "auditFullCommandArguments": { - "type": "boolean", - "description": "If true, full command arguments will be audited.\n" - }, - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" + "arch": { + "type": "string" }, - "blockAccessHostNetwork": { - "type": "boolean", - "description": "If true, prevent containers from running with access to host network.\n" + "display": { + "type": "string" }, - "blockAddingCapabilities": { - "type": "boolean", - "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" + "epoch": { + "type": "string" }, - "blockContainerExec": { - "type": "boolean", - "description": "If true, exec into a container is prevented.\n" + "format": { + "type": "string" }, - "blockCryptocurrencyMining": { - "type": "boolean", - "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + "license": { + "type": "string" }, - "blockFilelessExec": { - "type": "boolean", - "description": "Detect and prevent running in-memory execution\n" + "name": { + "type": "string" }, - "blockLowPortBinding": { - "type": "boolean", - "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" + "release": { + "type": "string" }, - "blockNonCompliantImages": { - "type": "boolean", - "description": "If true, running non-compliant image in the container is prevented.\n" + "version": { + "type": "string" }, - "blockNonCompliantWorkloads": { - "type": "boolean", - "description": "If true, running containers in non-compliant pods is prevented.\n" + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyPackagesWhiteList:getFunctionAssurancePolicyPackagesWhiteList": { + "properties": { + "arch": { + "type": "string" }, - "blockNonK8sContainers": { - "type": "boolean", - "description": "If true, running non-kubernetes containers is prevented.\n" + "display": { + "type": "string" }, - "blockPrivilegedContainers": { - "type": "boolean", - "description": "If true, prevent containers from running with privileged container capability.\n" + "epoch": { + "type": "string" }, - "blockReverseShell": { - "type": "boolean", - "description": "If true, reverse shell is prevented.\n" + "format": { + "type": "string" }, - "blockRootUser": { - "type": "boolean", - "description": "If true, prevent containers from running with root user.\n" + "license": { + "type": "string" }, - "blockUnregisteredImages": { - "type": "boolean", - "description": "If true, running images in the container that are not registered in Aqua is prevented.\n" + "name": { + "type": "string" }, - "blockUseIpcNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" + "release": { + "type": "string" }, - "blockUsePidNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" + "version": { + "type": "string" }, - "blockUseUserNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyRequiredLabel:getFunctionAssurancePolicyRequiredLabel": { + "properties": { + "key": { + "type": "string" }, - "blockUseUtsNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyScope:getFunctionAssurancePolicyScope": { + "properties": { + "expression": { + "type": "string" }, - "blockedCapabilities": { + "variables": { "type": "array", "items": { - "type": "string" - }, - "description": "If true, prevents containers from using specific Unix capabilities.\n" + "$ref": "#/types/aquasec:index/getFunctionAssurancePolicyScopeVariable:getFunctionAssurancePolicyScopeVariable" + } + } + }, + "type": "object", + "required": [ + "expression" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyScopeVariable:getFunctionAssurancePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string" }, - "blockedExecutables": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of executables that are prevented from running in containers.\n" - }, - "blockedFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of files that are prevented from being read, modified and executed in the containers.\n" - }, - "blockedInboundPorts": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blocked inbound ports.\n" + "name": { + "type": "string" }, - "blockedOutboundPorts": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blocked outbound ports.\n" + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionAssurancePolicyTrustedBaseImage:getFunctionAssurancePolicyTrustedBaseImage": { + "properties": { + "imagename": { + "type": "string" }, - "blockedPackages": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" + "registry": { + "type": "string" + } + }, + "type": "object", + "required": [ + "imagename", + "registry" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether drift prevention is enabled.\n" }, - "blockedVolumes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of volumes that are prevented from being mounted in the containers.\n" + "execLockdown": { + "type": "boolean", + "description": "Whether to lockdown execution drift.\n" }, - "containerExecAllowedProcesses": { + "execLockdownWhiteLists": { "type": "array", "items": { "type": "string" }, - "description": "List of processes that will be allowed.\n" - }, - "description": { - "type": "string", - "description": "The description of the container runtime policy\n" - }, - "enableDriftPrevention": { - "type": "boolean", - "description": "If true, executables that are not in the original image is prevented from running.\n" - }, - "enableForkGuard": { - "type": "boolean", - "description": "If true, fork bombs are prevented in the containers.\n" - }, - "enableIpReputationSecurity": { - "type": "boolean", - "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" + "description": "List of items in the execution lockdown white list.\n" }, - "enablePortScanDetection": { + "imageLockdown": { "type": "boolean", - "description": "If true, detects port scanning behavior in the container.\n" - }, + "description": "Whether to lockdown image drift.\n" + } + }, + "type": "object" + }, + "aquasec:index/getFunctionRuntimePolicyExecutableBlacklist:getFunctionRuntimePolicyExecutableBlacklist": { + "properties": { "enabled": { "type": "boolean", - "description": "Defines if enabled or not\n" - }, - "enforce": { - "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" - }, - "enforceAfterDays": { - "type": "integer", - "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" - }, - "exceptionalReadonlyFilesAndDirectories": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of files and directories to be excluded from the read-only list.\n" + "description": "Whether the executable blacklist is enabled.\n" }, - "execLockdownWhiteLists": { + "executables": { "type": "array", "items": { "type": "string" }, - "description": "Specify processes that will be allowed\n" + "description": "List of blacklisted executables.\n" + } + }, + "type": "object" + }, + "aquasec:index/getFunctionRuntimePolicyScopeVariable:getFunctionRuntimePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string" }, - "fileIntegrityMonitoring": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", - "description": "Configuration for file integrity monitoring.\n" + "name": { + "type": "string" }, - "forkGuardProcessLimit": { - "type": "integer", - "description": "Process limit for the fork guard.\n" + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getGatewaysGateway:getGatewaysGateway": { + "properties": { + "description": { + "type": "string" }, - "limitNewPrivileges": { - "type": "boolean", - "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" + "grpcAddress": { + "type": "string" }, - "malwareScanOptions": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", - "description": "Configuration for Real-Time Malware Protection.\n" + "hostname": { + "type": "string" }, - "monitorSystemTimeChanges": { - "type": "boolean", - "description": "If true, system time changes will be monitored.\n" + "id": { + "type": "string" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n" + "logicalname": { + "type": "string" }, - "readonlyFilesAndDirectories": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of files and directories to be restricted as read-only\n" + "publicAddress": { + "type": "string" }, - "reverseShellAllowedIps": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of IPs/ CIDRs that will be allowed\n" + "status": { + "type": "string" }, - "reverseShellAllowedProcesses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of processes that will be allowed\n" + "version": { + "type": "string" + } + }, + "type": "object", + "required": [ + "description", + "grpcAddress", + "hostname", + "id", + "logicalname", + "publicAddress", + "status", + "version" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getGroupsGroup:getGroupsGroup": { + "properties": { + "created": { + "type": "string" }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "groupId": { + "type": "string" }, - "scopeVariables": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" - }, - "description": "List of scope attributes.\n" + "name": { + "type": "string" } }, + "type": "object", "required": [ - "applicationScopes", - "author", - "name", - "scopeExpression", - "scopeVariables" + "created", + "groupId", + "name" ], - "inputProperties": { - "allowedExecutables": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of executables that are allowed for the user.\n" + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyAutoScanTime:getHostAssurancePolicyAutoScanTime": { + "properties": { + "iteration": { + "type": "integer" }, - "allowedRegistries": { + "iterationType": { + "type": "string" + }, + "time": { + "type": "string" + }, + "weekDays": { "type": "array", "items": { "type": "string" - }, - "description": "List of registries that allowed for running containers.\n" + } + } + }, + "type": "object", + "required": [ + "iteration", + "iterationType", + "time", + "weekDays" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyCustomCheck:getHostAssurancePolicyCustomCheck": { + "properties": { + "author": { + "type": "string" }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Indicates the application scope of the service.\n" + "description": { + "type": "string" }, - "auditAllNetworkActivity": { - "type": "boolean", - "description": "If true, all network activity will be audited.\n" + "engine": { + "type": "string" }, - "auditAllProcessesActivity": { - "type": "boolean", - "description": "If true, all process activity will be audited.\n" + "lastModified": { + "type": "integer" }, - "auditFullCommandArguments": { - "type": "boolean", - "description": "If true, full command arguments will be audited.\n" + "name": { + "type": "string" }, - "blockAccessHostNetwork": { - "type": "boolean", - "description": "If true, prevent containers from running with access to host network.\n" + "path": { + "type": "string" }, - "blockAddingCapabilities": { - "type": "boolean", - "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" + "readOnly": { + "type": "boolean" }, - "blockContainerExec": { - "type": "boolean", - "description": "If true, exec into a container is prevented.\n" + "scriptId": { + "type": "string" }, - "blockCryptocurrencyMining": { - "type": "boolean", - "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + "severity": { + "type": "string" }, - "blockFilelessExec": { - "type": "boolean", - "description": "Detect and prevent running in-memory execution\n" + "snippet": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "description", + "engine", + "lastModified", + "name", + "path", + "readOnly", + "scriptId", + "severity", + "snippet" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyForbiddenLabel:getHostAssurancePolicyForbiddenLabel": { + "properties": { + "key": { + "type": "string" }, - "blockLowPortBinding": { - "type": "boolean", - "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyPackagesBlackList:getHostAssurancePolicyPackagesBlackList": { + "properties": { + "arch": { + "type": "string" }, - "blockNonCompliantImages": { - "type": "boolean", - "description": "If true, running non-compliant image in the container is prevented.\n" + "display": { + "type": "string" }, - "blockNonCompliantWorkloads": { - "type": "boolean", - "description": "If true, running containers in non-compliant pods is prevented.\n" + "epoch": { + "type": "string" }, - "blockNonK8sContainers": { - "type": "boolean", - "description": "If true, running non-kubernetes containers is prevented.\n" + "format": { + "type": "string" }, - "blockPrivilegedContainers": { - "type": "boolean", - "description": "If true, prevent containers from running with privileged container capability.\n" + "license": { + "type": "string" }, - "blockReverseShell": { - "type": "boolean", - "description": "If true, reverse shell is prevented.\n" + "name": { + "type": "string" }, - "blockRootUser": { - "type": "boolean", - "description": "If true, prevent containers from running with root user.\n" + "release": { + "type": "string" }, - "blockUnregisteredImages": { - "type": "boolean", - "description": "If true, running images in the container that are not registered in Aqua is prevented.\n" + "version": { + "type": "string" }, - "blockUseIpcNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyPackagesWhiteList:getHostAssurancePolicyPackagesWhiteList": { + "properties": { + "arch": { + "type": "string" }, - "blockUsePidNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" + "display": { + "type": "string" }, - "blockUseUserNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" + "epoch": { + "type": "string" }, - "blockUseUtsNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" + "format": { + "type": "string" }, - "blockedCapabilities": { - "type": "array", - "items": { - "type": "string" - }, - "description": "If true, prevents containers from using specific Unix capabilities.\n" + "license": { + "type": "string" }, - "blockedExecutables": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of executables that are prevented from running in containers.\n" + "name": { + "type": "string" }, - "blockedFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of files that are prevented from being read, modified and executed in the containers.\n" + "release": { + "type": "string" }, - "blockedInboundPorts": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blocked inbound ports.\n" + "version": { + "type": "string" }, - "blockedOutboundPorts": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blocked outbound ports.\n" + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyRequiredLabel:getHostAssurancePolicyRequiredLabel": { + "properties": { + "key": { + "type": "string" }, - "blockedPackages": { - "type": "array", + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyScope:getHostAssurancePolicyScope": { + "properties": { + "expression": { + "type": "string" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getHostAssurancePolicyScopeVariable:getHostAssurancePolicyScopeVariable" + } + } + }, + "type": "object", + "required": [ + "expression" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyScopeVariable:getHostAssurancePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostAssurancePolicyTrustedBaseImage:getHostAssurancePolicyTrustedBaseImage": { + "properties": { + "imagename": { + "type": "string" + }, + "registry": { + "type": "string" + } + }, + "type": "object", + "required": [ + "imagename", + "registry" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing": { + "properties": { + "auditAllNetwork": { + "type": "boolean" + }, + "auditAllProcesses": { + "type": "boolean" + }, + "auditFailedLogin": { + "type": "boolean" + }, + "auditOsUserActivity": { + "type": "boolean" + }, + "auditProcessCmdline": { + "type": "boolean" + }, + "auditSuccessLogin": { + "type": "boolean" + }, + "auditUserAccountManagement": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "aquasec:index/getHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring": { + "properties": { + "enabled": { + "type": "boolean", + "description": "If true, file integrity monitoring is enabled.\n" + }, + "exceptionalMonitoredFiles": { + "type": "array", "items": { "type": "string" }, - "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" + "description": "List of paths to be excluded from monitoring.\n" }, - "blockedVolumes": { + "exceptionalMonitoredFilesProcesses": { "type": "array", "items": { "type": "string" }, - "description": "List of volumes that are prevented from being mounted in the containers.\n" + "description": "List of processes to be excluded from monitoring.\n" }, - "containerExecAllowedProcesses": { + "exceptionalMonitoredFilesUsers": { "type": "array", "items": { "type": "string" }, - "description": "List of processes that will be allowed.\n" + "description": "List of users to be excluded from monitoring.\n" }, - "description": { - "type": "string", - "description": "The description of the container runtime policy\n" + "monitoredFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of paths to be monitored.\n" }, - "enableDriftPrevention": { + "monitoredFilesAttributes": { "type": "boolean", - "description": "If true, executables that are not in the original image is prevented from running.\n" + "description": "Whether to monitor file attribute operations.\n" }, - "enableForkGuard": { + "monitoredFilesCreate": { "type": "boolean", - "description": "If true, fork bombs are prevented in the containers.\n" + "description": "Whether to monitor file create operations.\n" }, - "enableIpReputationSecurity": { + "monitoredFilesDelete": { "type": "boolean", - "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" + "description": "Whether to monitor file delete operations.\n" }, - "enablePortScanDetection": { + "monitoredFilesModify": { "type": "boolean", - "description": "If true, detects port scanning behavior in the container.\n" + "description": "Whether to monitor file modify operations.\n" }, - "enabled": { + "monitoredFilesProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes associated with monitored files.\n" + }, + "monitoredFilesRead": { "type": "boolean", - "description": "Defines if enabled or not\n" + "description": "Whether to monitor file read operations.\n" }, - "enforce": { + "monitoredFilesUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of users associated with monitored files.\n" + } + }, + "type": "object" + }, + "aquasec:index/getHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption": { + "properties": { + "action": { + "type": "string", + "description": "Set Action, Defaults to 'Alert' when empty\n" + }, + "enabled": { "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" + "description": "Defines if enabled or not\n" }, - "enforceAfterDays": { - "type": "integer", - "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + "excludeDirectories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry paths to be excluded from being protected.\n" }, - "exceptionalReadonlyFilesAndDirectories": { + "excludeProcesses": { "type": "array", "items": { "type": "string" }, - "description": "List of files and directories to be excluded from the read-only list.\n" + "description": "List of registry processes to be excluded from being protected.\n" }, - "execLockdownWhiteLists": { + "includeDirectories": { "type": "array", "items": { "type": "string" }, - "description": "Specify processes that will be allowed\n" + "description": "List of registry paths to be excluded from being protected.\n" + } + }, + "type": "object" + }, + "aquasec:index/getHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock": { + "properties": { + "blockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "fileIntegrityMonitoring": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", - "description": "Configuration for file integrity monitoring.\n" + "blockPackagesUsers": { + "type": "array", + "items": { + "type": "string" + } }, - "forkGuardProcessLimit": { - "type": "integer", - "description": "Process limit for the fork guard.\n" + "enabled": { + "type": "boolean" }, - "limitNewPrivileges": { - "type": "boolean", - "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" + "exceptionalBlockPackagesFiles": { + "type": "array", + "items": { + "type": "string" + } }, - "malwareScanOptions": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", - "description": "Configuration for Real-Time Malware Protection.\n" + "exceptionalBlockPackagesProcesses": { + "type": "array", + "items": { + "type": "string" + } }, - "monitorSystemTimeChanges": { - "type": "boolean", - "description": "If true, system time changes will be monitored.\n" + "exceptionalBlockPackagesUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "packagesBlackLists": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aquasec:index/getHostRuntimePolicyScopeVariable:getHostRuntimePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string" }, "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true + "type": "string" }, - "readonlyFilesAndDirectories": { + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostRuntimePolicyWindowsRegistryMonitoring:getHostRuntimePolicyWindowsRegistryMonitoring": { + "properties": { + "excludedPaths": { "type": "array", "items": { "type": "string" - }, - "description": "List of files and directories to be restricted as read-only\n" + } }, - "reverseShellAllowedIps": { + "excludedProcesses": { "type": "array", "items": { "type": "string" - }, - "description": "List of IPs/ CIDRs that will be allowed\n" + } }, - "reverseShellAllowedProcesses": { + "excludedUsers": { "type": "array", "items": { "type": "string" - }, - "description": "List of processes that will be allowed\n" + } }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "monitorAttributes": { + "type": "boolean" }, - "scopeVariables": { + "monitorCreate": { + "type": "boolean" + }, + "monitorDelete": { + "type": "boolean" + }, + "monitorModify": { + "type": "boolean" + }, + "monitorRead": { + "type": "boolean" + }, + "monitoredPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "monitoredProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "monitoredUsers": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "excludedPaths", + "excludedProcesses", + "excludedUsers", + "monitorAttributes", + "monitorCreate", + "monitorDelete", + "monitorModify", + "monitorRead", + "monitoredPaths", + "monitoredProcesses", + "monitoredUsers" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getHostRuntimePolicyWindowsRegistryProtection:getHostRuntimePolicyWindowsRegistryProtection": { + "properties": { + "excludedPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludedProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludedUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "protectedPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "protectedProcesses": { + "type": "array", + "items": { + "type": "string" + } + }, + "protectedUsers": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "excludedPaths", + "excludedProcesses", + "excludedUsers", + "protectedPaths", + "protectedProcesses", + "protectedUsers" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssuranceChecksPerformed:getImageAssuranceChecksPerformed": { + "properties": { + "assuranceType": { + "type": "string" + }, + "blocking": { + "type": "boolean" + }, + "control": { + "type": "string" + }, + "dtaSkipped": { + "type": "boolean" + }, + "dtaSkippedReason": { + "type": "string" + }, + "failed": { + "type": "boolean" + }, + "policyName": { + "type": "string" + } + }, + "type": "object", + "required": [ + "assuranceType", + "blocking", + "control", + "dtaSkipped", + "dtaSkippedReason", + "failed", + "policyName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyAutoScanTime:getImageAssurancePolicyAutoScanTime": { + "properties": { + "iteration": { + "type": "integer" + }, + "iterationType": { + "type": "string" + }, + "time": { + "type": "string" + }, + "weekDays": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "iteration", + "iterationType", + "time", + "weekDays" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyCustomCheck:getImageAssurancePolicyCustomCheck": { + "properties": { + "author": { + "type": "string" + }, + "description": { + "type": "string" + }, + "engine": { + "type": "string" + }, + "lastModified": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "scriptId": { + "type": "string" + }, + "severity": { + "type": "string" + }, + "snippet": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "description", + "engine", + "lastModified", + "name", + "path", + "readOnly", + "scriptId", + "severity", + "snippet" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyForbiddenLabel:getImageAssurancePolicyForbiddenLabel": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyPackagesBlackList:getImageAssurancePolicyPackagesBlackList": { + "properties": { + "arch": { + "type": "string" + }, + "display": { + "type": "string" + }, + "epoch": { + "type": "string" + }, + "format": { + "type": "string" + }, + "license": { + "type": "string" + }, + "name": { + "type": "string" + }, + "release": { + "type": "string" + }, + "version": { + "type": "string" + }, + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyPackagesWhiteList:getImageAssurancePolicyPackagesWhiteList": { + "properties": { + "arch": { + "type": "string" + }, + "display": { + "type": "string" + }, + "epoch": { + "type": "string" + }, + "format": { + "type": "string" + }, + "license": { + "type": "string" + }, + "name": { + "type": "string" + }, + "release": { + "type": "string" + }, + "version": { + "type": "string" + }, + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyRequiredLabel:getImageAssurancePolicyRequiredLabel": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyScope:getImageAssurancePolicyScope": { + "properties": { + "expression": { + "type": "string" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getImageAssurancePolicyScopeVariable:getImageAssurancePolicyScopeVariable" + } + } + }, + "type": "object", + "required": [ + "expression" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyScopeVariable:getImageAssurancePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageAssurancePolicyTrustedBaseImage:getImageAssurancePolicyTrustedBaseImage": { + "properties": { + "imagename": { + "type": "string" + }, + "registry": { + "type": "string" + } + }, + "type": "object", + "required": [ + "imagename", + "registry" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageHistory:getImageHistory": { + "properties": { + "comment": { + "type": "string" + }, + "created": { + "type": "string" + }, + "createdBy": { + "type": "string" + }, + "id": { + "type": "string" + }, + "size": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "comment", + "created", + "createdBy", + "id", + "size" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getImageVulnerability:getImageVulnerability": { + "properties": { + "ackAuthor": { + "type": "string" + }, + "ackComment": { + "type": "string" + }, + "ackExpirationConfiguredAt": { + "type": "string" + }, + "ackExpirationConfiguredBy": { + "type": "string" + }, + "ackExpirationDays": { + "type": "integer" + }, + "ackScope": { + "type": "string" + }, + "acknowledgeDate": { + "type": "string" + }, + "ancestorPkg": { + "type": "string" + }, + "aquaScore": { + "type": "number" + }, + "aquaScoreClassification": { + "type": "string" + }, + "aquaScoringSystem": { + "type": "string" + }, + "aquaSeverity": { + "type": "string" + }, + "aquaSeverityClassification": { + "type": "string" + }, + "aquaVectors": { + "type": "string" + }, + "auditEventsCount": { + "type": "integer" + }, + "blockEventsCount": { + "type": "integer" + }, + "classification": { + "type": "string" + }, + "description": { + "type": "string" + }, + "digest": { + "type": "string" + }, + "exploitReference": { + "type": "string" + }, + "exploitType": { + "type": "string" + }, + "firstFoundDate": { + "type": "string" + }, + "fixVersion": { + "type": "string" + }, + "imageName": { + "type": "string" + }, + "lastFoundDate": { + "type": "string" + }, + "modificationDate": { + "type": "string" + }, + "name": { + "type": "string" + }, + "nvdCvss2Score": { + "type": "number" + }, + "nvdCvss2Vectors": { + "type": "string" + }, + "nvdCvss3Score": { + "type": "number" + }, + "nvdCvss3Severity": { + "type": "string" + }, + "nvdCvss3Vectors": { + "type": "string" + }, + "nvdSeverity": { + "type": "string" + }, + "nvdUrl": { + "type": "string" + }, + "os": { + "type": "string" + }, + "osVersion": { + "type": "string" + }, + "permission": { + "type": "string" + }, + "publishDate": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "resourceArchitecture": { + "type": "string" + }, + "resourceCpe": { + "type": "string" + }, + "resourceFormat": { + "type": "string" + }, + "resourceHash": { + "type": "string" + }, + "resourceLicenses": { + "type": "array", + "items": { + "type": "string" + } + }, + "resourceName": { + "type": "string" + }, + "resourcePath": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "resourceVersion": { + "type": "string" + }, + "severityClassification": { + "type": "string" + }, + "solution": { + "type": "string" + }, + "temporalVector": { + "type": "string" + }, + "vPatchAppliedBy": { + "type": "string" + }, + "vPatchAppliedOn": { + "type": "string" + }, + "vPatchEnforcedBy": { + "type": "string" + }, + "vPatchEnforcedOn": { + "type": "string" + }, + "vPatchPolicyEnforce": { + "type": "boolean" + }, + "vPatchPolicyName": { + "type": "string" + }, + "vPatchRevertedBy": { + "type": "string" + }, + "vPatchRevertedOn": { + "type": "string" + }, + "vPatchStatus": { + "type": "string" + }, + "vendorCvss2Score": { + "type": "number" + }, + "vendorCvss2Vectors": { + "type": "string" + }, + "vendorSeverity": { + "type": "string" + }, + "vendorStatement": { + "type": "string" + }, + "vendorUrl": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ackAuthor", + "ackComment", + "ackExpirationConfiguredAt", + "ackExpirationConfiguredBy", + "ackExpirationDays", + "ackScope", + "acknowledgeDate", + "ancestorPkg", + "aquaScore", + "aquaScoreClassification", + "aquaScoringSystem", + "aquaSeverity", + "aquaSeverityClassification", + "aquaVectors", + "auditEventsCount", + "blockEventsCount", + "classification", + "description", + "digest", + "exploitReference", + "exploitType", + "firstFoundDate", + "fixVersion", + "imageName", + "lastFoundDate", + "modificationDate", + "name", + "nvdCvss2Score", + "nvdCvss2Vectors", + "nvdCvss3Score", + "nvdCvss3Severity", + "nvdCvss3Vectors", + "nvdSeverity", + "nvdUrl", + "os", + "osVersion", + "permission", + "publishDate", + "registry", + "repository", + "resourceArchitecture", + "resourceCpe", + "resourceFormat", + "resourceHash", + "resourceLicenses", + "resourceName", + "resourcePath", + "resourceType", + "resourceVersion", + "severityClassification", + "solution", + "temporalVector", + "vPatchAppliedBy", + "vPatchAppliedOn", + "vPatchEnforcedBy", + "vPatchEnforcedOn", + "vPatchPolicyEnforce", + "vPatchPolicyName", + "vPatchRevertedBy", + "vPatchRevertedOn", + "vPatchStatus", + "vendorCvss2Score", + "vendorCvss2Vectors", + "vendorSeverity", + "vendorStatement", + "vendorUrl" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getIntegrationRegistriesOption:getIntegrationRegistriesOption": { + "properties": { + "option": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/getIntegrationRegistriesWebhook:getIntegrationRegistriesWebhook": { + "properties": { + "authToken": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "unQuarantine": { + "type": "boolean" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/getIntegrationRegistryOption:getIntegrationRegistryOption": { + "properties": { + "option": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/getIntegrationRegistryWebhook:getIntegrationRegistryWebhook": { + "properties": { + "authToken": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "unQuarantine": { + "type": "boolean" + }, + "url": { + "type": "string" + } + }, + "type": "object" + }, + "aquasec:index/getKubernetesAssurancePolicyAutoScanTime:getKubernetesAssurancePolicyAutoScanTime": { + "properties": { + "iteration": { + "type": "integer" + }, + "iterationType": { + "type": "string" + }, + "time": { + "type": "string" + }, + "weekDays": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "iteration", + "iterationType", + "time", + "weekDays" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyCustomCheck:getKubernetesAssurancePolicyCustomCheck": { + "properties": { + "author": { + "type": "string" + }, + "description": { + "type": "string" + }, + "engine": { + "type": "string" + }, + "lastModified": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "scriptId": { + "type": "string" + }, + "severity": { + "type": "string" + }, + "snippet": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "description", + "engine", + "lastModified", + "name", + "path", + "readOnly", + "scriptId", + "severity", + "snippet" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyForbiddenLabel:getKubernetesAssurancePolicyForbiddenLabel": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyPackagesBlackList:getKubernetesAssurancePolicyPackagesBlackList": { + "properties": { + "arch": { + "type": "string" + }, + "display": { + "type": "string" + }, + "epoch": { + "type": "string" + }, + "format": { + "type": "string" + }, + "license": { + "type": "string" + }, + "name": { + "type": "string" + }, + "release": { + "type": "string" + }, + "version": { + "type": "string" + }, + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyPackagesWhiteList:getKubernetesAssurancePolicyPackagesWhiteList": { + "properties": { + "arch": { + "type": "string" + }, + "display": { + "type": "string" + }, + "epoch": { + "type": "string" + }, + "format": { + "type": "string" + }, + "license": { + "type": "string" + }, + "name": { + "type": "string" + }, + "release": { + "type": "string" + }, + "version": { + "type": "string" + }, + "versionRange": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arch", + "display", + "epoch", + "format", + "license", + "name", + "release", + "version", + "versionRange" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyRequiredLabel:getKubernetesAssurancePolicyRequiredLabel": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "key", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyScope:getKubernetesAssurancePolicyScope": { + "properties": { + "expression": { + "type": "string" + }, + "variables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getKubernetesAssurancePolicyScopeVariable:getKubernetesAssurancePolicyScopeVariable" + } + } + }, + "type": "object", + "required": [ + "expression" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyScopeVariable:getKubernetesAssurancePolicyScopeVariable": { + "properties": { + "attribute": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getKubernetesAssurancePolicyTrustedBaseImage:getKubernetesAssurancePolicyTrustedBaseImage": { + "properties": { + "imagename": { + "type": "string" + }, + "registry": { + "type": "string" + } + }, + "type": "object", + "required": [ + "imagename", + "registry" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsEmail:getNotificationsEmail": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsJira:getNotificationsJira": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsServicenow:getNotificationsServicenow": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsSlack:getNotificationsSlack": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsSplunk:getNotificationsSplunk": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsTeam:getNotificationsTeam": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getNotificationsWebhook:getNotificationsWebhook": { + "properties": { + "author": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "lastUpdated": { + "type": "string" + }, + "name": { + "type": "string" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "author", + "id", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getPermissionsSetsPermissionsSet:getPermissionsSetsPermissionsSet": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + } + }, + "author": { + "type": "string" + }, + "description": { + "type": "string" + }, + "isSuper": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "uiAccess": { + "type": "boolean" + }, + "updatedAt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "actions", + "author", + "description", + "isSuper", + "name", + "uiAccess", + "updatedAt" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getRolesMappingLdap:getRolesMappingLdap": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "roleMapping" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getRolesMappingOauth2:getRolesMappingOauth2": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "roleMapping" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getRolesMappingOpenid:getRolesMappingOpenid": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "roleMapping" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getRolesMappingSaasRolesMapping:getRolesMappingSaasRolesMapping": { + "properties": { + "accountId": { + "type": "integer" + }, + "created": { + "type": "string" + }, + "cspRole": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "samlGroups": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "accountId", + "created", + "cspRole", + "id", + "samlGroups" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getRolesMappingSaml:getRolesMappingSaml": { + "properties": { + "roleMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "roleMapping" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getRolesRole:getRolesRole": { + "properties": { + "description": { + "type": "string" + }, + "name": { + "type": "string" + }, + "permission": { + "type": "string" + }, + "scopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "updatedAt": { + "type": "string" + } + }, + "type": "object", + "required": [ + "description", + "name", + "permission", + "scopes", + "updatedAt" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getServiceScopeVariable:getServiceScopeVariable": { + "properties": { + "attribute": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object", + "required": [ + "attribute", + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getUsersSaasUser:getUsersSaasUser": { + "properties": { + "accountAdmin": { + "type": "boolean" + }, + "confirmed": { + "type": "boolean" + }, + "created": { + "type": "string" + }, + "cspRoles": { + "type": "array", + "items": { + "type": "string" + } + }, + "dashboard": { + "type": "boolean" + }, + "email": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getUsersSaasUserGroup:getUsersSaasUserGroup" + } + }, + "logins": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getUsersSaasUserLogin:getUsersSaasUserLogin" + } + }, + "multiaccount": { + "type": "boolean" + }, + "passwordReset": { + "type": "boolean" + }, + "provider": { + "type": "string" + }, + "sendAnnouncements": { + "type": "boolean" + }, + "sendNewPlugins": { + "type": "boolean" + }, + "sendNewRisks": { + "type": "boolean" + }, + "sendScanResults": { + "type": "boolean" + }, + "userId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accountAdmin", + "confirmed", + "created", + "cspRoles", + "dashboard", + "email", + "groups", + "logins", + "multiaccount", + "passwordReset", + "provider", + "sendAnnouncements", + "sendNewPlugins", + "sendNewRisks", + "sendScanResults", + "userId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getUsersSaasUserGroup:getUsersSaasUserGroup": { + "properties": { + "created": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "created", + "id", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getUsersSaasUserLogin:getUsersSaasUserLogin": { + "properties": { + "created": { + "type": "string" + }, + "id": { + "type": "integer" + }, + "ipAddress": { + "type": "string" + }, + "userId": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "created", + "id", + "ipAddress", + "userId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aquasec:index/getUsersUser:getUsersUser": { + "properties": { + "email": { + "type": "string" + }, + "firstTime": { + "type": "boolean" + }, + "isSuper": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "plan": { + "type": "string" + }, + "role": { + "type": "string" + }, + "roles": { + "type": "array", + "items": { + "type": "string" + } + }, + "type": { + "type": "string" + }, + "uiAccess": { + "type": "boolean" + }, + "userId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "email", + "firstTime", + "isSuper", + "name", + "plan", + "role", + "roles", + "type", + "uiAccess", + "userId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + } + }, + "provider": { + "description": "The provider type for the aquasec package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", + "properties": { + "aquaUrl": { + "type": "string", + "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n" + }, + "caCertificatePath": { + "type": "string", + "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n" + }, + "configPath": { + "type": "string", + "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n" + }, + "password": { + "type": "string", + "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", + "secret": true + }, + "username": { + "type": "string", + "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", + "secret": true + }, + "verifyTls": { + "type": "boolean", + "description": "If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can\nalternatively be sourced from the `AQUA_TLS_VERIFY` environment variable.\n" + } + }, + "inputProperties": { + "aquaUrl": { + "type": "string", + "description": "This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable.\n", + "defaultInfo": { + "environment": [ + "AQUA_URL" + ] + } + }, + "caCertificatePath": { + "type": "string", + "description": "This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced\nfrom the `AQUA_CA_CERT_PATH` environment variable.\n", + "defaultInfo": { + "environment": [ + "AQUA_CA_CERT_PATH" + ] + } + }, + "configPath": { + "type": "string", + "description": "This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can\nalternatively be sourced from the `AQUA_CONFIG` environment variable.\n", + "defaultInfo": { + "environment": [ + "AQUA_CONFIG" + ] + } + }, + "password": { + "type": "string", + "description": "This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD`\nenvironment variable.\n", + "defaultInfo": { + "environment": [ + "AQUA_PASSWORD" + ] + }, + "secret": true + }, + "username": { + "type": "string", + "description": "This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER`\nenvironment variable.\n", + "defaultInfo": { + "environment": [ + "AQUA_USER" + ] + }, + "secret": true + }, + "verifyTls": { + "type": "boolean", + "description": "If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can\nalternatively be sourced from the `AQUA_TLS_VERIFY` environment variable.\n", + "default": true, + "defaultInfo": { + "environment": [ + "AQUA_TLS_VERIFY" + ] + } + } + } + }, + "resources": { + "aquasec:index/acknowledge:Acknowledge": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst acknowledge = new aquasec.Acknowledge(\"acknowledge\", {\n comment: \"comment\",\n issues: [\n {\n dockerId: \"\",\n imageName: \"image:latest\",\n issueName: \"CVE-2022-1271\",\n issueType: \"vulnerability\",\n registryName: \"registry\",\n resourceCpe: \"cpe:/a:gnu:gzip:1.10\",\n resourceName: \"gzip\",\n resourcePath: \"/usr/bin/gzip\",\n resourceType: \"executable\",\n resourceVersion: \"1.10\",\n },\n {\n dockerId: \"docker-id\",\n imageName: \"image-name\",\n issueName: \"ALAS2-2021-1722\",\n issueType: \"vulnerability\",\n registryName: \"registry-name\",\n resourceCpe: \"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n resourceName: \"nss-softokn\",\n resourcePath: \"\",\n resourceType: \"package\",\n resourceVersion: \"3.44.0-8.amzn2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nacknowledge = aquasec.Acknowledge(\"acknowledge\",\n comment=\"comment\",\n issues=[\n aquasec.AcknowledgeIssueArgs(\n docker_id=\"\",\n image_name=\"image:latest\",\n issue_name=\"CVE-2022-1271\",\n issue_type=\"vulnerability\",\n registry_name=\"registry\",\n resource_cpe=\"cpe:/a:gnu:gzip:1.10\",\n resource_name=\"gzip\",\n resource_path=\"/usr/bin/gzip\",\n resource_type=\"executable\",\n resource_version=\"1.10\",\n ),\n aquasec.AcknowledgeIssueArgs(\n docker_id=\"docker-id\",\n image_name=\"image-name\",\n issue_name=\"ALAS2-2021-1722\",\n issue_type=\"vulnerability\",\n registry_name=\"registry-name\",\n resource_cpe=\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n resource_name=\"nss-softokn\",\n resource_path=\"\",\n resource_type=\"package\",\n resource_version=\"3.44.0-8.amzn2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var acknowledge = new Aquasec.Acknowledge(\"acknowledge\", new()\n {\n Comment = \"comment\",\n Issues = new[]\n {\n new Aquasec.Inputs.AcknowledgeIssueArgs\n {\n DockerId = \"\",\n ImageName = \"image:latest\",\n IssueName = \"CVE-2022-1271\",\n IssueType = \"vulnerability\",\n RegistryName = \"registry\",\n ResourceCpe = \"cpe:/a:gnu:gzip:1.10\",\n ResourceName = \"gzip\",\n ResourcePath = \"/usr/bin/gzip\",\n ResourceType = \"executable\",\n ResourceVersion = \"1.10\",\n },\n new Aquasec.Inputs.AcknowledgeIssueArgs\n {\n DockerId = \"docker-id\",\n ImageName = \"image-name\",\n IssueName = \"ALAS2-2021-1722\",\n IssueType = \"vulnerability\",\n RegistryName = \"registry-name\",\n ResourceCpe = \"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\",\n ResourceName = \"nss-softokn\",\n ResourcePath = \"\",\n ResourceType = \"package\",\n ResourceVersion = \"3.44.0-8.amzn2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewAcknowledge(ctx, \"acknowledge\", \u0026aquasec.AcknowledgeArgs{\n\t\t\tComment: pulumi.String(\"comment\"),\n\t\t\tIssues: aquasec.AcknowledgeIssueArray{\n\t\t\t\t\u0026aquasec.AcknowledgeIssueArgs{\n\t\t\t\t\tDockerId: pulumi.String(\"\"),\n\t\t\t\t\tImageName: pulumi.String(\"image:latest\"),\n\t\t\t\t\tIssueName: pulumi.String(\"CVE-2022-1271\"),\n\t\t\t\t\tIssueType: pulumi.String(\"vulnerability\"),\n\t\t\t\t\tRegistryName: pulumi.String(\"registry\"),\n\t\t\t\t\tResourceCpe: pulumi.String(\"cpe:/a:gnu:gzip:1.10\"),\n\t\t\t\t\tResourceName: pulumi.String(\"gzip\"),\n\t\t\t\t\tResourcePath: pulumi.String(\"/usr/bin/gzip\"),\n\t\t\t\t\tResourceType: pulumi.String(\"executable\"),\n\t\t\t\t\tResourceVersion: pulumi.String(\"1.10\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.AcknowledgeIssueArgs{\n\t\t\t\t\tDockerId: pulumi.String(\"docker-id\"),\n\t\t\t\t\tImageName: pulumi.String(\"image-name\"),\n\t\t\t\t\tIssueName: pulumi.String(\"ALAS2-2021-1722\"),\n\t\t\t\t\tIssueType: pulumi.String(\"vulnerability\"),\n\t\t\t\t\tRegistryName: pulumi.String(\"registry-name\"),\n\t\t\t\t\tResourceCpe: pulumi.String(\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\"),\n\t\t\t\t\tResourceName: pulumi.String(\"nss-softokn\"),\n\t\t\t\t\tResourcePath: pulumi.String(\"\"),\n\t\t\t\t\tResourceType: pulumi.String(\"package\"),\n\t\t\t\t\tResourceVersion: pulumi.String(\"3.44.0-8.amzn2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Acknowledge;\nimport com.pulumi.aquasec.AcknowledgeArgs;\nimport com.pulumi.aquasec.inputs.AcknowledgeIssueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var acknowledge = new Acknowledge(\"acknowledge\", AcknowledgeArgs.builder() \n .comment(\"comment\")\n .issues( \n AcknowledgeIssueArgs.builder()\n .dockerId(\"\")\n .imageName(\"image:latest\")\n .issueName(\"CVE-2022-1271\")\n .issueType(\"vulnerability\")\n .registryName(\"registry\")\n .resourceCpe(\"cpe:/a:gnu:gzip:1.10\")\n .resourceName(\"gzip\")\n .resourcePath(\"/usr/bin/gzip\")\n .resourceType(\"executable\")\n .resourceVersion(\"1.10\")\n .build(),\n AcknowledgeIssueArgs.builder()\n .dockerId(\"docker-id\")\n .imageName(\"image-name\")\n .issueName(\"ALAS2-2021-1722\")\n .issueType(\"vulnerability\")\n .registryName(\"registry-name\")\n .resourceCpe(\"pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\")\n .resourceName(\"nss-softokn\")\n .resourcePath(\"\")\n .resourceType(\"package\")\n .resourceVersion(\"3.44.0-8.amzn2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acknowledge:\n type: aquasec:Acknowledge\n properties:\n comment: comment\n issues:\n - dockerId:\n imageName: image:latest\n issueName: CVE-2022-1271\n issueType: vulnerability\n registryName: registry\n resourceCpe: cpe:/a:gnu:gzip:1.10\n resourceName: gzip\n resourcePath: /usr/bin/gzip\n resourceType: executable\n resourceVersion: '1.10'\n - dockerId: docker-id\n imageName: image-name\n issueName: ALAS2-2021-1722\n issueType: vulnerability\n registryName: registry-name\n resourceCpe: pkg:/amzn:2:nss-softokn:3.44.0-8.amzn2\n resourceName: nss-softokn\n resourcePath:\n resourceType: package\n resourceVersion: 3.44.0-8.amzn2\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "comment": { + "type": "string", + "description": "A comment describing the reason for the acknowledgment\n" + }, + "issues": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/AcknowledgeIssue:AcknowledgeIssue" + }, + "description": "A list of existing security acknowledges.\n" + } + }, + "required": [ + "comment", + "issues" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "A comment describing the reason for the acknowledgment\n" + }, + "issues": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/AcknowledgeIssue:AcknowledgeIssue" + }, + "description": "A list of existing security acknowledges.\n" + } + }, + "requiredInputs": [ + "comment", + "issues" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Acknowledge resources.\n", + "properties": { + "comment": { + "type": "string", + "description": "A comment describing the reason for the acknowledgment\n" + }, + "issues": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/AcknowledgeIssue:AcknowledgeIssue" + }, + "description": "A list of existing security acknowledges.\n" + } + }, + "type": "object" + } + }, + "aquasec:index/applicationScope:ApplicationScope": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.ApplicationScope;\nimport com.pulumi.aquasec.ApplicationScopeArgs;\nimport com.pulumi.aquasec.inputs.ApplicationScopeCategoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var terraformiap = new ApplicationScope(\"terraformiap\", ApplicationScopeArgs.builder() \n .categories(ApplicationScopeCategoryArgs.builder()\n .artifacts(ApplicationScopeCategoryArtifactArgs.builder()\n .image(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build())\n .infrastructures(ApplicationScopeCategoryInfrastructureArgs.builder()\n .kubernetes(ApplicationScopeCategoryInfrastructureKuberneteArgs.builder()\n .expression(\"v1\")\n .variables(ApplicationScopeCategoryInfrastructureKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"aqua\")\n .build())\n .build())\n .build())\n .workloads(ApplicationScopeCategoryWorkloadArgs.builder()\n .kubernetes(ApplicationScopeCategoryWorkloadKuberneteArgs.builder()\n .expression(\"v1 \u0026\u0026 v2\")\n .variables( \n ApplicationScopeCategoryWorkloadKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"aqua\")\n .build(),\n ApplicationScopeCategoryWorkloadKuberneteVariableArgs.builder()\n .attribute(\"kubernetes.namespace\")\n .value(\"aqua\")\n .build())\n .build())\n .build())\n .build())\n .description(\"test123\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n terraformiap:\n type: aquasec:ApplicationScope\n properties:\n # Categories is a nested block of artifacts, workloads and infrastructure\n categories:\n - artifacts:\n - image:\n - expression: v1 \u0026\u0026 v2\n variables:\n - attribute: aqua.registry\n value: test-registry\n - attribute: image.repo\n value: nginx\n infrastructures:\n - kubernetes:\n - expression: v1\n variables:\n - attribute: kubernetes.cluster\n value: aqua\n workloads:\n - kubernetes:\n - expression: v1 \u0026\u0026 v2\n variables:\n - attribute: kubernetes.cluster\n value: aqua\n - attribute: kubernetes.namespace\n value: aqua\n description: test123\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "categories": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory" + }, + "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" + }, + "description": { + "type": "string", + "description": "Description of the application scope.\n" + }, + "name": { + "type": "string", + "description": "Name of an application scope.\n" + }, + "ownerEmail": { + "type": "string", + "description": "Name of an application scope.\n" + } + }, + "required": [ + "author", + "categories", + "name" + ], + "inputProperties": { + "categories": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory" + }, + "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" + }, + "description": { + "type": "string", + "description": "Description of the application scope.\n" + }, + "name": { + "type": "string", + "description": "Name of an application scope.\n", + "willReplaceOnChanges": true + }, + "ownerEmail": { + "type": "string", + "description": "Name of an application scope.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ApplicationScope resources.\n", + "properties": { + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "categories": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ApplicationScopeCategory:ApplicationScopeCategory" + }, + "description": "Artifacts (of applications) / Workloads (containers) / Infrastructure (elements).\n" + }, + "description": { + "type": "string", + "description": "Description of the application scope.\n" + }, + "name": { + "type": "string", + "description": "Name of an application scope.\n", + "willReplaceOnChanges": true + }, + "ownerEmail": { + "type": "string", + "description": "Name of an application scope.\n" + } + }, + "type": "object" + } + }, + "aquasec:index/aquaLabel:AquaLabel": { + "properties": { + "author": { + "type": "string", + "description": "The name of the user who created the Aqua label.\n" + }, + "created": { + "type": "string", + "description": "The creation date of the Aqua label.\n" + }, + "description": { + "type": "string", + "description": "Aqua label description.\n" + }, + "name": { + "type": "string", + "description": "Aqua label name.\n" + } + }, + "required": [ + "author", + "created", + "name" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Aqua label description.\n" + }, + "name": { + "type": "string", + "description": "Aqua label name.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AquaLabel resources.\n", + "properties": { + "author": { + "type": "string", + "description": "The name of the user who created the Aqua label.\n" + }, + "created": { + "type": "string", + "description": "The creation date of the Aqua label.\n" + }, + "description": { + "type": "string", + "description": "Aqua label description.\n" + }, + "name": { + "type": "string", + "description": "Aqua label name.\n" + } + }, + "type": "object" + } + }, + "aquasec:index/containerRuntimePolicy:ContainerRuntimePolicy": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.ContainerRuntimePolicy;\nimport com.pulumi.aquasec.ContainerRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyFileIntegrityMonitoringArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyMalwareScanOptionsArgs;\nimport com.pulumi.aquasec.inputs.ContainerRuntimePolicyScopeVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var containerRuntimePolicy = new ContainerRuntimePolicy(\"containerRuntimePolicy\", ContainerRuntimePolicyArgs.builder() \n .allowedExecutables( \n \"exe\",\n \"bin\")\n .allowedRegistries( \n \"registry1\",\n \"registry2\")\n .applicationScopes(\"Global\")\n .auditAllNetworkActivity(true)\n .auditAllProcessesActivity(true)\n .auditFullCommandArguments(true)\n .blockAccessHostNetwork(true)\n .blockAddingCapabilities(true)\n .blockContainerExec(true)\n .blockCryptocurrencyMining(true)\n .blockFilelessExec(true)\n .blockLowPortBinding(true)\n .blockNonCompliantImages(true)\n .blockNonCompliantWorkloads(true)\n .blockNonK8sContainers(true)\n .blockPrivilegedContainers(true)\n .blockReverseShell(true)\n .blockRootUser(true)\n .blockUnregisteredImages(true)\n .blockUseIpcNamespace(true)\n .blockUsePidNamespace(true)\n .blockUseUserNamespace(true)\n .blockUseUtsNamespace(true)\n .blockedCapabilities( \n \"AUDIT_CONTROL\",\n \"AUDIT_WRITE\")\n .blockedExecutables( \n \"exe1\",\n \"exe2\")\n .blockedFiles( \n \"test1\",\n \"test2\")\n .blockedInboundPorts( \n \"80\",\n \"8080\")\n .blockedOutboundPorts( \n \"90\",\n \"9090\")\n .blockedPackages( \n \"pkg\",\n \"pkg2\")\n .blockedVolumes( \n \"blocked\",\n \"vol\")\n .containerExecAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .description(\"container_runtime_policy\")\n .enableDriftPrevention(true)\n .enableForkGuard(true)\n .enableIpReputationSecurity(true)\n .enablePortScanDetection(true)\n .enabled(true)\n .enforce(false)\n .exceptionalReadonlyFilesAndDirectories( \n \"readonly2\",\n \"/dir2/\")\n .fileIntegrityMonitoring(ContainerRuntimePolicyFileIntegrityMonitoringArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .monitorAttributes(true)\n .monitorCreate(true)\n .monitorDelete(true)\n .monitorModify(true)\n .monitorRead(true)\n .monitoredPaths(\"paths\")\n .monitoredProcesses(\"process\")\n .monitoredUsers(\"user\")\n .build())\n .forkGuardProcessLimit(13)\n .limitNewPrivileges(true)\n .malwareScanOptions(ContainerRuntimePolicyMalwareScanOptionsArgs.builder()\n .action(\"alert\")\n .enabled(true)\n .build())\n .monitorSystemTimeChanges(\"true\")\n .readonlyFilesAndDirectories( \n \"readonly\",\n \"/dir/\")\n .reverseShellAllowedIps( \n \"ip1\",\n \"ip2\")\n .reverseShellAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .scopeExpression(\"v1 || v2\")\n .scopeVariables( \n ContainerRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n ContainerRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n containerRuntimePolicy:\n type: aquasec:ContainerRuntimePolicy\n properties:\n allowedExecutables:\n - exe\n - bin\n allowedRegistries:\n - registry1\n - registry2\n applicationScopes:\n - Global\n auditAllNetworkActivity: true\n auditAllProcessesActivity: true\n auditFullCommandArguments: true\n blockAccessHostNetwork: true\n blockAddingCapabilities: true\n blockContainerExec: true\n blockCryptocurrencyMining: true\n blockFilelessExec: true\n blockLowPortBinding: true\n blockNonCompliantImages: true\n blockNonCompliantWorkloads: true\n blockNonK8sContainers: true\n blockPrivilegedContainers: true\n blockReverseShell: true\n blockRootUser: true\n blockUnregisteredImages: true\n blockUseIpcNamespace: true\n blockUsePidNamespace: true\n blockUseUserNamespace: true\n blockUseUtsNamespace: true\n blockedCapabilities:\n - AUDIT_CONTROL\n - AUDIT_WRITE\n blockedExecutables:\n - exe1\n - exe2\n blockedFiles:\n - test1\n - test2\n blockedInboundPorts:\n - '80'\n - '8080'\n blockedOutboundPorts:\n - '90'\n - '9090'\n blockedPackages:\n - pkg\n - pkg2\n blockedVolumes:\n - blocked\n - vol\n containerExecAllowedProcesses:\n - proc1\n - proc2\n description: container_runtime_policy\n enableDriftPrevention: true\n enableForkGuard: true\n enableIpReputationSecurity: true\n enablePortScanDetection: true\n enabled: true\n enforce: false\n exceptionalReadonlyFilesAndDirectories:\n - readonly2\n - /dir2/\n fileIntegrityMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n forkGuardProcessLimit: 13\n limitNewPrivileges: true\n malwareScanOptions:\n action: alert\n enabled: true\n monitorSystemTimeChanges: 'true'\n readonlyFilesAndDirectories:\n - readonly\n - /dir/\n reverseShellAllowedIps:\n - ip1\n - ip2\n reverseShellAllowedProcesses:\n - proc1\n - proc2\n scopeExpression: v1 || v2\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" + }, + "auditAllNetworkActivity": { + "type": "boolean", + "description": "If true, all network activity will be audited.\n" + }, + "auditAllProcessesActivity": { + "type": "boolean", + "description": "If true, all process activity will be audited.\n" + }, + "auditBruteForceLogin": { + "type": "boolean", + "description": "Detects brute force login attempts\n" + }, + "auditFullCommandArguments": { + "type": "boolean", + "description": "If true, full command arguments will be audited.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing" + }, + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers" + }, + "blockAccessHostNetwork": { + "type": "boolean", + "description": "If true, prevent containers from running with access to host network.\n" + }, + "blockAddingCapabilities": { + "type": "boolean", + "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" + }, + "blockContainerExec": { + "type": "boolean", + "description": "If true, exec into a container is prevented.\n" + }, + "blockCryptocurrencyMining": { + "type": "boolean", + "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + }, + "blockDisallowedImages": { + "type": "boolean" + }, + "blockFilelessExec": { + "type": "boolean", + "description": "Detect and prevent running in-memory execution\n" + }, + "blockLowPortBinding": { + "type": "boolean", + "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" + }, + "blockNonCompliantWorkloads": { + "type": "boolean", + "description": "If true, running containers in non-compliant pods is prevented.\n" + }, + "blockNonK8sContainers": { + "type": "boolean", + "description": "If true, running non-kubernetes containers is prevented.\n" + }, + "blockPrivilegedContainers": { + "type": "boolean", + "description": "If true, prevent containers from running with privileged container capability.\n" + }, + "blockRootUser": { + "type": "boolean", + "description": "If true, prevent containers from running with root user.\n" + }, + "blockUseIpcNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" + }, + "blockUsePidNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" + }, + "blockUseUserNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" + }, + "blockUseUtsNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" + }, + "blockedCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If true, prevents containers from using specific Unix capabilities.\n" + }, + "blockedExecutables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of executables that are prevented from running in containers.\n" + }, + "blockedFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of files that are prevented from being read, modified and executed in the containers.\n" + }, + "blockedInboundPorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blocked inbound ports.\n" + }, + "blockedOutboundPorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blocked outbound ports.\n" + }, + "blockedPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" + }, + "blockedVolumes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of volumes that are prevented from being mounted in the containers.\n" + }, + "bypassScopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope" + }, + "description": "Bypass scope configuration.\n" + }, + "containerExec": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec" + }, + "containerExecAllowedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes that will be allowed.\n" + }, + "created": { + "type": "string" + }, + "cve": { + "type": "string" + }, + "defaultSecurityProfile": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the container runtime policy\n" + }, + "digest": { + "type": "string" + }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "enableCryptoMiningDns": { + "type": "boolean" + }, + "enableForkGuard": { + "type": "boolean", + "description": "If true, fork bombs are prevented in the containers.\n" + }, + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "enforce": { + "type": "boolean", + "description": "Indicates that policy should effect container execution (not just for audit).\n" + }, + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock" + }, + "fileIntegrityMonitoring": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", + "description": "Configuration for file integrity monitoring.\n" + }, + "forkGuardProcessLimit": { + "type": "integer", + "description": "Process limit for the fork guard.\n" + }, + "imageName": { + "type": "string" + }, + "isAuditChecked": { + "type": "boolean" + }, + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" + }, + "limitNewPrivileges": { + "type": "boolean", + "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" + }, + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "monitorSystemTimeChanges": { + "type": "boolean", + "description": "If true, system time changes will be monitored.\n" + }, + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n" + }, + "noNewPrivileges": { + "type": "boolean" + }, + "onlyRegisteredImages": { + "type": "boolean" + }, + "packageBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock" + }, + "permission": { + "type": "string" + }, + "portBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles" + }, + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry" + }, + "registry": { + "type": "string" + }, + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring" + }, + "repoName": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" + }, + "reverseShell": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell" + }, + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { + "type": "string" + }, + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScope:ContainerRuntimePolicyScope" + }, + "description": "Scope configuration.\n" + }, + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection" + }, + "tripwire": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire" + }, + "type": { + "type": "string" + }, + "updated": { + "type": "string" + }, + "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers" + } + }, + "required": [ + "allowedExecutables", + "allowedRegistries", + "applicationScopes", + "auditing", + "author", + "blacklistedOsUsers", + "containerExec", + "created", + "driftPreventions", + "enforceSchedulerAddedOn", + "executableBlacklists", + "failedKubernetesChecks", + "fileBlock", + "fileIntegrityMonitoring", + "lastupdate", + "limitContainerPrivileges", + "linuxCapabilities", + "malwareScanOptions", + "name", + "packageBlock", + "portBlock", + "readonlyFiles", + "readonlyRegistry", + "registryAccessMonitoring", + "restrictedVolumes", + "reverseShell", + "scopeExpression", + "scopeVariables", + "systemIntegrityProtection", + "tripwire", + "updated", + "whitelistedOsUsers" + ], + "inputProperties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" + }, + "auditAllNetworkActivity": { + "type": "boolean", + "description": "If true, all network activity will be audited.\n" + }, + "auditAllProcessesActivity": { + "type": "boolean", + "description": "If true, all process activity will be audited.\n" + }, + "auditBruteForceLogin": { + "type": "boolean", + "description": "Detects brute force login attempts\n" + }, + "auditFullCommandArguments": { + "type": "boolean", + "description": "If true, full command arguments will be audited.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing" + }, + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers" + }, + "blockAccessHostNetwork": { + "type": "boolean", + "description": "If true, prevent containers from running with access to host network.\n" + }, + "blockAddingCapabilities": { + "type": "boolean", + "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" + }, + "blockContainerExec": { + "type": "boolean", + "description": "If true, exec into a container is prevented.\n" + }, + "blockCryptocurrencyMining": { + "type": "boolean", + "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + }, + "blockDisallowedImages": { + "type": "boolean" + }, + "blockFilelessExec": { + "type": "boolean", + "description": "Detect and prevent running in-memory execution\n" + }, + "blockLowPortBinding": { + "type": "boolean", + "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" + }, + "blockNonCompliantWorkloads": { + "type": "boolean", + "description": "If true, running containers in non-compliant pods is prevented.\n" + }, + "blockNonK8sContainers": { + "type": "boolean", + "description": "If true, running non-kubernetes containers is prevented.\n" + }, + "blockPrivilegedContainers": { + "type": "boolean", + "description": "If true, prevent containers from running with privileged container capability.\n" + }, + "blockRootUser": { + "type": "boolean", + "description": "If true, prevent containers from running with root user.\n" + }, + "blockUseIpcNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" + }, + "blockUsePidNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" + }, + "blockUseUserNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" + }, + "blockUseUtsNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" + }, + "blockedCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If true, prevents containers from using specific Unix capabilities.\n" + }, + "blockedExecutables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of executables that are prevented from running in containers.\n" + }, + "blockedFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of files that are prevented from being read, modified and executed in the containers.\n" + }, + "blockedInboundPorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blocked inbound ports.\n" + }, + "blockedOutboundPorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blocked outbound ports.\n" + }, + "blockedPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" + }, + "blockedVolumes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of volumes that are prevented from being mounted in the containers.\n" + }, + "bypassScopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope" + }, + "description": "Bypass scope configuration.\n" + }, + "containerExec": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec" + }, + "containerExecAllowedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes that will be allowed.\n" + }, + "created": { + "type": "string" + }, + "cve": { + "type": "string" + }, + "defaultSecurityProfile": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the container runtime policy\n" + }, + "digest": { + "type": "string" + }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "enableCryptoMiningDns": { + "type": "boolean" + }, + "enableForkGuard": { + "type": "boolean", + "description": "If true, fork bombs are prevented in the containers.\n" + }, + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "enforce": { + "type": "boolean", + "description": "Indicates that policy should effect container execution (not just for audit).\n" + }, + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock" + }, + "fileIntegrityMonitoring": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", + "description": "Configuration for file integrity monitoring.\n" + }, + "forkGuardProcessLimit": { + "type": "integer", + "description": "Process limit for the fork guard.\n" + }, + "imageName": { + "type": "string" + }, + "isAuditChecked": { + "type": "boolean" + }, + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" + }, + "limitNewPrivileges": { + "type": "boolean", + "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" + }, + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "monitorSystemTimeChanges": { + "type": "boolean", + "description": "If true, system time changes will be monitored.\n" + }, + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true + }, + "noNewPrivileges": { + "type": "boolean" + }, + "onlyRegisteredImages": { + "type": "boolean" + }, + "packageBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock" + }, + "permission": { + "type": "string" + }, + "portBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles" + }, + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry" + }, + "registry": { + "type": "string" + }, + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring" + }, + "repoName": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" + }, + "reverseShell": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell" + }, + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { + "type": "string" + }, + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScope:ContainerRuntimePolicyScope" + }, + "description": "Scope configuration.\n" + }, + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection" + }, + "tripwire": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire" + }, + "type": { + "type": "string" + }, + "updated": { + "type": "string" + }, + "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ContainerRuntimePolicy resources.\n", + "properties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAllowedExecutable:ContainerRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAllowedRegistry:ContainerRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" + }, + "auditAllNetworkActivity": { + "type": "boolean", + "description": "If true, all network activity will be audited.\n" + }, + "auditAllProcessesActivity": { + "type": "boolean", + "description": "If true, all process activity will be audited.\n" + }, + "auditBruteForceLogin": { + "type": "boolean", + "description": "Detects brute force login attempts\n" + }, + "auditFullCommandArguments": { + "type": "boolean", + "description": "If true, full command arguments will be audited.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyAuditing:ContainerRuntimePolicyAuditing" + }, + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBlacklistedOsUsers:ContainerRuntimePolicyBlacklistedOsUsers" + }, + "blockAccessHostNetwork": { + "type": "boolean", + "description": "If true, prevent containers from running with access to host network.\n" + }, + "blockAddingCapabilities": { + "type": "boolean", + "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" + }, + "blockContainerExec": { + "type": "boolean", + "description": "If true, exec into a container is prevented.\n" + }, + "blockCryptocurrencyMining": { + "type": "boolean", + "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + }, + "blockDisallowedImages": { + "type": "boolean" + }, + "blockFilelessExec": { + "type": "boolean", + "description": "Detect and prevent running in-memory execution\n" + }, + "blockLowPortBinding": { + "type": "boolean", + "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" + }, + "blockNonCompliantWorkloads": { + "type": "boolean", + "description": "If true, running containers in non-compliant pods is prevented.\n" + }, + "blockNonK8sContainers": { + "type": "boolean", + "description": "If true, running non-kubernetes containers is prevented.\n" + }, + "blockPrivilegedContainers": { + "type": "boolean", + "description": "If true, prevent containers from running with privileged container capability.\n" + }, + "blockRootUser": { + "type": "boolean", + "description": "If true, prevent containers from running with root user.\n" + }, + "blockUseIpcNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" + }, + "blockUsePidNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" + }, + "blockUseUserNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" + }, + "blockUseUtsNamespace": { + "type": "boolean", + "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" + }, + "blockedCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If true, prevents containers from using specific Unix capabilities.\n" + }, + "blockedExecutables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of executables that are prevented from running in containers.\n" + }, + "blockedFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of files that are prevented from being read, modified and executed in the containers.\n" + }, + "blockedInboundPorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blocked inbound ports.\n" + }, + "blockedOutboundPorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blocked outbound ports.\n" + }, + "blockedPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" + }, + "blockedVolumes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of volumes that are prevented from being mounted in the containers.\n" + }, + "bypassScopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyBypassScope:ContainerRuntimePolicyBypassScope" + }, + "description": "Bypass scope configuration.\n" + }, + "containerExec": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyContainerExec:ContainerRuntimePolicyContainerExec" + }, + "containerExecAllowedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of processes that will be allowed.\n" + }, + "created": { + "type": "string" + }, + "cve": { + "type": "string" + }, + "defaultSecurityProfile": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the container runtime policy\n" + }, + "digest": { + "type": "string" + }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyDriftPrevention:ContainerRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "enableCryptoMiningDns": { + "type": "boolean" + }, + "enableForkGuard": { + "type": "boolean", + "description": "If true, fork bombs are prevented in the containers.\n" + }, + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "enforce": { + "type": "boolean", + "description": "Indicates that policy should effect container execution (not just for audit).\n" + }, + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyExecutableBlacklist:ContainerRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFailedKubernetesChecks:ContainerRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileBlock:ContainerRuntimePolicyFileBlock" + }, + "fileIntegrityMonitoring": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", + "description": "Configuration for file integrity monitoring.\n" + }, + "forkGuardProcessLimit": { + "type": "integer", + "description": "Process limit for the fork guard.\n" + }, + "imageName": { + "type": "string" + }, + "isAuditChecked": { + "type": "boolean" + }, + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyLimitContainerPrivilege:ContainerRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" + }, + "limitNewPrivileges": { + "type": "boolean", + "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" + }, + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyLinuxCapabilities:ContainerRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "monitorSystemTimeChanges": { + "type": "boolean", + "description": "If true, system time changes will be monitored.\n" + }, + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true + }, + "noNewPrivileges": { + "type": "boolean" + }, + "onlyRegisteredImages": { + "type": "boolean" + }, + "packageBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyPackageBlock:ContainerRuntimePolicyPackageBlock" + }, + "permission": { + "type": "string" + }, + "portBlock": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyPortBlock:ContainerRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReadonlyFiles:ContainerRuntimePolicyReadonlyFiles" + }, + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReadonlyRegistry:ContainerRuntimePolicyReadonlyRegistry" + }, + "registry": { + "type": "string" + }, + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyRegistryAccessMonitoring:ContainerRuntimePolicyRegistryAccessMonitoring" + }, + "repoName": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyRestrictedVolume:ContainerRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" + }, + "reverseShell": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyReverseShell:ContainerRuntimePolicyReverseShell" + }, + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { + "type": "string" + }, + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScope:ContainerRuntimePolicyScope" + }, + "description": "Scope configuration.\n" + }, + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicySystemIntegrityProtection:ContainerRuntimePolicySystemIntegrityProtection" + }, + "tripwire": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyTripwire:ContainerRuntimePolicyTripwire" + }, + "type": { + "type": "string" + }, + "updated": { + "type": "string" + }, + "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/ContainerRuntimePolicyWhitelistedOsUsers:ContainerRuntimePolicyWhitelistedOsUsers" + } + }, + "type": "object" + } + }, + "aquasec:index/enforcerGroups:EnforcerGroups": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst group = new aquasec.EnforcerGroups(\"group\", {\n antivirusProtection: true,\n containerActivityProtection: true,\n containerAntivirusProtection: true,\n enforce: true,\n forensics: true,\n groupId: \"tf-test-enforcer\",\n hostAssurance: true,\n hostForensics: true,\n hostNetworkProtection: true,\n hostProtection: true,\n imageAssurance: true,\n networkProtection: true,\n orchestrators: [{}],\n riskExplorerAutoDiscovery: true,\n syncHostImages: true,\n type: \"agent\",\n});\nconst group_kubeEnforcer = new aquasec.EnforcerGroups(\"group-kubeEnforcer\", {\n admissionControl: true,\n autoCopySecrets: true,\n autoDiscoverConfigureRegistries: true,\n autoDiscoveryEnabled: true,\n autoScanDiscoveredImagesRunningContainers: true,\n blockAdmissionControl: true,\n enforce: true,\n groupId: \"tf-test-kube_enforcer\",\n kubeBenchImageName: \"registry.aquasec.com/kube-bench:v0.6.5\",\n microEnforcerSecretsName: \"aqua-registry\",\n orchestrators: [{\n namespace: \"aqua\",\n type: \"kubernetes\",\n }],\n type: \"kube_enforcer\",\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ngroup = aquasec.EnforcerGroups(\"group\",\n antivirus_protection=True,\n container_activity_protection=True,\n container_antivirus_protection=True,\n enforce=True,\n forensics=True,\n group_id=\"tf-test-enforcer\",\n host_assurance=True,\n host_forensics=True,\n host_network_protection=True,\n host_protection=True,\n image_assurance=True,\n network_protection=True,\n orchestrators=[aquasec.EnforcerGroupsOrchestratorArgs()],\n risk_explorer_auto_discovery=True,\n sync_host_images=True,\n type=\"agent\")\ngroup_kube_enforcer = aquasec.EnforcerGroups(\"group-kubeEnforcer\",\n admission_control=True,\n auto_copy_secrets=True,\n auto_discover_configure_registries=True,\n auto_discovery_enabled=True,\n auto_scan_discovered_images_running_containers=True,\n block_admission_control=True,\n enforce=True,\n group_id=\"tf-test-kube_enforcer\",\n kube_bench_image_name=\"registry.aquasec.com/kube-bench:v0.6.5\",\n micro_enforcer_secrets_name=\"aqua-registry\",\n orchestrators=[aquasec.EnforcerGroupsOrchestratorArgs(\n namespace=\"aqua\",\n type=\"kubernetes\",\n )],\n type=\"kube_enforcer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Aquasec.EnforcerGroups(\"group\", new()\n {\n AntivirusProtection = true,\n ContainerActivityProtection = true,\n ContainerAntivirusProtection = true,\n Enforce = true,\n Forensics = true,\n GroupId = \"tf-test-enforcer\",\n HostAssurance = true,\n HostForensics = true,\n HostNetworkProtection = true,\n HostProtection = true,\n ImageAssurance = true,\n NetworkProtection = true,\n Orchestrators = new[]\n {\n null,\n },\n RiskExplorerAutoDiscovery = true,\n SyncHostImages = true,\n Type = \"agent\",\n });\n\n var group_kubeEnforcer = new Aquasec.EnforcerGroups(\"group-kubeEnforcer\", new()\n {\n AdmissionControl = true,\n AutoCopySecrets = true,\n AutoDiscoverConfigureRegistries = true,\n AutoDiscoveryEnabled = true,\n AutoScanDiscoveredImagesRunningContainers = true,\n BlockAdmissionControl = true,\n Enforce = true,\n GroupId = \"tf-test-kube_enforcer\",\n KubeBenchImageName = \"registry.aquasec.com/kube-bench:v0.6.5\",\n MicroEnforcerSecretsName = \"aqua-registry\",\n Orchestrators = new[]\n {\n new Aquasec.Inputs.EnforcerGroupsOrchestratorArgs\n {\n Namespace = \"aqua\",\n Type = \"kubernetes\",\n },\n },\n Type = \"kube_enforcer\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewEnforcerGroups(ctx, \"group\", \u0026aquasec.EnforcerGroupsArgs{\n\t\t\tAntivirusProtection: pulumi.Bool(true),\n\t\t\tContainerActivityProtection: pulumi.Bool(true),\n\t\t\tContainerAntivirusProtection: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(true),\n\t\t\tForensics: pulumi.Bool(true),\n\t\t\tGroupId: pulumi.String(\"tf-test-enforcer\"),\n\t\t\tHostAssurance: pulumi.Bool(true),\n\t\t\tHostForensics: pulumi.Bool(true),\n\t\t\tHostNetworkProtection: pulumi.Bool(true),\n\t\t\tHostProtection: pulumi.Bool(true),\n\t\t\tImageAssurance: pulumi.Bool(true),\n\t\t\tNetworkProtection: pulumi.Bool(true),\n\t\t\tOrchestrators: aquasec.EnforcerGroupsOrchestratorArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tRiskExplorerAutoDiscovery: pulumi.Bool(true),\n\t\t\tSyncHostImages: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"agent\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewEnforcerGroups(ctx, \"group-kubeEnforcer\", \u0026aquasec.EnforcerGroupsArgs{\n\t\t\tAdmissionControl: pulumi.Bool(true),\n\t\t\tAutoCopySecrets: pulumi.Bool(true),\n\t\t\tAutoDiscoverConfigureRegistries: pulumi.Bool(true),\n\t\t\tAutoDiscoveryEnabled: pulumi.Bool(true),\n\t\t\tAutoScanDiscoveredImagesRunningContainers: pulumi.Bool(true),\n\t\t\tBlockAdmissionControl: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(true),\n\t\t\tGroupId: pulumi.String(\"tf-test-kube_enforcer\"),\n\t\t\tKubeBenchImageName: pulumi.String(\"registry.aquasec.com/kube-bench:v0.6.5\"),\n\t\t\tMicroEnforcerSecretsName: pulumi.String(\"aqua-registry\"),\n\t\t\tOrchestrators: aquasec.EnforcerGroupsOrchestratorArray{\n\t\t\t\t\u0026aquasec.EnforcerGroupsOrchestratorArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"aqua\"),\n\t\t\t\t\tType: pulumi.String(\"kubernetes\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tType: pulumi.String(\"kube_enforcer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.EnforcerGroups;\nimport com.pulumi.aquasec.EnforcerGroupsArgs;\nimport com.pulumi.aquasec.inputs.EnforcerGroupsOrchestratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new EnforcerGroups(\"group\", EnforcerGroupsArgs.builder() \n .antivirusProtection(true)\n .containerActivityProtection(true)\n .containerAntivirusProtection(true)\n .enforce(true)\n .forensics(true)\n .groupId(\"tf-test-enforcer\")\n .hostAssurance(true)\n .hostForensics(true)\n .hostNetworkProtection(true)\n .hostProtection(true)\n .imageAssurance(true)\n .networkProtection(true)\n .orchestrators()\n .riskExplorerAutoDiscovery(true)\n .syncHostImages(true)\n .type(\"agent\")\n .build());\n\n var group_kubeEnforcer = new EnforcerGroups(\"group-kubeEnforcer\", EnforcerGroupsArgs.builder() \n .admissionControl(true)\n .autoCopySecrets(true)\n .autoDiscoverConfigureRegistries(true)\n .autoDiscoveryEnabled(true)\n .autoScanDiscoveredImagesRunningContainers(true)\n .blockAdmissionControl(true)\n .enforce(true)\n .groupId(\"tf-test-kube_enforcer\")\n .kubeBenchImageName(\"registry.aquasec.com/kube-bench:v0.6.5\")\n .microEnforcerSecretsName(\"aqua-registry\")\n .orchestrators(EnforcerGroupsOrchestratorArgs.builder()\n .namespace(\"aqua\")\n .type(\"kubernetes\")\n .build())\n .type(\"kube_enforcer\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: aquasec:EnforcerGroups\n properties:\n # Advanced Malware Protection (Host Protection)\n antivirusProtection: true\n # Runtime Controls\n containerActivityProtection: true\n # Advanced Malware Protection (Container Protection)\n containerAntivirusProtection: true\n enforce: true\n # forensics\n forensics: true\n groupId: tf-test-enforcer\n # Host Assurance\n hostAssurance: true\n # host_forensics\n hostForensics: true\n # Network Firewall (Host Protection)\n hostNetworkProtection: true\n # Runtime Controls\n hostProtection: true\n # Image Assurance\n imageAssurance: true\n # Network Firewall (Container Protection)\n networkProtection: true\n orchestrators:\n - {}\n # Risk Explorer\n riskExplorerAutoDiscovery: true\n # Host Images\n syncHostImages: true\n type: agent\n group-kubeEnforcer:\n type: aquasec:EnforcerGroups\n properties:\n # Enable admission control\n admissionControl: true\n # Auto copy these secrets to the Pod Enforcer namespace and container\n autoCopySecrets: true\n # Add discovered registries\n autoDiscoverConfigureRegistries: true\n # Enable workload discovery\n autoDiscoveryEnabled: true\n # Register discovered pod images\n autoScanDiscoveredImagesRunningContainers: true\n # Perform admission control if not connected to a gateway\n blockAdmissionControl: true\n enforce: true\n groupId: tf-test-kube_enforcer\n # Kube-bench image path\n kubeBenchImageName: registry.aquasec.com/kube-bench:v0.6.5\n # Secret that holds the registry credentials for the Pod Enforcer and kube-bench\n microEnforcerSecretsName: aqua-registry\n orchestrators:\n - namespace: aqua\n type: kubernetes\n type: kube_enforcer\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "admissionControl": { + "type": "boolean", + "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" + }, + "allowKubeEnforcerAudit": { + "type": "boolean", + "description": "Allow kube enforcer audit.\n" + }, + "allowedApplications": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" + }, + "allowedLabels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of label names to allow on the hosts.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry names to allow on the hosts.\n" + }, + "antivirusProtection": { + "type": "boolean", + "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" + }, + "aquaVersion": { + "type": "string", + "description": "Aqua server version\n" + }, + "auditAll": { + "type": "boolean", + "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" + }, + "autoCopySecrets": { + "type": "boolean", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" + }, + "autoDiscoverConfigureRegistries": { + "type": "boolean", + "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" + }, + "autoDiscoveryEnabled": { + "type": "boolean", + "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" + }, + "autoScanDiscoveredImagesRunningContainers": { + "type": "boolean", + "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" + }, + "behavioralEngine": { + "type": "boolean", + "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" + }, + "blockAdmissionControl": { + "type": "boolean", + "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + }, + "commands": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand" + }, + "description": "The installation command.\n" + }, + "connectedCount": { + "type": "integer", + "description": "Number of connected enforcers in the enforcer group.\n" + }, + "containerActivityProtection": { + "type": "boolean", + "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" + }, + "containerAntivirusProtection": { + "type": "boolean", + "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" + }, + "description": { + "type": "string", + "description": "A description of the Aqua Enforcer group.\n" + }, + "disconnectedCount": { + "type": "integer", + "description": "Number of disconnected enforcers in the enforcer group.\n" + }, + "enforce": { + "type": "boolean", + "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" + }, + "enforcerImageName": { + "type": "string", + "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n" + }, + "forensics": { + "type": "boolean", + "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" + }, + "gatewayAddress": { + "type": "string", + "description": "Gateway Address\n" + }, + "gatewayName": { + "type": "string", + "description": "Gateway Name\n" + }, + "gateways": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Aqua gateway IDs for the Enforcers.\n" + }, + "groupId": { + "type": "string", + "description": "The ID of the Enforcer group.\n" + }, + "highVulns": { + "type": "integer", + "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "hostAssurance": { + "type": "boolean", + "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" + }, + "hostBehavioralEngine": { + "type": "boolean", + "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + }, + "hostForensics": { + "type": "boolean", + "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" + }, + "hostNetworkProtection": { + "type": "boolean", + "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" + }, + "hostOs": { + "type": "string", + "description": "The OS type for the host\n" + }, + "hostProtection": { + "type": "boolean", + "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" + }, + "hostUserProtection": { + "type": "boolean", + "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + }, + "hostname": { + "type": "string", + "description": "The hostname\n" + }, + "hostsCount": { + "type": "integer", + "description": "Number of enforcers in the enforcer group.\n" + }, + "imageAssurance": { + "type": "boolean", + "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" + }, + "installCommand": { + "type": "string", + "description": "Enforcer install command\n" + }, + "kubeBenchImageName": { + "type": "string", + "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" + }, + "lastUpdate": { + "type": "integer", + "description": "The last date and time the batch token was updated in UNIX time.\n" + }, + "logicalName": { + "type": "string", + "description": "Name for the batch install record.\n" + }, + "lowVulns": { + "type": "integer", + "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "medVulns": { + "type": "integer", + "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "microEnforcerCertsSecretsName": { + "type": "string", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" + }, + "microEnforcerImageName": { + "type": "string", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" + }, + "microEnforcerInjection": { + "type": "boolean", + "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + }, + "microEnforcerSecretsName": { + "type": "string", + "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" + }, + "negVulns": { + "type": "integer", + "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "networkProtection": { + "type": "boolean", + "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" + }, + "orchestrators": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" + }, + "description": "The orchestrator for which you are creating the Enforcer group.\n" + }, + "pasDeploymentLink": { + "type": "string", + "description": "pas deployment link\n" + }, + "permission": { + "type": "string", + "description": "Permission Action\n" + }, + "riskExplorerAutoDiscovery": { + "type": "boolean", + "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" + }, + "runtimePolicyName": { + "type": "string", + "description": "Function Runtime Policy that will applay on the nano enforcer.\n" + }, + "runtimeType": { + "type": "string", + "description": "The container runtime environment.\n" + }, + "syncHostImages": { + "type": "boolean", + "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" + }, + "syscallEnabled": { + "type": "boolean", + "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" + }, + "token": { + "type": "string", + "description": "The batch install token.\n" + }, + "type": { + "type": "string", + "description": "Enforcer Type.\n" + }, + "userAccessControl": { + "type": "boolean", + "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" + } + }, + "required": [ + "aquaVersion", + "autoCopySecrets", + "commands", + "connectedCount", + "disconnectedCount", + "enforcerImageName", + "gatewayAddress", + "gatewayName", + "gateways", + "groupId", + "highVulns", + "hostOs", + "hostname", + "hostsCount", + "installCommand", + "kubeBenchImageName", + "lastUpdate", + "logicalName", + "lowVulns", + "medVulns", + "microEnforcerImageName", + "microEnforcerSecretsName", + "negVulns", + "orchestrators", + "pasDeploymentLink", + "runtimePolicyName", + "runtimeType", + "token", + "type" + ], + "inputProperties": { + "admissionControl": { + "type": "boolean", + "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" + }, + "allowKubeEnforcerAudit": { + "type": "boolean", + "description": "Allow kube enforcer audit.\n" + }, + "allowedApplications": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" + }, + "allowedLabels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of label names to allow on the hosts.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry names to allow on the hosts.\n" + }, + "antivirusProtection": { + "type": "boolean", + "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" + }, + "auditAll": { + "type": "boolean", + "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" + }, + "autoCopySecrets": { + "type": "boolean", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" + }, + "autoDiscoverConfigureRegistries": { + "type": "boolean", + "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" + }, + "autoDiscoveryEnabled": { + "type": "boolean", + "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" + }, + "autoScanDiscoveredImagesRunningContainers": { + "type": "boolean", + "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" + }, + "behavioralEngine": { + "type": "boolean", + "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" + }, + "blockAdmissionControl": { + "type": "boolean", + "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + }, + "containerActivityProtection": { + "type": "boolean", + "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" + }, + "containerAntivirusProtection": { + "type": "boolean", + "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" + }, + "description": { + "type": "string", + "description": "A description of the Aqua Enforcer group.\n" + }, + "enforce": { + "type": "boolean", + "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" + }, + "forensics": { + "type": "boolean", + "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" + }, + "gateways": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Aqua gateway IDs for the Enforcers.\n" + }, + "groupId": { + "type": "string", + "description": "The ID of the Enforcer group.\n", + "willReplaceOnChanges": true + }, + "hostAssurance": { + "type": "boolean", + "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" + }, + "hostBehavioralEngine": { + "type": "boolean", + "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + }, + "hostForensics": { + "type": "boolean", + "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" + }, + "hostNetworkProtection": { + "type": "boolean", + "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" + }, + "hostOs": { + "type": "string", + "description": "The OS type for the host\n", + "willReplaceOnChanges": true + }, + "hostProtection": { + "type": "boolean", + "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" + }, + "hostUserProtection": { + "type": "boolean", + "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + }, + "imageAssurance": { + "type": "boolean", + "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" + }, + "kubeBenchImageName": { + "type": "string", + "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" + }, + "logicalName": { + "type": "string", + "description": "Name for the batch install record.\n" + }, + "microEnforcerCertsSecretsName": { + "type": "string", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" + }, + "microEnforcerImageName": { + "type": "string", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" + }, + "microEnforcerInjection": { + "type": "boolean", + "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + }, + "microEnforcerSecretsName": { + "type": "string", + "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" + }, + "networkProtection": { + "type": "boolean", + "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" + }, + "orchestrators": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" + }, + "description": "The orchestrator for which you are creating the Enforcer group.\n" + }, + "permission": { + "type": "string", + "description": "Permission Action\n" + }, + "riskExplorerAutoDiscovery": { + "type": "boolean", + "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" + }, + "runtimeType": { + "type": "string", + "description": "The container runtime environment.\n" + }, + "syncHostImages": { + "type": "boolean", + "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" + }, + "syscallEnabled": { + "type": "boolean", + "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" + }, + "type": { + "type": "string", + "description": "Enforcer Type.\n", + "willReplaceOnChanges": true + }, + "userAccessControl": { + "type": "boolean", + "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" + } + }, + "requiredInputs": [ + "groupId", + "orchestrators", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EnforcerGroups resources.\n", + "properties": { + "admissionControl": { + "type": "boolean", + "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" + }, + "allowKubeEnforcerAudit": { + "type": "boolean", + "description": "Allow kube enforcer audit.\n" + }, + "allowedApplications": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" + }, + "allowedLabels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of label names to allow on the hosts.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registry names to allow on the hosts.\n" + }, + "antivirusProtection": { + "type": "boolean", + "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" + }, + "aquaVersion": { + "type": "string", + "description": "Aqua server version\n" + }, + "auditAll": { + "type": "boolean", + "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" + }, + "autoCopySecrets": { + "type": "boolean", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" + }, + "autoDiscoverConfigureRegistries": { + "type": "boolean", + "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" + }, + "autoDiscoveryEnabled": { + "type": "boolean", + "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" + }, + "autoScanDiscoveredImagesRunningContainers": { + "type": "boolean", + "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" + }, + "behavioralEngine": { + "type": "boolean", + "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" + }, + "blockAdmissionControl": { + "type": "boolean", + "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + }, + "commands": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand" + }, + "description": "The installation command.\n" + }, + "connectedCount": { + "type": "integer", + "description": "Number of connected enforcers in the enforcer group.\n" + }, + "containerActivityProtection": { + "type": "boolean", + "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" + }, + "containerAntivirusProtection": { + "type": "boolean", + "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" + }, + "description": { + "type": "string", + "description": "A description of the Aqua Enforcer group.\n" + }, + "disconnectedCount": { + "type": "integer", + "description": "Number of disconnected enforcers in the enforcer group.\n" + }, + "enforce": { + "type": "boolean", + "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" + }, + "enforcerImageName": { + "type": "string", + "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n" + }, + "forensics": { + "type": "boolean", + "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" + }, + "gatewayAddress": { + "type": "string", + "description": "Gateway Address\n" + }, + "gatewayName": { + "type": "string", + "description": "Gateway Name\n" + }, + "gateways": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Aqua gateway IDs for the Enforcers.\n" + }, + "groupId": { + "type": "string", + "description": "The ID of the Enforcer group.\n", + "willReplaceOnChanges": true + }, + "highVulns": { + "type": "integer", + "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "hostAssurance": { + "type": "boolean", + "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" + }, + "hostBehavioralEngine": { + "type": "boolean", + "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + }, + "hostForensics": { + "type": "boolean", + "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" + }, + "hostNetworkProtection": { + "type": "boolean", + "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" + }, + "hostOs": { + "type": "string", + "description": "The OS type for the host\n", + "willReplaceOnChanges": true + }, + "hostProtection": { + "type": "boolean", + "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" + }, + "hostUserProtection": { + "type": "boolean", + "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + }, + "hostname": { + "type": "string", + "description": "The hostname\n" + }, + "hostsCount": { + "type": "integer", + "description": "Number of enforcers in the enforcer group.\n" + }, + "imageAssurance": { + "type": "boolean", + "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" + }, + "installCommand": { + "type": "string", + "description": "Enforcer install command\n" + }, + "kubeBenchImageName": { + "type": "string", + "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" + }, + "lastUpdate": { + "type": "integer", + "description": "The last date and time the batch token was updated in UNIX time.\n" + }, + "logicalName": { + "type": "string", + "description": "Name for the batch install record.\n" + }, + "lowVulns": { + "type": "integer", + "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "medVulns": { + "type": "integer", + "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "microEnforcerCertsSecretsName": { + "type": "string", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" + }, + "microEnforcerImageName": { + "type": "string", + "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" + }, + "microEnforcerInjection": { + "type": "boolean", + "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + }, + "microEnforcerSecretsName": { + "type": "string", + "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" + }, + "negVulns": { + "type": "integer", + "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n" + }, + "networkProtection": { + "type": "boolean", + "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" + }, + "orchestrators": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" + }, + "description": "The orchestrator for which you are creating the Enforcer group.\n" + }, + "pasDeploymentLink": { + "type": "string", + "description": "pas deployment link\n" + }, + "permission": { + "type": "string", + "description": "Permission Action\n" + }, + "riskExplorerAutoDiscovery": { + "type": "boolean", + "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" + }, + "runtimePolicyName": { + "type": "string", + "description": "Function Runtime Policy that will applay on the nano enforcer.\n" + }, + "runtimeType": { + "type": "string", + "description": "The container runtime environment.\n" + }, + "syncHostImages": { + "type": "boolean", + "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" + }, + "syscallEnabled": { + "type": "boolean", + "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" + }, + "token": { + "type": "string", + "description": "The batch install token.\n" + }, + "type": { + "type": "string", + "description": "Enforcer Type.\n", + "willReplaceOnChanges": true + }, + "userAccessControl": { + "type": "boolean", + "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" + } + }, + "type": "object" + } + }, + "aquasec:index/firewallPolicy:FirewallPolicy": { + "properties": { + "author": { + "type": "string", + "description": "Username of the account that created the policy.\n" + }, + "blockIcmpPing": { + "type": "boolean", + "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" + }, + "blockMetadataService": { + "type": "boolean", + "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" + }, + "description": { + "type": "string", + "description": "Description of the Firewall Policy.\n" + }, + "inboundNetworks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" + }, + "description": "Information on network addresses that are allowed to pass in data or requests.\n" + }, + "lastupdate": { + "type": "integer", + "description": "Timestamp of the last update in Unix time format.\n" + }, + "name": { + "type": "string", + "description": "Name of the policy, no longer than 128 characters and no slash characters.\n" + }, + "outboundNetworks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" + }, + "description": "Information on network addresses that are allowed to receive data or requests.\n" + }, + "type": { + "type": "string", + "description": "Indicates the class of protection defined by the firewall.\n" + }, + "version": { + "type": "string", + "description": "Aqua version functionality supported\n" + } + }, + "required": [ + "author", + "lastupdate", + "name", + "type", + "version" + ], + "inputProperties": { + "blockIcmpPing": { + "type": "boolean", + "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" + }, + "blockMetadataService": { + "type": "boolean", + "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" + }, + "description": { + "type": "string", + "description": "Description of the Firewall Policy.\n" + }, + "inboundNetworks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" + }, + "description": "Information on network addresses that are allowed to pass in data or requests.\n" + }, + "name": { + "type": "string", + "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", + "willReplaceOnChanges": true + }, + "outboundNetworks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" + }, + "description": "Information on network addresses that are allowed to receive data or requests.\n" + }, + "type": { + "type": "string", + "description": "Indicates the class of protection defined by the firewall.\n" + }, + "version": { + "type": "string", + "description": "Aqua version functionality supported\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering FirewallPolicy resources.\n", + "properties": { + "author": { + "type": "string", + "description": "Username of the account that created the policy.\n" + }, + "blockIcmpPing": { + "type": "boolean", + "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" + }, + "blockMetadataService": { + "type": "boolean", + "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" + }, + "description": { + "type": "string", + "description": "Description of the Firewall Policy.\n" + }, + "inboundNetworks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" + }, + "description": "Information on network addresses that are allowed to pass in data or requests.\n" + }, + "lastupdate": { + "type": "integer", + "description": "Timestamp of the last update in Unix time format.\n" + }, + "name": { + "type": "string", + "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", + "willReplaceOnChanges": true + }, + "outboundNetworks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" + }, + "description": "Information on network addresses that are allowed to receive data or requests.\n" + }, + "type": { + "type": "string", + "description": "Indicates the class of protection defined by the firewall.\n" + }, + "version": { + "type": "string", + "description": "Aqua version functionality supported\n" + } + }, + "type": "object" + } + }, + "aquasec:index/functionAssurancePolicy:FunctionAssurancePolicy": { + "description": "Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes:\nScanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions.\nEvaluating function risks based on scan results, according to Function Assurance Policies.\nChecking function compliance with these policies.\nFor AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline.\nProviding comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system.\n", + "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" + }, + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CVEs blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" + }, + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "failCicd": { + "type": "boolean", + "description": "Indicates if cicd failures will fail the image.\n" + }, + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" + } + }, + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl" + }, + "description": "List of Kubernetes controls.\n" + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of labels.\n" + }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, + "malwareAction": { + "type": "string" + }, + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string" + }, + "onlyNoneRootUsers": { + "type": "boolean", + "description": "Indicates if raise a warning for images that should only be run as root.\n" + }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" + }, + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" + }, + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" + }, + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" + }, + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registries.\n" + }, + "registry": { + "type": "string" + }, + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" + } + }, + "requiredLabelsEnabled": { + "type": "boolean" + }, + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" + }, + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" + }, + "scanWindowsRegistry": { + "type": "boolean" + }, + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of SCAP user scripts for checks.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope" + } + }, + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" + }, + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" + }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + } + }, + "required": [ + "applicationScopes", + "assuranceType", + "author", + "autoScanTimes", + "customSeverity", + "ignoreRecentlyPublishedVlnPeriod", + "lastupdate", + "name", + "permission", + "policySettings", + "scopes" + ], + "inputProperties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" + }, + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CVEs blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" + }, + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "failCicd": { + "type": "boolean", + "description": "Indicates if cicd failures will fail the image.\n" + }, + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" + } + }, + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl" + }, + "description": "List of Kubernetes controls.\n" + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of labels.\n" + }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, + "malwareAction": { + "type": "string" + }, + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string", + "willReplaceOnChanges": true + }, + "onlyNoneRootUsers": { + "type": "boolean", + "description": "Indicates if raise a warning for images that should only be run as root.\n" + }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" + }, + "packagesBlackLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" }, - "description": "List of scope attributes.\n" + "description": "List of blacklisted images.\n" + }, + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" + }, + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" + }, + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registries.\n" + }, + "registry": { + "type": "string" + }, + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" + } + }, + "requiredLabelsEnabled": { + "type": "boolean" + }, + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" + }, + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" + }, + "scanWindowsRegistry": { + "type": "boolean" + }, + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of SCAP user scripts for checks.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope" + } + }, + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" + }, + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" + }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" } }, + "requiredInputs": [ + "applicationScopes" + ], "stateInputs": { - "description": "Input properties used for looking up and filtering ContainerRuntimePolicy resources.\n", + "description": "Input properties used for looking up and filtering FunctionAssurancePolicy resources.\n", "properties": { - "allowedExecutables": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { "type": "array", "items": { "type": "string" }, - "description": "List of executables that are allowed for the user.\n" + "description": "List of explicitly allowed images.\n" }, - "allowedRegistries": { + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { "type": "array", "items": { "type": "string" }, - "description": "List of registries that allowed for running containers.\n" + "description": "List of function's forbidden permissions.\n" }, - "applicationScopes": { + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" + "description": "List of blacklisted licenses.\n" }, - "auditAllNetworkActivity": { + "blacklistedLicensesEnabled": { "type": "boolean", - "description": "If true, all network activity will be audited.\n" + "description": "Indicates if license blacklist is relevant.\n" }, - "auditAllProcessesActivity": { + "blockFailed": { "type": "boolean", - "description": "If true, all process activity will be audited.\n" + "description": "Indicates if failed images are blocked.\n" }, - "auditFullCommandArguments": { + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" + }, + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { "type": "boolean", - "description": "If true, full command arguments will be audited.\n" + "description": "Indicates if scanning should include custom checks.\n" }, - "author": { + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CVEs blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { "type": "string", - "description": "Username of the account that created the service.\n" + "description": "Identifier of the cvss severity.\n" }, - "blockAccessHostNetwork": { + "cvssSeverityEnabled": { "type": "boolean", - "description": "If true, prevent containers from running with access to host network.\n" + "description": "Indicates if the cvss severity is scanned.\n" }, - "blockAddingCapabilities": { + "cvssSeverityExcludeNoFix": { "type": "boolean", - "description": "If true, prevent containers from running with adding capabilities with `--cap-add` privilege.\n" + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, - "blockContainerExec": { + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { "type": "boolean", - "description": "If true, exec into a container is prevented.\n" + "description": "Indicates if malware should block the image.\n" }, - "blockCryptocurrencyMining": { + "dockerCisEnabled": { "type": "boolean", - "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" }, - "blockFilelessExec": { - "type": "boolean", - "description": "Detect and prevent running in-memory execution\n" + "enforceAfterDays": { + "type": "integer" }, - "blockLowPortBinding": { - "type": "boolean", - "description": "If true, prevent containers from running with the capability to bind in port lower than 1024.\n" + "enforceExcessivePermissions": { + "type": "boolean" }, - "blockNonCompliantImages": { - "type": "boolean", - "description": "If true, running non-compliant image in the container is prevented.\n" + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } }, - "blockNonCompliantWorkloads": { - "type": "boolean", - "description": "If true, running containers in non-compliant pods is prevented.\n" + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "blockNonK8sContainers": { + "failCicd": { "type": "boolean", - "description": "If true, running non-kubernetes containers is prevented.\n" + "description": "Indicates if cicd failures will fail the image.\n" }, - "blockPrivilegedContainers": { - "type": "boolean", - "description": "If true, prevent containers from running with privileged container capability.\n" + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" + } }, - "blockReverseShell": { - "type": "boolean", - "description": "If true, reverse shell is prevented.\n" + "forbiddenLabelsEnabled": { + "type": "boolean" }, - "blockRootUser": { - "type": "boolean", - "description": "If true, prevent containers from running with root user.\n" + "forceMicroenforcer": { + "type": "boolean" }, - "blockUnregisteredImages": { - "type": "boolean", - "description": "If true, running images in the container that are not registered in Aqua is prevented.\n" + "functionIntegrityEnabled": { + "type": "boolean" }, - "blockUseIpcNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the IPC namespace.\n" + "ignoreBaseImageVln": { + "type": "boolean" }, - "blockUsePidNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the PID namespace.\n" + "ignoreRecentlyPublishedVln": { + "type": "boolean" }, - "blockUseUserNamespace": { - "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the user namespace.\n" + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" }, - "blockUseUtsNamespace": { + "ignoreRiskResourcesEnabled": { "type": "boolean", - "description": "If true, prevent containers from running with the privilege to use the UTS namespace.\n" + "description": "Indicates if risk resources are ignored.\n" }, - "blockedCapabilities": { + "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, - "description": "If true, prevents containers from using specific Unix capabilities.\n" + "description": "List of ignored risk resources.\n" }, - "blockedExecutables": { + "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" - }, - "description": "List of executables that are prevented from running in containers.\n" + } }, - "blockedFiles": { + "images": { "type": "array", "items": { "type": "string" }, - "description": "List of files that are prevented from being read, modified and executed in the containers.\n" + "description": "List of images.\n" }, - "blockedInboundPorts": { + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyKubernetesControl:FunctionAssurancePolicyKubernetesControl" }, - "description": "List of blocked inbound ports.\n" + "description": "List of Kubernetes controls.\n" }, - "blockedOutboundPorts": { + "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" - }, - "description": "List of blocked outbound ports.\n" + } }, - "blockedPackages": { + "kubernetesControlsNames": { "type": "array", "items": { "type": "string" - }, - "description": "Prevent containers from reading, writing, or executing all files in the list of packages.\n" + } }, - "blockedVolumes": { + "labels": { "type": "array", "items": { "type": "string" }, - "description": "List of volumes that are prevented from being mounted in the containers.\n" + "description": "List of labels.\n" }, - "containerExecAllowedProcesses": { + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, + "malwareAction": { + "type": "string" + }, + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" - }, - "description": "List of processes that will be allowed.\n" + } }, - "description": { + "name": { "type": "string", - "description": "The description of the container runtime policy\n" + "willReplaceOnChanges": true }, - "enableDriftPrevention": { + "onlyNoneRootUsers": { "type": "boolean", - "description": "If true, executables that are not in the original image is prevented from running.\n" + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "enableForkGuard": { - "type": "boolean", - "description": "If true, fork bombs are prevented in the containers.\n" + "openshiftHardeningEnabled": { + "type": "boolean" }, - "enableIpReputationSecurity": { + "packagesBlackListEnabled": { "type": "boolean", - "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" + "description": "Indicates if packages blacklist is relevant.\n" }, - "enablePortScanDetection": { - "type": "boolean", - "description": "If true, detects port scanning behavior in the container.\n" + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" }, - "enabled": { + "packagesWhiteListEnabled": { "type": "boolean", - "description": "Defines if enabled or not\n" + "description": "Indicates if packages whitelist is relevant.\n" }, - "enforce": { - "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" }, - "enforceAfterDays": { - "type": "integer", - "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + "partialResultsImageFail": { + "type": "boolean" }, - "exceptionalReadonlyFilesAndDirectories": { + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPolicySettings:FunctionAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { "type": "array", "items": { "type": "string" }, - "description": "List of files and directories to be excluded from the read-only list.\n" + "description": "List of registries.\n" }, - "execLockdownWhiteLists": { + "registry": { + "type": "string" + }, + "requiredLabels": { "type": "array", "items": { - "type": "string" - }, - "description": "Specify processes that will be allowed\n" + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" + } }, - "fileIntegrityMonitoring": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyFileIntegrityMonitoring:ContainerRuntimePolicyFileIntegrityMonitoring", - "description": "Configuration for file integrity monitoring.\n" + "requiredLabelsEnabled": { + "type": "boolean" }, - "forkGuardProcessLimit": { - "type": "integer", - "description": "Process limit for the fork guard.\n" + "scanMalwareInArchives": { + "type": "boolean" }, - "limitNewPrivileges": { - "type": "boolean", - "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" + "scanNfsMounts": { + "type": "boolean" }, - "malwareScanOptions": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyMalwareScanOptions:ContainerRuntimePolicyMalwareScanOptions", - "description": "Configuration for Real-Time Malware Protection.\n" + "scanProcessMemory": { + "type": "boolean" }, - "monitorSystemTimeChanges": { + "scanSensitiveData": { "type": "boolean", - "description": "If true, system time changes will be monitored.\n" + "description": "Indicates if scan should include sensitive data in the image.\n" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true + "scanWindowsRegistry": { + "type": "boolean" }, - "readonlyFilesAndDirectories": { + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { "type": "array", "items": { "type": "string" }, - "description": "List of files and directories to be restricted as read-only\n" + "description": "List of SCAP user scripts for checks.\n" }, - "reverseShellAllowedIps": { + "scopes": { "type": "array", "items": { - "type": "string" - }, - "description": "List of IPs/ CIDRs that will be allowed\n" + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope" + } }, - "reverseShellAllowedProcesses": { + "trustedBaseImages": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" }, - "description": "List of processes that will be allowed\n" + "description": "List of trusted images.\n" }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" }, - "scopeVariables": { + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ContainerRuntimePolicyScopeVariable:ContainerRuntimePolicyScopeVariable" + "type": "integer" + } + }, + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" }, - "description": "List of scope attributes.\n" + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" } }, - "aquasec:index/enforcerGroups:EnforcerGroups": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst group = new aquasec.EnforcerGroups(\"group\", {\n antivirusProtection: true,\n containerActivityProtection: true,\n containerAntivirusProtection: true,\n enforce: true,\n forensics: true,\n groupId: \"tf-test-enforcer\",\n hostAssurance: true,\n hostForensics: true,\n hostNetworkProtection: true,\n hostProtection: true,\n imageAssurance: true,\n networkProtection: true,\n orchestrators: [{}],\n riskExplorerAutoDiscovery: true,\n syncHostImages: true,\n type: \"agent\",\n});\nconst group_kubeEnforcer = new aquasec.EnforcerGroups(\"group-kubeEnforcer\", {\n admissionControl: true,\n autoCopySecrets: true,\n autoDiscoverConfigureRegistries: true,\n autoDiscoveryEnabled: true,\n autoScanDiscoveredImagesRunningContainers: true,\n blockAdmissionControl: true,\n enforce: true,\n groupId: \"tf-test-kube_enforcer\",\n kubeBenchImageName: \"registry.aquasec.com/kube-bench:v0.6.5\",\n microEnforcerSecretsName: \"aqua-registry\",\n orchestrators: [{\n namespace: \"aqua\",\n type: \"kubernetes\",\n }],\n type: \"kube_enforcer\",\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ngroup = aquasec.EnforcerGroups(\"group\",\n antivirus_protection=True,\n container_activity_protection=True,\n container_antivirus_protection=True,\n enforce=True,\n forensics=True,\n group_id=\"tf-test-enforcer\",\n host_assurance=True,\n host_forensics=True,\n host_network_protection=True,\n host_protection=True,\n image_assurance=True,\n network_protection=True,\n orchestrators=[aquasec.EnforcerGroupsOrchestratorArgs()],\n risk_explorer_auto_discovery=True,\n sync_host_images=True,\n type=\"agent\")\ngroup_kube_enforcer = aquasec.EnforcerGroups(\"group-kubeEnforcer\",\n admission_control=True,\n auto_copy_secrets=True,\n auto_discover_configure_registries=True,\n auto_discovery_enabled=True,\n auto_scan_discovered_images_running_containers=True,\n block_admission_control=True,\n enforce=True,\n group_id=\"tf-test-kube_enforcer\",\n kube_bench_image_name=\"registry.aquasec.com/kube-bench:v0.6.5\",\n micro_enforcer_secrets_name=\"aqua-registry\",\n orchestrators=[aquasec.EnforcerGroupsOrchestratorArgs(\n namespace=\"aqua\",\n type=\"kubernetes\",\n )],\n type=\"kube_enforcer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Aquasec.EnforcerGroups(\"group\", new()\n {\n AntivirusProtection = true,\n ContainerActivityProtection = true,\n ContainerAntivirusProtection = true,\n Enforce = true,\n Forensics = true,\n GroupId = \"tf-test-enforcer\",\n HostAssurance = true,\n HostForensics = true,\n HostNetworkProtection = true,\n HostProtection = true,\n ImageAssurance = true,\n NetworkProtection = true,\n Orchestrators = new[]\n {\n null,\n },\n RiskExplorerAutoDiscovery = true,\n SyncHostImages = true,\n Type = \"agent\",\n });\n\n var group_kubeEnforcer = new Aquasec.EnforcerGroups(\"group-kubeEnforcer\", new()\n {\n AdmissionControl = true,\n AutoCopySecrets = true,\n AutoDiscoverConfigureRegistries = true,\n AutoDiscoveryEnabled = true,\n AutoScanDiscoveredImagesRunningContainers = true,\n BlockAdmissionControl = true,\n Enforce = true,\n GroupId = \"tf-test-kube_enforcer\",\n KubeBenchImageName = \"registry.aquasec.com/kube-bench:v0.6.5\",\n MicroEnforcerSecretsName = \"aqua-registry\",\n Orchestrators = new[]\n {\n new Aquasec.Inputs.EnforcerGroupsOrchestratorArgs\n {\n Namespace = \"aqua\",\n Type = \"kubernetes\",\n },\n },\n Type = \"kube_enforcer\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewEnforcerGroups(ctx, \"group\", \u0026aquasec.EnforcerGroupsArgs{\n\t\t\tAntivirusProtection: pulumi.Bool(true),\n\t\t\tContainerActivityProtection: pulumi.Bool(true),\n\t\t\tContainerAntivirusProtection: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(true),\n\t\t\tForensics: pulumi.Bool(true),\n\t\t\tGroupId: pulumi.String(\"tf-test-enforcer\"),\n\t\t\tHostAssurance: pulumi.Bool(true),\n\t\t\tHostForensics: pulumi.Bool(true),\n\t\t\tHostNetworkProtection: pulumi.Bool(true),\n\t\t\tHostProtection: pulumi.Bool(true),\n\t\t\tImageAssurance: pulumi.Bool(true),\n\t\t\tNetworkProtection: pulumi.Bool(true),\n\t\t\tOrchestrators: aquasec.EnforcerGroupsOrchestratorArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tRiskExplorerAutoDiscovery: pulumi.Bool(true),\n\t\t\tSyncHostImages: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"agent\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewEnforcerGroups(ctx, \"group-kubeEnforcer\", \u0026aquasec.EnforcerGroupsArgs{\n\t\t\tAdmissionControl: pulumi.Bool(true),\n\t\t\tAutoCopySecrets: pulumi.Bool(true),\n\t\t\tAutoDiscoverConfigureRegistries: pulumi.Bool(true),\n\t\t\tAutoDiscoveryEnabled: pulumi.Bool(true),\n\t\t\tAutoScanDiscoveredImagesRunningContainers: pulumi.Bool(true),\n\t\t\tBlockAdmissionControl: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(true),\n\t\t\tGroupId: pulumi.String(\"tf-test-kube_enforcer\"),\n\t\t\tKubeBenchImageName: pulumi.String(\"registry.aquasec.com/kube-bench:v0.6.5\"),\n\t\t\tMicroEnforcerSecretsName: pulumi.String(\"aqua-registry\"),\n\t\t\tOrchestrators: aquasec.EnforcerGroupsOrchestratorArray{\n\t\t\t\t\u0026aquasec.EnforcerGroupsOrchestratorArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"aqua\"),\n\t\t\t\t\tType: pulumi.String(\"kubernetes\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tType: pulumi.String(\"kube_enforcer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.EnforcerGroups;\nimport com.pulumi.aquasec.EnforcerGroupsArgs;\nimport com.pulumi.aquasec.inputs.EnforcerGroupsOrchestratorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new EnforcerGroups(\"group\", EnforcerGroupsArgs.builder() \n .antivirusProtection(true)\n .containerActivityProtection(true)\n .containerAntivirusProtection(true)\n .enforce(true)\n .forensics(true)\n .groupId(\"tf-test-enforcer\")\n .hostAssurance(true)\n .hostForensics(true)\n .hostNetworkProtection(true)\n .hostProtection(true)\n .imageAssurance(true)\n .networkProtection(true)\n .orchestrators()\n .riskExplorerAutoDiscovery(true)\n .syncHostImages(true)\n .type(\"agent\")\n .build());\n\n var group_kubeEnforcer = new EnforcerGroups(\"group-kubeEnforcer\", EnforcerGroupsArgs.builder() \n .admissionControl(true)\n .autoCopySecrets(true)\n .autoDiscoverConfigureRegistries(true)\n .autoDiscoveryEnabled(true)\n .autoScanDiscoveredImagesRunningContainers(true)\n .blockAdmissionControl(true)\n .enforce(true)\n .groupId(\"tf-test-kube_enforcer\")\n .kubeBenchImageName(\"registry.aquasec.com/kube-bench:v0.6.5\")\n .microEnforcerSecretsName(\"aqua-registry\")\n .orchestrators(EnforcerGroupsOrchestratorArgs.builder()\n .namespace(\"aqua\")\n .type(\"kubernetes\")\n .build())\n .type(\"kube_enforcer\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: aquasec:EnforcerGroups\n properties:\n # Advanced Malware Protection (Host Protection)\n antivirusProtection: true\n # Runtime Controls\n containerActivityProtection: true\n # Advanced Malware Protection (Container Protection)\n containerAntivirusProtection: true\n enforce: true\n # forensics\n forensics: true\n groupId: tf-test-enforcer\n # Host Assurance\n hostAssurance: true\n # host_forensics\n hostForensics: true\n # Network Firewall (Host Protection)\n hostNetworkProtection: true\n # Runtime Controls\n hostProtection: true\n # Image Assurance\n imageAssurance: true\n # Network Firewall (Container Protection)\n networkProtection: true\n orchestrators:\n - {}\n # Risk Explorer\n riskExplorerAutoDiscovery: true\n # Host Images\n syncHostImages: true\n type: agent\n group-kubeEnforcer:\n type: aquasec:EnforcerGroups\n properties:\n # Enable admission control\n admissionControl: true\n # Auto copy these secrets to the Pod Enforcer namespace and container\n autoCopySecrets: true\n # Add discovered registries\n autoDiscoverConfigureRegistries: true\n # Enable workload discovery\n autoDiscoveryEnabled: true\n # Register discovered pod images\n autoScanDiscoveredImagesRunningContainers: true\n # Perform admission control if not connected to a gateway\n blockAdmissionControl: true\n enforce: true\n groupId: tf-test-kube_enforcer\n # Kube-bench image path\n kubeBenchImageName: registry.aquasec.com/kube-bench:v0.6.5\n # Secret that holds the registry credentials for the Pod Enforcer and kube-bench\n microEnforcerSecretsName: aqua-registry\n orchestrators:\n - namespace: aqua\n type: kubernetes\n type: kube_enforcer\n```\n{{% /example %}}\n{{% /examples %}}", + "aquasec:index/functionRuntimePolicy:FunctionRuntimePolicy": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.FunctionRuntimePolicy;\nimport com.pulumi.aquasec.FunctionRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.FunctionRuntimePolicyScopeVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var functionRuntimePolicy = new FunctionRuntimePolicy(\"functionRuntimePolicy\", FunctionRuntimePolicyArgs.builder() \n .applicationScopes(\"Global\")\n .blockMaliciousExecutables(true)\n .blockMaliciousExecutablesAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .blockRunningExecutablesInTmpFolder(true)\n .blockedExecutables( \n \"exe1\",\n \"exe2\")\n .description(\"function_runtime_policy\")\n .enabled(true)\n .enforce(false)\n .scopeVariables( \n FunctionRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n FunctionRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n functionRuntimePolicy:\n type: aquasec:FunctionRuntimePolicy\n properties:\n applicationScopes:\n - Global\n blockMaliciousExecutables: true\n blockMaliciousExecutablesAllowedProcesses:\n - proc1\n - proc2\n blockRunningExecutablesInTmpFolder: true\n blockedExecutables:\n - exe1\n - exe2\n description: function_runtime_policy\n enabled: true\n enforce: false\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { - "admissionControl": { - "type": "boolean", - "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" - }, - "allowKubeEnforcerAudit": { - "type": "boolean", - "description": "Allow kube enforcer audit.\n" - }, - "allowedApplications": { + "allowedExecutables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable" }, - "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" + "description": "Allowed executables configuration.\n" }, - "allowedLabels": { + "allowedRegistries": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry" }, - "description": "List of label names to allow on the hosts.\n" + "description": "List of allowed registries.\n" }, - "allowedRegistries": { + "applicationScopes": { "type": "array", "items": { "type": "string" }, - "description": "List of registry names to allow on the hosts.\n" + "description": "Indicates the application scope of the service.\n" }, - "antivirusProtection": { + "auditBruteForceLogin": { "type": "boolean", - "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" + "description": "Detects brute force login attempts\n" }, - "aquaVersion": { - "type": "string", - "description": "Aqua server version\n" + "auditing": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing" }, - "auditAll": { - "type": "boolean", - "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" }, - "autoCopySecrets": { - "type": "boolean", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers" }, - "autoDiscoverConfigureRegistries": { - "type": "boolean", - "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" + "blockContainerExec": { + "type": "boolean" }, - "autoDiscoveryEnabled": { - "type": "boolean", - "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" + "blockDisallowedImages": { + "type": "boolean" }, - "autoScanDiscoveredImagesRunningContainers": { - "type": "boolean", - "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" + "blockFilelessExec": { + "type": "boolean" }, - "behavioralEngine": { - "type": "boolean", - "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" + "blockNonCompliantWorkloads": { + "type": "boolean" }, - "blockAdmissionControl": { - "type": "boolean", - "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + "blockNonK8sContainers": { + "type": "boolean" }, - "commands": { + "bypassScopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope" }, - "description": "The installation command.\n" + "description": "Bypass scope configuration.\n" }, - "connectedCount": { - "type": "integer", - "description": "Number of connected enforcers in the enforcer group.\n" + "containerExec": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec" }, - "containerActivityProtection": { - "type": "boolean", - "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" + "created": { + "type": "string" }, - "containerAntivirusProtection": { - "type": "boolean", - "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" + "cve": { + "type": "string" + }, + "defaultSecurityProfile": { + "type": "string" }, "description": { "type": "string", - "description": "A description of the Aqua Enforcer group.\n" + "description": "The description of the function runtime policy\n" }, - "disconnectedCount": { - "type": "integer", - "description": "Number of disconnected enforcers in the enforcer group.\n" + "digest": { + "type": "string" + }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "enableCryptoMiningDns": { + "type": "boolean" + }, + "enableForkGuard": { + "type": "boolean" + }, + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" }, "enforce": { "type": "boolean", - "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" + "description": "Indicates that policy should effect container execution (not just for audit).\n" }, - "enforcerImageName": { + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock" + }, + "fileIntegrityMonitorings": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring" + }, + "description": "Configuration for file integrity monitoring.\n" + }, + "forkGuardProcessLimit": { + "type": "integer" + }, + "honeypotAccessKey": { "type": "string", - "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n" + "description": "Honeypot User ID (Access Key)\n" }, - "forensics": { - "type": "boolean", - "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" + "honeypotApplyOns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" }, - "gatewayAddress": { + "honeypotSecretKey": { "type": "string", - "description": "Gateway Address\n" + "description": "Honeypot User Password (Secret Key)\n", + "secret": true }, - "gatewayName": { + "honeypotServerlessAppName": { "type": "string", - "description": "Gateway Name\n" + "description": "Serverless application name\n" }, - "gateways": { + "imageName": { + "type": "string" + }, + "isAuditChecked": { + "type": "boolean" + }, + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege" }, - "description": "List of Aqua gateway IDs for the Enforcers.\n" + "description": "Container privileges configuration.\n" }, - "groupId": { + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "name": { "type": "string", - "description": "The ID of the Enforcer group.\n" + "description": "Name assigned to the attribute.\n" }, - "highVulns": { - "type": "integer", - "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n" + "noNewPrivileges": { + "type": "boolean" }, - "hostAssurance": { - "type": "boolean", - "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" + "onlyRegisteredImages": { + "type": "boolean" }, - "hostBehavioralEngine": { - "type": "boolean", - "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + "packageBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock" }, - "hostForensics": { - "type": "boolean", - "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" + "permission": { + "type": "string" + }, + "portBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles" + }, + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry" + }, + "registry": { + "type": "string" + }, + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring" + }, + "repoName": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" + }, + "reverseShell": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell" + }, + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { + "type": "string" + }, + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScope:FunctionRuntimePolicyScope" + }, + "description": "Scope configuration.\n" + }, + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection" + }, + "tripwire": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire" + }, + "type": { + "type": "string" + }, + "updated": { + "type": "string" + }, + "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers" + } + }, + "required": [ + "allowedExecutables", + "allowedRegistries", + "applicationScopes", + "auditing", + "author", + "blacklistedOsUsers", + "containerExec", + "created", + "driftPreventions", + "executableBlacklists", + "failedKubernetesChecks", + "fileBlock", + "lastupdate", + "limitContainerPrivileges", + "linuxCapabilities", + "name", + "packageBlock", + "portBlock", + "readonlyFiles", + "readonlyRegistry", + "registryAccessMonitoring", + "restrictedVolumes", + "reverseShell", + "scopeExpression", + "scopeVariables", + "systemIntegrityProtection", + "tripwire", + "updated", + "whitelistedOsUsers" + ], + "inputProperties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" }, - "hostNetworkProtection": { - "type": "boolean", - "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" }, - "hostOs": { - "type": "string", - "description": "The OS type for the host\n" + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" }, - "hostProtection": { + "auditBruteForceLogin": { "type": "boolean", - "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" + "description": "Detects brute force login attempts\n" }, - "hostUserProtection": { - "type": "boolean", - "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + "auditing": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing" }, - "hostname": { + "author": { "type": "string", - "description": "The hostname\n" + "description": "Username of the account that created the service.\n" }, - "hostsCount": { - "type": "integer", - "description": "Number of enforcers in the enforcer group.\n" + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers" }, - "imageAssurance": { - "type": "boolean", - "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" + "blockContainerExec": { + "type": "boolean" }, - "installCommand": { - "type": "string", - "description": "Enforcer install command\n" + "blockDisallowedImages": { + "type": "boolean" }, - "kubeBenchImageName": { - "type": "string", - "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" + "blockFilelessExec": { + "type": "boolean" }, - "lastUpdate": { - "type": "integer", - "description": "The last date and time the batch token was updated in UNIX time.\n" + "blockNonCompliantWorkloads": { + "type": "boolean" }, - "logicalName": { - "type": "string", - "description": "Name for the batch install record.\n" + "blockNonK8sContainers": { + "type": "boolean" }, - "lowVulns": { - "type": "integer", - "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n" + "bypassScopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope" + }, + "description": "Bypass scope configuration.\n" }, - "medVulns": { - "type": "integer", - "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n" + "containerExec": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec" }, - "microEnforcerCertsSecretsName": { - "type": "string", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" + "created": { + "type": "string" }, - "microEnforcerImageName": { - "type": "string", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" + "cve": { + "type": "string" }, - "microEnforcerInjection": { - "type": "boolean", - "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + "defaultSecurityProfile": { + "type": "string" }, - "microEnforcerSecretsName": { + "description": { "type": "string", - "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" - }, - "negVulns": { - "type": "integer", - "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n" + "description": "The description of the function runtime policy\n" }, - "networkProtection": { - "type": "boolean", - "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" + "digest": { + "type": "string" }, - "orchestrators": { + "driftPreventions": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention" }, - "description": "The orchestrator for which you are creating the Enforcer group.\n" - }, - "pasDeploymentLink": { - "type": "string", - "description": "pas deployment link\n" + "description": "Drift prevention configuration.\n" }, - "permission": { - "type": "string", - "description": "Permission Action\n" + "enableCryptoMiningDns": { + "type": "boolean" }, - "riskExplorerAutoDiscovery": { - "type": "boolean", - "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" + "enableForkGuard": { + "type": "boolean" }, - "runtimePolicyName": { - "type": "string", - "description": "Function Runtime Policy that will applay on the nano enforcer.\n" + "enableIpReputation": { + "type": "boolean" }, - "runtimeType": { - "type": "string", - "description": "The container runtime environment.\n" + "enablePortScanProtection": { + "type": "boolean" }, - "syncHostImages": { + "enabled": { "type": "boolean", - "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" + "description": "Whether allowed executables configuration is enabled.\n" }, - "syscallEnabled": { + "enforce": { "type": "boolean", - "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" - }, - "token": { - "type": "string", - "description": "The batch install token.\n" - }, - "type": { - "type": "string", - "description": "Enforcer Type.\n" + "description": "Indicates that policy should effect container execution (not just for audit).\n" }, - "userAccessControl": { - "type": "boolean", - "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" - } - }, - "required": [ - "aquaVersion", - "autoCopySecrets", - "commands", - "connectedCount", - "disconnectedCount", - "enforcerImageName", - "gatewayAddress", - "gatewayName", - "gateways", - "groupId", - "highVulns", - "hostOs", - "hostname", - "hostsCount", - "installCommand", - "kubeBenchImageName", - "lastUpdate", - "logicalName", - "lowVulns", - "medVulns", - "microEnforcerImageName", - "microEnforcerSecretsName", - "negVulns", - "orchestrators", - "pasDeploymentLink", - "runtimePolicyName", - "runtimeType", - "token", - "type" - ], - "inputProperties": { - "admissionControl": { - "type": "boolean", - "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, - "allowKubeEnforcerAudit": { - "type": "boolean", - "description": "Allow kube enforcer audit.\n" + "enforceSchedulerAddedOn": { + "type": "integer" }, - "allowedApplications": { + "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, - "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" + "description": "List of excluded application scopes.\n" }, - "allowedLabels": { + "executableBlacklists": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist" }, - "description": "List of label names to allow on the hosts.\n" + "description": "Executable blacklist configuration.\n" }, - "allowedRegistries": { + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock" + }, + "fileIntegrityMonitorings": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring" }, - "description": "List of registry names to allow on the hosts.\n" - }, - "antivirusProtection": { - "type": "boolean", - "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" - }, - "auditAll": { - "type": "boolean", - "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" - }, - "autoCopySecrets": { - "type": "boolean", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" - }, - "autoDiscoverConfigureRegistries": { - "type": "boolean", - "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" + "description": "Configuration for file integrity monitoring.\n" }, - "autoDiscoveryEnabled": { - "type": "boolean", - "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" + "forkGuardProcessLimit": { + "type": "integer" }, - "autoScanDiscoveredImagesRunningContainers": { - "type": "boolean", - "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" + "honeypotAccessKey": { + "type": "string", + "description": "Honeypot User ID (Access Key)\n" }, - "behavioralEngine": { - "type": "boolean", - "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" + "honeypotApplyOns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" }, - "blockAdmissionControl": { - "type": "boolean", - "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + "honeypotSecretKey": { + "type": "string", + "description": "Honeypot User Password (Secret Key)\n", + "secret": true }, - "containerActivityProtection": { - "type": "boolean", - "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" + "honeypotServerlessAppName": { + "type": "string", + "description": "Serverless application name\n" }, - "containerAntivirusProtection": { - "type": "boolean", - "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" + "imageName": { + "type": "string" }, - "description": { - "type": "string", - "description": "A description of the Aqua Enforcer group.\n" + "isAuditChecked": { + "type": "boolean" }, - "enforce": { - "type": "boolean", - "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" + "isAutoGenerated": { + "type": "boolean" }, - "forensics": { - "type": "boolean", - "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" + "isOotbPolicy": { + "type": "boolean" }, - "gateways": { + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege" }, - "description": "List of Aqua gateway IDs for the Enforcers.\n" + "description": "Container privileges configuration.\n" }, - "groupId": { + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "name": { "type": "string", - "description": "The ID of the Enforcer group.\n", + "description": "Name assigned to the attribute.\n", "willReplaceOnChanges": true }, - "hostAssurance": { - "type": "boolean", - "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" + "noNewPrivileges": { + "type": "boolean" }, - "hostBehavioralEngine": { - "type": "boolean", - "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + "onlyRegisteredImages": { + "type": "boolean" }, - "hostForensics": { - "type": "boolean", - "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" + "packageBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock" }, - "hostNetworkProtection": { - "type": "boolean", - "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" + "permission": { + "type": "string" }, - "hostOs": { - "type": "string", - "description": "The OS type for the host\n", - "willReplaceOnChanges": true + "portBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock" }, - "hostProtection": { - "type": "boolean", - "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" + "readonlyFiles": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles" }, - "hostUserProtection": { - "type": "boolean", - "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry" }, - "imageAssurance": { - "type": "boolean", - "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" + "registry": { + "type": "string" }, - "kubeBenchImageName": { - "type": "string", - "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring" }, - "logicalName": { - "type": "string", - "description": "Name for the batch install record.\n" + "repoName": { + "type": "string" }, - "microEnforcerCertsSecretsName": { - "type": "string", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" + "resourceName": { + "type": "string" }, - "microEnforcerImageName": { - "type": "string", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" + "resourceType": { + "type": "string" }, - "microEnforcerInjection": { - "type": "boolean", - "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" }, - "microEnforcerSecretsName": { + "reverseShell": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell" + }, + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { + "type": "string" + }, + "scopeExpression": { "type": "string", - "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" + "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, - "networkProtection": { - "type": "boolean", - "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" + }, + "description": "List of scope attributes.\n" }, - "orchestrators": { + "scopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScope:FunctionRuntimePolicyScope" }, - "description": "The orchestrator for which you are creating the Enforcer group.\n" + "description": "Scope configuration.\n" }, - "permission": { - "type": "string", - "description": "Permission Action\n" + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection" }, - "riskExplorerAutoDiscovery": { - "type": "boolean", - "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" + "tripwire": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire" }, - "runtimeType": { - "type": "string", - "description": "The container runtime environment.\n" + "type": { + "type": "string" }, - "syncHostImages": { - "type": "boolean", - "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" + "updated": { + "type": "string" }, - "syscallEnabled": { - "type": "boolean", - "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" + "version": { + "type": "string" }, - "type": { - "type": "string", - "description": "Enforcer Type.\n", - "willReplaceOnChanges": true + "vpatchVersion": { + "type": "string" }, - "userAccessControl": { - "type": "boolean", - "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers" } }, - "requiredInputs": [ - "groupId", - "orchestrators", - "type" - ], "stateInputs": { - "description": "Input properties used for looking up and filtering EnforcerGroups resources.\n", + "description": "Input properties used for looking up and filtering FunctionRuntimePolicy resources.\n", "properties": { - "admissionControl": { - "type": "boolean", - "description": "Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\\\n\t\t\t* Block Non-Compliant Images\\\n\t\t\t* Block Non-Compliant Workloads\\\n\t\t\t* Block Unregistered Images\\\n\t\t\tThis functionality can work only when the KubeEnforcer is deployed in Enforce mode.\n" - }, - "allowKubeEnforcerAudit": { - "type": "boolean", - "description": "Allow kube enforcer audit.\n" - }, - "allowedApplications": { + "allowedExecutables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAllowedExecutable:FunctionRuntimePolicyAllowedExecutable" }, - "description": "List of application names to allow on the hosts. if provided, only containers of the listed applications will be allowed to run.\n" + "description": "Allowed executables configuration.\n" }, - "allowedLabels": { + "allowedRegistries": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAllowedRegistry:FunctionRuntimePolicyAllowedRegistry" }, - "description": "List of label names to allow on the hosts.\n" + "description": "List of allowed registries.\n" }, - "allowedRegistries": { + "applicationScopes": { "type": "array", "items": { "type": "string" }, - "description": "List of registry names to allow on the hosts.\n" + "description": "Indicates the application scope of the service.\n" }, - "antivirusProtection": { + "auditBruteForceLogin": { "type": "boolean", - "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Host Runtime policies.\n" + "description": "Detects brute force login attempts\n" }, - "aquaVersion": { - "type": "string", - "description": "Aqua server version\n" + "auditing": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyAuditing:FunctionRuntimePolicyAuditing" }, - "auditAll": { - "type": "boolean", - "description": "Agent will send extra audit messages to the server for success operations from inside the container (runtime).\n" + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" }, - "autoCopySecrets": { - "type": "boolean", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. Select this option if you want Aqua Enterprise to copy the secrets defined above to the Pod Enforcer namespace and container. Otherwise, you can choose to copy these secrets by other means.\n" + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBlacklistedOsUsers:FunctionRuntimePolicyBlacklistedOsUsers" }, - "autoDiscoverConfigureRegistries": { - "type": "boolean", - "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will add previously unknown image registries from the cluster to Aqua.\n" + "blockContainerExec": { + "type": "boolean" }, - "autoDiscoveryEnabled": { - "type": "boolean", - "description": "When this option is selected, the KubeEnforcer will discover workloads on its cluster.\n" + "blockDisallowedImages": { + "type": "boolean" }, - "autoScanDiscoveredImagesRunningContainers": { - "type": "boolean", - "description": "This option is available only if `Enable workload discovery` is selected. If selected, the KubeEnforcer will automatically register images running as workloads (and scan the discovered images for security issues).\n" + "blockFilelessExec": { + "type": "boolean" }, - "behavioralEngine": { - "type": "boolean", - "description": "Select Enabled to detect suspicious activity in your containers and display potential security threats in the Incidents and Audit pages.\n" + "blockNonCompliantWorkloads": { + "type": "boolean" }, - "blockAdmissionControl": { - "type": "boolean", - "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + "blockNonK8sContainers": { + "type": "boolean" }, - "commands": { + "bypassScopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/EnforcerGroupsCommand:EnforcerGroupsCommand" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyBypassScope:FunctionRuntimePolicyBypassScope" }, - "description": "The installation command.\n" - }, - "connectedCount": { - "type": "integer", - "description": "Number of connected enforcers in the enforcer group.\n" - }, - "containerActivityProtection": { - "type": "boolean", - "description": "Set `True` to apply Container Runtime Policies, Image Profiles, and Firewall Policies to containers.\n" - }, - "containerAntivirusProtection": { - "type": "boolean", - "description": "This setting is available only when you have license for `Advanced Malware Protection`. Send true to make use of the license and enable the `Real-time Malware Protection` control in the Container Runtime policies.\n" - }, - "description": { - "type": "string", - "description": "A description of the Aqua Enforcer group.\n" + "description": "Bypass scope configuration.\n" }, - "disconnectedCount": { - "type": "integer", - "description": "Number of disconnected enforcers in the enforcer group.\n" + "containerExec": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyContainerExec:FunctionRuntimePolicyContainerExec" }, - "enforce": { - "type": "boolean", - "description": "Whether to enable enforce mode on the Enforcers, defaults to False.\n" + "created": { + "type": "string" }, - "enforcerImageName": { - "type": "string", - "description": "The specific Aqua Enforcer product image (with image tag) to be deployed.\n" + "cve": { + "type": "string" }, - "forensics": { - "type": "boolean", - "description": "Select Enabled to send activity logs in your containers to the Aqua Server for forensics purposes.\n" + "defaultSecurityProfile": { + "type": "string" }, - "gatewayAddress": { + "description": { "type": "string", - "description": "Gateway Address\n" + "description": "The description of the function runtime policy\n" }, - "gatewayName": { - "type": "string", - "description": "Gateway Name\n" + "digest": { + "type": "string" }, - "gateways": { + "driftPreventions": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyDriftPrevention:FunctionRuntimePolicyDriftPrevention" }, - "description": "List of Aqua gateway IDs for the Enforcers.\n" - }, - "groupId": { - "type": "string", - "description": "The ID of the Enforcer group.\n", - "willReplaceOnChanges": true - }, - "highVulns": { - "type": "integer", - "description": "Number of high vulnerabilities in the enforcers that in this enforcer group.\n" - }, - "hostAssurance": { - "type": "boolean", - "description": "Set `True` to enable host scanning and respective Host Assurance controls.\n" + "description": "Drift prevention configuration.\n" }, - "hostBehavioralEngine": { - "type": "boolean", - "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" + "enableCryptoMiningDns": { + "type": "boolean" }, - "hostForensics": { - "type": "boolean", - "description": "Select Enabled to send activity logs in your host to the Aqua Server for forensics purposes.\n" + "enableForkGuard": { + "type": "boolean" }, - "hostNetworkProtection": { - "type": "boolean", - "description": "Set `True` to apply Firewall Policies to hosts, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information\n" + "enableIpReputation": { + "type": "boolean" }, - "hostOs": { - "type": "string", - "description": "The OS type for the host\n", - "willReplaceOnChanges": true + "enablePortScanProtection": { + "type": "boolean" }, - "hostProtection": { + "enabled": { "type": "boolean", - "description": "Set `True` to enable all Host Runtime Policy controls except for `OS Users and Groups Allowed` and `OS Users and Groups Blocked`.\n" + "description": "Whether allowed executables configuration is enabled.\n" }, - "hostUserProtection": { + "enforce": { "type": "boolean", - "description": "Set `True` to enable these Host Runtime Policy controls: `OS Users and Groups Allowed` and `OS Users and Groups Blocked`\n" - }, - "hostname": { - "type": "string", - "description": "The hostname\n" + "description": "Indicates that policy should effect container execution (not just for audit).\n" }, - "hostsCount": { + "enforceAfterDays": { "type": "integer", - "description": "Number of enforcers in the enforcer group.\n" + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" }, - "imageAssurance": { - "type": "boolean", - "description": "Set `True` to enable selected controls: Container Runtime Policy (`Block Non-Compliant Images`, `Block Unregistered Images`, and `Registries Allowed`) and Default Image Assurance Policy (`Images Blocked`).\n" + "enforceSchedulerAddedOn": { + "type": "integer" }, - "installCommand": { - "type": "string", - "description": "Enforcer install command\n" + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" }, - "kubeBenchImageName": { - "type": "string", - "description": "See https://docs.aquasec.com/docs/securing-kubernetes-applications#section-configuration-hardening, The KubeEnforcer can deploy the Aqua Security kube-bench open-source product to perform Kubernetes CIS benchmark testing of nodes.\n\t\t\tThis field specifies the path and file name of the kube-bench product image for the KubeEnforcer to deploy; it will be filled in automatically. You can optionally enter a different value.\n" + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyExecutableBlacklist:FunctionRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" }, - "lastUpdate": { - "type": "integer", - "description": "The last date and time the batch token was updated in UNIX time.\n" + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFailedKubernetesChecks:FunctionRuntimePolicyFailedKubernetesChecks" }, - "logicalName": { - "type": "string", - "description": "Name for the batch install record.\n" + "fileBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFileBlock:FunctionRuntimePolicyFileBlock" }, - "lowVulns": { - "type": "integer", - "description": "Number of low vulnerabilities in the enforcers that in this enforcer group.\n" + "fileIntegrityMonitorings": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyFileIntegrityMonitoring:FunctionRuntimePolicyFileIntegrityMonitoring" + }, + "description": "Configuration for file integrity monitoring.\n" }, - "medVulns": { - "type": "integer", - "description": "Number of medium vulnerabilities in the enforcers that in this enforcer group.\n" + "forkGuardProcessLimit": { + "type": "integer" }, - "microEnforcerCertsSecretsName": { + "honeypotAccessKey": { "type": "string", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected.\n" + "description": "Honeypot User ID (Access Key)\n" }, - "microEnforcerImageName": { - "type": "string", - "description": "This option is applicable only if `Enable Pod Enforcer injection` is selected. This field specifies the path and file name of the KubeEnforcer product image to be deployed; it will be filled in automatically. You can optionally enter a different value.\n" + "honeypotApplyOns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" }, - "microEnforcerInjection": { - "type": "boolean", - "description": "This applies only if both `Enable admission control` and Enforce mode are set. This additional option must be selected for admission control to work if the KubeEnforcer is not connected to any Gateway. If this option is not selected, admission control will be disabled; this will have no effect on containers already running.\n" + "honeypotSecretKey": { + "type": "string", + "description": "Honeypot User Password (Secret Key)\n", + "secret": true }, - "microEnforcerSecretsName": { + "honeypotServerlessAppName": { "type": "string", - "description": "You can specify the name of the secret (in the Aqua namespace) that Aqua copies into the Pod Enforcer namespace and kube-bench, allowing them access to the Pod Enforcer and kube-bench product images, respectively.\n" + "description": "Serverless application name\n" }, - "negVulns": { - "type": "integer", - "description": "Number of negligible vulnerabilities in the enforcers that in this enforcer group.\n" + "imageName": { + "type": "string" }, - "networkProtection": { - "type": "boolean", - "description": "Send true to apply Firewall Policies to containers, and allow recording network maps for Aqua services. The Network Firewall setting must be disabled when deploying the Aqua Enforcer on a machine running Rocky Linux. See https://docs.aquasec.com/docs/platform-support-limitations-rocky-linux for further information.\n" + "isAuditChecked": { + "type": "boolean" }, - "orchestrators": { + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/EnforcerGroupsOrchestrator:EnforcerGroupsOrchestrator" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyLimitContainerPrivilege:FunctionRuntimePolicyLimitContainerPrivilege" }, - "description": "The orchestrator for which you are creating the Enforcer group.\n" - }, - "pasDeploymentLink": { - "type": "string", - "description": "pas deployment link\n" - }, - "permission": { - "type": "string", - "description": "Permission Action\n" + "description": "Container privileges configuration.\n" }, - "riskExplorerAutoDiscovery": { - "type": "boolean", - "description": "Set `True` to allow Enforcers to be discovered in the Risk Explorer.\n" + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyLinuxCapabilities:FunctionRuntimePolicyLinuxCapabilities" }, - "runtimePolicyName": { - "type": "string", - "description": "Function Runtime Policy that will applay on the nano enforcer.\n" + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyMalwareScanOptions:FunctionRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" }, - "runtimeType": { + "name": { "type": "string", - "description": "The container runtime environment.\n" + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true }, - "syncHostImages": { - "type": "boolean", - "description": "Set `True` to configure Enforcers to discover local host images. Discovered images will be listed under Images \u003e Host Images, as well as under Infrastructure (in the Images tab for applicable hosts).\n" + "noNewPrivileges": { + "type": "boolean" }, - "syscallEnabled": { - "type": "boolean", - "description": "Set `True` will allow profiling and monitoring system calls made by running containers.\n" + "onlyRegisteredImages": { + "type": "boolean" }, - "token": { - "type": "string", - "description": "The batch install token.\n" + "packageBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyPackageBlock:FunctionRuntimePolicyPackageBlock" }, - "type": { - "type": "string", - "description": "Enforcer Type.\n", - "willReplaceOnChanges": true + "permission": { + "type": "string" }, - "userAccessControl": { - "type": "boolean", - "description": "Set `True` to apply User Access Control Policies to containers. Note that Aqua Enforcers must be deployed with the AQUA*RUNC*INTERCEPTION environment variable set to 0 in order to use User Access Control Policies.\n" - } - }, - "type": "object" - } - }, - "aquasec:index/firewallPolicy:FirewallPolicy": { - "properties": { - "author": { - "type": "string", - "description": "Username of the account that created the policy.\n" - }, - "blockIcmpPing": { - "type": "boolean", - "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" - }, - "blockMetadataService": { - "type": "boolean", - "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" - }, - "description": { - "type": "string", - "description": "Description of the Firewall Policy.\n" - }, - "inboundNetworks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" + "portBlock": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyPortBlock:FunctionRuntimePolicyPortBlock" }, - "description": "Information on network addresses that are allowed to pass in data or requests.\n" - }, - "lastupdate": { - "type": "integer", - "description": "Timestamp of the last update in Unix time format.\n" - }, - "name": { - "type": "string", - "description": "Name of the policy, no longer than 128 characters and no slash characters.\n" - }, - "outboundNetworks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" + "readonlyFiles": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReadonlyFiles:FunctionRuntimePolicyReadonlyFiles" }, - "description": "Information on network addresses that are allowed to receive data or requests.\n" - }, - "type": { - "type": "string", - "description": "Indicates the class of protection defined by the firewall.\n" - }, - "version": { - "type": "string", - "description": "Aqua version functionality supported\n" - } - }, - "required": [ - "author", - "lastupdate", - "name", - "type", - "version" - ], - "inputProperties": { - "blockIcmpPing": { - "type": "boolean", - "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" - }, - "blockMetadataService": { - "type": "boolean", - "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" - }, - "description": { - "type": "string", - "description": "Description of the Firewall Policy.\n" - }, - "inboundNetworks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReadonlyRegistry:FunctionRuntimePolicyReadonlyRegistry" }, - "description": "Information on network addresses that are allowed to pass in data or requests.\n" - }, - "name": { - "type": "string", - "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", - "willReplaceOnChanges": true - }, - "outboundNetworks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" + "registry": { + "type": "string" }, - "description": "Information on network addresses that are allowed to receive data or requests.\n" - }, - "type": { - "type": "string", - "description": "Indicates the class of protection defined by the firewall.\n" - }, - "version": { - "type": "string", - "description": "Aqua version functionality supported\n" - } - }, - "stateInputs": { - "description": "Input properties used for looking up and filtering FirewallPolicy resources.\n", - "properties": { - "author": { - "type": "string", - "description": "Username of the account that created the policy.\n" + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyRegistryAccessMonitoring:FunctionRuntimePolicyRegistryAccessMonitoring" }, - "blockIcmpPing": { - "type": "boolean", - "description": "Indicates whether policy includes blocking incoming 'ping' requests.\n" + "repoName": { + "type": "string" }, - "blockMetadataService": { - "type": "boolean", - "description": "Indicates whether policy includes blocking metadata services of the cloud.\n" + "resourceName": { + "type": "string" }, - "description": { - "type": "string", - "description": "Description of the Firewall Policy.\n" + "resourceType": { + "type": "string" }, - "inboundNetworks": { + "restrictedVolumes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FirewallPolicyInboundNetwork:FirewallPolicyInboundNetwork" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyRestrictedVolume:FunctionRuntimePolicyRestrictedVolume" }, - "description": "Information on network addresses that are allowed to pass in data or requests.\n" + "description": "Restricted volumes configuration.\n" }, - "lastupdate": { - "type": "integer", - "description": "Timestamp of the last update in Unix time format.\n" + "reverseShell": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyReverseShell:FunctionRuntimePolicyReverseShell" }, - "name": { + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { + "type": "string" + }, + "scopeExpression": { "type": "string", - "description": "Name of the policy, no longer than 128 characters and no slash characters.\n", - "willReplaceOnChanges": true + "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, - "outboundNetworks": { + "scopeVariables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FirewallPolicyOutboundNetwork:FirewallPolicyOutboundNetwork" + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" }, - "description": "Information on network addresses that are allowed to receive data or requests.\n" + "description": "List of scope attributes.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScope:FunctionRuntimePolicyScope" + }, + "description": "Scope configuration.\n" + }, + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicySystemIntegrityProtection:FunctionRuntimePolicySystemIntegrityProtection" + }, + "tripwire": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyTripwire:FunctionRuntimePolicyTripwire" }, "type": { - "type": "string", - "description": "Indicates the class of protection defined by the firewall.\n" + "type": "string" + }, + "updated": { + "type": "string" }, "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/FunctionRuntimePolicyWhitelistedOsUsers:FunctionRuntimePolicyWhitelistedOsUsers" + } + }, + "type": "object" + } + }, + "aquasec:index/group:Group": { + "description": "The `aquasec.Group` resource manages your groups within Aqua.\n\nThe Groups created must have at least one Role that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst group = new aquasec.Group(\"group\", {});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ngroup = aquasec.Group(\"group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Aquasec.Group(\"group\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewGroup(ctx, \"group\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Group;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\");\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: aquasec:Group\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "created": { + "type": "string", + "description": "The creation date of the group.\n" + }, + "groupId": { + "type": "integer", + "description": "The ID of the created group.\n" + }, + "name": { + "type": "string", + "description": "The desired name of the group.\n" + } + }, + "required": [ + "created", + "groupId", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The desired name of the group.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Group resources.\n", + "properties": { + "created": { "type": "string", - "description": "Aqua version functionality supported\n" + "description": "The creation date of the group.\n" + }, + "groupId": { + "type": "integer", + "description": "The ID of the created group.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "The desired name of the group.\n" } }, "type": "object" } }, - "aquasec:index/functionAssurancePolicy:FunctionAssurancePolicy": { + "aquasec:index/hostAssurancePolicy:HostAssurancePolicy": { + "description": "Host Assurance is a subsystem of Aqua. It is responsible for:\n Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks.\nEvaluates scan findings according to defined Host Assurance Policies.\nDetermines host compliance based on these policies.\nGenerates an audit event for host assurance failure.\n", "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, "allowedImages": { "type": "array", "items": { @@ -7862,6 +13218,10 @@ "type": "string" } }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" @@ -7879,7 +13239,7 @@ "autoScanTimes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" + "$ref": "#/types/aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { @@ -7902,7 +13262,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -7914,7 +13274,7 @@ "customChecks": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" + "$ref": "#/types/aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, @@ -7922,23 +13282,26 @@ "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, + "customSeverity": { + "type": "string" + }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", @@ -7962,12 +13325,19 @@ "description": { "type": "string" }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -8000,6 +13370,12 @@ "type": "string" } }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" @@ -8007,7 +13383,7 @@ "forbiddenLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" + "$ref": "#/types/aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { @@ -8019,6 +13395,9 @@ "functionIntegrityEnabled": { "type": "boolean" }, + "ignoreBaseImageVln": { + "type": "boolean" + }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, @@ -8036,6 +13415,12 @@ }, "description": "List of ignored risk resources.\n" }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, "images": { "type": "array", "items": { @@ -8044,7 +13429,26 @@ "description": "List of images.\n" }, "kubeCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } }, "labels": { "type": "array", @@ -8053,6 +13457,12 @@ }, "description": "List of labels.\n" }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, "malwareAction": { "type": "string" }, @@ -8081,6 +13491,9 @@ "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" @@ -8088,9 +13501,9 @@ "packagesBlackLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" + "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -8099,13 +13512,19 @@ "packagesWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" + "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/HostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings" + }, "readOnly": { "type": "boolean" }, @@ -8122,19 +13541,28 @@ "requiredLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" + "$ref": "#/types/aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, + "scanMalwareInArchives": { + "type": "boolean" + }, "scanNfsMounts": { "type": "boolean" }, + "scanProcessMemory": { + "type": "boolean" + }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, + "scanWindowsRegistry": { + "type": "boolean" + }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" @@ -8149,13 +13577,13 @@ "scopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope" + "$ref": "#/types/aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" + "$ref": "#/types/aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, @@ -8163,6 +13591,15 @@ "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, "whitelistedLicenses": { "type": "array", "items": { @@ -8173,17 +13610,34 @@ "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" + }, + "windowsCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).\n" } }, "required": [ "applicationScopes", + "assuranceType", "author", "autoScanTimes", + "customSeverity", "ignoreRecentlyPublishedVlnPeriod", + "lastupdate", "name", - "scopes" + "permission", + "policySettings", + "scopes", + "vulnerabilityScoreRanges" ], "inputProperties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, "allowedImages": { "type": "array", "items": { @@ -8197,10 +13651,18 @@ "type": "string" } }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, "autoScanConfigured": { "type": "boolean" }, @@ -8210,7 +13672,7 @@ "autoScanTimes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" + "$ref": "#/types/aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { @@ -8233,7 +13695,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -8245,7 +13707,7 @@ "customChecks": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" + "$ref": "#/types/aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, @@ -8253,23 +13715,26 @@ "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, + "customSeverity": { + "type": "string" + }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", @@ -8293,12 +13758,19 @@ "description": { "type": "string" }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -8331,6 +13803,12 @@ "type": "string" } }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" @@ -8338,7 +13816,7 @@ "forbiddenLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" + "$ref": "#/types/aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { @@ -8350,29 +13828,60 @@ "functionIntegrityEnabled": { "type": "boolean" }, + "ignoreBaseImageVln": { + "type": "boolean" + }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, "ignoreRiskResourcesEnabled": { "type": "boolean", "description": "Indicates if risk resources are ignored.\n" }, - "ignoredRiskResources": { + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" - }, - "description": "List of ignored risk resources.\n" + } }, - "images": { + "kubernetesControlsNames": { "type": "array", "items": { "type": "string" - }, - "description": "List of images.\n" - }, - "kubeCisEnabled": { - "type": "boolean" + } }, "labels": { "type": "array", @@ -8381,6 +13890,12 @@ }, "description": "List of labels.\n" }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, "malwareAction": { "type": "string" }, @@ -8410,6 +13925,9 @@ "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" @@ -8417,9 +13935,9 @@ "packagesBlackLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" + "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -8428,13 +13946,19 @@ "packagesWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" + "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/HostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings" + }, "readOnly": { "type": "boolean" }, @@ -8451,19 +13975,28 @@ "requiredLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" + "$ref": "#/types/aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, + "scanMalwareInArchives": { + "type": "boolean" + }, "scanNfsMounts": { "type": "boolean" }, + "scanProcessMemory": { + "type": "boolean" + }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, + "scanWindowsRegistry": { + "type": "boolean" + }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" @@ -8478,13 +14011,13 @@ "scopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope" + "$ref": "#/types/aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" + "$ref": "#/types/aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, @@ -8492,6 +14025,15 @@ "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, "whitelistedLicenses": { "type": "array", "items": { @@ -8502,14 +14044,25 @@ "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" + }, + "windowsCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).\n" } }, "requiredInputs": [ "applicationScopes" ], "stateInputs": { - "description": "Input properties used for looking up and filtering FunctionAssurancePolicy resources.\n", + "description": "Input properties used for looking up and filtering HostAssurancePolicy resources.\n", "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, "allowedImages": { "type": "array", "items": { @@ -8523,6 +14076,10 @@ "type": "string" } }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" @@ -8540,7 +14097,7 @@ "autoScanTimes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyAutoScanTime:FunctionAssurancePolicyAutoScanTime" + "$ref": "#/types/aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { @@ -8563,7 +14120,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -8575,7 +14132,7 @@ "customChecks": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyCustomCheck:FunctionAssurancePolicyCustomCheck" + "$ref": "#/types/aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" }, "description": "List of Custom user scripts for checks.\n" }, @@ -8583,23 +14140,26 @@ "type": "boolean", "description": "Indicates if scanning should include custom checks.\n" }, + "customSeverity": { + "type": "string" + }, "customSeverityEnabled": { "type": "boolean" }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", @@ -8623,12 +14183,19 @@ "description": { "type": "string" }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, "disallowMalware": { "type": "boolean", "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -8661,6 +14228,12 @@ "type": "string" } }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, "failCicd": { "type": "boolean", "description": "Indicates if cicd failures will fail the image.\n" @@ -8668,7 +14241,7 @@ "forbiddenLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyForbiddenLabel:FunctionAssurancePolicyForbiddenLabel" + "$ref": "#/types/aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" } }, "forbiddenLabelsEnabled": { @@ -8680,6 +14253,9 @@ "functionIntegrityEnabled": { "type": "boolean" }, + "ignoreBaseImageVln": { + "type": "boolean" + }, "ignoreRecentlyPublishedVln": { "type": "boolean" }, @@ -8697,6 +14273,12 @@ }, "description": "List of ignored risk resources.\n" }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, "images": { "type": "array", "items": { @@ -8705,7 +14287,26 @@ "description": "List of images.\n" }, "kubeCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } }, "labels": { "type": "array", @@ -8714,6 +14315,12 @@ }, "description": "List of labels.\n" }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, "malwareAction": { "type": "string" }, @@ -8743,6 +14350,9 @@ "type": "boolean", "description": "Indicates if raise a warning for images that should only be run as root.\n" }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, "packagesBlackListEnabled": { "type": "boolean", "description": "Indicates if packages blacklist is relevant.\n" @@ -8750,9 +14360,9 @@ "packagesBlackLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesBlackList:FunctionAssurancePolicyPackagesBlackList" + "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -8761,13 +14371,19 @@ "packagesWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyPackagesWhiteList:FunctionAssurancePolicyPackagesWhiteList" + "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" }, "description": "List of whitelisted images.\n" }, "partialResultsImageFail": { "type": "boolean" }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/HostAssurancePolicyPolicySettings:HostAssurancePolicyPolicySettings" + }, "readOnly": { "type": "boolean" }, @@ -8784,19 +14400,28 @@ "requiredLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyRequiredLabel:FunctionAssurancePolicyRequiredLabel" + "$ref": "#/types/aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" } }, "requiredLabelsEnabled": { "type": "boolean" }, + "scanMalwareInArchives": { + "type": "boolean" + }, "scanNfsMounts": { "type": "boolean" }, + "scanProcessMemory": { + "type": "boolean" + }, "scanSensitiveData": { "type": "boolean", "description": "Indicates if scan should include sensitive data in the image.\n" }, + "scanWindowsRegistry": { + "type": "boolean" + }, "scapEnabled": { "type": "boolean", "description": "Indicates if scanning should include scap.\n" @@ -8811,13 +14436,13 @@ "scopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyScope:FunctionAssurancePolicyScope" + "$ref": "#/types/aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope" } }, "trustedBaseImages": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionAssurancePolicyTrustedBaseImage:FunctionAssurancePolicyTrustedBaseImage" + "$ref": "#/types/aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" }, "description": "List of trusted images.\n" }, @@ -8825,6 +14450,15 @@ "type": "boolean", "description": "Indicates if list of trusted base images is relevant.\n" }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, "whitelistedLicenses": { "type": "array", "items": { @@ -8835,14 +14469,32 @@ "whitelistedLicensesEnabled": { "type": "boolean", "description": "Indicates if license blacklist is relevant.\n" + }, + "windowsCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows).\n" } }, "type": "object" } }, - "aquasec:index/functionRuntimePolicy:FunctionRuntimePolicy": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst functionRuntimePolicy = new aquasec.FunctionRuntimePolicy(\"functionRuntimePolicy\", {\n applicationScopes: [\"Global\"],\n blockMaliciousExecutables: true,\n blockMaliciousExecutablesAllowedProcesses: [\n \"proc1\",\n \"proc2\",\n ],\n blockRunningExecutablesInTmpFolder: true,\n blockedExecutables: [\n \"exe1\",\n \"exe2\",\n ],\n description: \"function_runtime_policy\",\n enabled: true,\n enforce: false,\n scopeVariables: [\n {\n attribute: \"kubernetes.cluster\",\n value: \"default\",\n },\n {\n attribute: \"kubernetes.label\",\n name: \"app\",\n value: \"aqua\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nfunction_runtime_policy = aquasec.FunctionRuntimePolicy(\"functionRuntimePolicy\",\n application_scopes=[\"Global\"],\n block_malicious_executables=True,\n block_malicious_executables_allowed_processes=[\n \"proc1\",\n \"proc2\",\n ],\n block_running_executables_in_tmp_folder=True,\n blocked_executables=[\n \"exe1\",\n \"exe2\",\n ],\n description=\"function_runtime_policy\",\n enabled=True,\n enforce=False,\n scope_variables=[\n aquasec.FunctionRuntimePolicyScopeVariableArgs(\n attribute=\"kubernetes.cluster\",\n value=\"default\",\n ),\n aquasec.FunctionRuntimePolicyScopeVariableArgs(\n attribute=\"kubernetes.label\",\n name=\"app\",\n value=\"aqua\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var functionRuntimePolicy = new Aquasec.FunctionRuntimePolicy(\"functionRuntimePolicy\", new()\n {\n ApplicationScopes = new[]\n {\n \"Global\",\n },\n BlockMaliciousExecutables = true,\n BlockMaliciousExecutablesAllowedProcesses = new[]\n {\n \"proc1\",\n \"proc2\",\n },\n BlockRunningExecutablesInTmpFolder = true,\n BlockedExecutables = new[]\n {\n \"exe1\",\n \"exe2\",\n },\n Description = \"function_runtime_policy\",\n Enabled = true,\n Enforce = false,\n ScopeVariables = new[]\n {\n new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs\n {\n Attribute = \"kubernetes.cluster\",\n Value = \"default\",\n },\n new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs\n {\n Attribute = \"kubernetes.label\",\n Name = \"app\",\n Value = \"aqua\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewFunctionRuntimePolicy(ctx, \"functionRuntimePolicy\", \u0026aquasec.FunctionRuntimePolicyArgs{\n\t\t\tApplicationScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Global\"),\n\t\t\t},\n\t\t\tBlockMaliciousExecutables: pulumi.Bool(true),\n\t\t\tBlockMaliciousExecutablesAllowedProcesses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"proc1\"),\n\t\t\t\tpulumi.String(\"proc2\"),\n\t\t\t},\n\t\t\tBlockRunningExecutablesInTmpFolder: pulumi.Bool(true),\n\t\t\tBlockedExecutables: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"exe1\"),\n\t\t\t\tpulumi.String(\"exe2\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"function_runtime_policy\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(false),\n\t\t\tScopeVariables: aquasec.FunctionRuntimePolicyScopeVariableArray{\n\t\t\t\t\u0026aquasec.FunctionRuntimePolicyScopeVariableArgs{\n\t\t\t\t\tAttribute: pulumi.String(\"kubernetes.cluster\"),\n\t\t\t\t\tValue: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.FunctionRuntimePolicyScopeVariableArgs{\n\t\t\t\t\tAttribute: pulumi.String(\"kubernetes.label\"),\n\t\t\t\t\tName: pulumi.String(\"app\"),\n\t\t\t\t\tValue: pulumi.String(\"aqua\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.FunctionRuntimePolicy;\nimport com.pulumi.aquasec.FunctionRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.FunctionRuntimePolicyScopeVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var functionRuntimePolicy = new FunctionRuntimePolicy(\"functionRuntimePolicy\", FunctionRuntimePolicyArgs.builder() \n .applicationScopes(\"Global\")\n .blockMaliciousExecutables(true)\n .blockMaliciousExecutablesAllowedProcesses( \n \"proc1\",\n \"proc2\")\n .blockRunningExecutablesInTmpFolder(true)\n .blockedExecutables( \n \"exe1\",\n \"exe2\")\n .description(\"function_runtime_policy\")\n .enabled(true)\n .enforce(false)\n .scopeVariables( \n FunctionRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n FunctionRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n functionRuntimePolicy:\n type: aquasec:FunctionRuntimePolicy\n properties:\n applicationScopes:\n - Global\n blockMaliciousExecutables: true\n blockMaliciousExecutablesAllowedProcesses:\n - proc1\n - proc2\n blockRunningExecutablesInTmpFolder: true\n blockedExecutables:\n - exe1\n - exe2\n description: function_runtime_policy\n enabled: true\n enforce: false\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n```\n{{% /example %}}\n{{% /examples %}}", + "aquasec:index/hostRuntimePolicy:HostRuntimePolicy": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.HostRuntimePolicy;\nimport com.pulumi.aquasec.HostRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.HostRuntimePolicyFileIntegrityMonitoringArgs;\nimport com.pulumi.aquasec.inputs.HostRuntimePolicyScopeVariableArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hostRuntimePolicy = new HostRuntimePolicy(\"hostRuntimePolicy\", HostRuntimePolicyArgs.builder() \n .applicationScopes(\"Global\")\n .auditAllOsUserActivity(true)\n .auditBruteForceLogin(true)\n .auditFullCommandArguments(true)\n .auditHostFailedLoginEvents(true)\n .auditHostSuccessfulLoginEvents(true)\n .auditUserAccountManagement(true)\n .blockCryptocurrencyMining(true)\n .blockedFiles(\"blocked\")\n .description(\"host_runtime_policy\")\n .enableIpReputationSecurity(true)\n .enabled(true)\n .enforce(false)\n .fileIntegrityMonitoring(HostRuntimePolicyFileIntegrityMonitoringArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .monitorAttributes(true)\n .monitorCreate(true)\n .monitorDelete(true)\n .monitorModify(true)\n .monitorRead(true)\n .monitoredPaths(\"paths\")\n .monitoredProcesses(\"process\")\n .monitoredUsers(\"user\")\n .build())\n .monitorSystemLogIntegrity(true)\n .monitorSystemTimeChanges(true)\n .monitorWindowsServices(true)\n .osGroupsAlloweds(\"group1\")\n .osGroupsBlockeds(\"group2\")\n .osUsersAlloweds(\"user1\")\n .osUsersBlockeds(\"user2\")\n .packageBlocks(\"package1\")\n .portScanningDetection(true)\n .scopeVariables( \n HostRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n HostRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .windowsRegistryMonitoring(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .windowsRegistryProtection(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hostRuntimePolicy:\n type: aquasec:HostRuntimePolicy\n properties:\n applicationScopes:\n - Global\n auditAllOsUserActivity: true\n auditBruteForceLogin: true\n auditFullCommandArguments: true\n auditHostFailedLoginEvents: true\n auditHostSuccessfulLoginEvents: true\n auditUserAccountManagement: true\n blockCryptocurrencyMining: true\n blockedFiles:\n - blocked\n description: host_runtime_policy\n enableIpReputationSecurity: true\n enabled: true\n enforce: false\n fileIntegrityMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n monitorSystemLogIntegrity: true\n monitorSystemTimeChanges: true\n monitorWindowsServices: true\n osGroupsAlloweds:\n - group1\n osGroupsBlockeds:\n - group2\n osUsersAlloweds:\n - user1\n osUsersBlockeds:\n - user2\n packageBlocks:\n - package1\n portScanningDetection: true\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n windowsRegistryMonitoring:\n - excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n windowsRegistryProtection:\n - excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n protectedPaths:\n - paths\n protectedProcesses:\n - process\n protectedUsers:\n - user\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" + }, "applicationScopes": { "type": "array", "items": { @@ -8850,153 +14502,276 @@ }, "description": "Indicates the application scope of the service.\n" }, + "auditBruteForceLogin": { + "type": "boolean", + "description": "Detects brute force login attempts\n" + }, + "auditFullCommandArguments": { + "type": "boolean", + "description": "If true, full command arguments will be audited.\n" + }, + "auditHostFailedLoginEvents": { + "type": "boolean", + "description": "If true, host failed logins will be audited.\n" + }, + "auditHostSuccessfulLoginEvents": { + "type": "boolean", + "description": "If true, host successful logins will be audited.\n" + }, + "auditUserAccountManagement": { + "type": "boolean", + "description": "If true, account management will be audited.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAuditing:HostRuntimePolicyAuditing" + }, "author": { "type": "string", "description": "Username of the account that created the service.\n" }, - "blockMaliciousExecutables": { + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers" + }, + "blockContainerExec": { + "type": "boolean" + }, + "blockCryptocurrencyMining": { "type": "boolean", - "description": "If true, prevent creation of malicious executables in functions during their runtime post invocation.\n" + "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + }, + "blockDisallowedImages": { + "type": "boolean" + }, + "blockFilelessExec": { + "type": "boolean" }, - "blockMaliciousExecutablesAllowedProcesses": { + "blockNonCompliantWorkloads": { + "type": "boolean" + }, + "blockNonK8sContainers": { + "type": "boolean" + }, + "blockedFiles": { "type": "array", "items": { "type": "string" }, - "description": "List of processes that will be allowed\n" - }, - "blockRunningExecutablesInTmpFolder": { - "type": "boolean", - "description": "If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.\n" + "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, - "blockedExecutables": { + "bypassScopes": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/HostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope" }, - "description": "List of executables that are prevented from running in containers.\n" + "description": "Bypass scope configuration.\n" + }, + "containerExec": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec" + }, + "created": { + "type": "string" + }, + "cve": { + "type": "string" + }, + "defaultSecurityProfile": { + "type": "string" }, "description": { "type": "string", - "description": "The description of the function runtime policy\n" + "description": "The description of the host runtime policy\n" + }, + "digest": { + "type": "string" + }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "enableCryptoMiningDns": { + "type": "boolean" + }, + "enableForkGuard": { + "type": "boolean" + }, + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" }, "enabled": { "type": "boolean", - "description": "Indicates if the runtime policy is enabled or not.\n" + "description": "Whether allowed executables configuration is enabled.\n" }, "enforce": { "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, - "honeypotAccessKey": { - "type": "string", - "description": "Honeypot User ID (Access Key)\n" + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock" + }, + "fileIntegrityMonitoring": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", + "description": "Configuration for file integrity monitoring.\n" + }, + "forkGuardProcessLimit": { + "type": "integer" + }, + "imageName": { + "type": "string" + }, + "isAuditChecked": { + "type": "boolean" + }, + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" }, - "honeypotApplyOns": { + "limitContainerPrivileges": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/HostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege" }, - "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" + "description": "Container privileges configuration.\n" }, - "honeypotSecretKey": { - "type": "string", - "description": "Honeypot User Password (Secret Key)\n", - "secret": true + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities" }, - "honeypotServerlessAppName": { - "type": "string", - "description": "Serverless application name\n" + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "monitorSystemLogIntegrity": { + "type": "boolean", + "description": "If true, system log will be monitored.\n" + }, + "monitorSystemTimeChanges": { + "type": "boolean", + "description": "If true, system time changes will be monitored.\n" + }, + "monitorWindowsServices": { + "type": "boolean", + "description": "If true, windows service operations will be monitored.\n" }, "name": { "type": "string", "description": "Name assigned to the attribute.\n" }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "noNewPrivileges": { + "type": "boolean" }, - "scopeVariables": { + "onlyRegisteredImages": { + "type": "boolean" + }, + "osGroupsAlloweds": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" + "type": "string" }, - "description": "List of scope attributes.\n" - } - }, - "required": [ - "applicationScopes", - "author", - "name", - "scopeExpression", - "scopeVariables" - ], - "inputProperties": { - "applicationScopes": { + "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + }, + "osGroupsBlockeds": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" - }, - "blockMaliciousExecutables": { - "type": "boolean", - "description": "If true, prevent creation of malicious executables in functions during their runtime post invocation.\n" + "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, - "blockMaliciousExecutablesAllowedProcesses": { + "osUsersAlloweds": { "type": "array", "items": { "type": "string" }, - "description": "List of processes that will be allowed\n" - }, - "blockRunningExecutablesInTmpFolder": { - "type": "boolean", - "description": "If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.\n" + "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" }, - "blockedExecutables": { + "osUsersBlockeds": { "type": "array", "items": { "type": "string" }, - "description": "List of executables that are prevented from running in containers.\n" + "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" }, - "description": { - "type": "string", - "description": "The description of the function runtime policy\n" + "packageBlocks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock" + } }, - "enabled": { - "type": "boolean", - "description": "Indicates if the runtime policy is enabled or not.\n" + "permission": { + "type": "string" }, - "enforce": { - "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" + "portBlock": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock" }, - "honeypotAccessKey": { - "type": "string", - "description": "Honeypot User ID (Access Key)\n" + "readonlyFiles": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles" }, - "honeypotApplyOns": { + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry" + }, + "registry": { + "type": "string" + }, + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring" + }, + "repoName": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourceType": { + "type": "string" + }, + "restrictedVolumes": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/HostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume" }, - "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" + "description": "Restricted volumes configuration.\n" }, - "honeypotSecretKey": { - "type": "string", - "description": "Honeypot User Password (Secret Key)\n", - "secret": true + "reverseShell": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell" }, - "honeypotServerlessAppName": { - "type": "string", - "description": "Serverless application name\n" + "runtimeMode": { + "type": "integer" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true + "runtimeType": { + "type": "string" }, "scopeExpression": { "type": "string", @@ -9005,2503 +14780,2999 @@ "scopeVariables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" + "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, "description": "List of scope attributes.\n" - } - }, - "stateInputs": { - "description": "Input properties used for looking up and filtering FunctionRuntimePolicy resources.\n", - "properties": { - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Indicates the application scope of the service.\n" - }, - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" - }, - "blockMaliciousExecutables": { - "type": "boolean", - "description": "If true, prevent creation of malicious executables in functions during their runtime post invocation.\n" - }, - "blockMaliciousExecutablesAllowedProcesses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of processes that will be allowed\n" - }, - "blockRunningExecutablesInTmpFolder": { - "type": "boolean", - "description": "If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation.\n" - }, - "blockedExecutables": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of executables that are prevented from running in containers.\n" - }, - "description": { - "type": "string", - "description": "The description of the function runtime policy\n" - }, - "enabled": { - "type": "boolean", - "description": "Indicates if the runtime policy is enabled or not.\n" - }, - "enforce": { - "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" - }, - "honeypotAccessKey": { - "type": "string", - "description": "Honeypot User ID (Access Key)\n" - }, - "honeypotApplyOns": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of options to apply the honeypot on (Environment Vairable, Layer, File)\n" - }, - "honeypotSecretKey": { - "type": "string", - "description": "Honeypot User Password (Secret Key)\n", - "secret": true - }, - "honeypotServerlessAppName": { - "type": "string", - "description": "Serverless application name\n" - }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true - }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyScope:HostRuntimePolicyScope" }, - "scopeVariables": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/FunctionRuntimePolicyScopeVariable:FunctionRuntimePolicyScopeVariable" - }, - "description": "List of scope attributes.\n" - } + "description": "Scope configuration.\n" }, - "type": "object" - } - }, - "aquasec:index/group:Group": { - "description": "The `aquasec.Group` resource manages your groups within Aqua.\n\nThe Groups created must have at least one Role that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst group = new aquasec.Group(\"group\", {});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\ngroup = aquasec.Group(\"group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @group = new Aquasec.Group(\"group\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewGroup(ctx, \"group\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Group;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var group = new Group(\"group\");\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: aquasec:Group\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "created": { - "type": "string", - "description": "The creation date of the group.\n" + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/HostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection" }, - "groupId": { - "type": "integer", - "description": "The ID of the created group.\n" + "tripwire": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyTripwire:HostRuntimePolicyTripwire" }, - "name": { - "type": "string", - "description": "The desired name of the group.\n" + "type": { + "type": "string" + }, + "updated": { + "type": "string" + }, + "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers" } }, "required": [ + "allowedExecutables", + "allowedRegistries", + "applicationScopes", + "auditing", + "author", + "blacklistedOsUsers", + "containerExec", "created", - "groupId", - "name" - ], - "inputProperties": { - "name": { - "type": "string", - "description": "The desired name of the group.\n" - } - }, - "stateInputs": { - "description": "Input properties used for looking up and filtering Group resources.\n", - "properties": { - "created": { - "type": "string", - "description": "The creation date of the group.\n" - }, - "groupId": { - "type": "integer", - "description": "The ID of the created group.\n", - "willReplaceOnChanges": true + "driftPreventions", + "enforceSchedulerAddedOn", + "executableBlacklists", + "failedKubernetesChecks", + "fileBlock", + "fileIntegrityMonitoring", + "lastupdate", + "limitContainerPrivileges", + "linuxCapabilities", + "malwareScanOptions", + "name", + "packageBlocks", + "portBlock", + "readonlyFiles", + "readonlyRegistry", + "registryAccessMonitoring", + "restrictedVolumes", + "reverseShell", + "runtimeType", + "scopeExpression", + "scopeVariables", + "systemIntegrityProtection", + "tripwire", + "type", + "updated", + "whitelistedOsUsers" + ], + "inputProperties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable" }, - "name": { - "type": "string", - "description": "The desired name of the group.\n" - } + "description": "Allowed executables configuration.\n" }, - "type": "object" - } - }, - "aquasec:index/hostAssurancePolicy:HostAssurancePolicy": { - "properties": { - "allowedImages": { + "allowedRegistries": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/HostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry" }, - "description": "List of explicitly allowed images.\n" + "description": "List of allowed registries.\n" }, "applicationScopes": { "type": "array", "items": { "type": "string" - } + }, + "description": "Indicates the application scope of the service.\n" }, - "auditOnFailure": { + "auditBruteForceLogin": { "type": "boolean", - "description": "Indicates if auditing for failures.\n" + "description": "Detects brute force login attempts\n" + }, + "auditFullCommandArguments": { + "type": "boolean", + "description": "If true, full command arguments will be audited.\n" + }, + "auditHostFailedLoginEvents": { + "type": "boolean", + "description": "If true, host failed logins will be audited.\n" + }, + "auditHostSuccessfulLoginEvents": { + "type": "boolean", + "description": "If true, host successful logins will be audited.\n" + }, + "auditUserAccountManagement": { + "type": "boolean", + "description": "If true, account management will be audited.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAuditing:HostRuntimePolicyAuditing" }, "author": { "type": "string", - "description": "Name of user account that created the policy.\n" + "description": "Username of the account that created the service.\n" }, - "autoScanConfigured": { + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers" + }, + "blockContainerExec": { "type": "boolean" }, - "autoScanEnabled": { + "blockCryptocurrencyMining": { + "type": "boolean", + "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + }, + "blockDisallowedImages": { "type": "boolean" }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" - } + "blockFilelessExec": { + "type": "boolean" }, - "blacklistPermissions": { + "blockNonCompliantWorkloads": { + "type": "boolean" + }, + "blockNonK8sContainers": { + "type": "boolean" + }, + "blockedFiles": { "type": "array", "items": { "type": "string" }, - "description": "List of function's forbidden permissions.\n" - }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" + "description": "List of files that are prevented from being read, modified and executed in the containers.\n" }, - "blacklistedLicenses": { + "bypassScopes": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/HostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope" }, - "description": "List of blacklisted licenses.\n" + "description": "Bypass scope configuration.\n" }, - "blacklistedLicensesEnabled": { - "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "containerExec": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec" }, - "blockFailed": { - "type": "boolean", - "description": "Indicates if failed images are blocked.\n" + "created": { + "type": "string" }, - "controlExcludeNoFix": { - "type": "boolean" + "cve": { + "type": "string" }, - "customChecks": { + "defaultSecurityProfile": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the host runtime policy\n" + }, + "digest": { + "type": "string" + }, + "driftPreventions": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" + "$ref": "#/types/aquasec:index/HostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention" }, - "description": "List of Custom user scripts for checks.\n" + "description": "Drift prevention configuration.\n" }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" + "enableCryptoMiningDns": { + "type": "boolean" }, - "customSeverityEnabled": { + "enableForkGuard": { "type": "boolean" }, - "cvesBlackListEnabled": { + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" + }, + "enabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Whether allowed executables configuration is enabled.\n" }, - "cvesBlackLists": { + "enforce": { + "type": "boolean", + "description": "Indicates that policy should effect container execution (not just for audit).\n" + }, + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" - }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "List of excluded application scopes.\n" }, - "cvesWhiteLists": { + "executableBlacklists": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/HostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist" }, - "description": "List of cves whitelisted licenses\n" - }, - "cvssSeverity": { - "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" - }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + "description": "Executable blacklist configuration.\n" }, - "description": { - "type": "string" + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks" }, - "disallowMalware": { - "type": "boolean", - "description": "Indicates if malware should block the image.\n" + "fileBlock": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock" }, - "dockerCisEnabled": { - "type": "boolean" + "fileIntegrityMonitoring": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", + "description": "Configuration for file integrity monitoring.\n" }, - "domain": { - "type": "string", - "description": "Name of the container image.\n" + "forkGuardProcessLimit": { + "type": "integer" }, - "domainName": { + "imageName": { "type": "string" }, - "dtaEnabled": { + "isAuditChecked": { "type": "boolean" }, - "dtaSeverity": { - "type": "string" - }, - "enabled": { + "isAutoGenerated": { "type": "boolean" }, - "enforce": { + "isOotbPolicy": { "type": "boolean" }, - "enforceAfterDays": { + "lastupdate": { "type": "integer" }, - "enforceExcessivePermissions": { - "type": "boolean" - }, - "exceptionalMonitoredMalwarePaths": { + "limitContainerPrivileges": { "type": "array", "items": { - "type": "string" - } + "$ref": "#/types/aquasec:index/HostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" }, - "failCicd": { + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "monitorSystemLogIntegrity": { "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" + "description": "If true, system log will be monitored.\n" }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" - } + "monitorSystemTimeChanges": { + "type": "boolean", + "description": "If true, system time changes will be monitored.\n" }, - "forbiddenLabelsEnabled": { - "type": "boolean" + "monitorWindowsServices": { + "type": "boolean", + "description": "If true, windows service operations will be monitored.\n" }, - "forceMicroenforcer": { - "type": "boolean" + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true }, - "functionIntegrityEnabled": { + "noNewPrivileges": { "type": "boolean" }, - "ignoreRecentlyPublishedVln": { + "onlyRegisteredImages": { "type": "boolean" }, - "ignoreRecentlyPublishedVlnPeriod": { - "type": "integer" - }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" - }, - "ignoredRiskResources": { + "osGroupsAlloweds": { "type": "array", "items": { "type": "string" }, - "description": "List of ignored risk resources.\n" + "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, - "images": { + "osGroupsBlockeds": { "type": "array", "items": { "type": "string" }, - "description": "List of images.\n" + "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" }, - "kubeCisEnabled": { - "type": "boolean" + "osUsersAlloweds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" }, - "labels": { + "osUsersBlockeds": { "type": "array", "items": { "type": "string" }, - "description": "List of labels.\n" + "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" }, - "malwareAction": { + "packageBlocks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock" + } + }, + "permission": { "type": "string" }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" + "portBlock": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock" }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" + "readonlyFiles": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles" }, - "maximumScoreExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry" + }, + "registry": { + "type": "string" + }, + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring" + }, + "repoName": { + "type": "string" + }, + "resourceName": { + "type": "string" + }, + "resourceType": { + "type": "string" }, - "monitoredMalwarePaths": { + "restrictedVolumes": { "type": "array", "items": { - "type": "string" - } + "$ref": "#/types/aquasec:index/HostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" }, - "name": { - "type": "string" + "reverseShell": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell" }, - "onlyNoneRootUsers": { - "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" + "runtimeMode": { + "type": "integer" }, - "packagesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "runtimeType": { + "type": "string" }, - "packagesBlackLists": { + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" + "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" }, - "description": "List of backlisted images.\n" - }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "description": "List of scope attributes.\n" }, - "packagesWhiteLists": { + "scopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" + "$ref": "#/types/aquasec:index/HostRuntimePolicyScope:HostRuntimePolicyScope" }, - "description": "List of whitelisted images.\n" + "description": "Scope configuration.\n" }, - "partialResultsImageFail": { - "type": "boolean" + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/HostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection" }, - "readOnly": { - "type": "boolean" + "tripwire": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyTripwire:HostRuntimePolicyTripwire" }, - "registries": { - "type": "array", - "items": { + "type": { + "type": "string" + }, + "updated": { + "type": "string" + }, + "version": { + "type": "string" + }, + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering HostRuntimePolicy resources.\n", + "properties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAllowedExecutable:HostRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAllowedRegistry:HostRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" + }, + "auditBruteForceLogin": { + "type": "boolean", + "description": "Detects brute force login attempts\n" + }, + "auditFullCommandArguments": { + "type": "boolean", + "description": "If true, full command arguments will be audited.\n" + }, + "auditHostFailedLoginEvents": { + "type": "boolean", + "description": "If true, host failed logins will be audited.\n" + }, + "auditHostSuccessfulLoginEvents": { + "type": "boolean", + "description": "If true, host successful logins will be audited.\n" + }, + "auditUserAccountManagement": { + "type": "boolean", + "description": "If true, account management will be audited.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyAuditing:HostRuntimePolicyAuditing" + }, + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "blacklistedOsUsers": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyBlacklistedOsUsers:HostRuntimePolicyBlacklistedOsUsers" + }, + "blockContainerExec": { + "type": "boolean" + }, + "blockCryptocurrencyMining": { + "type": "boolean", + "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + }, + "blockDisallowedImages": { + "type": "boolean" + }, + "blockFilelessExec": { + "type": "boolean" + }, + "blockNonCompliantWorkloads": { + "type": "boolean" + }, + "blockNonK8sContainers": { + "type": "boolean" + }, + "blockedFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of files that are prevented from being read, modified and executed in the containers.\n" + }, + "bypassScopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyBypassScope:HostRuntimePolicyBypassScope" + }, + "description": "Bypass scope configuration.\n" + }, + "containerExec": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyContainerExec:HostRuntimePolicyContainerExec" + }, + "created": { + "type": "string" + }, + "cve": { + "type": "string" + }, + "defaultSecurityProfile": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the host runtime policy\n" + }, + "digest": { + "type": "string" + }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyDriftPrevention:HostRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "enableCryptoMiningDns": { + "type": "boolean" + }, + "enableForkGuard": { + "type": "boolean" + }, + "enableIpReputation": { + "type": "boolean" + }, + "enablePortScanProtection": { + "type": "boolean" + }, + "enabled": { + "type": "boolean", + "description": "Whether allowed executables configuration is enabled.\n" + }, + "enforce": { + "type": "boolean", + "description": "Indicates that policy should effect container execution (not just for audit).\n" + }, + "enforceAfterDays": { + "type": "integer", + "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + }, + "enforceSchedulerAddedOn": { + "type": "integer" + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of excluded application scopes.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyExecutableBlacklist:HostRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, + "failedKubernetesChecks": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFailedKubernetesChecks:HostRuntimePolicyFailedKubernetesChecks" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFileBlock:HostRuntimePolicyFileBlock" + }, + "fileIntegrityMonitoring": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", + "description": "Configuration for file integrity monitoring.\n" + }, + "forkGuardProcessLimit": { + "type": "integer" + }, + "imageName": { + "type": "string" + }, + "isAuditChecked": { + "type": "boolean" + }, + "isAutoGenerated": { + "type": "boolean" + }, + "isOotbPolicy": { + "type": "boolean" + }, + "lastupdate": { + "type": "integer" + }, + "limitContainerPrivileges": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyLimitContainerPrivilege:HostRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" + }, + "linuxCapabilities": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyLinuxCapabilities:HostRuntimePolicyLinuxCapabilities" + }, + "malwareScanOptions": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", + "description": "Configuration for Real-Time Malware Protection.\n" + }, + "monitorSystemLogIntegrity": { + "type": "boolean", + "description": "If true, system log will be monitored.\n" + }, + "monitorSystemTimeChanges": { + "type": "boolean", + "description": "If true, system time changes will be monitored.\n" + }, + "monitorWindowsServices": { + "type": "boolean", + "description": "If true, windows service operations will be monitored.\n" + }, + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true + }, + "noNewPrivileges": { + "type": "boolean" + }, + "onlyRegisteredImages": { + "type": "boolean" + }, + "osGroupsAlloweds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + }, + "osGroupsBlockeds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + }, + "osUsersAlloweds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" + }, + "osUsersBlockeds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" + }, + "packageBlocks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyPackageBlock:HostRuntimePolicyPackageBlock" + } + }, + "permission": { "type": "string" }, - "description": "List of registries.\n" - }, - "registry": { - "type": "string" - }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" - } - }, - "requiredLabelsEnabled": { - "type": "boolean" - }, - "scanNfsMounts": { - "type": "boolean" - }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" - }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" - }, - "scapFiles": { - "type": "array", - "items": { + "portBlock": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyPortBlock:HostRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReadonlyFiles:HostRuntimePolicyReadonlyFiles" + }, + "readonlyRegistry": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReadonlyRegistry:HostRuntimePolicyReadonlyRegistry" + }, + "registry": { "type": "string" }, - "description": "List of SCAP user scripts for checks.\n" - }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope" - } - }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" + "registryAccessMonitoring": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyRegistryAccessMonitoring:HostRuntimePolicyRegistryAccessMonitoring" }, - "description": "List of trusted images.\n" - }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" - }, - "whitelistedLicenses": { - "type": "array", - "items": { + "repoName": { "type": "string" }, - "description": "List of whitelisted licenses.\n" - }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" - } - }, - "required": [ - "applicationScopes", - "author", - "autoScanTimes", - "ignoreRecentlyPublishedVlnPeriod", - "name", - "scopes" - ], - "inputProperties": { - "allowedImages": { - "type": "array", - "items": { + "resourceName": { "type": "string" }, - "description": "List of explicitly allowed images.\n" - }, - "applicationScopes": { - "type": "array", - "items": { + "resourceType": { "type": "string" - } - }, - "auditOnFailure": { - "type": "boolean", - "description": "Indicates if auditing for failures.\n" - }, - "autoScanConfigured": { - "type": "boolean" - }, - "autoScanEnabled": { - "type": "boolean" - }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" - } - }, - "blacklistPermissions": { - "type": "array", - "items": { + }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyRestrictedVolume:HostRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" + }, + "reverseShell": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyReverseShell:HostRuntimePolicyReverseShell" + }, + "runtimeMode": { + "type": "integer" + }, + "runtimeType": { "type": "string" }, - "description": "List of function's forbidden permissions.\n" - }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" - }, - "blacklistedLicenses": { - "type": "array", - "items": { + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyScope:HostRuntimePolicyScope" + }, + "description": "Scope configuration.\n" + }, + "systemIntegrityProtection": { + "$ref": "#/types/aquasec:index/HostRuntimePolicySystemIntegrityProtection:HostRuntimePolicySystemIntegrityProtection" + }, + "tripwire": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyTripwire:HostRuntimePolicyTripwire" + }, + "type": { "type": "string" }, - "description": "List of blacklisted licenses.\n" - }, - "blacklistedLicensesEnabled": { - "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" - }, - "blockFailed": { - "type": "boolean", - "description": "Indicates if failed images are blocked.\n" - }, - "controlExcludeNoFix": { - "type": "boolean" - }, - "customChecks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" + "updated": { + "type": "string" }, - "description": "List of Custom user scripts for checks.\n" - }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" - }, - "customSeverityEnabled": { - "type": "boolean" - }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" - }, - "cvesBlackLists": { - "type": "array", - "items": { + "version": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "vpatchVersion": { + "type": "string" + }, + "whitelistedOsUsers": { + "$ref": "#/types/aquasec:index/HostRuntimePolicyWhitelistedOsUsers:HostRuntimePolicyWhitelistedOsUsers" + } }, - "cvesWhiteListEnabled": { + "type": "object" + } + }, + "aquasec:index/image:Image": { + "properties": { + "allowImage": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "If this field is set to true, the image will be whitelisted.\n" }, - "cvesWhiteLists": { + "architecture": { + "type": "string", + "description": "The image architecture.\n" + }, + "assuranceChecksPerformeds": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed" }, - "description": "List of cves whitelisted licenses\n" + "description": "The list of image assurance checks performed on the image.\n" }, - "cvssSeverity": { + "author": { "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" + "description": "The name of the user who registered the image.\n" }, - "cvssSeverityExcludeNoFix": { + "blacklisted": { "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" - }, - "description": { - "type": "string" + "description": "Whether the image is blacklisted.\n" }, - "disallowMalware": { + "blockImage": { "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { - "type": "boolean" + "description": "If this field is set to true, the image will be blacklisted.\n" }, - "domain": { + "comment": { "type": "string", - "description": "Name of the container image.\n" - }, - "domainName": { - "type": "string" - }, - "dtaEnabled": { - "type": "boolean" - }, - "dtaSeverity": { - "type": "string" - }, - "enabled": { - "type": "boolean" + "description": "The image creation comment.\n" }, - "enforce": { - "type": "boolean" + "created": { + "type": "string", + "description": "The date and time when the image was registered.\n" }, - "enforceAfterDays": { - "type": "integer" + "criticalVulnerabilities": { + "type": "integer", + "description": "Number of critical severity vulnerabilities detected in the image.\n" }, - "enforceExcessivePermissions": { - "type": "boolean" + "defaultUser": { + "type": "string", + "description": "The default user of the image.\n" }, - "exceptionalMonitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } + "digest": { + "type": "string", + "description": "The content digest of the image.\n" }, - "failCicd": { + "disallowed": { "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" + "description": "Whether the image is disallowed (non-compliant).\n" }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" - } + "disallowedByAssuranceChecks": { + "type": "boolean", + "description": "Whether the image was disallowed because of Image Assurance Policies.\n" }, - "forbiddenLabelsEnabled": { - "type": "boolean" + "dockerId": { + "type": "string", + "description": "The Docker image ID.\n" }, - "forceMicroenforcer": { - "type": "boolean" + "dockerLabels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Docker labels of the image.\n" }, - "functionIntegrityEnabled": { - "type": "boolean" + "dockerVersion": { + "type": "string", + "description": "The Docker version used when building the image.\n" }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" + "dtaSeverityScore": { + "type": "string", + "description": "DTA severity score.\n" }, - "ignoreRiskResourcesEnabled": { + "dtaSkipped": { "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" + "description": "If DTA was skipped.\n" }, - "ignoredRiskResources": { + "dtaSkippedReason": { + "type": "string", + "description": "The reason why DTA was skipped.\n" + }, + "environmentVariables": { "type": "array", "items": { "type": "string" }, - "description": "List of ignored risk resources.\n" + "description": "Environment variables in the image.\n" }, - "images": { + "highVulnerabilities": { + "type": "integer", + "description": "Number of high severity vulnerabilities detected in the image.\n" + }, + "histories": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageHistory:ImageHistory" }, - "description": "List of images.\n" + "description": "The Docker history of the image.\n" }, - "kubeCisEnabled": { - "type": "boolean" + "imageSize": { + "type": "integer", + "description": "The size of the image in bytes.\n" + }, + "imageType": { + "type": "string", + "description": "The type of the image.\n" }, "labels": { "type": "array", "items": { "type": "string" }, - "description": "List of labels.\n" + "description": "Aqua labels of the image.\n" }, - "malwareAction": { - "type": "string" + "lowVulnerabilities": { + "type": "integer", + "description": "Number of low severity vulnerabilities detected in the image.\n" }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" + "malware": { + "type": "integer", + "description": "Number of malware found on the image.\n" }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" + "mediumVulnerabilities": { + "type": "integer", + "description": "Number of medium severity vulnerabilities detected in the image.\n" }, - "maximumScoreExcludeNoFix": { + "name": { + "type": "string", + "description": "The name of the image.\n" + }, + "negligibleVulnerabilities": { + "type": "integer", + "description": "Number of negligible severity vulnerabilities detected in the image.\n" + }, + "newerImageExists": { "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n" }, - "monitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } + "os": { + "type": "string", + "description": "The operating system detected in the image\n" }, - "name": { + "osVersion": { "type": "string", - "willReplaceOnChanges": true + "description": "The version of the OS detected in the image.\n" }, - "onlyNoneRootUsers": { + "parent": { + "type": "string", + "description": "The ID of the parent image.\n" + }, + "partialResults": { "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" + "description": "Whether the image could only be partially scanned.\n" }, - "packagesBlackListEnabled": { + "pendingDisallowed": { "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n" }, - "packagesBlackLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" - }, - "description": "List of backlisted images.\n" + "permission": { + "type": "string", + "description": "Permission of the image.\n" }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "permissionAuthor": { + "type": "string", + "description": "The name of the user who last modified the image permissions.\n" }, - "packagesWhiteLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" - }, - "description": "List of whitelisted images.\n" + "permissionComment": { + "type": "string", + "description": "The comment provided when the image permissions were last modified\n" }, - "partialResultsImageFail": { - "type": "boolean" + "permissionModificationComment": { + "type": "string", + "description": "A comment on why the image was whitelisted or blacklisted\n" }, - "readOnly": { - "type": "boolean" + "registry": { + "type": "string", + "description": "The name of the registry where the image is stored.\n" }, - "registries": { + "registryType": { + "type": "string", + "description": "Type of the registry.\n" + }, + "repoDigests": { "type": "array", "items": { "type": "string" }, - "description": "List of registries.\n" + "description": "The repository digests.\n" }, - "registry": { - "type": "string" + "repository": { + "type": "string", + "description": "The name of the image's repository.\n" }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" - } + "scanDate": { + "type": "string", + "description": "The date and time when the image was last scanned.\n" }, - "requiredLabelsEnabled": { - "type": "boolean" + "scanError": { + "type": "string", + "description": "If the image scan failed, the failure message.\n" }, - "scanNfsMounts": { - "type": "boolean" + "scanStatus": { + "type": "string", + "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n" }, - "scanSensitiveData": { + "sensitiveData": { + "type": "integer", + "description": "Number of sensitive data detected in the image.\n" + }, + "tag": { + "type": "string", + "description": "The tag of the image.\n" + }, + "totalVulnerabilities": { + "type": "integer", + "description": "The total number of vulnerabilities detected in the image.\n" + }, + "virtualSize": { + "type": "integer", + "description": "The virtual size of the image.\n" + }, + "vulnerabilities": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageVulnerability:ImageVulnerability" + }, + "description": "A list of all the vulnerabilities found in the image\n" + }, + "whitelisted": { + "type": "boolean", + "description": "Whether the image is whitelisted.\n" + } + }, + "required": [ + "architecture", + "assuranceChecksPerformeds", + "author", + "blacklisted", + "comment", + "created", + "criticalVulnerabilities", + "defaultUser", + "digest", + "disallowed", + "disallowedByAssuranceChecks", + "dockerId", + "dockerLabels", + "dockerVersion", + "dtaSeverityScore", + "dtaSkipped", + "dtaSkippedReason", + "environmentVariables", + "highVulnerabilities", + "histories", + "imageSize", + "imageType", + "labels", + "lowVulnerabilities", + "malware", + "mediumVulnerabilities", + "name", + "negligibleVulnerabilities", + "newerImageExists", + "os", + "osVersion", + "parent", + "partialResults", + "pendingDisallowed", + "permission", + "permissionAuthor", + "permissionComment", + "registry", + "registryType", + "repoDigests", + "repository", + "scanDate", + "scanError", + "scanStatus", + "sensitiveData", + "tag", + "totalVulnerabilities", + "virtualSize", + "vulnerabilities", + "whitelisted" + ], + "inputProperties": { + "allowImage": { "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "description": "If this field is set to true, the image will be whitelisted.\n" }, - "scapEnabled": { + "blockImage": { "type": "boolean", - "description": "Indicates if scanning should include scap.\n" - }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of SCAP user scripts for checks.\n" - }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope" - } + "description": "If this field is set to true, the image will be blacklisted.\n" }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "permissionModificationComment": { + "type": "string", + "description": "A comment on why the image was whitelisted or blacklisted\n" }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "registry": { + "type": "string", + "description": "The name of the registry where the image is stored.\n", + "willReplaceOnChanges": true }, - "whitelistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of whitelisted licenses.\n" + "repository": { + "type": "string", + "description": "The name of the image's repository.\n", + "willReplaceOnChanges": true }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" + "tag": { + "type": "string", + "description": "The tag of the image.\n", + "willReplaceOnChanges": true } }, "requiredInputs": [ - "applicationScopes" + "registry", + "repository", + "tag" ], "stateInputs": { - "description": "Input properties used for looking up and filtering HostAssurancePolicy resources.\n", + "description": "Input properties used for looking up and filtering Image resources.\n", "properties": { - "allowedImages": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of explicitly allowed images.\n" - }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - } - }, - "auditOnFailure": { + "allowImage": { "type": "boolean", - "description": "Indicates if auditing for failures.\n" + "description": "If this field is set to true, the image will be whitelisted.\n" }, - "author": { + "architecture": { "type": "string", - "description": "Name of user account that created the policy.\n" - }, - "autoScanConfigured": { - "type": "boolean" - }, - "autoScanEnabled": { - "type": "boolean" - }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyAutoScanTime:HostAssurancePolicyAutoScanTime" - } - }, - "blacklistPermissions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of function's forbidden permissions.\n" - }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" + "description": "The image architecture.\n" }, - "blacklistedLicenses": { + "assuranceChecksPerformeds": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed" }, - "description": "List of blacklisted licenses.\n" - }, - "blacklistedLicensesEnabled": { - "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" - }, - "blockFailed": { - "type": "boolean", - "description": "Indicates if failed images are blocked.\n" - }, - "controlExcludeNoFix": { - "type": "boolean" + "description": "The list of image assurance checks performed on the image.\n" }, - "customChecks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyCustomCheck:HostAssurancePolicyCustomCheck" - }, - "description": "List of Custom user scripts for checks.\n" + "author": { + "type": "string", + "description": "The name of the user who registered the image.\n" }, - "customChecksEnabled": { + "blacklisted": { "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" - }, - "customSeverityEnabled": { - "type": "boolean" + "description": "Whether the image is blacklisted.\n" }, - "cvesBlackListEnabled": { + "blockImage": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "If this field is set to true, the image will be blacklisted.\n" }, - "cvesBlackLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves blacklisted items.\n" + "comment": { + "type": "string", + "description": "The image creation comment.\n" }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "created": { + "type": "string", + "description": "The date and time when the image was registered.\n" }, - "cvesWhiteLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves whitelisted licenses\n" + "criticalVulnerabilities": { + "type": "integer", + "description": "Number of critical severity vulnerabilities detected in the image.\n" }, - "cvssSeverity": { + "defaultUser": { "type": "string", - "description": "Identifier of the cvss severity.\n" + "description": "The default user of the image.\n" }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" + "digest": { + "type": "string", + "description": "The content digest of the image.\n" }, - "cvssSeverityExcludeNoFix": { + "disallowed": { "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" - }, - "description": { - "type": "string" + "description": "Whether the image is disallowed (non-compliant).\n" }, - "disallowMalware": { + "disallowedByAssuranceChecks": { "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { - "type": "boolean" + "description": "Whether the image was disallowed because of Image Assurance Policies.\n" }, - "domain": { + "dockerId": { "type": "string", - "description": "Name of the container image.\n" - }, - "domainName": { - "type": "string" - }, - "dtaEnabled": { - "type": "boolean" - }, - "dtaSeverity": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "enforce": { - "type": "boolean" - }, - "enforceAfterDays": { - "type": "integer" - }, - "enforceExcessivePermissions": { - "type": "boolean" + "description": "The Docker image ID.\n" }, - "exceptionalMonitoredMalwarePaths": { + "dockerLabels": { "type": "array", "items": { "type": "string" - } - }, - "failCicd": { - "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" - }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyForbiddenLabel:HostAssurancePolicyForbiddenLabel" - } - }, - "forbiddenLabelsEnabled": { - "type": "boolean" - }, - "forceMicroenforcer": { - "type": "boolean" - }, - "functionIntegrityEnabled": { - "type": "boolean" + }, + "description": "Docker labels of the image.\n" }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" + "dockerVersion": { + "type": "string", + "description": "The Docker version used when building the image.\n" }, - "ignoreRecentlyPublishedVlnPeriod": { - "type": "integer" + "dtaSeverityScore": { + "type": "string", + "description": "DTA severity score.\n" }, - "ignoreRiskResourcesEnabled": { + "dtaSkipped": { "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" + "description": "If DTA was skipped.\n" }, - "ignoredRiskResources": { + "dtaSkippedReason": { + "type": "string", + "description": "The reason why DTA was skipped.\n" + }, + "environmentVariables": { "type": "array", "items": { "type": "string" }, - "description": "List of ignored risk resources.\n" + "description": "Environment variables in the image.\n" }, - "images": { + "highVulnerabilities": { + "type": "integer", + "description": "Number of high severity vulnerabilities detected in the image.\n" + }, + "histories": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageHistory:ImageHistory" }, - "description": "List of images.\n" + "description": "The Docker history of the image.\n" }, - "kubeCisEnabled": { - "type": "boolean" + "imageSize": { + "type": "integer", + "description": "The size of the image in bytes.\n" + }, + "imageType": { + "type": "string", + "description": "The type of the image.\n" }, "labels": { "type": "array", "items": { "type": "string" }, - "description": "List of labels.\n" + "description": "Aqua labels of the image.\n" }, - "malwareAction": { - "type": "string" + "lowVulnerabilities": { + "type": "integer", + "description": "Number of low severity vulnerabilities detected in the image.\n" }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" + "malware": { + "type": "integer", + "description": "Number of malware found on the image.\n" }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" + "mediumVulnerabilities": { + "type": "integer", + "description": "Number of medium severity vulnerabilities detected in the image.\n" }, - "maximumScoreExcludeNoFix": { + "name": { + "type": "string", + "description": "The name of the image.\n" + }, + "negligibleVulnerabilities": { + "type": "integer", + "description": "Number of negligible severity vulnerabilities detected in the image.\n" + }, + "newerImageExists": { "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n" }, - "monitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } + "os": { + "type": "string", + "description": "The operating system detected in the image\n" }, - "name": { + "osVersion": { "type": "string", - "willReplaceOnChanges": true + "description": "The version of the OS detected in the image.\n" }, - "onlyNoneRootUsers": { + "parent": { + "type": "string", + "description": "The ID of the parent image.\n" + }, + "partialResults": { "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" + "description": "Whether the image could only be partially scanned.\n" }, - "packagesBlackListEnabled": { + "pendingDisallowed": { "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n" }, - "packagesBlackLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesBlackList:HostAssurancePolicyPackagesBlackList" - }, - "description": "List of backlisted images.\n" + "permission": { + "type": "string", + "description": "Permission of the image.\n" }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "permissionAuthor": { + "type": "string", + "description": "The name of the user who last modified the image permissions.\n" }, - "packagesWhiteLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyPackagesWhiteList:HostAssurancePolicyPackagesWhiteList" - }, - "description": "List of whitelisted images.\n" + "permissionComment": { + "type": "string", + "description": "The comment provided when the image permissions were last modified\n" }, - "partialResultsImageFail": { - "type": "boolean" + "permissionModificationComment": { + "type": "string", + "description": "A comment on why the image was whitelisted or blacklisted\n" }, - "readOnly": { - "type": "boolean" + "registry": { + "type": "string", + "description": "The name of the registry where the image is stored.\n", + "willReplaceOnChanges": true }, - "registries": { + "registryType": { + "type": "string", + "description": "Type of the registry.\n" + }, + "repoDigests": { "type": "array", "items": { "type": "string" }, - "description": "List of registries.\n" + "description": "The repository digests.\n" }, - "registry": { - "type": "string" + "repository": { + "type": "string", + "description": "The name of the image's repository.\n", + "willReplaceOnChanges": true }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyRequiredLabel:HostAssurancePolicyRequiredLabel" - } + "scanDate": { + "type": "string", + "description": "The date and time when the image was last scanned.\n" }, - "requiredLabelsEnabled": { - "type": "boolean" + "scanError": { + "type": "string", + "description": "If the image scan failed, the failure message.\n" }, - "scanNfsMounts": { - "type": "boolean" + "scanStatus": { + "type": "string", + "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n" }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "sensitiveData": { + "type": "integer", + "description": "Number of sensitive data detected in the image.\n" }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "tag": { + "type": "string", + "description": "The tag of the image.\n", + "willReplaceOnChanges": true }, - "scapFiles": { + "totalVulnerabilities": { + "type": "integer", + "description": "The total number of vulnerabilities detected in the image.\n" + }, + "virtualSize": { + "type": "integer", + "description": "The virtual size of the image.\n" + }, + "vulnerabilities": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageVulnerability:ImageVulnerability" }, - "description": "List of SCAP user scripts for checks.\n" + "description": "A list of all the vulnerabilities found in the image\n" }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyScope:HostAssurancePolicyScope" - } + "whitelisted": { + "type": "boolean", + "description": "Whether the image is whitelisted.\n" + } + }, + "type": "object" + } + }, + "aquasec:index/imageAssurancePolicy:ImageAssurancePolicy": { + "description": "Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images.\n", + "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostAssurancePolicyTrustedBaseImage:HostAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "description": "List of cves blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if cves whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" }, - "whitelistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of whitelisted licenses.\n" + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" + }, + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "failCicd": { + "type": "boolean", + "description": "Indicates if cicd failures will fail the image.\n" + }, + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" + } + }, + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" } }, - "type": "object" - } - }, - "aquasec:index/hostRuntimePolicy:HostRuntimePolicy": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst hostRuntimePolicy = new aquasec.HostRuntimePolicy(\"hostRuntimePolicy\", {\n applicationScopes: [\"Global\"],\n auditAllOsUserActivity: true,\n auditBruteForceLogin: true,\n auditFullCommandArguments: true,\n auditHostFailedLoginEvents: true,\n auditHostSuccessfulLoginEvents: true,\n auditUserAccountManagement: true,\n blockCryptocurrencyMining: true,\n blockedFiles: [\"blocked\"],\n description: \"host_runtime_policy\",\n enableIpReputationSecurity: true,\n enabled: true,\n enforce: false,\n fileIntegrityMonitoring: {\n excludedPaths: [\"expaths\"],\n excludedProcesses: [\"exprocess\"],\n excludedUsers: [\"expuser\"],\n monitorAttributes: true,\n monitorCreate: true,\n monitorDelete: true,\n monitorModify: true,\n monitorRead: true,\n monitoredPaths: [\"paths\"],\n monitoredProcesses: [\"process\"],\n monitoredUsers: [\"user\"],\n },\n monitorSystemLogIntegrity: true,\n monitorSystemTimeChanges: true,\n monitorWindowsServices: true,\n osGroupsAlloweds: [\"group1\"],\n osGroupsBlockeds: [\"group2\"],\n osUsersAlloweds: [\"user1\"],\n osUsersBlockeds: [\"user2\"],\n packageBlocks: [\"package1\"],\n portScanningDetection: true,\n scopeVariables: [\n {\n attribute: \"kubernetes.cluster\",\n value: \"default\",\n },\n {\n attribute: \"kubernetes.label\",\n name: \"app\",\n value: \"aqua\",\n },\n ],\n windowsRegistryMonitoring: {\n excludedPaths: [\"expaths\"],\n excludedProcesses: [\"exprocess\"],\n excludedUsers: [\"expuser\"],\n monitorAttributes: true,\n monitorCreate: true,\n monitorDelete: true,\n monitorModify: true,\n monitorRead: true,\n monitoredPaths: [\"paths\"],\n monitoredProcesses: [\"process\"],\n monitoredUsers: [\"user\"],\n },\n windowsRegistryProtection: {\n excludedPaths: [\"expaths\"],\n excludedProcesses: [\"exprocess\"],\n excludedUsers: [\"expuser\"],\n protectedPaths: [\"paths\"],\n protectedProcesses: [\"process\"],\n protectedUsers: [\"user\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nhost_runtime_policy = aquasec.HostRuntimePolicy(\"hostRuntimePolicy\",\n application_scopes=[\"Global\"],\n audit_all_os_user_activity=True,\n audit_brute_force_login=True,\n audit_full_command_arguments=True,\n audit_host_failed_login_events=True,\n audit_host_successful_login_events=True,\n audit_user_account_management=True,\n block_cryptocurrency_mining=True,\n blocked_files=[\"blocked\"],\n description=\"host_runtime_policy\",\n enable_ip_reputation_security=True,\n enabled=True,\n enforce=False,\n file_integrity_monitoring=aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs(\n excluded_paths=[\"expaths\"],\n excluded_processes=[\"exprocess\"],\n excluded_users=[\"expuser\"],\n monitor_attributes=True,\n monitor_create=True,\n monitor_delete=True,\n monitor_modify=True,\n monitor_read=True,\n monitored_paths=[\"paths\"],\n monitored_processes=[\"process\"],\n monitored_users=[\"user\"],\n ),\n monitor_system_log_integrity=True,\n monitor_system_time_changes=True,\n monitor_windows_services=True,\n os_groups_alloweds=[\"group1\"],\n os_groups_blockeds=[\"group2\"],\n os_users_alloweds=[\"user1\"],\n os_users_blockeds=[\"user2\"],\n package_blocks=[\"package1\"],\n port_scanning_detection=True,\n scope_variables=[\n aquasec.HostRuntimePolicyScopeVariableArgs(\n attribute=\"kubernetes.cluster\",\n value=\"default\",\n ),\n aquasec.HostRuntimePolicyScopeVariableArgs(\n attribute=\"kubernetes.label\",\n name=\"app\",\n value=\"aqua\",\n ),\n ],\n windows_registry_monitoring=aquasec.HostRuntimePolicyWindowsRegistryMonitoringArgs(\n excluded_paths=[\"expaths\"],\n excluded_processes=[\"exprocess\"],\n excluded_users=[\"expuser\"],\n monitor_attributes=True,\n monitor_create=True,\n monitor_delete=True,\n monitor_modify=True,\n monitor_read=True,\n monitored_paths=[\"paths\"],\n monitored_processes=[\"process\"],\n monitored_users=[\"user\"],\n ),\n windows_registry_protection=aquasec.HostRuntimePolicyWindowsRegistryProtectionArgs(\n excluded_paths=[\"expaths\"],\n excluded_processes=[\"exprocess\"],\n excluded_users=[\"expuser\"],\n protected_paths=[\"paths\"],\n protected_processes=[\"process\"],\n protected_users=[\"user\"],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hostRuntimePolicy = new Aquasec.HostRuntimePolicy(\"hostRuntimePolicy\", new()\n {\n ApplicationScopes = new[]\n {\n \"Global\",\n },\n AuditAllOsUserActivity = true,\n AuditBruteForceLogin = true,\n AuditFullCommandArguments = true,\n AuditHostFailedLoginEvents = true,\n AuditHostSuccessfulLoginEvents = true,\n AuditUserAccountManagement = true,\n BlockCryptocurrencyMining = true,\n BlockedFiles = new[]\n {\n \"blocked\",\n },\n Description = \"host_runtime_policy\",\n EnableIpReputationSecurity = true,\n Enabled = true,\n Enforce = false,\n FileIntegrityMonitoring = new Aquasec.Inputs.HostRuntimePolicyFileIntegrityMonitoringArgs\n {\n ExcludedPaths = new[]\n {\n \"expaths\",\n },\n ExcludedProcesses = new[]\n {\n \"exprocess\",\n },\n ExcludedUsers = new[]\n {\n \"expuser\",\n },\n MonitorAttributes = true,\n MonitorCreate = true,\n MonitorDelete = true,\n MonitorModify = true,\n MonitorRead = true,\n MonitoredPaths = new[]\n {\n \"paths\",\n },\n MonitoredProcesses = new[]\n {\n \"process\",\n },\n MonitoredUsers = new[]\n {\n \"user\",\n },\n },\n MonitorSystemLogIntegrity = true,\n MonitorSystemTimeChanges = true,\n MonitorWindowsServices = true,\n OsGroupsAlloweds = new[]\n {\n \"group1\",\n },\n OsGroupsBlockeds = new[]\n {\n \"group2\",\n },\n OsUsersAlloweds = new[]\n {\n \"user1\",\n },\n OsUsersBlockeds = new[]\n {\n \"user2\",\n },\n PackageBlocks = new[]\n {\n \"package1\",\n },\n PortScanningDetection = true,\n ScopeVariables = new[]\n {\n new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs\n {\n Attribute = \"kubernetes.cluster\",\n Value = \"default\",\n },\n new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs\n {\n Attribute = \"kubernetes.label\",\n Name = \"app\",\n Value = \"aqua\",\n },\n },\n WindowsRegistryMonitoring = new Aquasec.Inputs.HostRuntimePolicyWindowsRegistryMonitoringArgs\n {\n ExcludedPaths = new[]\n {\n \"expaths\",\n },\n ExcludedProcesses = new[]\n {\n \"exprocess\",\n },\n ExcludedUsers = new[]\n {\n \"expuser\",\n },\n MonitorAttributes = true,\n MonitorCreate = true,\n MonitorDelete = true,\n MonitorModify = true,\n MonitorRead = true,\n MonitoredPaths = new[]\n {\n \"paths\",\n },\n MonitoredProcesses = new[]\n {\n \"process\",\n },\n MonitoredUsers = new[]\n {\n \"user\",\n },\n },\n WindowsRegistryProtection = new Aquasec.Inputs.HostRuntimePolicyWindowsRegistryProtectionArgs\n {\n ExcludedPaths = new[]\n {\n \"expaths\",\n },\n ExcludedProcesses = new[]\n {\n \"exprocess\",\n },\n ExcludedUsers = new[]\n {\n \"expuser\",\n },\n ProtectedPaths = new[]\n {\n \"paths\",\n },\n ProtectedProcesses = new[]\n {\n \"process\",\n },\n ProtectedUsers = new[]\n {\n \"user\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewHostRuntimePolicy(ctx, \"hostRuntimePolicy\", \u0026aquasec.HostRuntimePolicyArgs{\n\t\t\tApplicationScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Global\"),\n\t\t\t},\n\t\t\tAuditAllOsUserActivity: pulumi.Bool(true),\n\t\t\tAuditBruteForceLogin: pulumi.Bool(true),\n\t\t\tAuditFullCommandArguments: pulumi.Bool(true),\n\t\t\tAuditHostFailedLoginEvents: pulumi.Bool(true),\n\t\t\tAuditHostSuccessfulLoginEvents: pulumi.Bool(true),\n\t\t\tAuditUserAccountManagement: pulumi.Bool(true),\n\t\t\tBlockCryptocurrencyMining: pulumi.Bool(true),\n\t\t\tBlockedFiles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"blocked\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"host_runtime_policy\"),\n\t\t\tEnableIpReputationSecurity: pulumi.Bool(true),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEnforce: pulumi.Bool(false),\n\t\t\tFileIntegrityMonitoring: \u0026aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs{\n\t\t\t\tExcludedPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expaths\"),\n\t\t\t\t},\n\t\t\t\tExcludedProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"exprocess\"),\n\t\t\t\t},\n\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expuser\"),\n\t\t\t\t},\n\t\t\t\tMonitorAttributes: pulumi.Bool(true),\n\t\t\t\tMonitorCreate: pulumi.Bool(true),\n\t\t\t\tMonitorDelete: pulumi.Bool(true),\n\t\t\t\tMonitorModify: pulumi.Bool(true),\n\t\t\t\tMonitorRead: pulumi.Bool(true),\n\t\t\t\tMonitoredPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"paths\"),\n\t\t\t\t},\n\t\t\t\tMonitoredProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"process\"),\n\t\t\t\t},\n\t\t\t\tMonitoredUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tMonitorSystemLogIntegrity: pulumi.Bool(true),\n\t\t\tMonitorSystemTimeChanges: pulumi.Bool(true),\n\t\t\tMonitorWindowsServices: pulumi.Bool(true),\n\t\t\tOsGroupsAlloweds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"group1\"),\n\t\t\t},\n\t\t\tOsGroupsBlockeds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"group2\"),\n\t\t\t},\n\t\t\tOsUsersAlloweds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user1\"),\n\t\t\t},\n\t\t\tOsUsersBlockeds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user2\"),\n\t\t\t},\n\t\t\tPackageBlocks: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"package1\"),\n\t\t\t},\n\t\t\tPortScanningDetection: pulumi.Bool(true),\n\t\t\tScopeVariables: aquasec.HostRuntimePolicyScopeVariableArray{\n\t\t\t\t\u0026aquasec.HostRuntimePolicyScopeVariableArgs{\n\t\t\t\t\tAttribute: pulumi.String(\"kubernetes.cluster\"),\n\t\t\t\t\tValue: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.HostRuntimePolicyScopeVariableArgs{\n\t\t\t\t\tAttribute: pulumi.String(\"kubernetes.label\"),\n\t\t\t\t\tName: pulumi.String(\"app\"),\n\t\t\t\t\tValue: pulumi.String(\"aqua\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tWindowsRegistryMonitoring: \u0026aquasec.HostRuntimePolicyWindowsRegistryMonitoringArgs{\n\t\t\t\tExcludedPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expaths\"),\n\t\t\t\t},\n\t\t\t\tExcludedProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"exprocess\"),\n\t\t\t\t},\n\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expuser\"),\n\t\t\t\t},\n\t\t\t\tMonitorAttributes: pulumi.Bool(true),\n\t\t\t\tMonitorCreate: pulumi.Bool(true),\n\t\t\t\tMonitorDelete: pulumi.Bool(true),\n\t\t\t\tMonitorModify: pulumi.Bool(true),\n\t\t\t\tMonitorRead: pulumi.Bool(true),\n\t\t\t\tMonitoredPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"paths\"),\n\t\t\t\t},\n\t\t\t\tMonitoredProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"process\"),\n\t\t\t\t},\n\t\t\t\tMonitoredUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tWindowsRegistryProtection: \u0026aquasec.HostRuntimePolicyWindowsRegistryProtectionArgs{\n\t\t\t\tExcludedPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expaths\"),\n\t\t\t\t},\n\t\t\t\tExcludedProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"exprocess\"),\n\t\t\t\t},\n\t\t\t\tExcludedUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"expuser\"),\n\t\t\t\t},\n\t\t\t\tProtectedPaths: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"paths\"),\n\t\t\t\t},\n\t\t\t\tProtectedProcesses: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"process\"),\n\t\t\t\t},\n\t\t\t\tProtectedUsers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.HostRuntimePolicy;\nimport com.pulumi.aquasec.HostRuntimePolicyArgs;\nimport com.pulumi.aquasec.inputs.HostRuntimePolicyFileIntegrityMonitoringArgs;\nimport com.pulumi.aquasec.inputs.HostRuntimePolicyScopeVariableArgs;\nimport com.pulumi.aquasec.inputs.HostRuntimePolicyWindowsRegistryMonitoringArgs;\nimport com.pulumi.aquasec.inputs.HostRuntimePolicyWindowsRegistryProtectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hostRuntimePolicy = new HostRuntimePolicy(\"hostRuntimePolicy\", HostRuntimePolicyArgs.builder() \n .applicationScopes(\"Global\")\n .auditAllOsUserActivity(true)\n .auditBruteForceLogin(true)\n .auditFullCommandArguments(true)\n .auditHostFailedLoginEvents(true)\n .auditHostSuccessfulLoginEvents(true)\n .auditUserAccountManagement(true)\n .blockCryptocurrencyMining(true)\n .blockedFiles(\"blocked\")\n .description(\"host_runtime_policy\")\n .enableIpReputationSecurity(true)\n .enabled(true)\n .enforce(false)\n .fileIntegrityMonitoring(HostRuntimePolicyFileIntegrityMonitoringArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .monitorAttributes(true)\n .monitorCreate(true)\n .monitorDelete(true)\n .monitorModify(true)\n .monitorRead(true)\n .monitoredPaths(\"paths\")\n .monitoredProcesses(\"process\")\n .monitoredUsers(\"user\")\n .build())\n .monitorSystemLogIntegrity(true)\n .monitorSystemTimeChanges(true)\n .monitorWindowsServices(true)\n .osGroupsAlloweds(\"group1\")\n .osGroupsBlockeds(\"group2\")\n .osUsersAlloweds(\"user1\")\n .osUsersBlockeds(\"user2\")\n .packageBlocks(\"package1\")\n .portScanningDetection(true)\n .scopeVariables( \n HostRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.cluster\")\n .value(\"default\")\n .build(),\n HostRuntimePolicyScopeVariableArgs.builder()\n .attribute(\"kubernetes.label\")\n .name(\"app\")\n .value(\"aqua\")\n .build())\n .windowsRegistryMonitoring(HostRuntimePolicyWindowsRegistryMonitoringArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .monitorAttributes(true)\n .monitorCreate(true)\n .monitorDelete(true)\n .monitorModify(true)\n .monitorRead(true)\n .monitoredPaths(\"paths\")\n .monitoredProcesses(\"process\")\n .monitoredUsers(\"user\")\n .build())\n .windowsRegistryProtection(HostRuntimePolicyWindowsRegistryProtectionArgs.builder()\n .excludedPaths(\"expaths\")\n .excludedProcesses(\"exprocess\")\n .excludedUsers(\"expuser\")\n .protectedPaths(\"paths\")\n .protectedProcesses(\"process\")\n .protectedUsers(\"user\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hostRuntimePolicy:\n type: aquasec:HostRuntimePolicy\n properties:\n applicationScopes:\n - Global\n auditAllOsUserActivity: true\n auditBruteForceLogin: true\n auditFullCommandArguments: true\n auditHostFailedLoginEvents: true\n auditHostSuccessfulLoginEvents: true\n auditUserAccountManagement: true\n blockCryptocurrencyMining: true\n blockedFiles:\n - blocked\n description: host_runtime_policy\n enableIpReputationSecurity: true\n enabled: true\n enforce: false\n fileIntegrityMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n monitorSystemLogIntegrity: true\n monitorSystemTimeChanges: true\n monitorWindowsServices: true\n osGroupsAlloweds:\n - group1\n osGroupsBlockeds:\n - group2\n osUsersAlloweds:\n - user1\n osUsersBlockeds:\n - user2\n packageBlocks:\n - package1\n portScanningDetection: true\n scopeVariables:\n - attribute: kubernetes.cluster\n value: default\n - attribute: kubernetes.label\n name: app\n value: aqua\n windowsRegistryMonitoring:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n monitorAttributes: true\n monitorCreate: true\n monitorDelete: true\n monitorModify: true\n monitorRead: true\n monitoredPaths:\n - paths\n monitoredProcesses:\n - process\n monitoredUsers:\n - user\n windowsRegistryProtection:\n excludedPaths:\n - expaths\n excludedProcesses:\n - exprocess\n excludedUsers:\n - expuser\n protectedPaths:\n - paths\n protectedProcesses:\n - process\n protectedUsers:\n - user\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "applicationScopes": { + "images": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" + "description": "List of images.\n" }, - "auditAllOsUserActivity": { + "kubeCisEnabled": { "type": "boolean", - "description": "If true, all process activity will be audited.\n" + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, - "auditBruteForceLogin": { - "type": "boolean", - "description": "Detects brute force login attempts\n" + "kubernetesControls": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls", + "description": "List of Kubernetes controls.\n" }, - "auditFullCommandArguments": { + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of labels.\n" + }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, + "malwareAction": { + "type": "string" + }, + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { "type": "boolean", - "description": "If true, full command arguments will be audited.\n" + "description": "Indicates if exceeding the maximum score is scanned.\n" }, - "auditHostFailedLoginEvents": { + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string" + }, + "onlyNoneRootUsers": { "type": "boolean", - "description": "If true, host failed logins will be audited.\n" + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "auditHostSuccessfulLoginEvents": { + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { "type": "boolean", - "description": "If true, host successful logins will be audited.\n" + "description": "Indicates if packages blacklist is relevant.\n" }, - "auditUserAccountManagement": { + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" + }, + "packagesWhiteListEnabled": { "type": "boolean", - "description": "If true, account management will be audited.\n" + "description": "Indicates if packages whitelist is relevant.\n" + }, + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" + }, + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { + "type": "string" }, - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" + "policySettings": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings" }, - "blockCryptocurrencyMining": { - "type": "boolean", - "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + "readOnly": { + "type": "boolean" }, - "blockedFiles": { + "registries": { "type": "array", "items": { "type": "string" }, - "description": "List of files that are prevented from being read, modified and executed in the containers.\n" - }, - "description": { - "type": "string", - "description": "The description of the host runtime policy\n" + "description": "List of registries.\n" }, - "enableIpReputationSecurity": { - "type": "boolean", - "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" + "registry": { + "type": "string" }, - "enabled": { - "type": "boolean", - "description": "Defines if enabled or not\n" + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" + } }, - "enforce": { - "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" + "requiredLabelsEnabled": { + "type": "boolean" }, - "enforceAfterDays": { - "type": "integer", - "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" + "scanMalwareInArchives": { + "type": "boolean" }, - "fileIntegrityMonitoring": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", - "description": "Configuration for file integrity monitoring.\n" + "scanNfsMounts": { + "type": "boolean" }, - "malwareScanOptions": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", - "description": "Configuration for Real-Time Malware Protection.\n" + "scanProcessMemory": { + "type": "boolean" }, - "monitorSystemLogIntegrity": { + "scanSensitiveData": { "type": "boolean", - "description": "If true, system log will be monitored.\n" + "description": "Indicates if scan should include sensitive data in the image.\n" }, - "monitorSystemTimeChanges": { - "type": "boolean", - "description": "If true, system time changes will be monitored.\n" + "scanWindowsRegistry": { + "type": "boolean" }, - "monitorWindowsServices": { + "scapEnabled": { "type": "boolean", - "description": "If true, windows service operations will be monitored.\n" - }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n" + "description": "Indicates if scanning should include scap.\n" }, - "osGroupsAlloweds": { + "scapFiles": { "type": "array", "items": { "type": "string" }, - "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + "description": "List of SCAP user scripts for checks.\n" }, - "osGroupsBlockeds": { + "scopes": { "type": "array", "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + "$ref": "#/types/aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope" + } }, - "osUsersAlloweds": { + "trustedBaseImages": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" }, - "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" + "description": "List of trusted images.\n" }, - "osUsersBlockeds": { + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" + }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { "type": "array", "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" + "type": "integer" + } }, - "packageBlocks": { + "whitelistedLicenses": { "type": "array", "items": { "type": "string" }, - "description": "List of packages that are not allowed read, write or execute all files that under the packages.\n" + "description": "List of whitelisted licenses.\n" }, - "portScanningDetection": { + "whitelistedLicensesEnabled": { "type": "boolean", - "description": "If true, port scanning behaviors will be audited.\n" - }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" - }, - "scopeVariables": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" - }, - "description": "List of scope attributes.\n" - }, - "windowsRegistryMonitoring": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyWindowsRegistryMonitoring:HostRuntimePolicyWindowsRegistryMonitoring", - "description": "Configuration for windows registry monitoring.\n" - }, - "windowsRegistryProtection": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyWindowsRegistryProtection:HostRuntimePolicyWindowsRegistryProtection", - "description": "Configuration for windows registry protection.\n" + "description": "Indicates if license blacklist is relevant.\n" } }, "required": [ "applicationScopes", + "assuranceType", "author", + "autoScanTimes", + "customSeverity", + "ignoreRecentlyPublishedVlnPeriod", + "lastupdate", "name", - "scopeExpression", - "scopeVariables" + "permission", + "policySettings", + "scopes" ], "inputProperties": { - "applicationScopes": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" + "description": "List of explicitly allowed images.\n" }, - "auditAllOsUserActivity": { - "type": "boolean", - "description": "If true, all process activity will be audited.\n" + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "auditBruteForceLogin": { - "type": "boolean", - "description": "Detects brute force login attempts\n" + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" }, - "auditFullCommandArguments": { + "auditOnFailure": { "type": "boolean", - "description": "If true, full command arguments will be audited.\n" + "description": "Indicates if auditing for failures.\n" }, - "auditHostFailedLoginEvents": { - "type": "boolean", - "description": "If true, host failed logins will be audited.\n" + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" }, - "auditHostSuccessfulLoginEvents": { - "type": "boolean", - "description": "If true, host successful logins will be audited.\n" + "autoScanConfigured": { + "type": "boolean" }, - "auditUserAccountManagement": { - "type": "boolean", - "description": "If true, account management will be audited.\n" + "autoScanEnabled": { + "type": "boolean" }, - "blockCryptocurrencyMining": { - "type": "boolean", - "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" + } }, - "blockedFiles": { + "blacklistPermissions": { "type": "array", "items": { "type": "string" }, - "description": "List of files that are prevented from being read, modified and executed in the containers.\n" - }, - "description": { - "type": "string", - "description": "The description of the host runtime policy\n" - }, - "enableIpReputationSecurity": { - "type": "boolean", - "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" - }, - "enabled": { - "type": "boolean", - "description": "Defines if enabled or not\n" + "description": "List of function's forbidden permissions.\n" }, - "enforce": { + "blacklistPermissionsEnabled": { "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" - }, - "enforceAfterDays": { - "type": "integer", - "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" - }, - "fileIntegrityMonitoring": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", - "description": "Configuration for file integrity monitoring.\n" - }, - "malwareScanOptions": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", - "description": "Configuration for Real-Time Malware Protection.\n" + "description": "Indicates if blacklist permissions is relevant.\n" }, - "monitorSystemLogIntegrity": { - "type": "boolean", - "description": "If true, system log will be monitored.\n" + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted licenses.\n" }, - "monitorSystemTimeChanges": { + "blacklistedLicensesEnabled": { "type": "boolean", - "description": "If true, system time changes will be monitored.\n" + "description": "Indicates if license blacklist is relevant.\n" }, - "monitorWindowsServices": { + "blockFailed": { "type": "boolean", - "description": "If true, windows service operations will be monitored.\n" + "description": "Indicates if failed images are blocked.\n" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true + "controlExcludeNoFix": { + "type": "boolean" }, - "osGroupsAlloweds": { + "customChecks": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" }, - "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + "description": "List of Custom user scripts for checks.\n" }, - "osGroupsBlockeds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" }, - "osUsersAlloweds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" + "customSeverity": { + "type": "string" }, - "osUsersBlockeds": { + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" + "description": "List of cves blacklisted items.\n" }, - "packageBlocks": { + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if cves whitelist is relevant.\n" + }, + "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, - "description": "List of packages that are not allowed read, write or execute all files that under the packages.\n" + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" }, - "portScanningDetection": { + "cvssSeverityEnabled": { "type": "boolean", - "description": "If true, port scanning behaviors will be audited.\n" + "description": "Indicates if the cvss severity is scanned.\n" }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, - "scopeVariables": { + "description": { + "type": "string" + }, + "disallowExploitTypes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" - }, - "description": "List of scope attributes.\n" - }, - "windowsRegistryMonitoring": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyWindowsRegistryMonitoring:HostRuntimePolicyWindowsRegistryMonitoring", - "description": "Configuration for windows registry monitoring.\n" - }, - "windowsRegistryProtection": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyWindowsRegistryProtection:HostRuntimePolicyWindowsRegistryProtection", - "description": "Configuration for windows registry protection.\n" - } - }, - "stateInputs": { - "description": "Input properties used for looking up and filtering HostRuntimePolicy resources.\n", - "properties": { - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "Indicates the application scope of the service.\n" - }, - "auditAllOsUserActivity": { - "type": "boolean", - "description": "If true, all process activity will be audited.\n" - }, - "auditBruteForceLogin": { - "type": "boolean", - "description": "Detects brute force login attempts\n" - }, - "auditFullCommandArguments": { - "type": "boolean", - "description": "If true, full command arguments will be audited.\n" - }, - "auditHostFailedLoginEvents": { - "type": "boolean", - "description": "If true, host failed logins will be audited.\n" - }, - "auditHostSuccessfulLoginEvents": { - "type": "boolean", - "description": "If true, host successful logins will be audited.\n" - }, - "auditUserAccountManagement": { - "type": "boolean", - "description": "If true, account management will be audited.\n" - }, - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" - }, - "blockCryptocurrencyMining": { - "type": "boolean", - "description": "Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining\n" - }, - "blockedFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of files that are prevented from being read, modified and executed in the containers.\n" - }, - "description": { - "type": "string", - "description": "The description of the host runtime policy\n" - }, - "enableIpReputationSecurity": { - "type": "boolean", - "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" - }, - "enabled": { - "type": "boolean", - "description": "Defines if enabled or not\n" - }, - "enforce": { - "type": "boolean", - "description": "Indicates that policy should effect container execution (not just for audit).\n" - }, - "enforceAfterDays": { - "type": "integer", - "description": "Indicates the number of days after which the runtime policy will be changed to enforce mode.\n" - }, - "fileIntegrityMonitoring": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyFileIntegrityMonitoring:HostRuntimePolicyFileIntegrityMonitoring", - "description": "Configuration for file integrity monitoring.\n" - }, - "malwareScanOptions": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyMalwareScanOptions:HostRuntimePolicyMalwareScanOptions", - "description": "Configuration for Real-Time Malware Protection.\n" - }, - "monitorSystemLogIntegrity": { - "type": "boolean", - "description": "If true, system log will be monitored.\n" - }, - "monitorSystemTimeChanges": { - "type": "boolean", - "description": "If true, system time changes will be monitored.\n" - }, - "monitorWindowsServices": { - "type": "boolean", - "description": "If true, windows service operations will be monitored.\n" - }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true - }, - "osGroupsAlloweds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" - }, - "osGroupsBlockeds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.\n" - }, - "osUsersAlloweds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.\n" - }, - "osUsersBlockeds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.\n" - }, - "packageBlocks": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of packages that are not allowed read, write or execute all files that under the packages.\n" - }, - "portScanningDetection": { - "type": "boolean", - "description": "If true, port scanning behaviors will be audited.\n" - }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" - }, - "scopeVariables": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyScopeVariable:HostRuntimePolicyScopeVariable" - }, - "description": "List of scope attributes.\n" - }, - "windowsRegistryMonitoring": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyWindowsRegistryMonitoring:HostRuntimePolicyWindowsRegistryMonitoring", - "description": "Configuration for windows registry monitoring.\n" - }, - "windowsRegistryProtection": { - "$ref": "#/types/aquasec:index/HostRuntimePolicyWindowsRegistryProtection:HostRuntimePolicyWindowsRegistryProtection", - "description": "Configuration for windows registry protection.\n" + "type": "string" } }, - "type": "object" - } - }, - "aquasec:index/image:Image": { - "properties": { - "allowImage": { + "disallowMalware": { "type": "boolean", - "description": "If this field is set to true, the image will be whitelisted.\n" + "description": "Indicates if malware should block the image.\n" }, - "architecture": { + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { "type": "string", - "description": "The image architecture.\n" + "description": "Name of the container image.\n" }, - "assuranceChecksPerformeds": { + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed" - }, - "description": "The list of image assurance checks performed on the image.\n" - }, - "author": { - "type": "string", - "description": "The name of the user who registered the image.\n" + "type": "string" + } }, - "blacklisted": { - "type": "boolean", - "description": "Whether the image is blacklisted.\n" + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "blockImage": { + "failCicd": { "type": "boolean", - "description": "If this field is set to true, the image will be blacklisted.\n" + "description": "Indicates if cicd failures will fail the image.\n" }, - "comment": { - "type": "string", - "description": "The image creation comment.\n" + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" + } }, - "created": { - "type": "string", - "description": "The date and time when the image was registered.\n" + "forbiddenLabelsEnabled": { + "type": "boolean" }, - "criticalVulnerabilities": { - "type": "integer", - "description": "Number of critical severity vulnerabilities detected in the image.\n" + "forceMicroenforcer": { + "type": "boolean" }, - "defaultUser": { - "type": "string", - "description": "The default user of the image.\n" + "functionIntegrityEnabled": { + "type": "boolean" }, - "digest": { - "type": "string", - "description": "The content digest of the image.\n" + "ignoreBaseImageVln": { + "type": "boolean" }, - "disallowed": { - "type": "boolean", - "description": "Whether the image is disallowed (non-compliant).\n" + "ignoreRecentlyPublishedVln": { + "type": "boolean" }, - "disallowedByAssuranceChecks": { - "type": "boolean", - "description": "Whether the image was disallowed because of Image Assurance Policies.\n" + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" }, - "dockerId": { - "type": "string", - "description": "The Docker image ID.\n" + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" }, - "dockerLabels": { + "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, - "description": "Docker labels of the image.\n" + "description": "List of ignored risk resources.\n" }, - "dockerVersion": { - "type": "string", - "description": "The Docker version used when building the image.\n" + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } }, - "dtaSeverityScore": { - "type": "string", - "description": "DTA severity score.\n" + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" }, - "dtaSkipped": { + "kubeCisEnabled": { "type": "boolean", - "description": "If DTA was skipped.\n" + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, - "dtaSkippedReason": { - "type": "string", - "description": "The reason why DTA was skipped.\n" + "kubernetesControls": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls", + "description": "List of Kubernetes controls.\n" }, - "environmentVariables": { + "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" - }, - "description": "Environment variables in the image.\n" - }, - "highVulnerabilities": { - "type": "integer", - "description": "Number of high severity vulnerabilities detected in the image.\n" + } }, - "histories": { + "kubernetesControlsNames": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageHistory:ImageHistory" - }, - "description": "The Docker history of the image.\n" - }, - "imageSize": { - "type": "integer", - "description": "The size of the image in bytes.\n" - }, - "imageType": { - "type": "string", - "description": "The type of the image.\n" + "type": "string" + } }, "labels": { "type": "array", "items": { "type": "string" }, - "description": "Aqua labels of the image.\n" - }, - "lowVulnerabilities": { - "type": "integer", - "description": "Number of low severity vulnerabilities detected in the image.\n" + "description": "List of labels.\n" }, - "malware": { - "type": "integer", - "description": "Number of malware found on the image.\n" + "lastupdate": { + "type": "string" }, - "mediumVulnerabilities": { - "type": "integer", - "description": "Number of medium severity vulnerabilities detected in the image.\n" + "linuxCisEnabled": { + "type": "boolean" }, - "name": { - "type": "string", - "description": "The name of the image.\n" + "malwareAction": { + "type": "string" }, - "negligibleVulnerabilities": { - "type": "integer", - "description": "Number of negligible severity vulnerabilities detected in the image.\n" + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" }, - "newerImageExists": { + "maximumScoreEnabled": { "type": "boolean", - "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n" + "description": "Indicates if exceeding the maximum score is scanned.\n" }, - "os": { - "type": "string", - "description": "The operating system detected in the image\n" + "maximumScoreExcludeNoFix": { + "type": "boolean" }, - "osVersion": { - "type": "string", - "description": "The version of the OS detected in the image.\n" + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } }, - "parent": { + "name": { "type": "string", - "description": "The ID of the parent image.\n" - }, - "partialResults": { - "type": "boolean", - "description": "Whether the image could only be partially scanned.\n" + "willReplaceOnChanges": true }, - "pendingDisallowed": { + "onlyNoneRootUsers": { "type": "boolean", - "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n" - }, - "permission": { - "type": "string", - "description": "Permission of the image.\n" - }, - "permissionAuthor": { - "type": "string", - "description": "The name of the user who last modified the image permissions.\n" - }, - "permissionComment": { - "type": "string", - "description": "The comment provided when the image permissions were last modified\n" - }, - "permissionModificationComment": { - "type": "string", - "description": "A comment on why the image was whitelisted or blacklisted\n" + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "registry": { - "type": "string", - "description": "The name of the registry where the image is stored.\n" + "openshiftHardeningEnabled": { + "type": "boolean" }, - "registryType": { - "type": "string", - "description": "Type of the registry.\n" + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" }, - "repoDigests": { + "packagesBlackLists": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" }, - "description": "The repository digests.\n" - }, - "repository": { - "type": "string", - "description": "The name of the image's repository.\n" - }, - "scanDate": { - "type": "string", - "description": "The date and time when the image was last scanned.\n" + "description": "List of blacklisted images.\n" }, - "scanError": { - "type": "string", - "description": "If the image scan failed, the failure message.\n" - }, - "scanStatus": { - "type": "string", - "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n" - }, - "sensitiveData": { - "type": "integer", - "description": "Number of sensitive data detected in the image.\n" - }, - "tag": { - "type": "string", - "description": "The tag of the image.\n" - }, - "totalVulnerabilities": { - "type": "integer", - "description": "The total number of vulnerabilities detected in the image.\n" - }, - "virtualSize": { - "type": "integer", - "description": "The virtual size of the image.\n" + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" }, - "vulnerabilities": { + "packagesWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageVulnerability:ImageVulnerability" + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" }, - "description": "A list of all the vulnerabilities found in the image\n" + "description": "List of whitelisted images.\n" }, - "whitelisted": { - "type": "boolean", - "description": "Whether the image is whitelisted.\n" - } - }, - "required": [ - "architecture", - "assuranceChecksPerformeds", - "author", - "blacklisted", - "comment", - "created", - "criticalVulnerabilities", - "defaultUser", - "digest", - "disallowed", - "disallowedByAssuranceChecks", - "dockerId", - "dockerLabels", - "dockerVersion", - "dtaSeverityScore", - "dtaSkipped", - "dtaSkippedReason", - "environmentVariables", - "highVulnerabilities", - "histories", - "imageSize", - "imageType", - "labels", - "lowVulnerabilities", - "malware", - "mediumVulnerabilities", - "name", - "negligibleVulnerabilities", - "newerImageExists", - "os", - "osVersion", - "parent", - "partialResults", - "pendingDisallowed", - "permission", - "permissionAuthor", - "permissionComment", - "registry", - "registryType", - "repoDigests", - "repository", - "scanDate", - "scanError", - "scanStatus", - "sensitiveData", - "tag", - "totalVulnerabilities", - "virtualSize", - "vulnerabilities", - "whitelisted" - ], - "inputProperties": { - "allowImage": { + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registries.\n" + }, + "registry": { + "type": "string" + }, + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" + } + }, + "requiredLabelsEnabled": { + "type": "boolean" + }, + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" + }, + "scanSensitiveData": { "type": "boolean", - "description": "If this field is set to true, the image will be whitelisted.\n" + "description": "Indicates if scan should include sensitive data in the image.\n" }, - "blockImage": { + "scanWindowsRegistry": { + "type": "boolean" + }, + "scapEnabled": { "type": "boolean", - "description": "If this field is set to true, the image will be blacklisted.\n" + "description": "Indicates if scanning should include scap.\n" }, - "permissionModificationComment": { - "type": "string", - "description": "A comment on why the image was whitelisted or blacklisted\n" + "scapFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of SCAP user scripts for checks.\n" }, - "registry": { - "type": "string", - "description": "The name of the registry where the image is stored.\n", - "willReplaceOnChanges": true + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope" + } }, - "repository": { - "type": "string", - "description": "The name of the image's repository.\n", - "willReplaceOnChanges": true + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" }, - "tag": { - "type": "string", - "description": "The tag of the image.\n", - "willReplaceOnChanges": true + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" + }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" } }, "requiredInputs": [ - "registry", - "repository", - "tag" + "applicationScopes" ], "stateInputs": { - "description": "Input properties used for looking up and filtering Image resources.\n", + "description": "Input properties used for looking up and filtering ImageAssurancePolicy resources.\n", "properties": { - "allowImage": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { "type": "boolean", - "description": "If this field is set to true, the image will be whitelisted.\n" + "description": "Indicates if auditing for failures.\n" }, - "architecture": { + "author": { "type": "string", - "description": "The image architecture.\n" + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" + }, + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if cves whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" + }, + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" }, - "assuranceChecksPerformeds": { + "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssuranceChecksPerformed:ImageAssuranceChecksPerformed" - }, - "description": "The list of image assurance checks performed on the image.\n" + "type": "string" + } }, - "author": { - "type": "string", - "description": "The name of the user who registered the image.\n" + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "blacklisted": { + "failCicd": { "type": "boolean", - "description": "Whether the image is blacklisted.\n" + "description": "Indicates if cicd failures will fail the image.\n" }, - "blockImage": { - "type": "boolean", - "description": "If this field is set to true, the image will be blacklisted.\n" + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" + } }, - "comment": { - "type": "string", - "description": "The image creation comment.\n" + "forbiddenLabelsEnabled": { + "type": "boolean" }, - "created": { - "type": "string", - "description": "The date and time when the image was registered.\n" + "forceMicroenforcer": { + "type": "boolean" }, - "criticalVulnerabilities": { - "type": "integer", - "description": "Number of critical severity vulnerabilities detected in the image.\n" + "functionIntegrityEnabled": { + "type": "boolean" }, - "defaultUser": { - "type": "string", - "description": "The default user of the image.\n" + "ignoreBaseImageVln": { + "type": "boolean" }, - "digest": { - "type": "string", - "description": "The content digest of the image.\n" + "ignoreRecentlyPublishedVln": { + "type": "boolean" }, - "disallowed": { - "type": "boolean", - "description": "Whether the image is disallowed (non-compliant).\n" + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" }, - "disallowedByAssuranceChecks": { + "ignoreRiskResourcesEnabled": { "type": "boolean", - "description": "Whether the image was disallowed because of Image Assurance Policies.\n" - }, - "dockerId": { - "type": "string", - "description": "The Docker image ID.\n" + "description": "Indicates if risk resources are ignored.\n" }, - "dockerLabels": { + "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, - "description": "Docker labels of the image.\n" + "description": "List of ignored risk resources.\n" }, - "dockerVersion": { - "type": "string", - "description": "The Docker version used when building the image.\n" + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } }, - "dtaSeverityScore": { - "type": "string", - "description": "DTA severity score.\n" + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" }, - "dtaSkipped": { + "kubeCisEnabled": { "type": "boolean", - "description": "If DTA was skipped.\n" + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, - "dtaSkippedReason": { - "type": "string", - "description": "The reason why DTA was skipped.\n" + "kubernetesControls": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyKubernetesControls:ImageAssurancePolicyKubernetesControls", + "description": "List of Kubernetes controls.\n" }, - "environmentVariables": { + "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" - }, - "description": "Environment variables in the image.\n" - }, - "highVulnerabilities": { - "type": "integer", - "description": "Number of high severity vulnerabilities detected in the image.\n" + } }, - "histories": { + "kubernetesControlsNames": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageHistory:ImageHistory" - }, - "description": "The Docker history of the image.\n" - }, - "imageSize": { - "type": "integer", - "description": "The size of the image in bytes.\n" - }, - "imageType": { - "type": "string", - "description": "The type of the image.\n" + "type": "string" + } }, "labels": { "type": "array", "items": { "type": "string" }, - "description": "Aqua labels of the image.\n" - }, - "lowVulnerabilities": { - "type": "integer", - "description": "Number of low severity vulnerabilities detected in the image.\n" + "description": "List of labels.\n" }, - "malware": { - "type": "integer", - "description": "Number of malware found on the image.\n" + "lastupdate": { + "type": "string" }, - "mediumVulnerabilities": { - "type": "integer", - "description": "Number of medium severity vulnerabilities detected in the image.\n" + "linuxCisEnabled": { + "type": "boolean" }, - "name": { - "type": "string", - "description": "The name of the image.\n" + "malwareAction": { + "type": "string" }, - "negligibleVulnerabilities": { - "type": "integer", - "description": "Number of negligible severity vulnerabilities detected in the image.\n" + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" }, - "newerImageExists": { + "maximumScoreEnabled": { "type": "boolean", - "description": "Whether a new version of the image is available in the registry but is not scanned and registered yet.\n" + "description": "Indicates if exceeding the maximum score is scanned.\n" }, - "os": { - "type": "string", - "description": "The operating system detected in the image\n" + "maximumScoreExcludeNoFix": { + "type": "boolean" }, - "osVersion": { - "type": "string", - "description": "The version of the OS detected in the image.\n" + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } }, - "parent": { + "name": { "type": "string", - "description": "The ID of the parent image.\n" + "willReplaceOnChanges": true }, - "partialResults": { + "onlyNoneRootUsers": { "type": "boolean", - "description": "Whether the image could only be partially scanned.\n" + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "pendingDisallowed": { + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { "type": "boolean", - "description": "Whether the image is non-compliant, but is pending this status due to running containers.\n" + "description": "Indicates if packages blacklist is relevant.\n" }, - "permission": { - "type": "string", - "description": "Permission of the image.\n" + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" }, - "permissionAuthor": { - "type": "string", - "description": "The name of the user who last modified the image permissions.\n" + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" }, - "permissionComment": { - "type": "string", - "description": "The comment provided when the image permissions were last modified\n" + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" }, - "permissionModificationComment": { - "type": "string", - "description": "A comment on why the image was whitelisted or blacklisted\n" + "partialResultsImageFail": { + "type": "boolean" }, - "registry": { - "type": "string", - "description": "The name of the registry where the image is stored.\n", - "willReplaceOnChanges": true + "permission": { + "type": "string" }, - "registryType": { - "type": "string", - "description": "Type of the registry.\n" + "policySettings": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyPolicySettings:ImageAssurancePolicyPolicySettings" }, - "repoDigests": { + "readOnly": { + "type": "boolean" + }, + "registries": { "type": "array", "items": { "type": "string" }, - "description": "The repository digests.\n" + "description": "List of registries.\n" }, - "repository": { - "type": "string", - "description": "The name of the image's repository.\n", - "willReplaceOnChanges": true + "registry": { + "type": "string" }, - "scanDate": { - "type": "string", - "description": "The date and time when the image was last scanned.\n" + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" + } }, - "scanError": { - "type": "string", - "description": "If the image scan failed, the failure message.\n" + "requiredLabelsEnabled": { + "type": "boolean" + }, + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" + }, + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" + }, + "scanWindowsRegistry": { + "type": "boolean" + }, + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of SCAP user scripts for checks.\n" }, - "scanStatus": { - "type": "string", - "description": "The scan status of the image (either 'pending', 'in*progress', 'finished', 'failed' or 'not*started').\n" + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope" + } }, - "sensitiveData": { - "type": "integer", - "description": "Number of sensitive data detected in the image.\n" + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" }, - "tag": { - "type": "string", - "description": "The tag of the image.\n", - "willReplaceOnChanges": true + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" }, - "totalVulnerabilities": { - "type": "integer", - "description": "The total number of vulnerabilities detected in the image.\n" + "vulnerabilityExploitability": { + "type": "boolean" }, - "virtualSize": { - "type": "integer", - "description": "The virtual size of the image.\n" + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } }, - "vulnerabilities": { + "whitelistedLicenses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageVulnerability:ImageVulnerability" + "type": "string" }, - "description": "A list of all the vulnerabilities found in the image\n" + "description": "List of whitelisted licenses.\n" }, - "whitelisted": { + "whitelistedLicensesEnabled": { "type": "boolean", - "description": "Whether the image is whitelisted.\n" + "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" } }, - "aquasec:index/imageAssurancePolicy:ImageAssurancePolicy": { + "aquasec:index/integrationRegistry:IntegrationRegistry": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst integrationRegistry = new aquasec.IntegrationRegistry(\"integrationRegistry\", {\n advancedSettingsCleanup: false,\n alwaysPullPatterns: [\n \":latest\",\n \":v1\",\n ],\n author: \"aqua@aquasec.com\",\n autoCleanup: false,\n autoPull: true,\n autoPullInterval: 1,\n autoPullMax: 100,\n autoPullRescan: false,\n autoPullTime: \"08:45\",\n description: \"Automatically discovered registry\",\n imageCreationDateCondition: \"image_count\",\n options: [\n {\n option: \"ARNRole\",\n value: \"arn:aws:iam::111111111111:role/terraform\",\n },\n {\n option: \"sts:ExternalId\",\n value: \"test1-test2-test3\",\n },\n {\n option: \"TestImagePull\",\n value: \"nginx:latest\",\n },\n ],\n password: \"\",\n prefixes: [\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"],\n pullImageAge: \"0D\",\n pullImageCount: 3,\n pullImageTagPatterns: [\n \":Latest\",\n \":latest\",\n ],\n pullRepoPatternsExcludeds: [\n \":xyz\",\n \":onlytest\",\n ],\n scannerNames: [],\n scannerType: \"any\",\n type: \"AWS\",\n url: \"us-east-1\",\n username: \"\",\n webhooks: [{\n authToken: \"test1-test2-test3\",\n enabled: true,\n unQuarantine: false,\n url: \"https://aquasec.com/\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nintegration_registry = aquasec.IntegrationRegistry(\"integrationRegistry\",\n advanced_settings_cleanup=False,\n always_pull_patterns=[\n \":latest\",\n \":v1\",\n ],\n author=\"aqua@aquasec.com\",\n auto_cleanup=False,\n auto_pull=True,\n auto_pull_interval=1,\n auto_pull_max=100,\n auto_pull_rescan=False,\n auto_pull_time=\"08:45\",\n description=\"Automatically discovered registry\",\n image_creation_date_condition=\"image_count\",\n options=[\n aquasec.IntegrationRegistryOptionArgs(\n option=\"ARNRole\",\n value=\"arn:aws:iam::111111111111:role/terraform\",\n ),\n aquasec.IntegrationRegistryOptionArgs(\n option=\"sts:ExternalId\",\n value=\"test1-test2-test3\",\n ),\n aquasec.IntegrationRegistryOptionArgs(\n option=\"TestImagePull\",\n value=\"nginx:latest\",\n ),\n ],\n password=\"\",\n prefixes=[\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"],\n pull_image_age=\"0D\",\n pull_image_count=3,\n pull_image_tag_patterns=[\n \":Latest\",\n \":latest\",\n ],\n pull_repo_patterns_excludeds=[\n \":xyz\",\n \":onlytest\",\n ],\n scanner_names=[],\n scanner_type=\"any\",\n type=\"AWS\",\n url=\"us-east-1\",\n username=\"\",\n webhooks=[aquasec.IntegrationRegistryWebhookArgs(\n auth_token=\"test1-test2-test3\",\n enabled=True,\n un_quarantine=False,\n url=\"https://aquasec.com/\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var integrationRegistry = new Aquasec.IntegrationRegistry(\"integrationRegistry\", new()\n {\n AdvancedSettingsCleanup = false,\n AlwaysPullPatterns = new[]\n {\n \":latest\",\n \":v1\",\n },\n Author = \"aqua@aquasec.com\",\n AutoCleanup = false,\n AutoPull = true,\n AutoPullInterval = 1,\n AutoPullMax = 100,\n AutoPullRescan = false,\n AutoPullTime = \"08:45\",\n Description = \"Automatically discovered registry\",\n ImageCreationDateCondition = \"image_count\",\n Options = new[]\n {\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"ARNRole\",\n Value = \"arn:aws:iam::111111111111:role/terraform\",\n },\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"sts:ExternalId\",\n Value = \"test1-test2-test3\",\n },\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"TestImagePull\",\n Value = \"nginx:latest\",\n },\n },\n Password = \"\",\n Prefixes = new[]\n {\n \"111111111111.dkr.ecr.us-east-1.amazonaws.com\",\n },\n PullImageAge = \"0D\",\n PullImageCount = 3,\n PullImageTagPatterns = new[]\n {\n \":Latest\",\n \":latest\",\n },\n PullRepoPatternsExcludeds = new[]\n {\n \":xyz\",\n \":onlytest\",\n },\n ScannerNames = new[] {},\n ScannerType = \"any\",\n Type = \"AWS\",\n Url = \"us-east-1\",\n Username = \"\",\n Webhooks = new[]\n {\n new Aquasec.Inputs.IntegrationRegistryWebhookArgs\n {\n AuthToken = \"test1-test2-test3\",\n Enabled = true,\n UnQuarantine = false,\n Url = \"https://aquasec.com/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewIntegrationRegistry(ctx, \"integrationRegistry\", \u0026aquasec.IntegrationRegistryArgs{\n\t\t\tAdvancedSettingsCleanup: pulumi.Bool(false),\n\t\t\tAlwaysPullPatterns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":latest\"),\n\t\t\t\tpulumi.String(\":v1\"),\n\t\t\t},\n\t\t\tAuthor: pulumi.String(\"aqua@aquasec.com\"),\n\t\t\tAutoCleanup: pulumi.Bool(false),\n\t\t\tAutoPull: pulumi.Bool(true),\n\t\t\tAutoPullInterval: pulumi.Int(1),\n\t\t\tAutoPullMax: pulumi.Int(100),\n\t\t\tAutoPullRescan: pulumi.Bool(false),\n\t\t\tAutoPullTime: pulumi.String(\"08:45\"),\n\t\t\tDescription: pulumi.String(\"Automatically discovered registry\"),\n\t\t\tImageCreationDateCondition: pulumi.String(\"image_count\"),\n\t\t\tOptions: aquasec.IntegrationRegistryOptionArray{\n\t\t\t\t\u0026aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"ARNRole\"),\n\t\t\t\t\tValue: pulumi.String(\"arn:aws:iam::111111111111:role/terraform\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"sts:ExternalId\"),\n\t\t\t\t\tValue: pulumi.String(\"test1-test2-test3\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"TestImagePull\"),\n\t\t\t\t\tValue: pulumi.String(\"nginx:latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPassword: pulumi.String(\"\"),\n\t\t\tPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"),\n\t\t\t},\n\t\t\tPullImageAge: pulumi.String(\"0D\"),\n\t\t\tPullImageCount: pulumi.Int(3),\n\t\t\tPullImageTagPatterns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":Latest\"),\n\t\t\t\tpulumi.String(\":latest\"),\n\t\t\t},\n\t\t\tPullRepoPatternsExcludeds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":xyz\"),\n\t\t\t\tpulumi.String(\":onlytest\"),\n\t\t\t},\n\t\t\tScannerNames: pulumi.StringArray{},\n\t\t\tScannerType: pulumi.String(\"any\"),\n\t\t\tType: pulumi.String(\"AWS\"),\n\t\t\tUrl: pulumi.String(\"us-east-1\"),\n\t\t\tUsername: pulumi.String(\"\"),\n\t\t\tWebhooks: aquasec.IntegrationRegistryWebhookArray{\n\t\t\t\t\u0026aquasec.IntegrationRegistryWebhookArgs{\n\t\t\t\t\tAuthToken: pulumi.String(\"test1-test2-test3\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tUnQuarantine: pulumi.Bool(false),\n\t\t\t\t\tUrl: pulumi.String(\"https://aquasec.com/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.IntegrationRegistry;\nimport com.pulumi.aquasec.IntegrationRegistryArgs;\nimport com.pulumi.aquasec.inputs.IntegrationRegistryOptionArgs;\nimport com.pulumi.aquasec.inputs.IntegrationRegistryWebhookArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var integrationRegistry = new IntegrationRegistry(\"integrationRegistry\", IntegrationRegistryArgs.builder() \n .advancedSettingsCleanup(false)\n .alwaysPullPatterns( \n \":latest\",\n \":v1\")\n .author(\"aqua@aquasec.com\")\n .autoCleanup(false)\n .autoPull(true)\n .autoPullInterval(1)\n .autoPullMax(100)\n .autoPullRescan(false)\n .autoPullTime(\"08:45\")\n .description(\"Automatically discovered registry\")\n .imageCreationDateCondition(\"image_count\")\n .options( \n IntegrationRegistryOptionArgs.builder()\n .option(\"ARNRole\")\n .value(\"arn:aws:iam::111111111111:role/terraform\")\n .build(),\n IntegrationRegistryOptionArgs.builder()\n .option(\"sts:ExternalId\")\n .value(\"test1-test2-test3\")\n .build(),\n IntegrationRegistryOptionArgs.builder()\n .option(\"TestImagePull\")\n .value(\"nginx:latest\")\n .build())\n .password(\"\")\n .prefixes(\"111111111111.dkr.ecr.us-east-1.amazonaws.com\")\n .pullImageAge(\"0D\")\n .pullImageCount(3)\n .pullImageTagPatterns( \n \":Latest\",\n \":latest\")\n .pullRepoPatternsExcludeds( \n \":xyz\",\n \":onlytest\")\n .scannerNames()\n .scannerType(\"any\")\n .type(\"AWS\")\n .url(\"us-east-1\")\n .username(\"\")\n .webhooks(IntegrationRegistryWebhookArgs.builder()\n .authToken(\"test1-test2-test3\")\n .enabled(true)\n .unQuarantine(false)\n .url(\"https://aquasec.com/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n integrationRegistry:\n type: aquasec:IntegrationRegistry\n properties:\n advancedSettingsCleanup: false\n alwaysPullPatterns:\n - :latest\n - :v1\n author: aqua@aquasec.com\n autoCleanup: false\n autoPull: true\n autoPullInterval: 1\n autoPullMax: 100\n autoPullRescan: false\n autoPullTime: 08:45\n description: Automatically discovered registry\n imageCreationDateCondition: image_count\n options:\n - option: ARNRole\n value: arn:aws:iam::111111111111:role/terraform\n - option: sts:ExternalId\n value: test1-test2-test3\n - option: TestImagePull\n value: nginx:latest\n password:\n prefixes:\n - 111111111111.dkr.ecr.us-east-1.amazonaws.com\n pullImageAge: 0D\n pullImageCount: 3\n pullImageTagPatterns:\n - :Latest\n - :latest\n pullRepoPatternsExcludeds:\n - :xyz\n - :onlytest\n scannerNames: []\n scannerType: any\n type: AWS\n url: us-east-1\n username:\n webhooks:\n - authToken: test1-test2-test3\n enabled: true\n unQuarantine: false\n url: https://aquasec.com/\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { - "allowedImages": { + "advancedSettingsCleanup": { + "type": "boolean", + "description": "Automatically clean up that don't match the pull criteria\n" + }, + "alwaysPullPatterns": { "type": "array", "items": { "type": "string" }, - "description": "List of explicitly allowed images.\n" + "description": "List of image patterns to pull always\n" }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - } + "author": { + "type": "string", + "description": "The username of the user who created or last modified the registry\n" }, - "auditOnFailure": { + "autoCleanup": { "type": "boolean", - "description": "Indicates if auditing for failures.\n" + "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" }, - "author": { + "autoPull": { + "type": "boolean", + "description": "Whether to automatically pull images from the registry on creation and daily\n" + }, + "autoPullInterval": { + "type": "integer", + "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" + }, + "autoPullMax": { + "type": "integer", + "description": "Maximum number of repositories to pull every day, defaults to 100\n" + }, + "autoPullRescan": { + "type": "boolean", + "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" + }, + "autoPullTime": { "type": "string", - "description": "Name of user account that created the policy.\n" + "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" }, - "autoScanConfigured": { - "type": "boolean" + "description": { + "type": "string", + "description": "The description of the registry\n" }, - "autoScanEnabled": { - "type": "boolean" + "imageCreationDateCondition": { + "type": "string", + "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" - } + "lastupdate": { + "type": "integer", + "description": "The last time the registry was modified in UNIX time\n" }, - "blacklistPermissions": { + "name": { + "type": "string", + "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n" + }, + "options": { "type": "array", "items": { - "type": "string" - }, - "description": "List of function's forbidden permissions.\n" + "$ref": "#/types/aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption" + } }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" + "password": { + "type": "string", + "description": "The password for registry authentication\n" }, - "blacklistedLicenses": { + "prefixes": { "type": "array", "items": { "type": "string" }, - "description": "List of blacklisted licenses.\n" - }, - "blacklistedLicensesEnabled": { - "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "List of possible prefixes to image names pulled from the registry\n" }, - "blockFailed": { - "type": "boolean", - "description": "Indicates if failed images are blocked.\n" + "pullImageAge": { + "type": "string", + "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" }, - "controlExcludeNoFix": { - "type": "boolean" + "pullImageCount": { + "type": "integer", + "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" }, - "customChecks": { + "pullImageTagPatterns": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" + "type": "string" }, - "description": "List of Custom user scripts for checks.\n" - }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" - }, - "customSeverityEnabled": { - "type": "boolean" - }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "List of image tags patterns to pull\n" }, - "cvesBlackLists": { + "pullRepoPatternsExcludeds": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of image patterns to exclude\n" }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "registryScanTimeout": { + "type": "integer", + "description": "Registry scan timeout in Minutes\n" }, - "cvesWhiteLists": { + "scannerNames": { "type": "array", "items": { "type": "string" }, - "description": "List of cves whitelisted licenses\n" + "description": "List of scanner names\n" }, - "cvssSeverity": { + "scannerType": { "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" - }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" - }, - "description": { - "type": "string" - }, - "disallowMalware": { - "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { - "type": "boolean" + "description": "The Scanner type\n" }, - "domain": { + "type": { "type": "string", - "description": "Name of the container image.\n" - }, - "domainName": { - "type": "string" - }, - "dtaEnabled": { - "type": "boolean" - }, - "dtaSeverity": { - "type": "string" + "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, - "enabled": { - "type": "boolean" - }, - "enforce": { - "type": "boolean" + "url": { + "type": "string", + "description": "The URL, address or region of the registry\n" }, - "enforceAfterDays": { - "type": "integer" + "username": { + "type": "string", + "description": "The username for registry authentication.\n" }, - "enforceExcessivePermissions": { - "type": "boolean" + "webhooks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook" + }, + "description": "When enabled, registry events are sent to the given Aqua webhook url\n" + } + }, + "required": [ + "author", + "imageCreationDateCondition", + "lastupdate", + "name", + "prefixes", + "pullImageAge", + "pullImageCount", + "scannerType", + "type", + "url", + "webhooks" + ], + "inputProperties": { + "advancedSettingsCleanup": { + "type": "boolean", + "description": "Automatically clean up that don't match the pull criteria\n" }, - "exceptionalMonitoredMalwarePaths": { + "alwaysPullPatterns": { "type": "array", "items": { "type": "string" - } + }, + "description": "List of image patterns to pull always\n" + }, + "author": { + "type": "string", + "description": "The username of the user who created or last modified the registry\n" + }, + "autoCleanup": { + "type": "boolean", + "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" }, - "failCicd": { + "autoPull": { "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" + "description": "Whether to automatically pull images from the registry on creation and daily\n" }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" - } + "autoPullInterval": { + "type": "integer", + "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" }, - "forbiddenLabelsEnabled": { - "type": "boolean" + "autoPullMax": { + "type": "integer", + "description": "Maximum number of repositories to pull every day, defaults to 100\n" }, - "forceMicroenforcer": { - "type": "boolean" + "autoPullRescan": { + "type": "boolean", + "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" }, - "functionIntegrityEnabled": { - "type": "boolean" + "autoPullTime": { + "type": "string", + "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" + "description": { + "type": "string", + "description": "The description of the registry\n" }, - "ignoreRecentlyPublishedVlnPeriod": { - "type": "integer" + "imageCreationDateCondition": { + "type": "string", + "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" + "lastupdate": { + "type": "integer", + "description": "The last time the registry was modified in UNIX time\n" }, - "ignoredRiskResources": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of ignored risk resources.\n" + "name": { + "type": "string", + "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", + "willReplaceOnChanges": true }, - "images": { + "options": { "type": "array", "items": { - "type": "string" - }, - "description": "List of images.\n" + "$ref": "#/types/aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption" + } }, - "kubeCisEnabled": { - "type": "boolean" + "password": { + "type": "string", + "description": "The password for registry authentication\n" }, - "labels": { + "prefixes": { "type": "array", "items": { "type": "string" }, - "description": "List of labels.\n" - }, - "malwareAction": { - "type": "string" - }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" + "description": "List of possible prefixes to image names pulled from the registry\n" }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" + "pullImageAge": { + "type": "string", + "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" }, - "maximumScoreExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + "pullImageCount": { + "type": "integer", + "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" }, - "monitoredMalwarePaths": { + "pullImageTagPatterns": { "type": "array", "items": { "type": "string" - } - }, - "name": { - "type": "string" - }, - "onlyNoneRootUsers": { - "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" - }, - "packagesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + }, + "description": "List of image tags patterns to pull\n" }, - "packagesBlackLists": { + "pullRepoPatternsExcludeds": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" + "type": "string" }, - "description": "List of backlisted images.\n" + "description": "List of image patterns to exclude\n" }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "registryScanTimeout": { + "type": "integer", + "description": "Registry scan timeout in Minutes\n" }, - "packagesWhiteLists": { + "scannerNames": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" + "type": "string" }, - "description": "List of whitelisted images.\n" + "description": "List of scanner names\n" }, - "partialResultsImageFail": { - "type": "boolean" + "scannerType": { + "type": "string", + "description": "The Scanner type\n" }, - "readOnly": { - "type": "boolean" + "type": { + "type": "string", + "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, - "registries": { + "url": { + "type": "string", + "description": "The URL, address or region of the registry\n" + }, + "username": { + "type": "string", + "description": "The username for registry authentication.\n" + }, + "webhooks": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook" + }, + "description": "When enabled, registry events are sent to the given Aqua webhook url\n" + } + }, + "requiredInputs": [ + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IntegrationRegistry resources.\n", + "properties": { + "advancedSettingsCleanup": { + "type": "boolean", + "description": "Automatically clean up that don't match the pull criteria\n" + }, + "alwaysPullPatterns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of image patterns to pull always\n" + }, + "author": { + "type": "string", + "description": "The username of the user who created or last modified the registry\n" + }, + "autoCleanup": { + "type": "boolean", + "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" + }, + "autoPull": { + "type": "boolean", + "description": "Whether to automatically pull images from the registry on creation and daily\n" + }, + "autoPullInterval": { + "type": "integer", + "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" + }, + "autoPullMax": { + "type": "integer", + "description": "Maximum number of repositories to pull every day, defaults to 100\n" + }, + "autoPullRescan": { + "type": "boolean", + "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" + }, + "autoPullTime": { + "type": "string", + "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" + }, + "description": { + "type": "string", + "description": "The description of the registry\n" + }, + "imageCreationDateCondition": { + "type": "string", + "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" + }, + "lastupdate": { + "type": "integer", + "description": "The last time the registry was modified in UNIX time\n" + }, + "name": { + "type": "string", + "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", + "willReplaceOnChanges": true + }, + "options": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption" + } + }, + "password": { + "type": "string", + "description": "The password for registry authentication\n" + }, + "prefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of possible prefixes to image names pulled from the registry\n" + }, + "pullImageAge": { + "type": "string", + "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" + }, + "pullImageCount": { + "type": "integer", + "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" + }, + "pullImageTagPatterns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of image tags patterns to pull\n" + }, + "pullRepoPatternsExcludeds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of image patterns to exclude\n" + }, + "registryScanTimeout": { + "type": "integer", + "description": "Registry scan timeout in Minutes\n" + }, + "scannerNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of scanner names\n" }, - "description": "List of registries.\n" - }, - "registry": { - "type": "string" - }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" - } - }, - "requiredLabelsEnabled": { - "type": "boolean" - }, - "scanNfsMounts": { - "type": "boolean" - }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" - }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" - }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" + "scannerType": { + "type": "string", + "description": "The Scanner type\n" }, - "description": "List of SCAP user scripts for checks.\n" - }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope" - } - }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" + "type": { + "type": "string", + "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, - "description": "List of trusted images.\n" - }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "url": { + "type": "string", + "description": "The URL, address or region of the registry\n" + }, + "username": { + "type": "string", + "description": "The username for registry authentication.\n" + }, + "webhooks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook" + }, + "description": "When enabled, registry events are sent to the given Aqua webhook url\n" + } }, - "whitelistedLicenses": { - "type": "array", - "items": { + "type": "object" + } + }, + "aquasec:index/kubernetesAssurancePolicy:KubernetesAssurancePolicy": { + "description": "Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements.\n", + "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { "type": "string" }, - "description": "List of whitelisted licenses.\n" + "description": "Aggregated vulnerability information.\n" }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" - } - }, - "required": [ - "applicationScopes", - "author", - "autoScanTimes", - "ignoreRecentlyPublishedVlnPeriod", - "name", - "scopes" - ], - "inputProperties": { "allowedImages": { "type": "array", "items": { @@ -11515,10 +17786,18 @@ "type": "string" } }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, "auditOnFailure": { "type": "boolean", "description": "Indicates if auditing for failures.\n" }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, "autoScanConfigured": { "type": "boolean" }, @@ -11528,7 +17807,7 @@ "autoScanTimes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" } }, "blacklistPermissions": { @@ -11551,7 +17830,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -11563,3190 +17842,3648 @@ "customChecks": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" - }, - "description": "List of Custom user scripts for checks.\n" - }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" - }, - "customSeverityEnabled": { - "type": "boolean" - }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" - }, - "cvesBlackLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves blacklisted items.\n" - }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" - }, - "cvesWhiteLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves whitelisted licenses\n" - }, - "cvssSeverity": { - "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" - }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" - }, - "description": { - "type": "string" - }, - "disallowMalware": { - "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { - "type": "boolean" - }, - "domain": { - "type": "string", - "description": "Name of the container image.\n" - }, - "domainName": { - "type": "string" - }, - "dtaEnabled": { - "type": "boolean" - }, - "dtaSeverity": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "enforce": { - "type": "boolean" - }, - "enforceAfterDays": { - "type": "integer" - }, - "enforceExcessivePermissions": { - "type": "boolean" - }, - "exceptionalMonitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "failCicd": { - "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" - }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" - } - }, - "forbiddenLabelsEnabled": { - "type": "boolean" - }, - "forceMicroenforcer": { - "type": "boolean" - }, - "functionIntegrityEnabled": { - "type": "boolean" - }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" - }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" - }, - "ignoredRiskResources": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of ignored risk resources.\n" - }, - "images": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of images.\n" - }, - "kubeCisEnabled": { - "type": "boolean" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of labels.\n" - }, - "malwareAction": { - "type": "string" - }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" - }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" - }, - "maximumScoreExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" - }, - "monitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "name": { - "type": "string", - "willReplaceOnChanges": true + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" + }, + "description": "List of Custom user scripts for checks.\n" }, - "onlyNoneRootUsers": { + "customChecksEnabled": { "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" + "description": "Indicates if scanning should include custom checks.\n" }, - "packagesBlackListEnabled": { + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, - "packagesBlackLists": { + "cvesBlackLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" + "type": "string" }, - "description": "List of backlisted images.\n" + "description": "List of CVEs blacklisted items.\n" }, - "packagesWhiteListEnabled": { + "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, - "packagesWhiteLists": { + "cvesWhiteLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" + "type": "string" }, - "description": "List of whitelisted images.\n" + "description": "List of cves whitelisted licenses\n" }, - "partialResultsImageFail": { - "type": "boolean" + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" }, - "readOnly": { - "type": "boolean" + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" }, - "registries": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registries.\n" + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" }, - "registry": { + "description": { "type": "string" }, - "requiredLabels": { + "disallowExploitTypes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" + "type": "string" } }, - "requiredLabelsEnabled": { - "type": "boolean" + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" }, - "scanNfsMounts": { + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { "type": "boolean" }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "dtaSeverity": { + "type": "string" }, - "scapEnabled": { + "enabled": { "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "description": "Is the control enabled?\n" }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of SCAP user scripts for checks.\n" + "enforce": { + "type": "boolean" }, - "scopes": { + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope" + "type": "string" } }, - "trustedBaseImages": { + "excludeApplicationScopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "type": "string" + } }, - "trustedBaseImagesEnabled": { + "failCicd": { "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "description": "Indicates if cicd failures will fail the image.\n" }, - "whitelistedLicenses": { + "forbiddenLabels": { "type": "array", "items": { - "type": "string" - }, - "description": "List of whitelisted licenses.\n" + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" + } }, - "whitelistedLicensesEnabled": { + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" - } - }, - "requiredInputs": [ - "applicationScopes" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering ImageAssurancePolicy resources.\n", - "properties": { - "allowedImages": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of explicitly allowed images.\n" - }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - } - }, - "auditOnFailure": { - "type": "boolean", - "description": "Indicates if auditing for failures.\n" - }, - "author": { - "type": "string", - "description": "Name of user account that created the policy.\n" - }, - "autoScanConfigured": { - "type": "boolean" - }, - "autoScanEnabled": { - "type": "boolean" - }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyAutoScanTime:ImageAssurancePolicyAutoScanTime" - } - }, - "blacklistPermissions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of function's forbidden permissions.\n" - }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" - }, - "blacklistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blacklisted licenses.\n" - }, - "blacklistedLicensesEnabled": { - "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" - }, - "blockFailed": { - "type": "boolean", - "description": "Indicates if failed images are blocked.\n" - }, - "controlExcludeNoFix": { - "type": "boolean" - }, - "customChecks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyCustomCheck:ImageAssurancePolicyCustomCheck" - }, - "description": "List of Custom user scripts for checks.\n" - }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" - }, - "customSeverityEnabled": { - "type": "boolean" - }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" - }, - "cvesBlackLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves blacklisted items.\n" - }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" - }, - "cvesWhiteLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves whitelisted licenses\n" - }, - "cvssSeverity": { - "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" - }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" - }, - "description": { + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { "type": "string" }, - "disallowMalware": { - "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { - "type": "boolean" - }, - "domain": { - "type": "string", - "description": "Name of the container image.\n" - }, - "domainName": { + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { + "type": "array", + "items": { "type": "string" - }, - "dtaEnabled": { - "type": "boolean" - }, - "dtaSeverity": { + } + }, + "images": { + "type": "array", + "items": { "type": "string" }, - "enabled": { - "type": "boolean" - }, - "enforce": { - "type": "boolean" - }, - "enforceAfterDays": { - "type": "integer" - }, - "enforceExcessivePermissions": { - "type": "boolean" - }, - "exceptionalMonitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "failCicd": { - "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" - }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyForbiddenLabel:ImageAssurancePolicyForbiddenLabel" - } - }, - "forbiddenLabelsEnabled": { - "type": "boolean" - }, - "forceMicroenforcer": { - "type": "boolean" - }, - "functionIntegrityEnabled": { - "type": "boolean" - }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" - }, - "ignoreRecentlyPublishedVlnPeriod": { - "type": "integer" - }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" - }, - "ignoredRiskResources": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of ignored risk resources.\n" - }, - "images": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of images.\n" - }, - "kubeCisEnabled": { - "type": "boolean" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of labels.\n" + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl" }, - "malwareAction": { + "description": "List of Kubernetes controls.\n" + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { "type": "string" }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" - }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" - }, - "maximumScoreExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" - }, - "monitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "name": { - "type": "string", - "willReplaceOnChanges": true - }, - "onlyNoneRootUsers": { - "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" - }, - "packagesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" - }, - "packagesBlackLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesBlackList:ImageAssurancePolicyPackagesBlackList" - }, - "description": "List of backlisted images.\n" - }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" - }, - "packagesWhiteLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyPackagesWhiteList:ImageAssurancePolicyPackagesWhiteList" - }, - "description": "List of whitelisted images.\n" + "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID \u003c= 10000', 'Runs with UID \u003c= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" + }, + "labels": { + "type": "array", + "items": { + "type": "string" }, - "partialResultsImageFail": { - "type": "boolean" + "description": "List of labels.\n" + }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { + "type": "boolean" + }, + "malwareAction": { + "type": "string" + }, + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string" + }, + "onlyNoneRootUsers": { + "type": "boolean", + "description": "Indicates if raise a warning for images that should only be run as root.\n" + }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" + }, + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" }, - "readOnly": { - "type": "boolean" + "description": "List of blacklisted images.\n" + }, + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" + }, + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" }, - "registries": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registries.\n" + "description": "List of whitelisted images.\n" + }, + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { + "type": "string" + }, + "policySettings": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { + "type": "array", + "items": { + "type": "string" }, - "registry": { + "description": "List of registries.\n" + }, + "registry": { + "type": "string" + }, + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" + } + }, + "requiredLabelsEnabled": { + "type": "boolean" + }, + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" + }, + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" + }, + "scanWindowsRegistry": { + "type": "boolean" + }, + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { + "type": "array", + "items": { "type": "string" }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyRequiredLabel:ImageAssurancePolicyRequiredLabel" - } - }, - "requiredLabelsEnabled": { - "type": "boolean" + "description": "List of SCAP user scripts for checks.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" + } + }, + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" }, - "scanNfsMounts": { - "type": "boolean" + "description": "List of trusted images.\n" + }, + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" + }, + "vulnerabilityExploitability": { + "type": "boolean" + }, + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + } + }, + "required": [ + "applicationScopes", + "assuranceType", + "author", + "autoScanTimes", + "customSeverity", + "ignoreRecentlyPublishedVlnPeriod", + "kubernetesControls", + "lastupdate", + "name", + "permission", + "policySettings", + "scopes" + ], + "inputProperties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of SCAP user scripts for checks.\n" + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyScope:ImageAssurancePolicyScope" - } + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/ImageAssurancePolicyTrustedBaseImage:ImageAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" }, - "whitelistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of whitelisted licenses.\n" + "description": "List of CVEs blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" } }, - "type": "object" - } - }, - "aquasec:index/integrationRegistry:IntegrationRegistry": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst integrationRegistry = new aquasec.IntegrationRegistry(\"integrationRegistry\", {\n advancedSettingsCleanup: false,\n alwaysPullPatterns: [\n \":latest\",\n \":v1\",\n ],\n author: \"aqua@aquasec.com\",\n autoCleanup: false,\n autoPull: true,\n autoPullInterval: 1,\n autoPullMax: 100,\n autoPullRescan: false,\n autoPullTime: \"08:45\",\n description: \"Automatically discovered registry\",\n imageCreationDateCondition: \"image_count\",\n options: [\n {\n option: \"ARNRole\",\n value: \"arn:aws:iam::111111111111:role/terraform\",\n },\n {\n option: \"sts:ExternalId\",\n value: \"test1-test2-test3\",\n },\n {\n option: \"TestImagePull\",\n value: \"nginx:latest\",\n },\n ],\n prefixes: [\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"],\n pullImageAge: \"0D\",\n pullImageCount: 3,\n pullImageTagPatterns: [\n \":Latest\",\n \":latest\",\n ],\n pullRepoPatternsExcludeds: [\n \":xyz\",\n \":onlytest\",\n ],\n scannerNames: [\n \"aqua-scanner-645f867c4f-4sbtj\",\n \"aqua-scanner-645f867c4f-8pkdd\",\n ],\n scannerType: \"specific\",\n type: \"AWS\",\n url: \"us-east-1\",\n username: \"\",\n webhooks: [{\n authToken: \"test1-test2-test3\",\n enabled: true,\n unQuarantine: false,\n url: \"https://aquasec.com/\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nintegration_registry = aquasec.IntegrationRegistry(\"integrationRegistry\",\n advanced_settings_cleanup=False,\n always_pull_patterns=[\n \":latest\",\n \":v1\",\n ],\n author=\"aqua@aquasec.com\",\n auto_cleanup=False,\n auto_pull=True,\n auto_pull_interval=1,\n auto_pull_max=100,\n auto_pull_rescan=False,\n auto_pull_time=\"08:45\",\n description=\"Automatically discovered registry\",\n image_creation_date_condition=\"image_count\",\n options=[\n aquasec.IntegrationRegistryOptionArgs(\n option=\"ARNRole\",\n value=\"arn:aws:iam::111111111111:role/terraform\",\n ),\n aquasec.IntegrationRegistryOptionArgs(\n option=\"sts:ExternalId\",\n value=\"test1-test2-test3\",\n ),\n aquasec.IntegrationRegistryOptionArgs(\n option=\"TestImagePull\",\n value=\"nginx:latest\",\n ),\n ],\n prefixes=[\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"],\n pull_image_age=\"0D\",\n pull_image_count=3,\n pull_image_tag_patterns=[\n \":Latest\",\n \":latest\",\n ],\n pull_repo_patterns_excludeds=[\n \":xyz\",\n \":onlytest\",\n ],\n scanner_names=[\n \"aqua-scanner-645f867c4f-4sbtj\",\n \"aqua-scanner-645f867c4f-8pkdd\",\n ],\n scanner_type=\"specific\",\n type=\"AWS\",\n url=\"us-east-1\",\n username=\"\",\n webhooks=[aquasec.IntegrationRegistryWebhookArgs(\n auth_token=\"test1-test2-test3\",\n enabled=True,\n un_quarantine=False,\n url=\"https://aquasec.com/\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var integrationRegistry = new Aquasec.IntegrationRegistry(\"integrationRegistry\", new()\n {\n AdvancedSettingsCleanup = false,\n AlwaysPullPatterns = new[]\n {\n \":latest\",\n \":v1\",\n },\n Author = \"aqua@aquasec.com\",\n AutoCleanup = false,\n AutoPull = true,\n AutoPullInterval = 1,\n AutoPullMax = 100,\n AutoPullRescan = false,\n AutoPullTime = \"08:45\",\n Description = \"Automatically discovered registry\",\n ImageCreationDateCondition = \"image_count\",\n Options = new[]\n {\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"ARNRole\",\n Value = \"arn:aws:iam::111111111111:role/terraform\",\n },\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"sts:ExternalId\",\n Value = \"test1-test2-test3\",\n },\n new Aquasec.Inputs.IntegrationRegistryOptionArgs\n {\n Option = \"TestImagePull\",\n Value = \"nginx:latest\",\n },\n },\n Prefixes = new[]\n {\n \"111111111111.dkr.ecr.us-east-1.amazonaws.com\",\n },\n PullImageAge = \"0D\",\n PullImageCount = 3,\n PullImageTagPatterns = new[]\n {\n \":Latest\",\n \":latest\",\n },\n PullRepoPatternsExcludeds = new[]\n {\n \":xyz\",\n \":onlytest\",\n },\n ScannerNames = new[]\n {\n \"aqua-scanner-645f867c4f-4sbtj\",\n \"aqua-scanner-645f867c4f-8pkdd\",\n },\n ScannerType = \"specific\",\n Type = \"AWS\",\n Url = \"us-east-1\",\n Username = \"\",\n Webhooks = new[]\n {\n new Aquasec.Inputs.IntegrationRegistryWebhookArgs\n {\n AuthToken = \"test1-test2-test3\",\n Enabled = true,\n UnQuarantine = false,\n Url = \"https://aquasec.com/\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewIntegrationRegistry(ctx, \"integrationRegistry\", \u0026aquasec.IntegrationRegistryArgs{\n\t\t\tAdvancedSettingsCleanup: pulumi.Bool(false),\n\t\t\tAlwaysPullPatterns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":latest\"),\n\t\t\t\tpulumi.String(\":v1\"),\n\t\t\t},\n\t\t\tAuthor: pulumi.String(\"aqua@aquasec.com\"),\n\t\t\tAutoCleanup: pulumi.Bool(false),\n\t\t\tAutoPull: pulumi.Bool(true),\n\t\t\tAutoPullInterval: pulumi.Int(1),\n\t\t\tAutoPullMax: pulumi.Int(100),\n\t\t\tAutoPullRescan: pulumi.Bool(false),\n\t\t\tAutoPullTime: pulumi.String(\"08:45\"),\n\t\t\tDescription: pulumi.String(\"Automatically discovered registry\"),\n\t\t\tImageCreationDateCondition: pulumi.String(\"image_count\"),\n\t\t\tOptions: aquasec.IntegrationRegistryOptionArray{\n\t\t\t\t\u0026aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"ARNRole\"),\n\t\t\t\t\tValue: pulumi.String(\"arn:aws:iam::111111111111:role/terraform\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"sts:ExternalId\"),\n\t\t\t\t\tValue: pulumi.String(\"test1-test2-test3\"),\n\t\t\t\t},\n\t\t\t\t\u0026aquasec.IntegrationRegistryOptionArgs{\n\t\t\t\t\tOption: pulumi.String(\"TestImagePull\"),\n\t\t\t\t\tValue: pulumi.String(\"nginx:latest\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"111111111111.dkr.ecr.us-east-1.amazonaws.com\"),\n\t\t\t},\n\t\t\tPullImageAge: pulumi.String(\"0D\"),\n\t\t\tPullImageCount: pulumi.Int(3),\n\t\t\tPullImageTagPatterns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":Latest\"),\n\t\t\t\tpulumi.String(\":latest\"),\n\t\t\t},\n\t\t\tPullRepoPatternsExcludeds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\":xyz\"),\n\t\t\t\tpulumi.String(\":onlytest\"),\n\t\t\t},\n\t\t\tScannerNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"aqua-scanner-645f867c4f-4sbtj\"),\n\t\t\t\tpulumi.String(\"aqua-scanner-645f867c4f-8pkdd\"),\n\t\t\t},\n\t\t\tScannerType: pulumi.String(\"specific\"),\n\t\t\tType: pulumi.String(\"AWS\"),\n\t\t\tUrl: pulumi.String(\"us-east-1\"),\n\t\t\tUsername: pulumi.String(\"\"),\n\t\t\tWebhooks: aquasec.IntegrationRegistryWebhookArray{\n\t\t\t\t\u0026aquasec.IntegrationRegistryWebhookArgs{\n\t\t\t\t\tAuthToken: pulumi.String(\"test1-test2-test3\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tUnQuarantine: pulumi.Bool(false),\n\t\t\t\t\tUrl: pulumi.String(\"https://aquasec.com/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.IntegrationRegistry;\nimport com.pulumi.aquasec.IntegrationRegistryArgs;\nimport com.pulumi.aquasec.inputs.IntegrationRegistryOptionArgs;\nimport com.pulumi.aquasec.inputs.IntegrationRegistryWebhookArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var integrationRegistry = new IntegrationRegistry(\"integrationRegistry\", IntegrationRegistryArgs.builder() \n .advancedSettingsCleanup(false)\n .alwaysPullPatterns( \n \":latest\",\n \":v1\")\n .author(\"aqua@aquasec.com\")\n .autoCleanup(false)\n .autoPull(true)\n .autoPullInterval(1)\n .autoPullMax(100)\n .autoPullRescan(false)\n .autoPullTime(\"08:45\")\n .description(\"Automatically discovered registry\")\n .imageCreationDateCondition(\"image_count\")\n .options( \n IntegrationRegistryOptionArgs.builder()\n .option(\"ARNRole\")\n .value(\"arn:aws:iam::111111111111:role/terraform\")\n .build(),\n IntegrationRegistryOptionArgs.builder()\n .option(\"sts:ExternalId\")\n .value(\"test1-test2-test3\")\n .build(),\n IntegrationRegistryOptionArgs.builder()\n .option(\"TestImagePull\")\n .value(\"nginx:latest\")\n .build())\n .prefixes(\"111111111111.dkr.ecr.us-east-1.amazonaws.com\")\n .pullImageAge(\"0D\")\n .pullImageCount(3)\n .pullImageTagPatterns( \n \":Latest\",\n \":latest\")\n .pullRepoPatternsExcludeds( \n \":xyz\",\n \":onlytest\")\n .scannerNames( \n \"aqua-scanner-645f867c4f-4sbtj\",\n \"aqua-scanner-645f867c4f-8pkdd\")\n .scannerType(\"specific\")\n .type(\"AWS\")\n .url(\"us-east-1\")\n .username(\"\")\n .webhooks(IntegrationRegistryWebhookArgs.builder()\n .authToken(\"test1-test2-test3\")\n .enabled(true)\n .unQuarantine(false)\n .url(\"https://aquasec.com/\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n integrationRegistry:\n type: aquasec:IntegrationRegistry\n properties:\n advancedSettingsCleanup: false\n alwaysPullPatterns:\n - :latest\n - :v1\n author: aqua@aquasec.com\n autoCleanup: false\n autoPull: true\n autoPullInterval: 1\n autoPullMax: 100\n autoPullRescan: false\n autoPullTime: 08:45\n description: Automatically discovered registry\n imageCreationDateCondition: image_count\n options:\n - option: ARNRole\n value: arn:aws:iam::111111111111:role/terraform\n - option: sts:ExternalId\n value: test1-test2-test3\n - option: TestImagePull\n value: nginx:latest\n prefixes:\n - 111111111111.dkr.ecr.us-east-1.amazonaws.com\n pullImageAge: 0D\n pullImageCount: 3\n pullImageTagPatterns:\n - :Latest\n - :latest\n pullRepoPatternsExcludeds:\n - :xyz\n - :onlytest\n scannerNames:\n - aqua-scanner-645f867c4f-4sbtj\n - aqua-scanner-645f867c4f-8pkdd\n scannerType: specific\n type: AWS\n url: us-east-1\n username:\n webhooks:\n - authToken: test1-test2-test3\n enabled: true\n unQuarantine: false\n url: https://aquasec.com/\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "advancedSettingsCleanup": { + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" + }, + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { "type": "boolean", - "description": "Automatically clean up that don't match the pull criteria\n" + "description": "Is the control enabled?\n" }, - "alwaysPullPatterns": { + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" - }, - "description": "List of image patterns to pull always\n" + } }, - "author": { - "type": "string", - "description": "The username of the user who created or last modified the registry\n" + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "autoCleanup": { + "failCicd": { "type": "boolean", - "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" + "description": "Indicates if cicd failures will fail the image.\n" }, - "autoPull": { - "type": "boolean", - "description": "Whether to automatically pull images from the registry on creation and daily\n" + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" + } }, - "autoPullInterval": { - "type": "integer", - "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" + "forbiddenLabelsEnabled": { + "type": "boolean" }, - "autoPullMax": { - "type": "integer", - "description": "Maximum number of repositories to pull every day, defaults to 100\n" + "forceMicroenforcer": { + "type": "boolean" }, - "autoPullRescan": { - "type": "boolean", - "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" + "functionIntegrityEnabled": { + "type": "boolean" }, - "autoPullTime": { - "type": "string", - "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" + "ignoreBaseImageVln": { + "type": "boolean" }, - "description": { - "type": "string", - "description": "The description of the registry\n" + "ignoreRecentlyPublishedVln": { + "type": "boolean" }, - "imageCreationDateCondition": { - "type": "string", - "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" }, - "lastupdate": { - "type": "integer", - "description": "The last time the registry was modified in UNIX time\n" + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" }, - "name": { - "type": "string", - "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n" + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ignored risk resources.\n" }, - "options": { + "ignoredSensitiveResources": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption" + "type": "string" } }, - "password": { - "type": "string", - "description": "The password for registry authentication\n" - }, - "prefixes": { + "images": { "type": "array", "items": { "type": "string" }, - "description": "List of possible prefixes to image names pulled from the registry\n" + "description": "List of images.\n" }, - "pullImageAge": { - "type": "string", - "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, - "pullImageCount": { - "type": "integer", - "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl" + }, + "description": "List of Kubernetes controls.\n" }, - "pullImageTagPatterns": { + "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" - }, - "description": "List of image tags patterns to pull\n" + } }, - "pullRepoPatternsExcludeds": { + "kubernetesControlsNames": { "type": "array", "items": { "type": "string" }, - "description": "List of image patterns to exclude\n" - }, - "registryScanTimeout": { - "type": "integer", - "description": "Registry scan timeout in Minutes\n" + "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID \u003c= 10000', 'Runs with UID \u003c= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" }, - "scannerNames": { + "labels": { "type": "array", "items": { "type": "string" }, - "description": "List of scanner names\n" + "description": "List of labels.\n" }, - "scannerType": { - "type": "string", - "description": "The Scanner type\n" + "lastupdate": { + "type": "string" }, - "type": { - "type": "string", - "description": "Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR).\n" + "linuxCisEnabled": { + "type": "boolean" }, - "url": { - "type": "string", - "description": "The URL, address or region of the registry\n" + "malwareAction": { + "type": "string" }, - "username": { - "type": "string", - "description": "The username for registry authentication.\n" + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" }, - "webhooks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook" - }, - "description": "When enabled, registry events are sent to the given Aqua webhook url\n" - } - }, - "required": [ - "author", - "imageCreationDateCondition", - "lastupdate", - "name", - "prefixes", - "pullImageAge", - "pullImageCount", - "scannerType", - "type", - "url", - "webhooks" - ], - "inputProperties": { - "advancedSettingsCleanup": { + "maximumScoreEnabled": { "type": "boolean", - "description": "Automatically clean up that don't match the pull criteria\n" + "description": "Indicates if exceeding the maximum score is scanned.\n" }, - "alwaysPullPatterns": { + "maximumScoreExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + }, + "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" - }, - "description": "List of image patterns to pull always\n" + } }, - "author": { + "name": { "type": "string", - "description": "The username of the user who created or last modified the registry\n" + "willReplaceOnChanges": true }, - "autoCleanup": { + "onlyNoneRootUsers": { "type": "boolean", - "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "autoPull": { - "type": "boolean", - "description": "Whether to automatically pull images from the registry on creation and daily\n" + "openshiftHardeningEnabled": { + "type": "boolean" }, - "autoPullInterval": { - "type": "integer", - "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" }, - "autoPullMax": { - "type": "integer", - "description": "Maximum number of repositories to pull every day, defaults to 100\n" + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" }, - "autoPullRescan": { + "packagesWhiteListEnabled": { "type": "boolean", - "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" + "description": "Indicates if packages whitelist is relevant.\n" }, - "autoPullTime": { - "type": "string", - "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" }, - "description": { - "type": "string", - "description": "The description of the registry\n" + "partialResultsImageFail": { + "type": "boolean" }, - "imageCreationDateCondition": { - "type": "string", - "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" + "permission": { + "type": "string" }, - "lastupdate": { - "type": "integer", - "description": "The last time the registry was modified in UNIX time\n" + "policySettings": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings" }, - "name": { - "type": "string", - "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", - "willReplaceOnChanges": true + "readOnly": { + "type": "boolean" }, - "options": { + "registries": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption" + "type": "string" + }, + "description": "List of registries.\n" + }, + "registry": { + "type": "string" + }, + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" } }, - "password": { - "type": "string", - "description": "The password for registry authentication\n" + "requiredLabelsEnabled": { + "type": "boolean" + }, + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" }, - "prefixes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of possible prefixes to image names pulled from the registry\n" + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" }, - "pullImageAge": { - "type": "string", - "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" + "scanWindowsRegistry": { + "type": "boolean" }, - "pullImageCount": { - "type": "integer", - "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" }, - "pullImageTagPatterns": { + "scapFiles": { "type": "array", "items": { "type": "string" }, - "description": "List of image tags patterns to pull\n" + "description": "List of SCAP user scripts for checks.\n" }, - "pullRepoPatternsExcludeds": { + "scopes": { "type": "array", "items": { - "type": "string" - }, - "description": "List of image patterns to exclude\n" - }, - "registryScanTimeout": { - "type": "integer", - "description": "Registry scan timeout in Minutes\n" + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" + } }, - "scannerNames": { + "trustedBaseImages": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" }, - "description": "List of scanner names\n" - }, - "scannerType": { - "type": "string", - "description": "The Scanner type\n" + "description": "List of trusted images.\n" }, - "type": { - "type": "string", - "description": "Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR).\n" + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" }, - "url": { - "type": "string", - "description": "The URL, address or region of the registry\n" + "vulnerabilityExploitability": { + "type": "boolean" }, - "username": { - "type": "string", - "description": "The username for registry authentication.\n" + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } }, - "webhooks": { + "whitelistedLicenses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook" + "type": "string" + }, + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + } + }, + "requiredInputs": [ + "applicationScopes" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering KubernetesAssurancePolicy resources.\n", + "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" + }, + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CVEs blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" + }, + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" + }, + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" + }, + "domain": { + "type": "string", + "description": "Name of the container image.\n" + }, + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean", + "description": "Is the control enabled?\n" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "failCicd": { + "type": "boolean", + "description": "Indicates if cicd failures will fail the image.\n" + }, + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" + } }, - "description": "When enabled, registry events are sent to the given Aqua webhook url\n" - } - }, - "requiredInputs": [ - "type" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering IntegrationRegistry resources.\n", - "properties": { - "advancedSettingsCleanup": { + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { "type": "boolean", - "description": "Automatically clean up that don't match the pull criteria\n" + "description": "Indicates if risk resources are ignored.\n" }, - "alwaysPullPatterns": { + "ignoredRiskResources": { "type": "array", "items": { "type": "string" }, - "description": "List of image patterns to pull always\n" + "description": "List of ignored risk resources.\n" }, - "author": { - "type": "string", - "description": "The username of the user who created or last modified the registry\n" + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } }, - "autoCleanup": { - "type": "boolean", - "description": "Automatically clean up images and repositories which are no longer present in the registry from Aqua console\n" + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" }, - "autoPull": { + "kubeCisEnabled": { "type": "boolean", - "description": "Whether to automatically pull images from the registry on creation and daily\n" + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, - "autoPullInterval": { - "type": "integer", - "description": "The interval in days to start pulling new images from the registry, Defaults to 1\n" + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyKubernetesControl:KubernetesAssurancePolicyKubernetesControl" + }, + "description": "List of Kubernetes controls.\n" }, - "autoPullMax": { - "type": "integer", - "description": "Maximum number of repositories to pull every day, defaults to 100\n" + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } }, - "autoPullRescan": { - "type": "boolean", - "description": "Whether to automatically pull and rescan images from the registry on creation and daily\n" + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID \u003c= 10000', 'Runs with UID \u003c= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" }, - "autoPullTime": { - "type": "string", - "description": "The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00\n" + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of labels.\n" }, - "description": { - "type": "string", - "description": "The description of the registry\n" + "lastupdate": { + "type": "string" }, - "imageCreationDateCondition": { - "type": "string", - "description": "Additional condition for pulling and rescanning images, Defaults to 'none'\n" + "linuxCisEnabled": { + "type": "boolean" }, - "lastupdate": { - "type": "integer", - "description": "The last time the registry was modified in UNIX time\n" + "malwareAction": { + "type": "string" + }, + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } }, "name": { "type": "string", - "description": "The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces\n", "willReplaceOnChanges": true }, - "options": { + "onlyNoneRootUsers": { + "type": "boolean", + "description": "Indicates if raise a warning for images that should only be run as root.\n" + }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" + }, + "packagesBlackLists": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/IntegrationRegistryOption:IntegrationRegistryOption" - } + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" }, - "password": { - "type": "string", - "description": "The password for registry authentication\n" + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" }, - "prefixes": { + "packagesWhiteLists": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" }, - "description": "List of possible prefixes to image names pulled from the registry\n" + "description": "List of whitelisted images.\n" }, - "pullImageAge": { - "type": "string", - "description": "When auto pull image enabled, sets maximum age of auto pulled images (for example for 5 Days the value should be: 5D), Requires `image_creation_date_condition = \"image_age\"`\n" + "partialResultsImageFail": { + "type": "boolean" }, - "pullImageCount": { - "type": "integer", - "description": "When auto pull image enabled, sets maximum age of auto pulled images tags from each repository (based on image creation date) Requires `image_creation_date_condition = \"image_count\"`\n" + "permission": { + "type": "string" }, - "pullImageTagPatterns": { + "policySettings": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPolicySettings:KubernetesAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { "type": "array", "items": { "type": "string" }, - "description": "List of image tags patterns to pull\n" + "description": "List of registries.\n" }, - "pullRepoPatternsExcludeds": { + "registry": { + "type": "string" + }, + "requiredLabels": { "type": "array", "items": { - "type": "string" - }, - "description": "List of image patterns to exclude\n" + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" + } }, - "registryScanTimeout": { - "type": "integer", - "description": "Registry scan timeout in Minutes\n" + "requiredLabelsEnabled": { + "type": "boolean" }, - "scannerNames": { + "scanMalwareInArchives": { + "type": "boolean" + }, + "scanNfsMounts": { + "type": "boolean" + }, + "scanProcessMemory": { + "type": "boolean" + }, + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" + }, + "scanWindowsRegistry": { + "type": "boolean" + }, + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { "type": "array", "items": { "type": "string" }, - "description": "List of scanner names\n" + "description": "List of SCAP user scripts for checks.\n" }, - "scannerType": { - "type": "string", - "description": "The Scanner type\n" + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" + } }, - "type": { - "type": "string", - "description": "Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR).\n" + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" }, - "url": { - "type": "string", - "description": "The URL, address or region of the registry\n" + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" }, - "username": { - "type": "string", - "description": "The username for registry authentication.\n" + "vulnerabilityExploitability": { + "type": "boolean" }, - "webhooks": { + "vulnerabilityScoreRanges": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/IntegrationRegistryWebhook:IntegrationRegistryWebhook" - }, - "description": "When enabled, registry events are sent to the given Aqua webhook url\n" - } - }, - "type": "object" - } - }, - "aquasec:index/kubernetesAssurancePolicy:KubernetesAssurancePolicy": { - "properties": { - "allowedImages": { - "type": "array", - "items": { - "type": "string" + "type": "integer" + } }, - "description": "List of explicitly allowed images.\n" - }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" } }, - "auditOnFailure": { - "type": "boolean", - "description": "Indicates if auditing for failures.\n" - }, + "type": "object" + } + }, + "aquasec:index/notification:Notification": { + "description": "Provides a Aquasec Notification resource. This can be used to create and manage Aquasec Notification resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst teams = new aquasec.Notification(\"teams\", {\n properties: {\n url: \"\u003cTEAMS-URL\u003e\",\n },\n type: \"teams\",\n});\nconst slack = new aquasec.Notification(\"slack\", {\n properties: {\n url: \"\u003cSLACK-URL\u003e\",\n },\n type: \"slack\",\n});\nconst webhook = new aquasec.Notification(\"webhook\", {\n properties: {\n url: \"\u003cWEBHOOK-URL\u003e\",\n },\n type: \"webhook\",\n});\nconst servicenow = new aquasec.Notification(\"servicenow\", {\n properties: {\n board_name: \"\",\n instance_name: \"\",\n password: \"\u003cPASSWORD\u003e\",\n url: \"\u003cSERVICENOW-URL\u003e\",\n user: \"\u003cUSERNAME\u003e\",\n },\n type: \"serviceNow\",\n});\nconst jiraWithToken = new aquasec.Notification(\"jiraWithToken\", {\n properties: {\n definition_of_done: \"Done\",\n project_key: \"\u003cJIRA_PROJECT_KEY\u003e\",\n summary: \"SOME_TEXT\",\n token: \"\u003cJIRA-TOKEN\u003e\",\n url: \"\u003cJIRA-URL\u003e\",\n },\n type: \"jira\",\n});\nconst jiraWithCreds = new aquasec.Notification(\"jiraWithCreds\", {\n properties: {\n password: \"\u003cJIRA_PASSWORD\u003e\",\n project_key: \"\u003cJIRA_PROJECT_KEY\u003e\",\n summary: \"SOME_TEXT\",\n url: \"\u003cJIRA-URL\u003e\",\n user: \"\u003cJIRA_USERNAME\u003e\",\n },\n type: \"jira\",\n});\nconst emailWithCreds = new aquasec.Notification(\"emailWithCreds\", {\n properties: {\n host: \"\u003cEMAIL_HOST\u003e\",\n password: \"\u003cEMAIL_PASSWORD\u003e\",\n port: \"\u003cEMAIL_PORT\u003e\",\n recipients: \"\u003cRECIPIENTS\u003e\",\n sender: \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n user: \"\u003cEMAIL_USERNAME\u003e\",\n },\n type: \"email\",\n});\nconst emailWithMx = new aquasec.Notification(\"emailWithMx\", {\n properties: {\n port: \"\u003cEMAIL_PORT\u003e\",\n recipients: \"\u003cRECIPIENTS\u003e\",\n sender: \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n use_mx: \"true\",\n },\n type: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nteams = aquasec.Notification(\"teams\",\n properties={\n \"url\": \"\u003cTEAMS-URL\u003e\",\n },\n type=\"teams\")\nslack = aquasec.Notification(\"slack\",\n properties={\n \"url\": \"\u003cSLACK-URL\u003e\",\n },\n type=\"slack\")\nwebhook = aquasec.Notification(\"webhook\",\n properties={\n \"url\": \"\u003cWEBHOOK-URL\u003e\",\n },\n type=\"webhook\")\nservicenow = aquasec.Notification(\"servicenow\",\n properties={\n \"board_name\": \"\",\n \"instance_name\": \"\",\n \"password\": \"\u003cPASSWORD\u003e\",\n \"url\": \"\u003cSERVICENOW-URL\u003e\",\n \"user\": \"\u003cUSERNAME\u003e\",\n },\n type=\"serviceNow\")\njira_with_token = aquasec.Notification(\"jiraWithToken\",\n properties={\n \"definition_of_done\": \"Done\",\n \"project_key\": \"\u003cJIRA_PROJECT_KEY\u003e\",\n \"summary\": \"SOME_TEXT\",\n \"token\": \"\u003cJIRA-TOKEN\u003e\",\n \"url\": \"\u003cJIRA-URL\u003e\",\n },\n type=\"jira\")\njira_with_creds = aquasec.Notification(\"jiraWithCreds\",\n properties={\n \"password\": \"\u003cJIRA_PASSWORD\u003e\",\n \"project_key\": \"\u003cJIRA_PROJECT_KEY\u003e\",\n \"summary\": \"SOME_TEXT\",\n \"url\": \"\u003cJIRA-URL\u003e\",\n \"user\": \"\u003cJIRA_USERNAME\u003e\",\n },\n type=\"jira\")\nemail_with_creds = aquasec.Notification(\"emailWithCreds\",\n properties={\n \"host\": \"\u003cEMAIL_HOST\u003e\",\n \"password\": \"\u003cEMAIL_PASSWORD\u003e\",\n \"port\": \"\u003cEMAIL_PORT\u003e\",\n \"recipients\": \"\u003cRECIPIENTS\u003e\",\n \"sender\": \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n \"user\": \"\u003cEMAIL_USERNAME\u003e\",\n },\n type=\"email\")\nemail_with_mx = aquasec.Notification(\"emailWithMx\",\n properties={\n \"port\": \"\u003cEMAIL_PORT\u003e\",\n \"recipients\": \"\u003cRECIPIENTS\u003e\",\n \"sender\": \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n \"use_mx\": \"true\",\n },\n type=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var teams = new Aquasec.Notification(\"teams\", new()\n {\n Properties = \n {\n { \"url\", \"\u003cTEAMS-URL\u003e\" },\n },\n Type = \"teams\",\n });\n\n var slack = new Aquasec.Notification(\"slack\", new()\n {\n Properties = \n {\n { \"url\", \"\u003cSLACK-URL\u003e\" },\n },\n Type = \"slack\",\n });\n\n var webhook = new Aquasec.Notification(\"webhook\", new()\n {\n Properties = \n {\n { \"url\", \"\u003cWEBHOOK-URL\u003e\" },\n },\n Type = \"webhook\",\n });\n\n var servicenow = new Aquasec.Notification(\"servicenow\", new()\n {\n Properties = \n {\n { \"board_name\", \"\" },\n { \"instance_name\", \"\" },\n { \"password\", \"\u003cPASSWORD\u003e\" },\n { \"url\", \"\u003cSERVICENOW-URL\u003e\" },\n { \"user\", \"\u003cUSERNAME\u003e\" },\n },\n Type = \"serviceNow\",\n });\n\n var jiraWithToken = new Aquasec.Notification(\"jiraWithToken\", new()\n {\n Properties = \n {\n { \"definition_of_done\", \"Done\" },\n { \"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\" },\n { \"summary\", \"SOME_TEXT\" },\n { \"token\", \"\u003cJIRA-TOKEN\u003e\" },\n { \"url\", \"\u003cJIRA-URL\u003e\" },\n },\n Type = \"jira\",\n });\n\n var jiraWithCreds = new Aquasec.Notification(\"jiraWithCreds\", new()\n {\n Properties = \n {\n { \"password\", \"\u003cJIRA_PASSWORD\u003e\" },\n { \"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\" },\n { \"summary\", \"SOME_TEXT\" },\n { \"url\", \"\u003cJIRA-URL\u003e\" },\n { \"user\", \"\u003cJIRA_USERNAME\u003e\" },\n },\n Type = \"jira\",\n });\n\n var emailWithCreds = new Aquasec.Notification(\"emailWithCreds\", new()\n {\n Properties = \n {\n { \"host\", \"\u003cEMAIL_HOST\u003e\" },\n { \"password\", \"\u003cEMAIL_PASSWORD\u003e\" },\n { \"port\", \"\u003cEMAIL_PORT\u003e\" },\n { \"recipients\", \"\u003cRECIPIENTS\u003e\" },\n { \"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\" },\n { \"user\", \"\u003cEMAIL_USERNAME\u003e\" },\n },\n Type = \"email\",\n });\n\n var emailWithMx = new Aquasec.Notification(\"emailWithMx\", new()\n {\n Properties = \n {\n { \"port\", \"\u003cEMAIL_PORT\u003e\" },\n { \"recipients\", \"\u003cRECIPIENTS\u003e\" },\n { \"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\" },\n { \"use_mx\", \"true\" },\n },\n Type = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewNotification(ctx, \"teams\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\u003cTEAMS-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"teams\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"slack\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\u003cSLACK-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"slack\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"webhook\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\u003cWEBHOOK-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"webhook\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"servicenow\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"board_name\": pulumi.String(\"\"),\n\t\t\t\t\"instance_name\": pulumi.String(\"\"),\n\t\t\t\t\"password\": pulumi.String(\"\u003cPASSWORD\u003e\"),\n\t\t\t\t\"url\": pulumi.String(\"\u003cSERVICENOW-URL\u003e\"),\n\t\t\t\t\"user\": pulumi.String(\"\u003cUSERNAME\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"serviceNow\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"jiraWithToken\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"definition_of_done\": pulumi.String(\"Done\"),\n\t\t\t\t\"project_key\": pulumi.String(\"\u003cJIRA_PROJECT_KEY\u003e\"),\n\t\t\t\t\"summary\": pulumi.String(\"SOME_TEXT\"),\n\t\t\t\t\"token\": pulumi.String(\"\u003cJIRA-TOKEN\u003e\"),\n\t\t\t\t\"url\": pulumi.String(\"\u003cJIRA-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"jira\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"jiraWithCreds\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"password\": pulumi.String(\"\u003cJIRA_PASSWORD\u003e\"),\n\t\t\t\t\"project_key\": pulumi.String(\"\u003cJIRA_PROJECT_KEY\u003e\"),\n\t\t\t\t\"summary\": pulumi.String(\"SOME_TEXT\"),\n\t\t\t\t\"url\": pulumi.String(\"\u003cJIRA-URL\u003e\"),\n\t\t\t\t\"user\": pulumi.String(\"\u003cJIRA_USERNAME\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"jira\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"emailWithCreds\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"host\": pulumi.String(\"\u003cEMAIL_HOST\u003e\"),\n\t\t\t\t\"password\": pulumi.String(\"\u003cEMAIL_PASSWORD\u003e\"),\n\t\t\t\t\"port\": pulumi.String(\"\u003cEMAIL_PORT\u003e\"),\n\t\t\t\t\"recipients\": pulumi.String(\"\u003cRECIPIENTS\u003e\"),\n\t\t\t\t\"sender\": pulumi.String(\"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n\t\t\t\t\"user\": pulumi.String(\"\u003cEMAIL_USERNAME\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"emailWithMx\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"port\": pulumi.String(\"\u003cEMAIL_PORT\u003e\"),\n\t\t\t\t\"recipients\": pulumi.String(\"\u003cRECIPIENTS\u003e\"),\n\t\t\t\t\"sender\": pulumi.String(\"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n\t\t\t\t\"use_mx\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Notification;\nimport com.pulumi.aquasec.NotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var teams = new Notification(\"teams\", NotificationArgs.builder() \n .properties(Map.of(\"url\", \"\u003cTEAMS-URL\u003e\"))\n .type(\"teams\")\n .build());\n\n var slack = new Notification(\"slack\", NotificationArgs.builder() \n .properties(Map.of(\"url\", \"\u003cSLACK-URL\u003e\"))\n .type(\"slack\")\n .build());\n\n var webhook = new Notification(\"webhook\", NotificationArgs.builder() \n .properties(Map.of(\"url\", \"\u003cWEBHOOK-URL\u003e\"))\n .type(\"webhook\")\n .build());\n\n var servicenow = new Notification(\"servicenow\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"board_name\", \"\"),\n Map.entry(\"instance_name\", \"\"),\n Map.entry(\"password\", \"\u003cPASSWORD\u003e\"),\n Map.entry(\"url\", \"\u003cSERVICENOW-URL\u003e\"),\n Map.entry(\"user\", \"\u003cUSERNAME\u003e\")\n ))\n .type(\"serviceNow\")\n .build());\n\n var jiraWithToken = new Notification(\"jiraWithToken\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"definition_of_done\", \"Done\"),\n Map.entry(\"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\"),\n Map.entry(\"summary\", \"SOME_TEXT\"),\n Map.entry(\"token\", \"\u003cJIRA-TOKEN\u003e\"),\n Map.entry(\"url\", \"\u003cJIRA-URL\u003e\")\n ))\n .type(\"jira\")\n .build());\n\n var jiraWithCreds = new Notification(\"jiraWithCreds\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"password\", \"\u003cJIRA_PASSWORD\u003e\"),\n Map.entry(\"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\"),\n Map.entry(\"summary\", \"SOME_TEXT\"),\n Map.entry(\"url\", \"\u003cJIRA-URL\u003e\"),\n Map.entry(\"user\", \"\u003cJIRA_USERNAME\u003e\")\n ))\n .type(\"jira\")\n .build());\n\n var emailWithCreds = new Notification(\"emailWithCreds\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"host\", \"\u003cEMAIL_HOST\u003e\"),\n Map.entry(\"password\", \"\u003cEMAIL_PASSWORD\u003e\"),\n Map.entry(\"port\", \"\u003cEMAIL_PORT\u003e\"),\n Map.entry(\"recipients\", \"\u003cRECIPIENTS\u003e\"),\n Map.entry(\"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n Map.entry(\"user\", \"\u003cEMAIL_USERNAME\u003e\")\n ))\n .type(\"email\")\n .build());\n\n var emailWithMx = new Notification(\"emailWithMx\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"port\", \"\u003cEMAIL_PORT\u003e\"),\n Map.entry(\"recipients\", \"\u003cRECIPIENTS\u003e\"),\n Map.entry(\"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n Map.entry(\"use_mx\", true)\n ))\n .type(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n teams:\n type: aquasec:Notification\n properties:\n properties:\n url: \u003cTEAMS-URL\u003e\n type: teams\n slack:\n type: aquasec:Notification\n properties:\n properties:\n url: \u003cSLACK-URL\u003e\n type: slack\n webhook:\n type: aquasec:Notification\n properties:\n properties:\n url: \u003cWEBHOOK-URL\u003e\n type: webhook\n servicenow:\n type: aquasec:Notification\n properties:\n properties:\n board_name:\n instance_name:\n password: \u003cPASSWORD\u003e\n url: \u003cSERVICENOW-URL\u003e\n user: \u003cUSERNAME\u003e\n type: serviceNow\n jiraWithToken:\n type: aquasec:Notification\n properties:\n properties:\n definition_of_done: Done\n project_key: \u003cJIRA_PROJECT_KEY\u003e\n summary: SOME_TEXT\n token: \u003cJIRA-TOKEN\u003e\n url: \u003cJIRA-URL\u003e\n type: jira\n jiraWithCreds:\n type: aquasec:Notification\n properties:\n properties:\n password: \u003cJIRA_PASSWORD\u003e\n project_key: \u003cJIRA_PROJECT_KEY\u003e\n summary: SOME_TEXT\n url: \u003cJIRA-URL\u003e\n user: \u003cJIRA_USERNAME\u003e\n type: jira\n emailWithCreds:\n type: aquasec:Notification\n properties:\n properties:\n host: \u003cEMAIL_HOST\u003e\n password: \u003cEMAIL_PASSWORD\u003e\n port: \u003cEMAIL_PORT\u003e\n recipients: \u003cRECIPIENTS\u003e\n sender: \u003cSENDER_EMAIL_ADDRESS\u003e\n user: \u003cEMAIL_USERNAME\u003e\n type: email\n emailWithMx:\n type: aquasec:Notification\n properties:\n properties:\n port: \u003cEMAIL_PORT\u003e\n recipients: \u003cRECIPIENTS\u003e\n sender: \u003cSENDER_EMAIL_ADDRESS\u003e\n use_mx: true\n type: email\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { "author": { "type": "string", - "description": "Name of user account that created the policy.\n" - }, - "autoScanConfigured": { - "type": "boolean" - }, - "autoScanEnabled": { - "type": "boolean" - }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" - } + "description": "The user that created the notification\n" }, - "blacklistPermissions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of function's forbidden permissions.\n" + "lastUpdated": { + "type": "string", + "description": "Notification last update time\n" }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" + "name": { + "type": "string", + "description": "Notification name\n" }, - "blacklistedLicenses": { - "type": "array", - "items": { + "properties": { + "type": "object", + "additionalProperties": { "type": "string" }, - "description": "List of blacklisted licenses.\n" - }, - "blacklistedLicensesEnabled": { - "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" - }, - "blockFailed": { - "type": "boolean", - "description": "Indicates if failed images are blocked.\n" - }, - "controlExcludeNoFix": { - "type": "boolean" - }, - "customChecks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" - }, - "description": "List of Custom user scripts for checks.\n" - }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" - }, - "customSeverityEnabled": { - "type": "boolean" - }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Notification properties, please check the examples for setting it\n" }, - "cvesBlackLists": { - "type": "array", - "items": { + "template": { + "type": "object", + "additionalProperties": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "Notification Template\n" }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "type": { + "type": "string", + "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" + } + }, + "required": [ + "author", + "lastUpdated", + "name", + "properties", + "template", + "type" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "Notification name\n" }, - "cvesWhiteLists": { - "type": "array", - "items": { + "properties": { + "type": "object", + "additionalProperties": { "type": "string" }, - "description": "List of cves whitelisted licenses\n" + "description": "Notification properties, please check the examples for setting it\n" }, - "cvssSeverity": { + "type": { "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" - }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" + } + }, + "requiredInputs": [ + "properties", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Notification resources.\n", + "properties": { + "author": { + "type": "string", + "description": "The user that created the notification\n" + }, + "lastUpdated": { + "type": "string", + "description": "Notification last update time\n" + }, + "name": { + "type": "string", + "description": "Notification name\n" + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Notification properties, please check the examples for setting it\n" + }, + "template": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Notification Template\n" + }, + "type": { + "type": "string", + "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" + } }, - "description": { + "type": "object" + } + }, + "aquasec:index/notificationSlack:NotificationSlack": { + "description": "Provides an Aquasec Notification Slack resource\n\n\u003e **Note about resource deprecation**\nResource aquasec.NotificationSlack is deprecated, please use aquasec.Notification instead\n", + "properties": { + "channel": { "type": "string" }, - "disallowMalware": { - "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { + "enabled": { "type": "boolean" }, - "domain": { - "type": "string", - "description": "Name of the container image.\n" + "icon": { + "type": "string" }, - "domainName": { + "mainText": { "type": "string" }, - "dtaEnabled": { - "type": "boolean" + "name": { + "type": "string" }, - "dtaSeverity": { + "serviceKey": { "type": "string" }, - "enabled": { - "type": "boolean" + "type": { + "type": "string" }, - "enforce": { - "type": "boolean" + "userName": { + "type": "string" }, - "enforceAfterDays": { - "type": "integer" + "webhookUrl": { + "type": "string" + } + }, + "required": [ + "channel", + "enabled", + "name", + "type", + "userName", + "webhookUrl" + ], + "inputProperties": { + "channel": { + "type": "string" }, - "enforceExcessivePermissions": { + "enabled": { "type": "boolean" }, - "exceptionalMonitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" - } - }, - "forbiddenLabelsEnabled": { - "type": "boolean" + "icon": { + "type": "string" }, - "forceMicroenforcer": { - "type": "boolean" + "mainText": { + "type": "string" }, - "functionIntegrityEnabled": { - "type": "boolean" + "name": { + "type": "string" }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" + "serviceKey": { + "type": "string" }, - "ignoreRecentlyPublishedVlnPeriod": { - "type": "integer" + "type": { + "type": "string" }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" + "userName": { + "type": "string" }, - "ignoredRiskResources": { - "type": "array", - "items": { + "webhookUrl": { + "type": "string" + } + }, + "requiredInputs": [ + "channel", + "enabled", + "type", + "userName", + "webhookUrl" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NotificationSlack resources.\n", + "properties": { + "channel": { "type": "string" }, - "description": "List of ignored risk resources.\n" - }, - "images": { - "type": "array", - "items": { + "enabled": { + "type": "boolean" + }, + "icon": { "type": "string" }, - "description": "List of images.\n" - }, - "kubeCisEnabled": { - "type": "boolean" - }, - "kubernetesControlsNames": { - "type": "array", - "items": { + "mainText": { "type": "string" }, - "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID \u003c= 10000', 'Runs with UID \u003c= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" + "name": { + "type": "string" + }, + "serviceKey": { + "type": "string" + }, + "type": { + "type": "string" + }, + "userName": { + "type": "string" + }, + "webhookUrl": { + "type": "string" + } }, - "labels": { + "type": "object" + } + }, + "aquasec:index/permissionsSets:PermissionsSets": { + "description": "The `aquasec.PermissionsSets` resource manages your Permission Set within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst myTerraformPermSet = new aquasec.PermissionsSets(\"myTerraformPermSet\", {\n actions: [\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n ],\n description: \"Test Permissions Sets created by Terraform\",\n isSuper: false,\n uiAccess: true,\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nmy_terraform_perm_set = aquasec.PermissionsSets(\"myTerraformPermSet\",\n actions=[\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n ],\n description=\"Test Permissions Sets created by Terraform\",\n is_super=False,\n ui_access=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myTerraformPermSet = new Aquasec.PermissionsSets(\"myTerraformPermSet\", new()\n {\n Actions = new[]\n {\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n },\n Description = \"Test Permissions Sets created by Terraform\",\n IsSuper = false,\n UiAccess = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewPermissionsSets(ctx, \"myTerraformPermSet\", \u0026aquasec.PermissionsSetsArgs{\n\t\t\tActions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"acl_policies.read\"),\n\t\t\t\tpulumi.String(\"acl_policies.write\"),\n\t\t\t\tpulumi.String(\"image_profiles.read\"),\n\t\t\t\tpulumi.String(\"image_profiles.write\"),\n\t\t\t\tpulumi.String(\"network_policies.read\"),\n\t\t\t\tpulumi.String(\"network_policies.write\"),\n\t\t\t\tpulumi.String(\"runtime_policies.read\"),\n\t\t\t\tpulumi.String(\"runtime_policies.write\"),\n\t\t\t\tpulumi.String(\"response_policies.read\"),\n\t\t\t\tpulumi.String(\"response_policies.write\"),\n\t\t\t\tpulumi.String(\"image_assurance.read\"),\n\t\t\t\tpulumi.String(\"image_assurance.write\"),\n\t\t\t\tpulumi.String(\"dashboard.read\"),\n\t\t\t\tpulumi.String(\"dashboard.write\"),\n\t\t\t\tpulumi.String(\"risk_explorer.read\"),\n\t\t\t\tpulumi.String(\"images.read\"),\n\t\t\t\tpulumi.String(\"images.write\"),\n\t\t\t\tpulumi.String(\"risks.host_images.read\"),\n\t\t\t\tpulumi.String(\"risks.host_images.write\"),\n\t\t\t\tpulumi.String(\"functions.read\"),\n\t\t\t\tpulumi.String(\"functions.write\"),\n\t\t\t\tpulumi.String(\"enforcers.read\"),\n\t\t\t\tpulumi.String(\"enforcers.write\"),\n\t\t\t\tpulumi.String(\"containers.read\"),\n\t\t\t\tpulumi.String(\"services.read\"),\n\t\t\t\tpulumi.String(\"services.write\"),\n\t\t\t\tpulumi.String(\"infrastructure.read\"),\n\t\t\t\tpulumi.String(\"infrastructure.write\"),\n\t\t\t\tpulumi.String(\"risks.vulnerabilities.read\"),\n\t\t\t\tpulumi.String(\"risks.vulnerabilities.write\"),\n\t\t\t\tpulumi.String(\"risks.benchmark.read\"),\n\t\t\t\tpulumi.String(\"risks.benchmark.write\"),\n\t\t\t\tpulumi.String(\"audits.read\"),\n\t\t\t\tpulumi.String(\"secrets.read\"),\n\t\t\t\tpulumi.String(\"secrets.write\"),\n\t\t\t\tpulumi.String(\"settings.read\"),\n\t\t\t\tpulumi.String(\"settings.write\"),\n\t\t\t\tpulumi.String(\"integrations.read\"),\n\t\t\t\tpulumi.String(\"integrations.write\"),\n\t\t\t\tpulumi.String(\"registries_integrations.read\"),\n\t\t\t\tpulumi.String(\"registries_integrations.write\"),\n\t\t\t\tpulumi.String(\"scan.read\"),\n\t\t\t\tpulumi.String(\"gateways.read\"),\n\t\t\t\tpulumi.String(\"gateways.write\"),\n\t\t\t\tpulumi.String(\"consoles.read\"),\n\t\t\t\tpulumi.String(\"web_hook.read\"),\n\t\t\t\tpulumi.String(\"incidents.read\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Test Permissions Sets created by Terraform\"),\n\t\t\tIsSuper: pulumi.Bool(false),\n\t\t\tUiAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.PermissionsSets;\nimport com.pulumi.aquasec.PermissionsSetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTerraformPermSet = new PermissionsSets(\"myTerraformPermSet\", PermissionsSetsArgs.builder() \n .actions( \n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\")\n .description(\"Test Permissions Sets created by Terraform\")\n .isSuper(false)\n .uiAccess(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myTerraformPermSet:\n type: aquasec:PermissionsSets\n properties:\n actions:\n - acl_policies.read\n - acl_policies.write\n - image_profiles.read\n - image_profiles.write\n - network_policies.read\n - network_policies.write\n - runtime_policies.read\n - runtime_policies.write\n - response_policies.read\n - response_policies.write\n - image_assurance.read\n - image_assurance.write\n - dashboard.read\n - dashboard.write\n - risk_explorer.read\n - images.read\n - images.write\n - risks.host_images.read\n - risks.host_images.write\n - functions.read\n - functions.write\n - enforcers.read\n - enforcers.write\n - containers.read\n - services.read\n - services.write\n - infrastructure.read\n - infrastructure.write\n - risks.vulnerabilities.read\n - risks.vulnerabilities.write\n - risks.benchmark.read\n - risks.benchmark.write\n - audits.read\n - secrets.read\n - secrets.write\n - settings.read\n - settings.write\n - integrations.read\n - integrations.write\n - registries_integrations.read\n - registries_integrations.write\n - scan.read\n - gateways.read\n - gateways.write\n - consoles.read\n - web_hook.read\n - incidents.read\n description: Test Permissions Sets created by Terraform\n isSuper: false\n uiAccess: true\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "actions": { "type": "array", "items": { "type": "string" }, - "description": "List of labels.\n" + "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" }, - "malwareAction": { - "type": "string" + "author": { + "type": "string", + "description": "The name of the user who created the Permission Set.\n" }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" + "description": { + "type": "string", + "description": "Free text description for the Permission Set.\n" }, - "maximumScoreEnabled": { + "isSuper": { "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" + "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, - "maximumScoreExcludeNoFix": { + "name": { + "type": "string", + "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" + }, + "uiAccess": { "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" + "description": "Whether to allow UI access for users with this Permission Set.\n" }, - "monitoredMalwarePaths": { + "updatedAt": { + "type": "string", + "description": "The date of the last modification of the Role.\n" + } + }, + "required": [ + "actions", + "author", + "name", + "uiAccess", + "updatedAt" + ], + "inputProperties": { + "actions": { "type": "array", "items": { "type": "string" - } + }, + "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" }, - "name": { - "type": "string" + "description": { + "type": "string", + "description": "Free text description for the Permission Set.\n" }, - "onlyNoneRootUsers": { + "isSuper": { "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" + "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, - "packagesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "name": { + "type": "string", + "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", + "willReplaceOnChanges": true }, - "packagesBlackLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" + "uiAccess": { + "type": "boolean", + "description": "Whether to allow UI access for users with this Permission Set.\n" + } + }, + "requiredInputs": [ + "actions", + "uiAccess" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PermissionsSets resources.\n", + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" + }, + "author": { + "type": "string", + "description": "The name of the user who created the Permission Set.\n" + }, + "description": { + "type": "string", + "description": "Free text description for the Permission Set.\n" + }, + "isSuper": { + "type": "boolean", + "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" + }, + "name": { + "type": "string", + "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", + "willReplaceOnChanges": true + }, + "uiAccess": { + "type": "boolean", + "description": "Whether to allow UI access for users with this Permission Set.\n" }, - "description": "List of backlisted images.\n" + "updatedAt": { + "type": "string", + "description": "The date of the last modification of the Role.\n" + } }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "type": "object" + } + }, + "aquasec:index/role:Role": { + "description": "The `aquasec.Role` resource manages your roles within Aqua.\n\nThe roles created must have permission set and at least one Role Application Scope that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC = new aquasec.Role(\"iaC\", {\n description: \"RoleIaC\",\n permission: \"PermissionIaC\",\n roleName: \"RoleIaC\",\n scopes: [\"Global\"],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c = aquasec.Role(\"iaC\",\n description=\"RoleIaC\",\n permission=\"PermissionIaC\",\n role_name=\"RoleIaC\",\n scopes=[\"Global\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iaC = new Aquasec.Role(\"iaC\", new()\n {\n Description = \"RoleIaC\",\n Permission = \"PermissionIaC\",\n RoleName = \"RoleIaC\",\n Scopes = new[]\n {\n \"Global\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewRole(ctx, \"iaC\", \u0026aquasec.RoleArgs{\n\t\t\tDescription: pulumi.String(\"RoleIaC\"),\n\t\t\tPermission: pulumi.String(\"PermissionIaC\"),\n\t\t\tRoleName: pulumi.String(\"RoleIaC\"),\n\t\t\tScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Global\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Role;\nimport com.pulumi.aquasec.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC = new Role(\"iaC\", RoleArgs.builder() \n .description(\"RoleIaC\")\n .permission(\"PermissionIaC\")\n .roleName(\"RoleIaC\")\n .scopes(\"Global\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC:\n type: aquasec:Role\n properties:\n description: RoleIaC\n permission: PermissionIaC\n roleName: RoleIaC\n scopes:\n - Global\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "author": { + "type": "string", + "description": "The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure.\n" }, - "packagesWhiteLists": { + "description": { + "type": "string", + "description": "Free text description for the role.\n" + }, + "permission": { + "type": "string", + "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" + }, + "roleName": { + "type": "string", + "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" + }, + "scopes": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" + "type": "string" }, - "description": "List of whitelisted images.\n" + "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" }, - "partialResultsImageFail": { - "type": "boolean" + "updatedAt": { + "type": "string", + "description": "The date of the last modification of the role.\n" + } + }, + "required": [ + "author", + "permission", + "roleName", + "scopes", + "updatedAt" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Free text description for the role.\n" }, - "readOnly": { - "type": "boolean" + "permission": { + "type": "string", + "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" }, - "registries": { + "roleName": { + "type": "string", + "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", + "willReplaceOnChanges": true + }, + "scopes": { "type": "array", "items": { "type": "string" }, - "description": "List of registries.\n" + "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" + } + }, + "requiredInputs": [ + "permission", + "roleName", + "scopes" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Role resources.\n", + "properties": { + "author": { + "type": "string", + "description": "The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure.\n" + }, + "description": { + "type": "string", + "description": "Free text description for the role.\n" + }, + "permission": { + "type": "string", + "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" + }, + "roleName": { + "type": "string", + "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", + "willReplaceOnChanges": true + }, + "scopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" + }, + "updatedAt": { + "type": "string", + "description": "The date of the last modification of the role.\n" + } }, - "registry": { - "type": "string" + "type": "object" + } + }, + "aquasec:index/roleMapping:RoleMapping": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst roleMappingRoleMapping = new aquasec.RoleMapping(\"roleMappingRoleMapping\", {saml: {\n roleMapping: {\n Administrator: \"group1\",\n Scanner: \"group2|group3\",\n },\n}});\nexport const roleMapping = roleMappingRoleMapping;\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nrole_mapping_role_mapping = aquasec.RoleMapping(\"roleMappingRoleMapping\", saml=aquasec.RoleMappingSamlArgs(\n role_mapping={\n \"Administrator\": \"group1\",\n \"Scanner\": \"group2|group3\",\n },\n))\npulumi.export(\"roleMapping\", role_mapping_role_mapping)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleMappingRoleMapping = new Aquasec.RoleMapping(\"roleMappingRoleMapping\", new()\n {\n Saml = new Aquasec.Inputs.RoleMappingSamlArgs\n {\n RoleMapping = \n {\n { \"Administrator\", \"group1\" },\n { \"Scanner\", \"group2|group3\" },\n },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"roleMapping\"] = roleMappingRoleMapping,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troleMappingRoleMapping, err := aquasec.NewRoleMapping(ctx, \"roleMappingRoleMapping\", \u0026aquasec.RoleMappingArgs{\n\t\t\tSaml: \u0026aquasec.RoleMappingSamlArgs{\n\t\t\t\tRoleMapping: pulumi.StringMap{\n\t\t\t\t\t\"Administrator\": pulumi.String(\"group1\"),\n\t\t\t\t\t\"Scanner\": pulumi.String(\"group2|group3\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roleMapping\", roleMappingRoleMapping)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.RoleMapping;\nimport com.pulumi.aquasec.RoleMappingArgs;\nimport com.pulumi.aquasec.inputs.RoleMappingSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleMappingRoleMapping = new RoleMapping(\"roleMappingRoleMapping\", RoleMappingArgs.builder() \n .saml(RoleMappingSamlArgs.builder()\n .roleMapping(Map.ofEntries(\n Map.entry(\"Administrator\", \"group1\"),\n Map.entry(\"Scanner\", \"group2|group3\")\n ))\n .build())\n .build());\n\n ctx.export(\"roleMapping\", roleMappingRoleMapping);\n }\n}\n```\n```yaml\nresources:\n roleMappingRoleMapping:\n type: aquasec:RoleMapping\n properties:\n saml:\n roleMapping:\n Administrator: group1\n Scanner: group2|group3\noutputs:\n roleMapping: ${roleMappingRoleMapping}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "ldap": { + "$ref": "#/types/aquasec:index/RoleMappingLdap:RoleMappingLdap", + "description": "LDAP Authentication\n" }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" - } + "oauth2": { + "$ref": "#/types/aquasec:index/RoleMappingOauth2:RoleMappingOauth2", + "description": "Oauth2 Authentication\n" }, - "requiredLabelsEnabled": { - "type": "boolean" + "openid": { + "$ref": "#/types/aquasec:index/RoleMappingOpenid:RoleMappingOpenid", + "description": "OpenId Authentication\n" }, - "scanNfsMounts": { - "type": "boolean" + "saml": { + "$ref": "#/types/aquasec:index/RoleMappingSaml:RoleMappingSaml", + "description": "SAML Authentication\n" + } + }, + "inputProperties": { + "ldap": { + "$ref": "#/types/aquasec:index/RoleMappingLdap:RoleMappingLdap", + "description": "LDAP Authentication\n" }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "oauth2": { + "$ref": "#/types/aquasec:index/RoleMappingOauth2:RoleMappingOauth2", + "description": "Oauth2 Authentication\n" }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "openid": { + "$ref": "#/types/aquasec:index/RoleMappingOpenid:RoleMappingOpenid", + "description": "OpenId Authentication\n" }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" + "saml": { + "$ref": "#/types/aquasec:index/RoleMappingSaml:RoleMappingSaml", + "description": "SAML Authentication\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering RoleMapping resources.\n", + "properties": { + "ldap": { + "$ref": "#/types/aquasec:index/RoleMappingLdap:RoleMappingLdap", + "description": "LDAP Authentication\n" }, - "description": "List of SCAP user scripts for checks.\n" - }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" + "oauth2": { + "$ref": "#/types/aquasec:index/RoleMappingOauth2:RoleMappingOauth2", + "description": "Oauth2 Authentication\n" + }, + "openid": { + "$ref": "#/types/aquasec:index/RoleMappingOpenid:RoleMappingOpenid", + "description": "OpenId Authentication\n" + }, + "saml": { + "$ref": "#/types/aquasec:index/RoleMappingSaml:RoleMappingSaml", + "description": "SAML Authentication\n" } }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "type": "object" + } + }, + "aquasec:index/roleMappingSaas:RoleMappingSaas": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst rolesMappingSaasRoleMappingSaas = new aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", {\n samlGroups: [\n \"group1\",\n \"group2\",\n ],\n cspRole: \"Administrator\",\n});\nexport const rolesMappingSaas = rolesMappingSaasRoleMappingSaas;\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nroles_mapping_saas_role_mapping_saas = aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\",\n saml_groups=[\n \"group1\",\n \"group2\",\n ],\n csp_role=\"Administrator\")\npulumi.export(\"rolesMappingSaas\", roles_mapping_saas_role_mapping_saas)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rolesMappingSaasRoleMappingSaas = new Aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", new()\n {\n SamlGroups = new[]\n {\n \"group1\",\n \"group2\",\n },\n CspRole = \"Administrator\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"rolesMappingSaas\"] = rolesMappingSaasRoleMappingSaas,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trolesMappingSaasRoleMappingSaas, err := aquasec.NewRoleMappingSaas(ctx, \"rolesMappingSaasRoleMappingSaas\", \u0026aquasec.RoleMappingSaasArgs{\n\t\t\tSamlGroups: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"group1\"),\n\t\t\t\tpulumi.String(\"group2\"),\n\t\t\t},\n\t\t\tCspRole: pulumi.String(\"Administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"rolesMappingSaas\", rolesMappingSaasRoleMappingSaas)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.RoleMappingSaas;\nimport com.pulumi.aquasec.RoleMappingSaasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var rolesMappingSaasRoleMappingSaas = new RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", RoleMappingSaasArgs.builder() \n .samlGroups( \n \"group1\",\n \"group2\")\n .cspRole(\"Administrator\")\n .build());\n\n ctx.export(\"rolesMappingSaas\", rolesMappingSaasRoleMappingSaas);\n }\n}\n```\n```yaml\nresources:\n rolesMappingSaasRoleMappingSaas:\n type: aquasec:RoleMappingSaas\n properties:\n samlGroups:\n - group1\n - group2\n cspRole: Administrator\noutputs:\n rolesMappingSaas: ${rolesMappingSaasRoleMappingSaas}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "accountId": { + "type": "integer" }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "created": { + "type": "string" }, - "whitelistedLicenses": { + "cspRole": { + "type": "string" + }, + "roleMappingId": { + "type": "integer" + }, + "samlGroups": { "type": "array", "items": { "type": "string" - }, - "description": "List of whitelisted licenses.\n" - }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" + } } }, "required": [ - "applicationScopes", - "author", - "autoScanTimes", - "ignoreRecentlyPublishedVlnPeriod", - "name", - "scopes" + "accountId", + "created", + "cspRole", + "roleMappingId", + "samlGroups" ], "inputProperties": { - "allowedImages": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of explicitly allowed images.\n" + "cspRole": { + "type": "string", + "willReplaceOnChanges": true }, - "applicationScopes": { + "samlGroups": { "type": "array", "items": { "type": "string" } - }, - "auditOnFailure": { - "type": "boolean", - "description": "Indicates if auditing for failures.\n" - }, - "autoScanConfigured": { - "type": "boolean" - }, - "autoScanEnabled": { - "type": "boolean" - }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" + } + }, + "requiredInputs": [ + "cspRole", + "samlGroups" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RoleMappingSaas resources.\n", + "properties": { + "accountId": { + "type": "integer" + }, + "created": { + "type": "string" + }, + "cspRole": { + "type": "string", + "willReplaceOnChanges": true + }, + "roleMappingId": { + "type": "integer" + }, + "samlGroups": { + "type": "array", + "items": { + "type": "string" + } } }, - "blacklistPermissions": { + "type": "object" + } + }, + "aquasec:index/service:Service": { + "properties": { + "applicationScopes": { "type": "array", "items": { "type": "string" }, - "description": "List of function's forbidden permissions.\n" + "description": "Indicates the application scope of the service.\n" }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" }, - "blacklistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blacklisted licenses.\n" + "containersCount": { + "type": "integer", + "description": "The number of containers associated with the service.\n" }, - "blacklistedLicensesEnabled": { + "description": { + "type": "string", + "description": "A textual description of the service record; maximum 500 characters.\n" + }, + "enforce": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Enforcement status of the service.\n" }, - "blockFailed": { + "evaluated": { "type": "boolean", - "description": "Indicates if failed images are blocked.\n" + "description": "Whether the service has been evaluated for security vulnerabilities.\n" }, - "controlExcludeNoFix": { - "type": "boolean" + "isRegistered": { + "type": "boolean", + "description": "Indicates if registered or not.\n" }, - "customChecks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" - }, - "description": "List of Custom user scripts for checks.\n" + "lastupdate": { + "type": "integer", + "description": "Timestamp of the last update in Unix time format.\n" }, - "customChecksEnabled": { + "monitoring": { "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" + "description": "Indicates if monitoring is enabled or not\n" }, - "customSeverityEnabled": { - "type": "boolean" + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n" }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "notEvaluatedCount": { + "type": "integer", + "description": "The number of container that are not evaluated.\n" }, - "cvesBlackLists": { + "policies": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "The service's policies; an array of container firewall policy names.\n" + }, + "priority": { + "type": "integer", + "description": "Rules priority, must be between 1-100.\n" }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, - "cvesWhiteLists": { + "scopeVariables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ServiceScopeVariable:ServiceScopeVariable" }, - "description": "List of cves whitelisted licenses\n" + "description": "List of scope attributes.\n" }, - "cvssSeverity": { + "target": { "type": "string", - "description": "Identifier of the cvss severity.\n" + "description": "Type of the workload. container or host.\n" }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" + "unregisteredCount": { + "type": "integer", + "description": "The number of containers allocated to the service that are not registered.\n" }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + "vulnerabilitiesHigh": { + "type": "integer", + "description": "Number of high severity vulnerabilities.\n" }, - "description": { - "type": "string" + "vulnerabilitiesLow": { + "type": "integer", + "description": "Number of low severity vulnerabilities.\n" }, - "disallowMalware": { - "type": "boolean", - "description": "Indicates if malware should block the image.\n" + "vulnerabilitiesMalware": { + "type": "integer", + "description": "Number of malware.\n" }, - "dockerCisEnabled": { - "type": "boolean" + "vulnerabilitiesMedium": { + "type": "integer", + "description": "Number of medium severity vulnerabilities.\n" }, - "domain": { - "type": "string", - "description": "Name of the container image.\n" + "vulnerabilitiesNegligible": { + "type": "integer", + "description": "Number of negligible vulnerabilities.\n" }, - "domainName": { - "type": "string" + "vulnerabilitiesScoreAverage": { + "type": "integer", + "description": "The CVSS average vulnerabilities score.\n" }, - "dtaEnabled": { - "type": "boolean" + "vulnerabilitiesSensitive": { + "type": "integer", + "description": "Number of sensitive vulnerabilities.\n" }, - "dtaSeverity": { - "type": "string" + "vulnerabilitiesTotal": { + "type": "integer", + "description": "Total number of vulnerabilities.\n" + } + }, + "required": [ + "applicationScopes", + "author", + "containersCount", + "evaluated", + "isRegistered", + "lastupdate", + "name", + "notEvaluatedCount", + "policies", + "target", + "unregisteredCount", + "vulnerabilitiesHigh", + "vulnerabilitiesLow", + "vulnerabilitiesMalware", + "vulnerabilitiesMedium", + "vulnerabilitiesNegligible", + "vulnerabilitiesScoreAverage", + "vulnerabilitiesSensitive", + "vulnerabilitiesTotal" + ], + "inputProperties": { + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" }, - "enabled": { - "type": "boolean" + "description": { + "type": "string", + "description": "A textual description of the service record; maximum 500 characters.\n" }, "enforce": { - "type": "boolean" + "type": "boolean", + "description": "Enforcement status of the service.\n" }, - "enforceAfterDays": { - "type": "integer" + "monitoring": { + "type": "boolean", + "description": "Indicates if monitoring is enabled or not\n" }, - "enforceExcessivePermissions": { - "type": "boolean" + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true }, - "exceptionalMonitoredMalwarePaths": { + "policies": { "type": "array", "items": { "type": "string" - } - }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" - } - }, - "forbiddenLabelsEnabled": { - "type": "boolean" - }, - "forceMicroenforcer": { - "type": "boolean" - }, - "functionIntegrityEnabled": { - "type": "boolean" + }, + "description": "The service's policies; an array of container firewall policy names.\n" }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" + "priority": { + "type": "integer", + "description": "Rules priority, must be between 1-100.\n" }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" }, - "ignoredRiskResources": { + "scopeVariables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/ServiceScopeVariable:ServiceScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "target": { + "type": "string", + "description": "Type of the workload. container or host.\n" + } + }, + "requiredInputs": [ + "applicationScopes", + "policies", + "target" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Service resources.\n", + "properties": { + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the application scope of the service.\n" + }, + "author": { + "type": "string", + "description": "Username of the account that created the service.\n" + }, + "containersCount": { + "type": "integer", + "description": "The number of containers associated with the service.\n" + }, + "description": { + "type": "string", + "description": "A textual description of the service record; maximum 500 characters.\n" + }, + "enforce": { + "type": "boolean", + "description": "Enforcement status of the service.\n" + }, + "evaluated": { + "type": "boolean", + "description": "Whether the service has been evaluated for security vulnerabilities.\n" + }, + "isRegistered": { + "type": "boolean", + "description": "Indicates if registered or not.\n" + }, + "lastupdate": { + "type": "integer", + "description": "Timestamp of the last update in Unix time format.\n" + }, + "monitoring": { + "type": "boolean", + "description": "Indicates if monitoring is enabled or not\n" + }, + "name": { + "type": "string", + "description": "Name assigned to the attribute.\n", + "willReplaceOnChanges": true + }, + "notEvaluatedCount": { + "type": "integer", + "description": "The number of container that are not evaluated.\n" + }, + "policies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The service's policies; an array of container firewall policy names.\n" + }, + "priority": { + "type": "integer", + "description": "Rules priority, must be between 1-100.\n" + }, + "scopeExpression": { + "type": "string", + "description": "Logical expression of how to compute the dependency of the scope variables.\n" + }, + "scopeVariables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/ServiceScopeVariable:ServiceScopeVariable" + }, + "description": "List of scope attributes.\n" + }, + "target": { + "type": "string", + "description": "Type of the workload. container or host.\n" + }, + "unregisteredCount": { + "type": "integer", + "description": "The number of containers allocated to the service that are not registered.\n" + }, + "vulnerabilitiesHigh": { + "type": "integer", + "description": "Number of high severity vulnerabilities.\n" + }, + "vulnerabilitiesLow": { + "type": "integer", + "description": "Number of low severity vulnerabilities.\n" + }, + "vulnerabilitiesMalware": { + "type": "integer", + "description": "Number of malware.\n" }, - "description": "List of ignored risk resources.\n" - }, - "images": { - "type": "array", - "items": { - "type": "string" + "vulnerabilitiesMedium": { + "type": "integer", + "description": "Number of medium severity vulnerabilities.\n" }, - "description": "List of images.\n" - }, - "kubeCisEnabled": { - "type": "boolean" - }, - "kubernetesControlsNames": { - "type": "array", - "items": { - "type": "string" + "vulnerabilitiesNegligible": { + "type": "integer", + "description": "Number of negligible vulnerabilities.\n" }, - "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID \u003c= 10000', 'Runs with UID \u003c= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" - }, - "labels": { - "type": "array", - "items": { - "type": "string" + "vulnerabilitiesScoreAverage": { + "type": "integer", + "description": "The CVSS average vulnerabilities score.\n" }, - "description": "List of labels.\n" - }, - "malwareAction": { - "type": "string" - }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" - }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" - }, - "maximumScoreExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" - }, - "monitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" + "vulnerabilitiesSensitive": { + "type": "integer", + "description": "Number of sensitive vulnerabilities.\n" + }, + "vulnerabilitiesTotal": { + "type": "integer", + "description": "Total number of vulnerabilities.\n" } }, - "name": { + "type": "object" + } + }, + "aquasec:index/user:User": { + "description": "The `aquasec.User` resource manages your users within Aqua.\n\nThe users created must have at least one Role that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC = new aquasec.User(\"iaC\", {\n userId: \"IaC\",\n password: _var.password,\n roles: [\"infrastructure\"],\n email: \"infrastructure@example.com\",\n firstTime: true,\n});\n// Display name for this user\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c = aquasec.User(\"iaC\",\n user_id=\"IaC\",\n password=var[\"password\"],\n roles=[\"infrastructure\"],\n email=\"infrastructure@example.com\",\n first_time=True)\n# Display name for this user\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iaC = new Aquasec.User(\"iaC\", new()\n {\n UserId = \"IaC\",\n Password = @var.Password,\n Roles = new[]\n {\n \"infrastructure\",\n },\n Email = \"infrastructure@example.com\",\n FirstTime = true,\n });\n\n // Display name for this user\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewUser(ctx, \"iaC\", \u0026aquasec.UserArgs{\n\t\t\tUserId: pulumi.String(\"IaC\"),\n\t\t\tPassword: pulumi.Any(_var.Password),\n\t\t\tRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"infrastructure\"),\n\t\t\t},\n\t\t\tEmail: pulumi.String(\"infrastructure@example.com\"),\n\t\t\tFirstTime: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.User;\nimport com.pulumi.aquasec.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC = new User(\"iaC\", UserArgs.builder() \n .userId(\"IaC\")\n .password(var_.password())\n .roles(\"infrastructure\")\n .email(\"infrastructure@example.com\")\n .firstTime(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC:\n type: aquasec:User\n properties:\n userId: IaC\n password: ${var.password}\n roles:\n - infrastructure\n # optional fields\n email: infrastructure@example.com\n firstTime: true\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "email": { "type": "string", - "willReplaceOnChanges": true + "description": "The user Email.\n" }, - "onlyNoneRootUsers": { + "firstTime": { "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" + "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" }, - "packagesBlackListEnabled": { + "isSuper": { "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, - "packagesBlackLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" - }, - "description": "List of backlisted images.\n" + "name": { + "type": "string", + "description": "The user name.\n" }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "password": { + "type": "string", + "description": "Login password for the user; string, required, at least 8 characters long.\n" }, - "packagesWhiteLists": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" - }, - "description": "List of whitelisted images.\n" + "passwordConfirm": { + "type": "string", + "description": "Password confirmation.\n" }, - "partialResultsImageFail": { - "type": "boolean" + "plan": { + "type": "string", + "description": "User's Aqua plan (Developer / Team / Advanced).\n" }, - "readOnly": { - "type": "boolean" + "role": { + "type": "string", + "description": "The first role that assigned to the user for backward compatibility.\n" }, - "registries": { + "roles": { "type": "array", "items": { "type": "string" }, - "description": "List of registries.\n" - }, - "registry": { - "type": "string" - }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" - } - }, - "requiredLabelsEnabled": { - "type": "boolean" + "description": "The roles that will be assigned to the user.\n" }, - "scanNfsMounts": { - "type": "boolean" + "type": { + "type": "string", + "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" }, - "scanSensitiveData": { + "uiAccess": { "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "description": "Whether to allow UI access for users with this Permission Set.\n" }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "userId": { + "type": "string", + "description": "The user ID.\n" + } + }, + "required": [ + "isSuper", + "name", + "password", + "plan", + "role", + "roles", + "type", + "uiAccess", + "userId" + ], + "inputProperties": { + "email": { + "type": "string", + "description": "The user Email.\n" }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of SCAP user scripts for checks.\n" + "firstTime": { + "type": "boolean", + "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" - } + "name": { + "type": "string", + "description": "The user name.\n" }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "password": { + "type": "string", + "description": "Login password for the user; string, required, at least 8 characters long.\n" }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "passwordConfirm": { + "type": "string", + "description": "Password confirmation.\n" }, - "whitelistedLicenses": { + "roles": { "type": "array", "items": { "type": "string" }, - "description": "List of whitelisted licenses.\n" + "description": "The roles that will be assigned to the user.\n" }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" + "userId": { + "type": "string", + "description": "The user ID.\n", + "willReplaceOnChanges": true } }, "requiredInputs": [ - "applicationScopes" + "password", + "roles", + "userId" ], "stateInputs": { - "description": "Input properties used for looking up and filtering KubernetesAssurancePolicy resources.\n", - "properties": { - "allowedImages": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of explicitly allowed images.\n" - }, - "applicationScopes": { - "type": "array", - "items": { - "type": "string" - } - }, - "auditOnFailure": { - "type": "boolean", - "description": "Indicates if auditing for failures.\n" - }, - "author": { - "type": "string", - "description": "Name of user account that created the policy.\n" - }, - "autoScanConfigured": { - "type": "boolean" - }, - "autoScanEnabled": { - "type": "boolean" - }, - "autoScanTimes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyAutoScanTime:KubernetesAssurancePolicyAutoScanTime" - } - }, - "blacklistPermissions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of function's forbidden permissions.\n" - }, - "blacklistPermissionsEnabled": { - "type": "boolean", - "description": "Indicates if blacklist permissions is relevant.\n" - }, - "blacklistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of blacklisted licenses.\n" + "description": "Input properties used for looking up and filtering User resources.\n", + "properties": { + "email": { + "type": "string", + "description": "The user Email.\n" }, - "blacklistedLicensesEnabled": { + "firstTime": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" }, - "blockFailed": { + "isSuper": { "type": "boolean", - "description": "Indicates if failed images are blocked.\n" - }, - "controlExcludeNoFix": { - "type": "boolean" - }, - "customChecks": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyCustomCheck:KubernetesAssurancePolicyCustomCheck" - }, - "description": "List of Custom user scripts for checks.\n" + "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" }, - "customChecksEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include custom checks.\n" + "name": { + "type": "string", + "description": "The user name.\n" }, - "customSeverityEnabled": { - "type": "boolean" + "password": { + "type": "string", + "description": "Login password for the user; string, required, at least 8 characters long.\n" }, - "cvesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "passwordConfirm": { + "type": "string", + "description": "Password confirmation.\n" }, - "cvesBlackLists": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of cves blacklisted items.\n" + "plan": { + "type": "string", + "description": "User's Aqua plan (Developer / Team / Advanced).\n" }, - "cvesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "role": { + "type": "string", + "description": "The first role that assigned to the user for backward compatibility.\n" }, - "cvesWhiteLists": { + "roles": { "type": "array", "items": { "type": "string" }, - "description": "List of cves whitelisted licenses\n" + "description": "The roles that will be assigned to the user.\n" }, - "cvssSeverity": { + "type": { "type": "string", - "description": "Identifier of the cvss severity.\n" - }, - "cvssSeverityEnabled": { - "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" - }, - "cvssSeverityExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" - }, - "description": { - "type": "string" + "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" }, - "disallowMalware": { + "uiAccess": { "type": "boolean", - "description": "Indicates if malware should block the image.\n" - }, - "dockerCisEnabled": { - "type": "boolean" + "description": "Whether to allow UI access for users with this Permission Set.\n" }, - "domain": { + "userId": { "type": "string", - "description": "Name of the container image.\n" - }, - "domainName": { + "description": "The user ID.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "aquasec:index/userSaas:UserSaas": { + "description": "The `aquasec.UserSaas` resource manages your saas users within Aqua.\n\nThe users created must have at least one Csp Role that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC1 = new aquasec.UserSaas(\"iaC1\", {\n accountAdmin: true,\n cspRoles: [],\n email: \"infrastructure1@example.com\",\n});\nconst iaC2 = new aquasec.UserSaas(\"iaC2\", {\n accountAdmin: false,\n cspRoles: [\"Default\"],\n email: \"infrastructure2@example.com\",\n groups: [{\n groupAdmin: false,\n name: \"IacGroupName\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c1 = aquasec.UserSaas(\"iaC1\",\n account_admin=True,\n csp_roles=[],\n email=\"infrastructure1@example.com\")\nia_c2 = aquasec.UserSaas(\"iaC2\",\n account_admin=False,\n csp_roles=[\"Default\"],\n email=\"infrastructure2@example.com\",\n groups=[aquasec.UserSaasGroupArgs(\n group_admin=False,\n name=\"IacGroupName\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iaC1 = new Aquasec.UserSaas(\"iaC1\", new()\n {\n AccountAdmin = true,\n CspRoles = new[] {},\n Email = \"infrastructure1@example.com\",\n });\n\n var iaC2 = new Aquasec.UserSaas(\"iaC2\", new()\n {\n AccountAdmin = false,\n CspRoles = new[]\n {\n \"Default\",\n },\n Email = \"infrastructure2@example.com\",\n Groups = new[]\n {\n new Aquasec.Inputs.UserSaasGroupArgs\n {\n GroupAdmin = false,\n Name = \"IacGroupName\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewUserSaas(ctx, \"iaC1\", \u0026aquasec.UserSaasArgs{\n\t\t\tAccountAdmin: pulumi.Bool(true),\n\t\t\tCspRoles: pulumi.StringArray{},\n\t\t\tEmail: pulumi.String(\"infrastructure1@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewUserSaas(ctx, \"iaC2\", \u0026aquasec.UserSaasArgs{\n\t\t\tAccountAdmin: pulumi.Bool(false),\n\t\t\tCspRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Default\"),\n\t\t\t},\n\t\t\tEmail: pulumi.String(\"infrastructure2@example.com\"),\n\t\t\tGroups: aquasec.UserSaasGroupArray{\n\t\t\t\t\u0026aquasec.UserSaasGroupArgs{\n\t\t\t\t\tGroupAdmin: pulumi.Bool(false),\n\t\t\t\t\tName: pulumi.String(\"IacGroupName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.UserSaas;\nimport com.pulumi.aquasec.UserSaasArgs;\nimport com.pulumi.aquasec.inputs.UserSaasGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC1 = new UserSaas(\"iaC1\", UserSaasArgs.builder() \n .accountAdmin(true)\n .cspRoles()\n .email(\"infrastructure1@example.com\")\n .build());\n\n var iaC2 = new UserSaas(\"iaC2\", UserSaasArgs.builder() \n .accountAdmin(false)\n .cspRoles(\"Default\")\n .email(\"infrastructure2@example.com\")\n .groups(UserSaasGroupArgs.builder()\n .groupAdmin(false)\n .name(\"IacGroupName\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC1:\n type: aquasec:UserSaas\n properties:\n accountAdmin: true\n cspRoles: []\n email: infrastructure1@example.com\n iaC2:\n type: aquasec:UserSaas\n properties:\n accountAdmin: false\n cspRoles:\n - Default\n email: infrastructure2@example.com\n # optional\n groups:\n - groupAdmin: false\n name: IacGroupName\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "accountAdmin": { + "type": "boolean" + }, + "confirmed": { + "type": "boolean" + }, + "created": { + "type": "string" + }, + "cspRoles": { + "type": "array", + "items": { "type": "string" - }, - "dtaEnabled": { - "type": "boolean" - }, - "dtaSeverity": { + } + }, + "email": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/UserSaasGroup:UserSaasGroup" + } + }, + "logins": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/UserSaasLogin:UserSaasLogin" + } + }, + "multiaccount": { + "type": "boolean" + }, + "passwordReset": { + "type": "boolean" + }, + "sendAnnouncements": { + "type": "boolean" + }, + "sendNewPlugins": { + "type": "boolean" + }, + "sendNewRisks": { + "type": "boolean" + }, + "sendScanResults": { + "type": "boolean" + }, + "userId": { + "type": "string" + } + }, + "required": [ + "accountAdmin", + "confirmed", + "created", + "cspRoles", + "email", + "logins", + "multiaccount", + "passwordReset", + "sendAnnouncements", + "sendNewPlugins", + "sendNewRisks", + "sendScanResults", + "userId" + ], + "inputProperties": { + "accountAdmin": { + "type": "boolean" + }, + "cspRoles": { + "type": "array", + "items": { "type": "string" + } + }, + "email": { + "type": "string" + }, + "groups": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/UserSaasGroup:UserSaasGroup" + } + } + }, + "requiredInputs": [ + "accountAdmin", + "cspRoles", + "email" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserSaas resources.\n", + "properties": { + "accountAdmin": { + "type": "boolean" }, - "enabled": { - "type": "boolean" - }, - "enforce": { - "type": "boolean" - }, - "enforceAfterDays": { - "type": "integer" - }, - "enforceExcessivePermissions": { - "type": "boolean" - }, - "exceptionalMonitoredMalwarePaths": { - "type": "array", - "items": { - "type": "string" - } - }, - "forbiddenLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyForbiddenLabel:KubernetesAssurancePolicyForbiddenLabel" - } - }, - "forbiddenLabelsEnabled": { - "type": "boolean" - }, - "forceMicroenforcer": { - "type": "boolean" - }, - "functionIntegrityEnabled": { - "type": "boolean" - }, - "ignoreRecentlyPublishedVln": { - "type": "boolean" - }, - "ignoreRecentlyPublishedVlnPeriod": { - "type": "integer" - }, - "ignoreRiskResourcesEnabled": { - "type": "boolean", - "description": "Indicates if risk resources are ignored.\n" - }, - "ignoredRiskResources": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of ignored risk resources.\n" - }, - "images": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of images.\n" - }, - "kubeCisEnabled": { - "type": "boolean" - }, - "kubernetesControlsNames": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID \u003c= 10000', 'Runs with UID \u003c= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted'\n" - }, - "labels": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of labels.\n" + "confirmed": { + "type": "boolean" }, - "malwareAction": { + "created": { "type": "string" }, - "maximumScore": { - "type": "number", - "description": "Value of allowed maximum score.\n" - }, - "maximumScoreEnabled": { - "type": "boolean", - "description": "Indicates if exceeding the maximum score is scanned.\n" - }, - "maximumScoreExcludeNoFix": { - "type": "boolean", - "description": "Indicates that policy should ignore cases that do not have a known fix.\n" - }, - "monitoredMalwarePaths": { + "cspRoles": { "type": "array", "items": { "type": "string" } }, - "name": { - "type": "string", - "willReplaceOnChanges": true - }, - "onlyNoneRootUsers": { - "type": "boolean", - "description": "Indicates if raise a warning for images that should only be run as root.\n" - }, - "packagesBlackListEnabled": { - "type": "boolean", - "description": "Indicates if packages blacklist is relevant.\n" + "email": { + "type": "string" }, - "packagesBlackLists": { + "groups": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesBlackList:KubernetesAssurancePolicyPackagesBlackList" - }, - "description": "List of backlisted images.\n" - }, - "packagesWhiteListEnabled": { - "type": "boolean", - "description": "Indicates if packages whitelist is relevant.\n" + "$ref": "#/types/aquasec:index/UserSaasGroup:UserSaasGroup" + } }, - "packagesWhiteLists": { + "logins": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyPackagesWhiteList:KubernetesAssurancePolicyPackagesWhiteList" - }, - "description": "List of whitelisted images.\n" + "$ref": "#/types/aquasec:index/UserSaasLogin:UserSaasLogin" + } }, - "partialResultsImageFail": { + "multiaccount": { "type": "boolean" }, - "readOnly": { + "passwordReset": { "type": "boolean" }, - "registries": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of registries.\n" - }, - "registry": { - "type": "string" + "sendAnnouncements": { + "type": "boolean" }, - "requiredLabels": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyRequiredLabel:KubernetesAssurancePolicyRequiredLabel" - } + "sendNewPlugins": { + "type": "boolean" }, - "requiredLabelsEnabled": { + "sendNewRisks": { "type": "boolean" }, - "scanNfsMounts": { + "sendScanResults": { "type": "boolean" }, - "scanSensitiveData": { - "type": "boolean", - "description": "Indicates if scan should include sensitive data in the image.\n" + "userId": { + "type": "string", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": { + "properties": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" }, - "scapEnabled": { - "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { + "type": "array", + "items": { + "type": "string" }, - "scapFiles": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of SCAP user scripts for checks.\n" + "description": "List of explicitly allowed images.\n" + }, + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { + "type": "string", + "description": "What type of assurance policy is described.\n" + }, + "auditOnFailure": { + "type": "boolean", + "description": "Indicates if auditing for failures.\n" + }, + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" + }, + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" }, - "scopes": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyScope:KubernetesAssurancePolicyScope" - } + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" }, - "trustedBaseImages": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/KubernetesAssurancePolicyTrustedBaseImage:KubernetesAssurancePolicyTrustedBaseImage" - }, - "description": "List of trusted images.\n" + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck" }, - "trustedBaseImagesEnabled": { - "type": "boolean", - "description": "Indicates if list of trusted base images is relevant.\n" + "description": "List of Custom user scripts for checks.\n" + }, + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" + }, + "customSeverity": { + "type": "string" + }, + "customSeverityEnabled": { + "type": "boolean" + }, + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" + }, + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" }, - "whitelistedLicenses": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of whitelisted licenses.\n" + "description": "List of cves blacklisted items.\n" + }, + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if cves whitelist is relevant.\n" + }, + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" }, - "whitelistedLicensesEnabled": { - "type": "boolean", - "description": "Indicates if license blacklist is relevant.\n" - } + "description": "List of cves whitelisted licenses\n" }, - "type": "object" - } - }, - "aquasec:index/notification:Notification": { - "description": "Provides a Aquasec Notification resource. This can be used to create and manage Aquasec Notification resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst teams = new aquasec.Notification(\"teams\", {\n properties: {\n url: \"\u003cTEAMS-URL\u003e\",\n },\n type: \"teams\",\n});\nconst slack = new aquasec.Notification(\"slack\", {\n properties: {\n url: \"\u003cSLACK-URL\u003e\",\n },\n type: \"slack\",\n});\nconst webhook = new aquasec.Notification(\"webhook\", {\n properties: {\n url: \"\u003cWEBHOOK-URL\u003e\",\n },\n type: \"webhook\",\n});\nconst servicenow = new aquasec.Notification(\"servicenow\", {\n properties: {\n board_name: \"\",\n instance_name: \"\",\n password: \"\u003cPASSWORD\u003e\",\n url: \"\u003cSERVICENOW-URL\u003e\",\n user: \"\u003cUSERNAME\u003e\",\n },\n type: \"serviceNow\",\n});\nconst jiraWithToken = new aquasec.Notification(\"jiraWithToken\", {\n properties: {\n definition_of_done: \"Done\",\n project_key: \"\u003cJIRA_PROJECT_KEY\u003e\",\n summary: \"SOME_TEXT\",\n token: \"\u003cJIRA-TOKEN\u003e\",\n url: \"\u003cJIRA-URL\u003e\",\n },\n type: \"jira\",\n});\nconst jiraWithCreds = new aquasec.Notification(\"jiraWithCreds\", {\n properties: {\n password: \"\u003cJIRA_PASSWORD\u003e\",\n project_key: \"\u003cJIRA_PROJECT_KEY\u003e\",\n summary: \"SOME_TEXT\",\n url: \"\u003cJIRA-URL\u003e\",\n user: \"\u003cJIRA_USERNAME\u003e\",\n },\n type: \"jira\",\n});\nconst emailWithCreds = new aquasec.Notification(\"emailWithCreds\", {\n properties: {\n host: \"\u003cEMAIL_HOST\u003e\",\n password: \"\u003cEMAIL_PASSWORD\u003e\",\n port: \"\u003cEMAIL_PORT\u003e\",\n recipients: \"\u003cRECIPIENTS\u003e\",\n sender: \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n user: \"\u003cEMAIL_USERNAME\u003e\",\n },\n type: \"email\",\n});\nconst emailWithMx = new aquasec.Notification(\"emailWithMx\", {\n properties: {\n port: \"\u003cEMAIL_PORT\u003e\",\n recipients: \"\u003cRECIPIENTS\u003e\",\n sender: \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n use_mx: \"true\",\n },\n type: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nteams = aquasec.Notification(\"teams\",\n properties={\n \"url\": \"\u003cTEAMS-URL\u003e\",\n },\n type=\"teams\")\nslack = aquasec.Notification(\"slack\",\n properties={\n \"url\": \"\u003cSLACK-URL\u003e\",\n },\n type=\"slack\")\nwebhook = aquasec.Notification(\"webhook\",\n properties={\n \"url\": \"\u003cWEBHOOK-URL\u003e\",\n },\n type=\"webhook\")\nservicenow = aquasec.Notification(\"servicenow\",\n properties={\n \"board_name\": \"\",\n \"instance_name\": \"\",\n \"password\": \"\u003cPASSWORD\u003e\",\n \"url\": \"\u003cSERVICENOW-URL\u003e\",\n \"user\": \"\u003cUSERNAME\u003e\",\n },\n type=\"serviceNow\")\njira_with_token = aquasec.Notification(\"jiraWithToken\",\n properties={\n \"definition_of_done\": \"Done\",\n \"project_key\": \"\u003cJIRA_PROJECT_KEY\u003e\",\n \"summary\": \"SOME_TEXT\",\n \"token\": \"\u003cJIRA-TOKEN\u003e\",\n \"url\": \"\u003cJIRA-URL\u003e\",\n },\n type=\"jira\")\njira_with_creds = aquasec.Notification(\"jiraWithCreds\",\n properties={\n \"password\": \"\u003cJIRA_PASSWORD\u003e\",\n \"project_key\": \"\u003cJIRA_PROJECT_KEY\u003e\",\n \"summary\": \"SOME_TEXT\",\n \"url\": \"\u003cJIRA-URL\u003e\",\n \"user\": \"\u003cJIRA_USERNAME\u003e\",\n },\n type=\"jira\")\nemail_with_creds = aquasec.Notification(\"emailWithCreds\",\n properties={\n \"host\": \"\u003cEMAIL_HOST\u003e\",\n \"password\": \"\u003cEMAIL_PASSWORD\u003e\",\n \"port\": \"\u003cEMAIL_PORT\u003e\",\n \"recipients\": \"\u003cRECIPIENTS\u003e\",\n \"sender\": \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n \"user\": \"\u003cEMAIL_USERNAME\u003e\",\n },\n type=\"email\")\nemail_with_mx = aquasec.Notification(\"emailWithMx\",\n properties={\n \"port\": \"\u003cEMAIL_PORT\u003e\",\n \"recipients\": \"\u003cRECIPIENTS\u003e\",\n \"sender\": \"\u003cSENDER_EMAIL_ADDRESS\u003e\",\n \"use_mx\": \"true\",\n },\n type=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var teams = new Aquasec.Notification(\"teams\", new()\n {\n Properties = \n {\n { \"url\", \"\u003cTEAMS-URL\u003e\" },\n },\n Type = \"teams\",\n });\n\n var slack = new Aquasec.Notification(\"slack\", new()\n {\n Properties = \n {\n { \"url\", \"\u003cSLACK-URL\u003e\" },\n },\n Type = \"slack\",\n });\n\n var webhook = new Aquasec.Notification(\"webhook\", new()\n {\n Properties = \n {\n { \"url\", \"\u003cWEBHOOK-URL\u003e\" },\n },\n Type = \"webhook\",\n });\n\n var servicenow = new Aquasec.Notification(\"servicenow\", new()\n {\n Properties = \n {\n { \"board_name\", \"\" },\n { \"instance_name\", \"\" },\n { \"password\", \"\u003cPASSWORD\u003e\" },\n { \"url\", \"\u003cSERVICENOW-URL\u003e\" },\n { \"user\", \"\u003cUSERNAME\u003e\" },\n },\n Type = \"serviceNow\",\n });\n\n var jiraWithToken = new Aquasec.Notification(\"jiraWithToken\", new()\n {\n Properties = \n {\n { \"definition_of_done\", \"Done\" },\n { \"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\" },\n { \"summary\", \"SOME_TEXT\" },\n { \"token\", \"\u003cJIRA-TOKEN\u003e\" },\n { \"url\", \"\u003cJIRA-URL\u003e\" },\n },\n Type = \"jira\",\n });\n\n var jiraWithCreds = new Aquasec.Notification(\"jiraWithCreds\", new()\n {\n Properties = \n {\n { \"password\", \"\u003cJIRA_PASSWORD\u003e\" },\n { \"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\" },\n { \"summary\", \"SOME_TEXT\" },\n { \"url\", \"\u003cJIRA-URL\u003e\" },\n { \"user\", \"\u003cJIRA_USERNAME\u003e\" },\n },\n Type = \"jira\",\n });\n\n var emailWithCreds = new Aquasec.Notification(\"emailWithCreds\", new()\n {\n Properties = \n {\n { \"host\", \"\u003cEMAIL_HOST\u003e\" },\n { \"password\", \"\u003cEMAIL_PASSWORD\u003e\" },\n { \"port\", \"\u003cEMAIL_PORT\u003e\" },\n { \"recipients\", \"\u003cRECIPIENTS\u003e\" },\n { \"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\" },\n { \"user\", \"\u003cEMAIL_USERNAME\u003e\" },\n },\n Type = \"email\",\n });\n\n var emailWithMx = new Aquasec.Notification(\"emailWithMx\", new()\n {\n Properties = \n {\n { \"port\", \"\u003cEMAIL_PORT\u003e\" },\n { \"recipients\", \"\u003cRECIPIENTS\u003e\" },\n { \"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\" },\n { \"use_mx\", \"true\" },\n },\n Type = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewNotification(ctx, \"teams\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\u003cTEAMS-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"teams\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"slack\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\u003cSLACK-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"slack\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"webhook\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"url\": pulumi.String(\"\u003cWEBHOOK-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"webhook\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"servicenow\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"board_name\": pulumi.String(\"\"),\n\t\t\t\t\"instance_name\": pulumi.String(\"\"),\n\t\t\t\t\"password\": pulumi.String(\"\u003cPASSWORD\u003e\"),\n\t\t\t\t\"url\": pulumi.String(\"\u003cSERVICENOW-URL\u003e\"),\n\t\t\t\t\"user\": pulumi.String(\"\u003cUSERNAME\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"serviceNow\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"jiraWithToken\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"definition_of_done\": pulumi.String(\"Done\"),\n\t\t\t\t\"project_key\": pulumi.String(\"\u003cJIRA_PROJECT_KEY\u003e\"),\n\t\t\t\t\"summary\": pulumi.String(\"SOME_TEXT\"),\n\t\t\t\t\"token\": pulumi.String(\"\u003cJIRA-TOKEN\u003e\"),\n\t\t\t\t\"url\": pulumi.String(\"\u003cJIRA-URL\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"jira\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"jiraWithCreds\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"password\": pulumi.String(\"\u003cJIRA_PASSWORD\u003e\"),\n\t\t\t\t\"project_key\": pulumi.String(\"\u003cJIRA_PROJECT_KEY\u003e\"),\n\t\t\t\t\"summary\": pulumi.String(\"SOME_TEXT\"),\n\t\t\t\t\"url\": pulumi.String(\"\u003cJIRA-URL\u003e\"),\n\t\t\t\t\"user\": pulumi.String(\"\u003cJIRA_USERNAME\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"jira\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"emailWithCreds\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"host\": pulumi.String(\"\u003cEMAIL_HOST\u003e\"),\n\t\t\t\t\"password\": pulumi.String(\"\u003cEMAIL_PASSWORD\u003e\"),\n\t\t\t\t\"port\": pulumi.String(\"\u003cEMAIL_PORT\u003e\"),\n\t\t\t\t\"recipients\": pulumi.String(\"\u003cRECIPIENTS\u003e\"),\n\t\t\t\t\"sender\": pulumi.String(\"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n\t\t\t\t\"user\": pulumi.String(\"\u003cEMAIL_USERNAME\u003e\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewNotification(ctx, \"emailWithMx\", \u0026aquasec.NotificationArgs{\n\t\t\tProperties: pulumi.StringMap{\n\t\t\t\t\"port\": pulumi.String(\"\u003cEMAIL_PORT\u003e\"),\n\t\t\t\t\"recipients\": pulumi.String(\"\u003cRECIPIENTS\u003e\"),\n\t\t\t\t\"sender\": pulumi.String(\"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n\t\t\t\t\"use_mx\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Notification;\nimport com.pulumi.aquasec.NotificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var teams = new Notification(\"teams\", NotificationArgs.builder() \n .properties(Map.of(\"url\", \"\u003cTEAMS-URL\u003e\"))\n .type(\"teams\")\n .build());\n\n var slack = new Notification(\"slack\", NotificationArgs.builder() \n .properties(Map.of(\"url\", \"\u003cSLACK-URL\u003e\"))\n .type(\"slack\")\n .build());\n\n var webhook = new Notification(\"webhook\", NotificationArgs.builder() \n .properties(Map.of(\"url\", \"\u003cWEBHOOK-URL\u003e\"))\n .type(\"webhook\")\n .build());\n\n var servicenow = new Notification(\"servicenow\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"board_name\", \"\"),\n Map.entry(\"instance_name\", \"\"),\n Map.entry(\"password\", \"\u003cPASSWORD\u003e\"),\n Map.entry(\"url\", \"\u003cSERVICENOW-URL\u003e\"),\n Map.entry(\"user\", \"\u003cUSERNAME\u003e\")\n ))\n .type(\"serviceNow\")\n .build());\n\n var jiraWithToken = new Notification(\"jiraWithToken\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"definition_of_done\", \"Done\"),\n Map.entry(\"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\"),\n Map.entry(\"summary\", \"SOME_TEXT\"),\n Map.entry(\"token\", \"\u003cJIRA-TOKEN\u003e\"),\n Map.entry(\"url\", \"\u003cJIRA-URL\u003e\")\n ))\n .type(\"jira\")\n .build());\n\n var jiraWithCreds = new Notification(\"jiraWithCreds\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"password\", \"\u003cJIRA_PASSWORD\u003e\"),\n Map.entry(\"project_key\", \"\u003cJIRA_PROJECT_KEY\u003e\"),\n Map.entry(\"summary\", \"SOME_TEXT\"),\n Map.entry(\"url\", \"\u003cJIRA-URL\u003e\"),\n Map.entry(\"user\", \"\u003cJIRA_USERNAME\u003e\")\n ))\n .type(\"jira\")\n .build());\n\n var emailWithCreds = new Notification(\"emailWithCreds\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"host\", \"\u003cEMAIL_HOST\u003e\"),\n Map.entry(\"password\", \"\u003cEMAIL_PASSWORD\u003e\"),\n Map.entry(\"port\", \"\u003cEMAIL_PORT\u003e\"),\n Map.entry(\"recipients\", \"\u003cRECIPIENTS\u003e\"),\n Map.entry(\"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n Map.entry(\"user\", \"\u003cEMAIL_USERNAME\u003e\")\n ))\n .type(\"email\")\n .build());\n\n var emailWithMx = new Notification(\"emailWithMx\", NotificationArgs.builder() \n .properties(Map.ofEntries(\n Map.entry(\"port\", \"\u003cEMAIL_PORT\u003e\"),\n Map.entry(\"recipients\", \"\u003cRECIPIENTS\u003e\"),\n Map.entry(\"sender\", \"\u003cSENDER_EMAIL_ADDRESS\u003e\"),\n Map.entry(\"use_mx\", true)\n ))\n .type(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n teams:\n type: aquasec:Notification\n properties:\n properties:\n url: \u003cTEAMS-URL\u003e\n type: teams\n slack:\n type: aquasec:Notification\n properties:\n properties:\n url: \u003cSLACK-URL\u003e\n type: slack\n webhook:\n type: aquasec:Notification\n properties:\n properties:\n url: \u003cWEBHOOK-URL\u003e\n type: webhook\n servicenow:\n type: aquasec:Notification\n properties:\n properties:\n board_name:\n instance_name:\n password: \u003cPASSWORD\u003e\n url: \u003cSERVICENOW-URL\u003e\n user: \u003cUSERNAME\u003e\n type: serviceNow\n jiraWithToken:\n type: aquasec:Notification\n properties:\n properties:\n definition_of_done: Done\n project_key: \u003cJIRA_PROJECT_KEY\u003e\n summary: SOME_TEXT\n token: \u003cJIRA-TOKEN\u003e\n url: \u003cJIRA-URL\u003e\n type: jira\n jiraWithCreds:\n type: aquasec:Notification\n properties:\n properties:\n password: \u003cJIRA_PASSWORD\u003e\n project_key: \u003cJIRA_PROJECT_KEY\u003e\n summary: SOME_TEXT\n url: \u003cJIRA-URL\u003e\n user: \u003cJIRA_USERNAME\u003e\n type: jira\n emailWithCreds:\n type: aquasec:Notification\n properties:\n properties:\n host: \u003cEMAIL_HOST\u003e\n password: \u003cEMAIL_PASSWORD\u003e\n port: \u003cEMAIL_PORT\u003e\n recipients: \u003cRECIPIENTS\u003e\n sender: \u003cSENDER_EMAIL_ADDRESS\u003e\n user: \u003cEMAIL_USERNAME\u003e\n type: email\n emailWithMx:\n type: aquasec:Notification\n properties:\n properties:\n port: \u003cEMAIL_PORT\u003e\n recipients: \u003cRECIPIENTS\u003e\n sender: \u003cSENDER_EMAIL_ADDRESS\u003e\n use_mx: true\n type: email\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "author": { + "cvssSeverity": { "type": "string", - "description": "The user that created the notification\n" + "description": "Identifier of the cvss severity.\n" + }, + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" }, - "lastUpdated": { - "type": "string", - "description": "Notification last update time\n" + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, - "name": { + "domain": { "type": "string", - "description": "Notification name\n" + "description": "Name of the container image.\n" }, - "properties": { - "type": "object", - "additionalProperties": { + "domainName": { + "type": "string" + }, + "dtaEnabled": { + "type": "boolean" + }, + "dtaSeverity": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { "type": "string" - }, - "description": "Notification properties, please check the examples for setting it\n" + } }, - "template": { - "type": "object", - "additionalProperties": { + "excludeApplicationScopes": { + "type": "array", + "items": { "type": "string" - }, - "description": "Notification Template\n" + } }, - "type": { - "type": "string", - "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" - } - }, - "required": [ - "author", - "lastUpdated", - "name", - "properties", - "template", - "type" - ], - "inputProperties": { - "name": { - "type": "string", - "description": "Notification name\n" + "failCicd": { + "type": "boolean", + "description": "Indicates if cicd failures will fail the image.\n" }, - "properties": { - "type": "object", - "additionalProperties": { + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel" + } + }, + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { "type": "string" }, - "description": "Notification properties, please check the examples for setting it\n" + "description": "List of ignored risk resources.\n" }, - "type": { - "type": "string", - "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" - } - }, - "requiredInputs": [ - "properties", - "type" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering Notification resources.\n", - "properties": { - "author": { - "type": "string", - "description": "The user that created the notification\n" - }, - "lastUpdated": { - "type": "string", - "description": "Notification last update time\n" - }, - "name": { - "type": "string", - "description": "Notification name\n" - }, - "properties": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "Notification properties, please check the examples for setting it\n" + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, + "images": { + "type": "array", + "items": { + "type": "string" }, - "template": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "Notification Template\n" + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl" }, - "type": { - "type": "string", - "description": "Notifications types, allowed values: slack\\ jira\\ email\\ teams\\ webhook\\ splunk\\ serviceNow\n" + "description": "List of Kubernetes controls.\n" + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" } }, - "type": "object" - } - }, - "aquasec:index/notificationSlack:NotificationSlack": { - "description": "Provides an Aquasec Notification Slack resource\n\n\u003e **Note about resource deprecation**\nResource aquasec.NotificationSlack is deprecated, please use aquasec.Notification instead\n", - "properties": { - "channel": { + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of labels.\n" + }, + "lastupdate": { "type": "string" }, - "enabled": { + "linuxCisEnabled": { "type": "boolean" }, - "icon": { + "malwareAction": { "type": "string" }, - "mainText": { - "type": "string" + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } }, "name": { "type": "string" }, - "serviceKey": { - "type": "string" + "onlyNoneRootUsers": { + "type": "boolean", + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "type": { - "type": "string" + "openshiftHardeningEnabled": { + "type": "boolean" }, - "userName": { - "type": "string" + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" }, - "webhookUrl": { + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" + }, + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" + }, + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" + }, + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { "type": "string" - } - }, - "required": [ - "channel", - "enabled", - "name", - "type", - "userName", - "webhookUrl" - ], - "inputProperties": { - "channel": { + }, + "policySettings": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of registries.\n" + }, + "registry": { "type": "string" }, - "enabled": { + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel" + } + }, + "requiredLabelsEnabled": { "type": "boolean" }, - "icon": { - "type": "string" + "scanMalwareInArchives": { + "type": "boolean" }, - "mainText": { - "type": "string" + "scanNfsMounts": { + "type": "boolean" }, - "name": { - "type": "string" + "scanProcessMemory": { + "type": "boolean" }, - "serviceKey": { - "type": "string" + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" }, - "type": { - "type": "string" + "scanWindowsRegistry": { + "type": "boolean" }, - "userName": { - "type": "string" + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" }, - "webhookUrl": { - "type": "string" - } - }, - "requiredInputs": [ - "channel", - "enabled", - "type", - "userName", - "webhookUrl" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering NotificationSlack resources.\n", - "properties": { - "channel": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "icon": { - "type": "string" - }, - "mainText": { - "type": "string" - }, - "name": { - "type": "string" - }, - "serviceKey": { - "type": "string" - }, - "type": { - "type": "string" - }, - "userName": { + "scapFiles": { + "type": "array", + "items": { "type": "string" }, - "webhookUrl": { - "type": "string" + "description": "List of SCAP user scripts for checks.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyScope:VmwareAssurancePolicyScope" } }, - "type": "object" - } - }, - "aquasec:index/permissionsSets:PermissionsSets": { - "description": "The `aquasec.PermissionsSets` resource manages your Permission Set within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst myTerraformPermSet = new aquasec.PermissionsSets(\"myTerraformPermSet\", {\n actions: [\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n ],\n description: \"Test Permissions Sets created by Terraform\",\n isSuper: false,\n uiAccess: true,\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nmy_terraform_perm_set = aquasec.PermissionsSets(\"myTerraformPermSet\",\n actions=[\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n ],\n description=\"Test Permissions Sets created by Terraform\",\n is_super=False,\n ui_access=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myTerraformPermSet = new Aquasec.PermissionsSets(\"myTerraformPermSet\", new()\n {\n Actions = new[]\n {\n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\",\n },\n Description = \"Test Permissions Sets created by Terraform\",\n IsSuper = false,\n UiAccess = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewPermissionsSets(ctx, \"myTerraformPermSet\", \u0026aquasec.PermissionsSetsArgs{\n\t\t\tActions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"acl_policies.read\"),\n\t\t\t\tpulumi.String(\"acl_policies.write\"),\n\t\t\t\tpulumi.String(\"image_profiles.read\"),\n\t\t\t\tpulumi.String(\"image_profiles.write\"),\n\t\t\t\tpulumi.String(\"network_policies.read\"),\n\t\t\t\tpulumi.String(\"network_policies.write\"),\n\t\t\t\tpulumi.String(\"runtime_policies.read\"),\n\t\t\t\tpulumi.String(\"runtime_policies.write\"),\n\t\t\t\tpulumi.String(\"response_policies.read\"),\n\t\t\t\tpulumi.String(\"response_policies.write\"),\n\t\t\t\tpulumi.String(\"image_assurance.read\"),\n\t\t\t\tpulumi.String(\"image_assurance.write\"),\n\t\t\t\tpulumi.String(\"dashboard.read\"),\n\t\t\t\tpulumi.String(\"dashboard.write\"),\n\t\t\t\tpulumi.String(\"risk_explorer.read\"),\n\t\t\t\tpulumi.String(\"images.read\"),\n\t\t\t\tpulumi.String(\"images.write\"),\n\t\t\t\tpulumi.String(\"risks.host_images.read\"),\n\t\t\t\tpulumi.String(\"risks.host_images.write\"),\n\t\t\t\tpulumi.String(\"functions.read\"),\n\t\t\t\tpulumi.String(\"functions.write\"),\n\t\t\t\tpulumi.String(\"enforcers.read\"),\n\t\t\t\tpulumi.String(\"enforcers.write\"),\n\t\t\t\tpulumi.String(\"containers.read\"),\n\t\t\t\tpulumi.String(\"services.read\"),\n\t\t\t\tpulumi.String(\"services.write\"),\n\t\t\t\tpulumi.String(\"infrastructure.read\"),\n\t\t\t\tpulumi.String(\"infrastructure.write\"),\n\t\t\t\tpulumi.String(\"risks.vulnerabilities.read\"),\n\t\t\t\tpulumi.String(\"risks.vulnerabilities.write\"),\n\t\t\t\tpulumi.String(\"risks.benchmark.read\"),\n\t\t\t\tpulumi.String(\"risks.benchmark.write\"),\n\t\t\t\tpulumi.String(\"audits.read\"),\n\t\t\t\tpulumi.String(\"secrets.read\"),\n\t\t\t\tpulumi.String(\"secrets.write\"),\n\t\t\t\tpulumi.String(\"settings.read\"),\n\t\t\t\tpulumi.String(\"settings.write\"),\n\t\t\t\tpulumi.String(\"integrations.read\"),\n\t\t\t\tpulumi.String(\"integrations.write\"),\n\t\t\t\tpulumi.String(\"registries_integrations.read\"),\n\t\t\t\tpulumi.String(\"registries_integrations.write\"),\n\t\t\t\tpulumi.String(\"scan.read\"),\n\t\t\t\tpulumi.String(\"gateways.read\"),\n\t\t\t\tpulumi.String(\"gateways.write\"),\n\t\t\t\tpulumi.String(\"consoles.read\"),\n\t\t\t\tpulumi.String(\"web_hook.read\"),\n\t\t\t\tpulumi.String(\"incidents.read\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Test Permissions Sets created by Terraform\"),\n\t\t\tIsSuper: pulumi.Bool(false),\n\t\t\tUiAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.PermissionsSets;\nimport com.pulumi.aquasec.PermissionsSetsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myTerraformPermSet = new PermissionsSets(\"myTerraformPermSet\", PermissionsSetsArgs.builder() \n .actions( \n \"acl_policies.read\",\n \"acl_policies.write\",\n \"image_profiles.read\",\n \"image_profiles.write\",\n \"network_policies.read\",\n \"network_policies.write\",\n \"runtime_policies.read\",\n \"runtime_policies.write\",\n \"response_policies.read\",\n \"response_policies.write\",\n \"image_assurance.read\",\n \"image_assurance.write\",\n \"dashboard.read\",\n \"dashboard.write\",\n \"risk_explorer.read\",\n \"images.read\",\n \"images.write\",\n \"risks.host_images.read\",\n \"risks.host_images.write\",\n \"functions.read\",\n \"functions.write\",\n \"enforcers.read\",\n \"enforcers.write\",\n \"containers.read\",\n \"services.read\",\n \"services.write\",\n \"infrastructure.read\",\n \"infrastructure.write\",\n \"risks.vulnerabilities.read\",\n \"risks.vulnerabilities.write\",\n \"risks.benchmark.read\",\n \"risks.benchmark.write\",\n \"audits.read\",\n \"secrets.read\",\n \"secrets.write\",\n \"settings.read\",\n \"settings.write\",\n \"integrations.read\",\n \"integrations.write\",\n \"registries_integrations.read\",\n \"registries_integrations.write\",\n \"scan.read\",\n \"gateways.read\",\n \"gateways.write\",\n \"consoles.read\",\n \"web_hook.read\",\n \"incidents.read\")\n .description(\"Test Permissions Sets created by Terraform\")\n .isSuper(false)\n .uiAccess(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myTerraformPermSet:\n type: aquasec:PermissionsSets\n properties:\n actions:\n - acl_policies.read\n - acl_policies.write\n - image_profiles.read\n - image_profiles.write\n - network_policies.read\n - network_policies.write\n - runtime_policies.read\n - runtime_policies.write\n - response_policies.read\n - response_policies.write\n - image_assurance.read\n - image_assurance.write\n - dashboard.read\n - dashboard.write\n - risk_explorer.read\n - images.read\n - images.write\n - risks.host_images.read\n - risks.host_images.write\n - functions.read\n - functions.write\n - enforcers.read\n - enforcers.write\n - containers.read\n - services.read\n - services.write\n - infrastructure.read\n - infrastructure.write\n - risks.vulnerabilities.read\n - risks.vulnerabilities.write\n - risks.benchmark.read\n - risks.benchmark.write\n - audits.read\n - secrets.read\n - secrets.write\n - settings.read\n - settings.write\n - integrations.read\n - integrations.write\n - registries_integrations.read\n - registries_integrations.write\n - scan.read\n - gateways.read\n - gateways.write\n - consoles.read\n - web_hook.read\n - incidents.read\n description: Test Permissions Sets created by Terraform\n isSuper: false\n uiAccess: true\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "actions": { + "trustedBaseImages": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage" }, - "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" + "description": "List of trusted images.\n" }, - "author": { - "type": "string", - "description": "The name of the user who created the Permission Set.\n" + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" }, - "description": { - "type": "string", - "description": "Free text description for the Permission Set.\n" + "vulnerabilityExploitability": { + "type": "boolean" }, - "isSuper": { - "type": "boolean", - "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } }, - "name": { - "type": "string", - "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of whitelisted licenses.\n" }, - "uiAccess": { + "whitelistedLicensesEnabled": { "type": "boolean", - "description": "Whether to allow UI access for users with this Permission Set.\n" - }, - "updatedAt": { - "type": "string", - "description": "The date of the last modification of the Role.\n" + "description": "Indicates if license blacklist is relevant.\n" } }, "required": [ - "actions", + "applicationScopes", + "assuranceType", "author", + "autoScanTimes", + "customSeverity", + "ignoreRecentlyPublishedVlnPeriod", + "lastupdate", "name", - "uiAccess", - "updatedAt" + "permission", + "policySettings", + "scopes" ], "inputProperties": { - "actions": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { "type": "array", "items": { "type": "string" }, - "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" + "description": "List of explicitly allowed images.\n" }, - "description": { + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "assuranceType": { "type": "string", - "description": "Free text description for the Permission Set.\n" + "description": "What type of assurance policy is described.\n" }, - "isSuper": { + "auditOnFailure": { "type": "boolean", - "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" + "description": "Indicates if auditing for failures.\n" }, - "name": { + "author": { "type": "string", - "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", - "willReplaceOnChanges": true + "description": "Name of user account that created the policy.\n" }, - "uiAccess": { - "type": "boolean", - "description": "Whether to allow UI access for users with this Permission Set.\n" - } - }, - "requiredInputs": [ - "actions", - "uiAccess" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering PermissionsSets resources.\n", - "properties": { - "actions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of allowed actions for the Permission Set (not relevant if 'is_super' is true).\n" - }, - "author": { - "type": "string", - "description": "The name of the user who created the Permission Set.\n" - }, - "description": { - "type": "string", - "description": "Free text description for the Permission Set.\n" - }, - "isSuper": { - "type": "boolean", - "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" + "autoScanConfigured": { + "type": "boolean" + }, + "autoScanEnabled": { + "type": "boolean" + }, + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime" + } + }, + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" }, - "name": { - "type": "string", - "description": "The name of the Permission Set, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", - "willReplaceOnChanges": true + "description": "List of function's forbidden permissions.\n" + }, + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" + }, + "blacklistedLicenses": { + "type": "array", + "items": { + "type": "string" }, - "uiAccess": { - "type": "boolean", - "description": "Whether to allow UI access for users with this Permission Set.\n" + "description": "List of blacklisted licenses.\n" + }, + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" + }, + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" + }, + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck" }, - "updatedAt": { - "type": "string", - "description": "The date of the last modification of the Role.\n" - } + "description": "List of Custom user scripts for checks.\n" }, - "type": "object" - } - }, - "aquasec:index/role:Role": { - "description": "The `aquasec.Role` resource manages your roles within Aqua.\n\nThe roles created must have permission set and at least one Role Application Scope that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC = new aquasec.Role(\"iaC\", {\n description: \"RoleIaC\",\n permission: \"PermissionIaC\",\n roleName: \"RoleIaC\",\n scopes: [\"Global\"],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c = aquasec.Role(\"iaC\",\n description=\"RoleIaC\",\n permission=\"PermissionIaC\",\n role_name=\"RoleIaC\",\n scopes=[\"Global\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iaC = new Aquasec.Role(\"iaC\", new()\n {\n Description = \"RoleIaC\",\n Permission = \"PermissionIaC\",\n RoleName = \"RoleIaC\",\n Scopes = new[]\n {\n \"Global\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewRole(ctx, \"iaC\", \u0026aquasec.RoleArgs{\n\t\t\tDescription: pulumi.String(\"RoleIaC\"),\n\t\t\tPermission: pulumi.String(\"PermissionIaC\"),\n\t\t\tRoleName: pulumi.String(\"RoleIaC\"),\n\t\t\tScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Global\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.Role;\nimport com.pulumi.aquasec.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC = new Role(\"iaC\", RoleArgs.builder() \n .description(\"RoleIaC\")\n .permission(\"PermissionIaC\")\n .roleName(\"RoleIaC\")\n .scopes(\"Global\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC:\n type: aquasec:Role\n properties:\n description: RoleIaC\n permission: PermissionIaC\n roleName: RoleIaC\n scopes:\n - Global\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "author": { - "type": "string", - "description": "The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure.\n" + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" }, - "description": { - "type": "string", - "description": "Free text description for the role.\n" + "customSeverity": { + "type": "string" }, - "permission": { - "type": "string", - "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" + "customSeverityEnabled": { + "type": "boolean" }, - "roleName": { - "type": "string", - "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n" + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" }, - "scopes": { + "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" + "description": "List of cves blacklisted items.\n" }, - "updatedAt": { - "type": "string", - "description": "The date of the last modification of the role.\n" - } - }, - "required": [ - "author", - "permission", - "roleName", - "scopes", - "updatedAt" - ], - "inputProperties": { - "description": { - "type": "string", - "description": "Free text description for the role.\n" + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if cves whitelist is relevant.\n" }, - "permission": { - "type": "string", - "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" }, - "roleName": { + "cvssSeverity": { "type": "string", - "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", - "willReplaceOnChanges": true + "description": "Identifier of the cvss severity.\n" }, - "scopes": { + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { + "type": "string" + }, + "disallowExploitTypes": { "type": "array", "items": { "type": "string" - }, - "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" - } - }, - "requiredInputs": [ - "permission", - "roleName", - "scopes" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering Role resources.\n", - "properties": { - "author": { - "type": "string", - "description": "The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure.\n" - }, - "description": { - "type": "string", - "description": "Free text description for the role.\n" - }, - "permission": { - "type": "string", - "description": "The name of the Permission Set that will affect the users assigned to this specific Role.\n" - }, - "roleName": { - "type": "string", - "description": "The name of the role, comprised of alphanumeric characters and '-', '_', ' ', ':', '.', '@', '!', '^'.\n", - "willReplaceOnChanges": true - }, - "scopes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of Application Scopes that will affect the users assigned to this specific Role.\n" - }, - "updatedAt": { - "type": "string", - "description": "The date of the last modification of the role.\n" } }, - "type": "object" - } - }, - "aquasec:index/roleMapping:RoleMapping": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst roleMappingRoleMapping = new aquasec.RoleMapping(\"roleMappingRoleMapping\", {saml: {\n roleMapping: {\n Administrator: \"group1\",\n },\n}});\nexport const roleMapping = roleMappingRoleMapping;\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nrole_mapping_role_mapping = aquasec.RoleMapping(\"roleMappingRoleMapping\", saml=aquasec.RoleMappingSamlArgs(\n role_mapping={\n \"Administrator\": \"group1\",\n },\n))\npulumi.export(\"roleMapping\", role_mapping_role_mapping)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleMappingRoleMapping = new Aquasec.RoleMapping(\"roleMappingRoleMapping\", new()\n {\n Saml = new Aquasec.Inputs.RoleMappingSamlArgs\n {\n RoleMapping = \n {\n { \"Administrator\", \"group1\" },\n },\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"roleMapping\"] = roleMappingRoleMapping,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troleMappingRoleMapping, err := aquasec.NewRoleMapping(ctx, \"roleMappingRoleMapping\", \u0026aquasec.RoleMappingArgs{\n\t\t\tSaml: \u0026aquasec.RoleMappingSamlArgs{\n\t\t\t\tRoleMapping: pulumi.StringMap{\n\t\t\t\t\t\"Administrator\": pulumi.String(\"group1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"roleMapping\", roleMappingRoleMapping)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.RoleMapping;\nimport com.pulumi.aquasec.RoleMappingArgs;\nimport com.pulumi.aquasec.inputs.RoleMappingSamlArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleMappingRoleMapping = new RoleMapping(\"roleMappingRoleMapping\", RoleMappingArgs.builder() \n .saml(RoleMappingSamlArgs.builder()\n .roleMapping(Map.of(\"Administrator\", \"group1\"))\n .build())\n .build());\n\n ctx.export(\"roleMapping\", roleMappingRoleMapping);\n }\n}\n```\n```yaml\nresources:\n roleMappingRoleMapping:\n type: aquasec:RoleMapping\n properties:\n saml:\n roleMapping:\n Administrator: group1\noutputs:\n roleMapping: ${roleMappingRoleMapping}\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "ldap": { - "$ref": "#/types/aquasec:index/RoleMappingLdap:RoleMappingLdap", - "description": "LDAP Authentication\n" + "disallowMalware": { + "type": "boolean", + "description": "Indicates if malware should block the image.\n" }, - "oauth2": { - "$ref": "#/types/aquasec:index/RoleMappingOauth2:RoleMappingOauth2", - "description": "Oauth2 Authentication\n" + "dockerCisEnabled": { + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, - "openid": { - "$ref": "#/types/aquasec:index/RoleMappingOpenid:RoleMappingOpenid", - "description": "OpenId Authentication\n" + "domain": { + "type": "string", + "description": "Name of the container image.\n" }, - "saml": { - "$ref": "#/types/aquasec:index/RoleMappingSaml:RoleMappingSaml", - "description": "SAML Authentication\n" - } - }, - "inputProperties": { - "ldap": { - "$ref": "#/types/aquasec:index/RoleMappingLdap:RoleMappingLdap", - "description": "LDAP Authentication\n" + "domainName": { + "type": "string" }, - "oauth2": { - "$ref": "#/types/aquasec:index/RoleMappingOauth2:RoleMappingOauth2", - "description": "Oauth2 Authentication\n" + "dtaEnabled": { + "type": "boolean" }, - "openid": { - "$ref": "#/types/aquasec:index/RoleMappingOpenid:RoleMappingOpenid", - "description": "OpenId Authentication\n" + "dtaSeverity": { + "type": "string" }, - "saml": { - "$ref": "#/types/aquasec:index/RoleMappingSaml:RoleMappingSaml", - "description": "SAML Authentication\n" - } - }, - "stateInputs": { - "description": "Input properties used for looking up and filtering RoleMapping resources.\n", - "properties": { - "ldap": { - "$ref": "#/types/aquasec:index/RoleMappingLdap:RoleMappingLdap", - "description": "LDAP Authentication\n" - }, - "oauth2": { - "$ref": "#/types/aquasec:index/RoleMappingOauth2:RoleMappingOauth2", - "description": "Oauth2 Authentication\n" - }, - "openid": { - "$ref": "#/types/aquasec:index/RoleMappingOpenid:RoleMappingOpenid", - "description": "OpenId Authentication\n" - }, - "saml": { - "$ref": "#/types/aquasec:index/RoleMappingSaml:RoleMappingSaml", - "description": "SAML Authentication\n" - } + "enabled": { + "type": "boolean" }, - "type": "object" - } - }, - "aquasec:index/roleMappingSaas:RoleMappingSaas": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst rolesMappingSaasRoleMappingSaas = new aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", {\n samlGroups: [\n \"group1\",\n \"group2\",\n ],\n cspRole: \"Administrator\",\n});\nexport const rolesMappingSaas = rolesMappingSaasRoleMappingSaas;\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nroles_mapping_saas_role_mapping_saas = aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\",\n saml_groups=[\n \"group1\",\n \"group2\",\n ],\n csp_role=\"Administrator\")\npulumi.export(\"rolesMappingSaas\", roles_mapping_saas_role_mapping_saas)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rolesMappingSaasRoleMappingSaas = new Aquasec.RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", new()\n {\n SamlGroups = new[]\n {\n \"group1\",\n \"group2\",\n },\n CspRole = \"Administrator\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"rolesMappingSaas\"] = rolesMappingSaasRoleMappingSaas,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trolesMappingSaasRoleMappingSaas, err := aquasec.NewRoleMappingSaas(ctx, \"rolesMappingSaasRoleMappingSaas\", \u0026aquasec.RoleMappingSaasArgs{\n\t\t\tSamlGroups: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"group1\"),\n\t\t\t\tpulumi.String(\"group2\"),\n\t\t\t},\n\t\t\tCspRole: pulumi.String(\"Administrator\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"rolesMappingSaas\", rolesMappingSaasRoleMappingSaas)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.RoleMappingSaas;\nimport com.pulumi.aquasec.RoleMappingSaasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var rolesMappingSaasRoleMappingSaas = new RoleMappingSaas(\"rolesMappingSaasRoleMappingSaas\", RoleMappingSaasArgs.builder() \n .samlGroups( \n \"group1\",\n \"group2\")\n .cspRole(\"Administrator\")\n .build());\n\n ctx.export(\"rolesMappingSaas\", rolesMappingSaasRoleMappingSaas);\n }\n}\n```\n```yaml\nresources:\n rolesMappingSaasRoleMappingSaas:\n type: aquasec:RoleMappingSaas\n properties:\n samlGroups:\n - group1\n - group2\n cspRole: Administrator\noutputs:\n rolesMappingSaas: ${rolesMappingSaasRoleMappingSaas}\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "accountId": { + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { "type": "integer" }, - "created": { - "type": "string" + "enforceExcessivePermissions": { + "type": "boolean" }, - "cspRole": { - "type": "string" + "exceptionalMonitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } }, - "roleMappingId": { + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "failCicd": { + "type": "boolean", + "description": "Indicates if cicd failures will fail the image.\n" + }, + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel" + } + }, + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVlnPeriod": { "type": "integer" }, - "samlGroups": { + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { "type": "array", "items": { "type": "string" } - } - }, - "required": [ - "accountId", - "created", - "cspRole", - "roleMappingId", - "samlGroups" - ], - "inputProperties": { - "cspRole": { - "type": "string", - "willReplaceOnChanges": true }, - "samlGroups": { + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl" + }, + "description": "List of Kubernetes controls.\n" + }, + "kubernetesControlsAvdIds": { "type": "array", "items": { "type": "string" } - } - }, - "requiredInputs": [ - "cspRole", - "samlGroups" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering RoleMappingSaas resources.\n", - "properties": { - "accountId": { - "type": "integer" - }, - "created": { + }, + "kubernetesControlsNames": { + "type": "array", + "items": { "type": "string" - }, - "cspRole": { - "type": "string", - "willReplaceOnChanges": true - }, - "roleMappingId": { - "type": "integer" - }, - "samlGroups": { - "type": "array", - "items": { - "type": "string" - } } }, - "type": "object" - } - }, - "aquasec:index/service:Service": { - "properties": { - "applicationScopes": { + "labels": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" + "description": "List of labels.\n" }, - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" + "lastupdate": { + "type": "string" }, - "containersCount": { - "type": "integer", - "description": "The number of containers associated with the service.\n" + "linuxCisEnabled": { + "type": "boolean" }, - "description": { - "type": "string", - "description": "A textual description of the service record; maximum 500 characters.\n" + "malwareAction": { + "type": "string" }, - "enforce": { - "type": "boolean", - "description": "Enforcement status of the service.\n" + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" }, - "evaluated": { + "maximumScoreEnabled": { "type": "boolean", - "description": "Whether the service has been evaluated for security vulnerabilities.\n" + "description": "Indicates if exceeding the maximum score is scanned.\n" }, - "isRegistered": { + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string", + "willReplaceOnChanges": true + }, + "onlyNoneRootUsers": { "type": "boolean", - "description": "Indicates if registered or not.\n" + "description": "Indicates if raise a warning for images that should only be run as root.\n" }, - "lastupdate": { - "type": "integer", - "description": "Timestamp of the last update in Unix time format.\n" + "openshiftHardeningEnabled": { + "type": "boolean" }, - "monitoring": { + "packagesBlackListEnabled": { "type": "boolean", - "description": "Indicates if monitoring is enabled or not\n" + "description": "Indicates if packages blacklist is relevant.\n" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n" + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" }, - "notEvaluatedCount": { - "type": "integer", - "description": "The number of container that are not evaluated.\n" + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" }, - "policies": { + "packagesWhiteLists": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList" }, - "description": "The service's policies; an array of container firewall policy names.\n" + "description": "List of whitelisted images.\n" }, - "priority": { - "type": "integer", - "description": "Rules priority, must be between 1-100.\n" + "partialResultsImageFail": { + "type": "boolean" }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "permission": { + "type": "string" }, - "scopeVariables": { + "policySettings": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ServiceScopeVariable:ServiceScopeVariable" + "type": "string" }, - "description": "List of scope attributes.\n" + "description": "List of registries.\n" }, - "target": { - "type": "string", - "description": "Type of the workload. container or host.\n" + "registry": { + "type": "string" }, - "unregisteredCount": { - "type": "integer", - "description": "The number of containers allocated to the service that are not registered.\n" + "requiredLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel" + } }, - "vulnerabilitiesHigh": { - "type": "integer", - "description": "Number of high severity vulnerabilities.\n" + "requiredLabelsEnabled": { + "type": "boolean" }, - "vulnerabilitiesLow": { - "type": "integer", - "description": "Number of low severity vulnerabilities.\n" + "scanMalwareInArchives": { + "type": "boolean" }, - "vulnerabilitiesMalware": { - "type": "integer", - "description": "Number of malware.\n" + "scanNfsMounts": { + "type": "boolean" }, - "vulnerabilitiesMedium": { - "type": "integer", - "description": "Number of medium severity vulnerabilities.\n" + "scanProcessMemory": { + "type": "boolean" }, - "vulnerabilitiesNegligible": { - "type": "integer", - "description": "Number of negligible vulnerabilities.\n" + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" }, - "vulnerabilitiesScoreAverage": { - "type": "integer", - "description": "The CVSS average vulnerabilities score.\n" + "scanWindowsRegistry": { + "type": "boolean" }, - "vulnerabilitiesSensitive": { - "type": "integer", - "description": "Number of sensitive vulnerabilities.\n" + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" }, - "vulnerabilitiesTotal": { - "type": "integer", - "description": "Total number of vulnerabilities.\n" - } - }, - "required": [ - "applicationScopes", - "author", - "containersCount", - "evaluated", - "isRegistered", - "lastupdate", - "name", - "notEvaluatedCount", - "policies", - "target", - "unregisteredCount", - "vulnerabilitiesHigh", - "vulnerabilitiesLow", - "vulnerabilitiesMalware", - "vulnerabilitiesMedium", - "vulnerabilitiesNegligible", - "vulnerabilitiesScoreAverage", - "vulnerabilitiesSensitive", - "vulnerabilitiesTotal" - ], - "inputProperties": { - "applicationScopes": { + "scapFiles": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" + "description": "List of SCAP user scripts for checks.\n" }, - "description": { - "type": "string", - "description": "A textual description of the service record; maximum 500 characters.\n" + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyScope:VmwareAssurancePolicyScope" + } }, - "enforce": { - "type": "boolean", - "description": "Enforcement status of the service.\n" + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" }, - "monitoring": { + "trustedBaseImagesEnabled": { "type": "boolean", - "description": "Indicates if monitoring is enabled or not\n" + "description": "Indicates if list of trusted base images is relevant.\n" }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true + "vulnerabilityExploitability": { + "type": "boolean" }, - "policies": { + "vulnerabilityScoreRanges": { "type": "array", "items": { - "type": "string" - }, - "description": "The service's policies; an array of container firewall policy names.\n" - }, - "priority": { - "type": "integer", - "description": "Rules priority, must be between 1-100.\n" - }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "type": "integer" + } }, - "scopeVariables": { + "whitelistedLicenses": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ServiceScopeVariable:ServiceScopeVariable" + "type": "string" }, - "description": "List of scope attributes.\n" + "description": "List of whitelisted licenses.\n" }, - "target": { - "type": "string", - "description": "Type of the workload. container or host.\n" + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" } }, "requiredInputs": [ - "applicationScopes", - "policies", - "target" + "applicationScopes" ], "stateInputs": { - "description": "Input properties used for looking up and filtering Service resources.\n", + "description": "Input properties used for looking up and filtering VmwareAssurancePolicy resources.\n", "properties": { - "applicationScopes": { + "aggregatedVulnerability": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Aggregated vulnerability information.\n" + }, + "allowedImages": { "type": "array", "items": { "type": "string" }, - "description": "Indicates the application scope of the service.\n" - }, - "author": { - "type": "string", - "description": "Username of the account that created the service.\n" + "description": "List of explicitly allowed images.\n" }, - "containersCount": { - "type": "integer", - "description": "The number of containers associated with the service.\n" + "applicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "description": { + "assuranceType": { "type": "string", - "description": "A textual description of the service record; maximum 500 characters.\n" + "description": "What type of assurance policy is described.\n" }, - "enforce": { + "auditOnFailure": { "type": "boolean", - "description": "Enforcement status of the service.\n" + "description": "Indicates if auditing for failures.\n" }, - "evaluated": { - "type": "boolean", - "description": "Whether the service has been evaluated for security vulnerabilities.\n" + "author": { + "type": "string", + "description": "Name of user account that created the policy.\n" }, - "isRegistered": { - "type": "boolean", - "description": "Indicates if registered or not.\n" + "autoScanConfigured": { + "type": "boolean" }, - "lastupdate": { - "type": "integer", - "description": "Timestamp of the last update in Unix time format.\n" + "autoScanEnabled": { + "type": "boolean" }, - "monitoring": { - "type": "boolean", - "description": "Indicates if monitoring is enabled or not\n" + "autoScanTimes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyAutoScanTime:VmwareAssurancePolicyAutoScanTime" + } }, - "name": { - "type": "string", - "description": "Name assigned to the attribute.\n", - "willReplaceOnChanges": true + "blacklistPermissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of function's forbidden permissions.\n" }, - "notEvaluatedCount": { - "type": "integer", - "description": "The number of container that are not evaluated.\n" + "blacklistPermissionsEnabled": { + "type": "boolean", + "description": "Indicates if blacklist permissions is relevant.\n" }, - "policies": { + "blacklistedLicenses": { "type": "array", "items": { "type": "string" }, - "description": "The service's policies; an array of container firewall policy names.\n" + "description": "List of blacklisted licenses.\n" }, - "priority": { - "type": "integer", - "description": "Rules priority, must be between 1-100.\n" + "blacklistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" }, - "scopeExpression": { - "type": "string", - "description": "Logical expression of how to compute the dependency of the scope variables.\n" + "blockFailed": { + "type": "boolean", + "description": "Indicates if failed images are blocked.\n" }, - "scopeVariables": { + "controlExcludeNoFix": { + "type": "boolean" + }, + "customChecks": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/ServiceScopeVariable:ServiceScopeVariable" + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyCustomCheck:VmwareAssurancePolicyCustomCheck" }, - "description": "List of scope attributes.\n" - }, - "target": { - "type": "string", - "description": "Type of the workload. container or host.\n" - }, - "unregisteredCount": { - "type": "integer", - "description": "The number of containers allocated to the service that are not registered.\n" + "description": "List of Custom user scripts for checks.\n" }, - "vulnerabilitiesHigh": { - "type": "integer", - "description": "Number of high severity vulnerabilities.\n" + "customChecksEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include custom checks.\n" }, - "vulnerabilitiesLow": { - "type": "integer", - "description": "Number of low severity vulnerabilities.\n" + "customSeverity": { + "type": "string" }, - "vulnerabilitiesMalware": { - "type": "integer", - "description": "Number of malware.\n" + "customSeverityEnabled": { + "type": "boolean" }, - "vulnerabilitiesMedium": { - "type": "integer", - "description": "Number of medium severity vulnerabilities.\n" + "cvesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if CVEs blacklist is relevant.\n" }, - "vulnerabilitiesNegligible": { - "type": "integer", - "description": "Number of negligible vulnerabilities.\n" + "cvesBlackLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves blacklisted items.\n" }, - "vulnerabilitiesScoreAverage": { - "type": "integer", - "description": "The CVSS average vulnerabilities score.\n" + "cvesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if cves whitelist is relevant.\n" }, - "vulnerabilitiesSensitive": { - "type": "integer", - "description": "Number of sensitive vulnerabilities.\n" + "cvesWhiteLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of cves whitelisted licenses\n" }, - "vulnerabilitiesTotal": { - "type": "integer", - "description": "Total number of vulnerabilities.\n" - } - }, - "type": "object" - } - }, - "aquasec:index/user:User": { - "description": "The `aquasec.User` resource manages your users within Aqua.\n\nThe users created must have at least one Role that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC = new aquasec.User(\"iaC\", {\n userId: \"IaC\",\n password: _var.password,\n roles: [\"infrastructure\"],\n email: \"infrastructure@example.com\",\n firstTime: true,\n});\n// Display name for this user\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c = aquasec.User(\"iaC\",\n user_id=\"IaC\",\n password=var[\"password\"],\n roles=[\"infrastructure\"],\n email=\"infrastructure@example.com\",\n first_time=True)\n# Display name for this user\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iaC = new Aquasec.User(\"iaC\", new()\n {\n UserId = \"IaC\",\n Password = @var.Password,\n Roles = new[]\n {\n \"infrastructure\",\n },\n Email = \"infrastructure@example.com\",\n FirstTime = true,\n });\n\n // Display name for this user\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewUser(ctx, \"iaC\", \u0026aquasec.UserArgs{\n\t\t\tUserId: pulumi.String(\"IaC\"),\n\t\t\tPassword: pulumi.Any(_var.Password),\n\t\t\tRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"infrastructure\"),\n\t\t\t},\n\t\t\tEmail: pulumi.String(\"infrastructure@example.com\"),\n\t\t\tFirstTime: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.User;\nimport com.pulumi.aquasec.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC = new User(\"iaC\", UserArgs.builder() \n .userId(\"IaC\")\n .password(var_.password())\n .roles(\"infrastructure\")\n .email(\"infrastructure@example.com\")\n .firstTime(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC:\n type: aquasec:User\n properties:\n userId: IaC\n password: ${var.password}\n roles:\n - infrastructure\n # optional fields\n email: infrastructure@example.com\n firstTime: true\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "email": { - "type": "string", - "description": "The user Email.\n" - }, - "firstTime": { - "type": "boolean", - "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" - }, - "isSuper": { - "type": "boolean", - "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" - }, - "name": { - "type": "string", - "description": "The user name.\n" - }, - "password": { - "type": "string", - "description": "Login password for the user; string, required, at least 8 characters long.\n" - }, - "passwordConfirm": { - "type": "string", - "description": "Password confirmation.\n" - }, - "plan": { - "type": "string", - "description": "User's Aqua plan (Developer / Team / Advanced).\n" - }, - "role": { - "type": "string", - "description": "The first role that assigned to the user for backward compatibility.\n" - }, - "roles": { - "type": "array", - "items": { - "type": "string" + "cvssSeverity": { + "type": "string", + "description": "Identifier of the cvss severity.\n" }, - "description": "The roles that will be assigned to the user.\n" - }, - "type": { - "type": "string", - "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" - }, - "uiAccess": { - "type": "boolean", - "description": "Whether to allow UI access for users with this Permission Set.\n" - }, - "userId": { - "type": "string", - "description": "The user ID.\n" - } - }, - "required": [ - "isSuper", - "name", - "password", - "plan", - "role", - "roles", - "type", - "uiAccess", - "userId" - ], - "inputProperties": { - "email": { - "type": "string", - "description": "The user Email.\n" - }, - "firstTime": { - "type": "boolean", - "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" - }, - "name": { - "type": "string", - "description": "The user name.\n" - }, - "password": { - "type": "string", - "description": "Login password for the user; string, required, at least 8 characters long.\n" - }, - "passwordConfirm": { - "type": "string", - "description": "Password confirmation.\n" - }, - "roles": { - "type": "array", - "items": { + "cvssSeverityEnabled": { + "type": "boolean", + "description": "Indicates if the cvss severity is scanned.\n" + }, + "cvssSeverityExcludeNoFix": { + "type": "boolean", + "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + }, + "description": { "type": "string" }, - "description": "The roles that will be assigned to the user.\n" - }, - "userId": { - "type": "string", - "description": "The user ID.\n", - "willReplaceOnChanges": true - } - }, - "requiredInputs": [ - "password", - "roles", - "userId" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering User resources.\n", - "properties": { - "email": { - "type": "string", - "description": "The user Email.\n" + "disallowExploitTypes": { + "type": "array", + "items": { + "type": "string" + } }, - "firstTime": { + "disallowMalware": { "type": "boolean", - "description": "If the user must change the password first login. Applicable only one time, Later for user password resets use aqua console.\n" + "description": "Indicates if malware should block the image.\n" }, - "isSuper": { + "dockerCisEnabled": { "type": "boolean", - "description": "Give the Permission Set full access, meaning all actions are allowed without restriction.\n" + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, - "name": { + "domain": { "type": "string", - "description": "The user name.\n" + "description": "Name of the container image.\n" }, - "password": { - "type": "string", - "description": "Login password for the user; string, required, at least 8 characters long.\n" + "domainName": { + "type": "string" }, - "passwordConfirm": { - "type": "string", - "description": "Password confirmation.\n" + "dtaEnabled": { + "type": "boolean" }, - "plan": { - "type": "string", - "description": "User's Aqua plan (Developer / Team / Advanced).\n" + "dtaSeverity": { + "type": "string" }, - "role": { - "type": "string", - "description": "The first role that assigned to the user for backward compatibility.\n" + "enabled": { + "type": "boolean" }, - "roles": { + "enforce": { + "type": "boolean" + }, + "enforceAfterDays": { + "type": "integer" + }, + "enforceExcessivePermissions": { + "type": "boolean" + }, + "exceptionalMonitoredMalwarePaths": { "type": "array", "items": { "type": "string" - }, - "description": "The roles that will be assigned to the user.\n" + } }, - "type": { - "type": "string", - "description": "The user type (Aqua, LDAP, SAML, OAuth2, OpenID, Tenant Manager).\n" + "excludeApplicationScopes": { + "type": "array", + "items": { + "type": "string" + } }, - "uiAccess": { + "failCicd": { "type": "boolean", - "description": "Whether to allow UI access for users with this Permission Set.\n" + "description": "Indicates if cicd failures will fail the image.\n" }, - "userId": { - "type": "string", - "description": "The user ID.\n", - "willReplaceOnChanges": true - } - }, - "type": "object" - } - }, - "aquasec:index/userSaas:UserSaas": { - "description": "The `aquasec.UserSaas` resource manages your saas users within Aqua.\n\nThe users created must have at least one Csp Role that is already present within Aqua.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumiverse/aquasec\";\n\nconst iaC1 = new aquasec.UserSaas(\"iaC1\", {\n accountAdmin: true,\n cspRoles: [],\n email: \"infrastructure1@example.com\",\n});\nconst iaC2 = new aquasec.UserSaas(\"iaC2\", {\n accountAdmin: false,\n cspRoles: [\"Default\"],\n email: \"infrastructure2@example.com\",\n groups: [{\n groupAdmin: false,\n name: \"IacGroupName\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumiverse_aquasec as aquasec\n\nia_c1 = aquasec.UserSaas(\"iaC1\",\n account_admin=True,\n csp_roles=[],\n email=\"infrastructure1@example.com\")\nia_c2 = aquasec.UserSaas(\"iaC2\",\n account_admin=False,\n csp_roles=[\"Default\"],\n email=\"infrastructure2@example.com\",\n groups=[aquasec.UserSaasGroupArgs(\n group_admin=False,\n name=\"IacGroupName\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumiverse.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var iaC1 = new Aquasec.UserSaas(\"iaC1\", new()\n {\n AccountAdmin = true,\n CspRoles = new[] {},\n Email = \"infrastructure1@example.com\",\n });\n\n var iaC2 = new Aquasec.UserSaas(\"iaC2\", new()\n {\n AccountAdmin = false,\n CspRoles = new[]\n {\n \"Default\",\n },\n Email = \"infrastructure2@example.com\",\n Groups = new[]\n {\n new Aquasec.Inputs.UserSaasGroupArgs\n {\n GroupAdmin = false,\n Name = \"IacGroupName\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aquasec.NewUserSaas(ctx, \"iaC1\", \u0026aquasec.UserSaasArgs{\n\t\t\tAccountAdmin: pulumi.Bool(true),\n\t\t\tCspRoles: pulumi.StringArray{},\n\t\t\tEmail: pulumi.String(\"infrastructure1@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aquasec.NewUserSaas(ctx, \"iaC2\", \u0026aquasec.UserSaasArgs{\n\t\t\tAccountAdmin: pulumi.Bool(false),\n\t\t\tCspRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Default\"),\n\t\t\t},\n\t\t\tEmail: pulumi.String(\"infrastructure2@example.com\"),\n\t\t\tGroups: aquasec.UserSaasGroupArray{\n\t\t\t\t\u0026aquasec.UserSaasGroupArgs{\n\t\t\t\t\tGroupAdmin: pulumi.Bool(false),\n\t\t\t\t\tName: pulumi.String(\"IacGroupName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.UserSaas;\nimport com.pulumi.aquasec.UserSaasArgs;\nimport com.pulumi.aquasec.inputs.UserSaasGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var iaC1 = new UserSaas(\"iaC1\", UserSaasArgs.builder() \n .accountAdmin(true)\n .cspRoles()\n .email(\"infrastructure1@example.com\")\n .build());\n\n var iaC2 = new UserSaas(\"iaC2\", UserSaasArgs.builder() \n .accountAdmin(false)\n .cspRoles(\"Default\")\n .email(\"infrastructure2@example.com\")\n .groups(UserSaasGroupArgs.builder()\n .groupAdmin(false)\n .name(\"IacGroupName\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iaC1:\n type: aquasec:UserSaas\n properties:\n accountAdmin: true\n cspRoles: []\n email: infrastructure1@example.com\n iaC2:\n type: aquasec:UserSaas\n properties:\n accountAdmin: false\n cspRoles:\n - Default\n email: infrastructure2@example.com\n # optional\n groups:\n - groupAdmin: false\n name: IacGroupName\n```\n{{% /example %}}\n{{% /examples %}}", - "properties": { - "accountAdmin": { - "type": "boolean" - }, - "confirmed": { - "type": "boolean" - }, - "created": { - "type": "string" - }, - "cspRoles": { - "type": "array", - "items": { - "type": "string" - } - }, - "email": { - "type": "string" - }, - "groups": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/UserSaasGroup:UserSaasGroup" - } - }, - "logins": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/UserSaasLogin:UserSaasLogin" - } - }, - "multiaccount": { - "type": "boolean" - }, - "passwordReset": { - "type": "boolean" - }, - "sendAnnouncements": { - "type": "boolean" - }, - "sendNewPlugins": { - "type": "boolean" - }, - "sendNewRisks": { - "type": "boolean" - }, - "sendScanResults": { - "type": "boolean" - }, - "userId": { - "type": "string" - } - }, - "required": [ - "accountAdmin", - "confirmed", - "created", - "cspRoles", - "email", - "logins", - "multiaccount", - "passwordReset", - "sendAnnouncements", - "sendNewPlugins", - "sendNewRisks", - "sendScanResults", - "userId" - ], - "inputProperties": { - "accountAdmin": { - "type": "boolean" - }, - "cspRoles": { - "type": "array", - "items": { - "type": "string" - } - }, - "email": { - "type": "string" - }, - "groups": { - "type": "array", - "items": { - "$ref": "#/types/aquasec:index/UserSaasGroup:UserSaasGroup" - } - } - }, - "requiredInputs": [ - "accountAdmin", - "cspRoles", - "email" - ], - "stateInputs": { - "description": "Input properties used for looking up and filtering UserSaas resources.\n", - "properties": { - "accountAdmin": { + "forbiddenLabels": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyForbiddenLabel:VmwareAssurancePolicyForbiddenLabel" + } + }, + "forbiddenLabelsEnabled": { + "type": "boolean" + }, + "forceMicroenforcer": { + "type": "boolean" + }, + "functionIntegrityEnabled": { + "type": "boolean" + }, + "ignoreBaseImageVln": { + "type": "boolean" + }, + "ignoreRecentlyPublishedVln": { "type": "boolean" }, - "confirmed": { + "ignoreRecentlyPublishedVlnPeriod": { + "type": "integer" + }, + "ignoreRiskResourcesEnabled": { + "type": "boolean", + "description": "Indicates if risk resources are ignored.\n" + }, + "ignoredRiskResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ignored risk resources.\n" + }, + "ignoredSensitiveResources": { + "type": "array", + "items": { + "type": "string" + } + }, + "images": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of images.\n" + }, + "kubeCisEnabled": { + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" + }, + "kubernetesControls": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyKubernetesControl:VmwareAssurancePolicyKubernetesControl" + }, + "description": "List of Kubernetes controls.\n" + }, + "kubernetesControlsAvdIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "kubernetesControlsNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "labels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of labels.\n" + }, + "lastupdate": { + "type": "string" + }, + "linuxCisEnabled": { "type": "boolean" }, - "created": { + "malwareAction": { "type": "string" }, - "cspRoles": { + "maximumScore": { + "type": "number", + "description": "Value of allowed maximum score.\n" + }, + "maximumScoreEnabled": { + "type": "boolean", + "description": "Indicates if exceeding the maximum score is scanned.\n" + }, + "maximumScoreExcludeNoFix": { + "type": "boolean" + }, + "monitoredMalwarePaths": { "type": "array", "items": { "type": "string" } }, - "email": { + "name": { + "type": "string", + "willReplaceOnChanges": true + }, + "onlyNoneRootUsers": { + "type": "boolean", + "description": "Indicates if raise a warning for images that should only be run as root.\n" + }, + "openshiftHardeningEnabled": { + "type": "boolean" + }, + "packagesBlackListEnabled": { + "type": "boolean", + "description": "Indicates if packages blacklist is relevant.\n" + }, + "packagesBlackLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPackagesBlackList:VmwareAssurancePolicyPackagesBlackList" + }, + "description": "List of blacklisted images.\n" + }, + "packagesWhiteListEnabled": { + "type": "boolean", + "description": "Indicates if packages whitelist is relevant.\n" + }, + "packagesWhiteLists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPackagesWhiteList:VmwareAssurancePolicyPackagesWhiteList" + }, + "description": "List of whitelisted images.\n" + }, + "partialResultsImageFail": { + "type": "boolean" + }, + "permission": { "type": "string" }, - "groups": { + "policySettings": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyPolicySettings:VmwareAssurancePolicyPolicySettings" + }, + "readOnly": { + "type": "boolean" + }, + "registries": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/UserSaasGroup:UserSaasGroup" - } + "type": "string" + }, + "description": "List of registries.\n" }, - "logins": { + "registry": { + "type": "string" + }, + "requiredLabels": { "type": "array", "items": { - "$ref": "#/types/aquasec:index/UserSaasLogin:UserSaasLogin" + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyRequiredLabel:VmwareAssurancePolicyRequiredLabel" } }, - "multiaccount": { + "requiredLabelsEnabled": { "type": "boolean" }, - "passwordReset": { + "scanMalwareInArchives": { "type": "boolean" }, - "sendAnnouncements": { + "scanNfsMounts": { "type": "boolean" }, - "sendNewPlugins": { + "scanProcessMemory": { "type": "boolean" }, - "sendNewRisks": { + "scanSensitiveData": { + "type": "boolean", + "description": "Indicates if scan should include sensitive data in the image.\n" + }, + "scanWindowsRegistry": { "type": "boolean" }, - "sendScanResults": { + "scapEnabled": { + "type": "boolean", + "description": "Indicates if scanning should include scap.\n" + }, + "scapFiles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of SCAP user scripts for checks.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyScope:VmwareAssurancePolicyScope" + } + }, + "trustedBaseImages": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/VmwareAssurancePolicyTrustedBaseImage:VmwareAssurancePolicyTrustedBaseImage" + }, + "description": "List of trusted images.\n" + }, + "trustedBaseImagesEnabled": { + "type": "boolean", + "description": "Indicates if list of trusted base images is relevant.\n" + }, + "vulnerabilityExploitability": { "type": "boolean" }, - "userId": { - "type": "string", - "willReplaceOnChanges": true + "vulnerabilityScoreRanges": { + "type": "array", + "items": { + "type": "integer" + } + }, + "whitelistedLicenses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of whitelisted licenses.\n" + }, + "whitelistedLicensesEnabled": { + "type": "boolean", + "description": "Indicates if license blacklist is relevant.\n" } }, "type": "object" @@ -14869,6 +21606,43 @@ "inputs": { "description": "A collection of arguments for invoking getContainerRuntimePolicy.\n", "properties": { + "allowedExecutables": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable" + }, + "description": "Allowed executables configuration.\n" + }, + "allowedRegistries": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry" + }, + "description": "List of allowed registries.\n" + }, + "auditing": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing" + }, + "containerExec": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec" + }, + "fileBlock": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock" + }, + "fileIntegrityMonitorings": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyFileIntegrityMonitoring:getContainerRuntimePolicyFileIntegrityMonitoring" + }, + "description": "Configuration for file integrity monitoring.\n" + }, + "limitContainerPrivileges": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" + }, "malwareScanOptions": { "type": "array", "items": { @@ -14878,6 +21652,19 @@ }, "name": { "type": "string" + }, + "portBlock": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles" + }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyRestrictedVolume:getContainerRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" } }, "type": "object", @@ -14891,16 +21678,16 @@ "allowedExecutables": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyAllowedExecutable:getContainerRuntimePolicyAllowedExecutable" }, - "description": "List of executables that are allowed for the user.\n" + "description": "Allowed executables configuration.\n" }, "allowedRegistries": { "type": "array", "items": { - "type": "string" + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyAllowedRegistry:getContainerRuntimePolicyAllowedRegistry" }, - "description": "List of registries that allowed for running containers.\n" + "description": "Allowed registries configuration.\n" }, "applicationScopes": { "type": "array", @@ -14921,6 +21708,9 @@ "type": "boolean", "description": "If true, full command arguments will be audited.\n" }, + "auditing": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyAuditing:getContainerRuntimePolicyAuditing" + }, "author": { "type": "string", "description": "Username of the account that created the service.\n" @@ -15042,6 +21832,9 @@ }, "description": "List of volumes that are prevented from being mounted in the containers.\n" }, + "containerExec": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyContainerExec:getContainerRuntimePolicyContainerExec" + }, "containerExecAllowedProcesses": { "type": "array", "items": { @@ -15095,6 +21888,9 @@ }, "description": "Specify processes that will be allowed\n" }, + "fileBlock": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyFileBlock:getContainerRuntimePolicyFileBlock" + }, "fileIntegrityMonitorings": { "type": "array", "items": { @@ -15110,6 +21906,13 @@ "type": "string", "description": "The provider-assigned unique ID for this managed resource.\n" }, + "limitContainerPrivileges": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyLimitContainerPrivilege:getContainerRuntimePolicyLimitContainerPrivilege" + }, + "description": "Container privileges configuration.\n" + }, "limitNewPrivileges": { "type": "boolean", "description": "If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode)\n" @@ -15129,6 +21932,12 @@ "type": "string", "description": "Name of the container runtime policy\n" }, + "portBlock": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyPortBlock:getContainerRuntimePolicyPortBlock" + }, + "readonlyFiles": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyReadonlyFiles:getContainerRuntimePolicyReadonlyFiles" + }, "readonlyFilesAndDirectories": { "type": "array", "items": { @@ -15136,6 +21945,13 @@ }, "description": "List of files and directories to be restricted as read-only\n" }, + "restrictedVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getContainerRuntimePolicyRestrictedVolume:getContainerRuntimePolicyRestrictedVolume" + }, + "description": "Restricted volumes configuration.\n" + }, "reverseShellAllowedIps": { "type": "array", "items": { @@ -15164,8 +21980,6 @@ }, "type": "object", "required": [ - "allowedExecutables", - "allowedRegistries", "applicationScopes", "auditAllNetworkActivity", "auditAllProcessesActivity", @@ -15206,10 +22020,8 @@ "enforceAfterDays", "exceptionalReadonlyFilesAndDirectories", "execLockdownWhiteLists", - "fileIntegrityMonitorings", "forkGuardProcessLimit", "limitNewPrivileges", - "malwareScanOptions", "monitorSystemTimeChanges", "name", "readonlyFilesAndDirectories", @@ -15222,7 +22034,7 @@ } }, "aquasec:index/getEnforcerGroups:getEnforcerGroups": { - "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst groups = aquasec.getEnforcerGroups({\n groupId: \"IacGroup\",\n});\nexport const groupDetails = groups;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ngroups = aquasec.get_enforcer_groups(group_id=\"IacGroup\")\npulumi.export(\"groupDetails\", groups)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var groups = Aquasec.GetEnforcerGroups.Invoke(new()\n {\n GroupId = \"IacGroup\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"groupDetails\"] = groups,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroups, err := aquasec.LookupEnforcerGroups(ctx, \u0026aquasec.LookupEnforcerGroupsArgs{\n\t\t\tGroupId: \"IacGroup\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"groupDetails\", groups)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetEnforcerGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var groups = AquasecFunctions.getEnforcerGroups(GetEnforcerGroupsArgs.builder()\n .groupId(\"IacGroup\")\n .build());\n\n ctx.export(\"groupDetails\", groups.applyValue(getEnforcerGroupsResult -\u003e getEnforcerGroupsResult));\n }\n}\n```\n```yaml\nvariables:\n groups:\n fn::invoke:\n Function: aquasec:getEnforcerGroups\n Arguments:\n groupId: IacGroup\noutputs:\n groupDetails: ${groups}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "The data source `aquasec.EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aquasec from \"@pulumi/aquasec\";\n\nconst groups = aquasec.getEnforcerGroups({\n groupId: \"IacGroup\",\n});\nexport const groupDetails = groups;\n```\n```python\nimport pulumi\nimport pulumi_aquasec as aquasec\n\ngroups = aquasec.get_enforcer_groups(group_id=\"IacGroup\")\npulumi.export(\"groupDetails\", groups)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aquasec = Pulumi.Aquasec;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var groups = Aquasec.GetEnforcerGroups.Invoke(new()\n {\n GroupId = \"IacGroup\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"groupDetails\"] = groups,\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroups, err := aquasec.LookupEnforcerGroups(ctx, \u0026aquasec.LookupEnforcerGroupsArgs{\n\t\t\tGroupId: \"IacGroup\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"groupDetails\", groups)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aquasec.AquasecFunctions;\nimport com.pulumi.aquasec.inputs.GetEnforcerGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var groups = AquasecFunctions.getEnforcerGroups(GetEnforcerGroupsArgs.builder()\n .groupId(\"IacGroup\")\n .build());\n\n ctx.export(\"groupDetails\", groups.applyValue(getEnforcerGroupsResult -\u003e getEnforcerGroupsResult));\n }\n}\n```\n```yaml\nvariables:\n groups:\n fn::invoke:\n Function: aquasec:getEnforcerGroups\n Arguments:\n groupId: IacGroup\noutputs:\n groupDetails: ${groups}\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getEnforcerGroups.\n", "properties": { @@ -15733,7 +22545,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -15758,18 +22570,18 @@ }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", @@ -15798,7 +22610,8 @@ "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -15879,7 +22692,8 @@ "description": "List of images.\n" }, "kubeCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "labels": { "type": "array", @@ -15925,7 +22739,7 @@ "items": { "$ref": "#/types/aquasec:index/getFunctionAssurancePolicyPackagesBlackList:getFunctionAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -16094,6 +22908,20 @@ "inputs": { "description": "A collection of arguments for invoking getFunctionRuntimePolicy.\n", "properties": { + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getFunctionRuntimePolicyExecutableBlacklist:getFunctionRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, "name": { "type": "string" } @@ -16143,6 +22971,13 @@ "type": "string", "description": "The description of the function runtime policy\n" }, + "driftPreventions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getFunctionRuntimePolicyDriftPrevention:getFunctionRuntimePolicyDriftPrevention" + }, + "description": "Drift prevention configuration.\n" + }, "enabled": { "type": "boolean", "description": "Indicates if the runtime policy is enabled or not.\n" @@ -16151,6 +22986,13 @@ "type": "boolean", "description": "Indicates that policy should effect container execution (not just for audit).\n" }, + "executableBlacklists": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getFunctionRuntimePolicyExecutableBlacklist:getFunctionRuntimePolicyExecutableBlacklist" + }, + "description": "Executable blacklist configuration.\n" + }, "honeypotAccessKey": { "type": "string", "description": "Honeypot User ID (Access Key)\n" @@ -16329,7 +23171,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -16354,18 +23196,18 @@ }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", @@ -16394,7 +23236,8 @@ "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -16475,7 +23318,8 @@ "description": "List of images.\n" }, "kubeCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "labels": { "type": "array", @@ -16521,7 +23365,7 @@ "items": { "$ref": "#/types/aquasec:index/getHostAssurancePolicyPackagesBlackList:getHostAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -16690,8 +23534,31 @@ "inputs": { "description": "A collection of arguments for invoking getHostRuntimePolicy.\n", "properties": { + "auditing": { + "$ref": "#/types/aquasec:index/getHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing" + }, + "fileIntegrityMonitorings": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getHostRuntimePolicyFileIntegrityMonitoring:getHostRuntimePolicyFileIntegrityMonitoring" + }, + "description": "Configuration for file integrity monitoring.\n" + }, + "malwareScanOptions": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getHostRuntimePolicyMalwareScanOption:getHostRuntimePolicyMalwareScanOption" + }, + "description": "Configuration for Real-Time Malware Protection.\n" + }, "name": { "type": "string" + }, + "packageBlocks": { + "type": "array", + "items": { + "$ref": "#/types/aquasec:index/getHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock" + } } }, "type": "object", @@ -16733,6 +23600,9 @@ "type": "boolean", "description": "If true, account management will be audited.\n" }, + "auditing": { + "$ref": "#/types/aquasec:index/getHostRuntimePolicyAuditing:getHostRuntimePolicyAuditing" + }, "author": { "type": "string", "description": "Username of the account that created the service.\n" @@ -16752,7 +23622,7 @@ "type": "string", "description": "The description of the host runtime policy\n" }, - "enableIpReputationSecurity": { + "enableIpReputation": { "type": "boolean", "description": "If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.\n" }, @@ -16833,9 +23703,8 @@ "packageBlocks": { "type": "array", "items": { - "type": "string" - }, - "description": "List of packages that are not allowed read, write or execute all files that under the packages.\n" + "$ref": "#/types/aquasec:index/getHostRuntimePolicyPackageBlock:getHostRuntimePolicyPackageBlock" + } }, "portScanningDetection": { "type": "boolean", @@ -16880,12 +23749,10 @@ "blockCryptocurrencyMining", "blockedFiles", "description", - "enableIpReputationSecurity", + "enableIpReputation", "enabled", "enforce", "enforceAfterDays", - "fileIntegrityMonitorings", - "malwareScanOptions", "monitorSystemLogIntegrity", "monitorSystemTimeChanges", "monitorWindowsServices", @@ -16894,7 +23761,6 @@ "osGroupsBlockeds", "osUsersAlloweds", "osUsersBlockeds", - "packageBlocks", "portScanningDetection", "scopeExpression", "scopeVariables", @@ -17280,7 +24146,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -17305,18 +24171,18 @@ }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", @@ -17345,7 +24211,8 @@ "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -17426,7 +24293,8 @@ "description": "List of images.\n" }, "kubeCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "labels": { "type": "array", @@ -17472,7 +24340,7 @@ "items": { "$ref": "#/types/aquasec:index/getImageAssurancePolicyPackagesBlackList:getImageAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -17833,7 +24701,7 @@ }, "type": { "type": "string", - "description": "Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR).\n" + "description": "Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR).\n" }, "url": { "type": "string", @@ -18179,7 +25047,7 @@ }, "blacklistedLicensesEnabled": { "type": "boolean", - "description": "Lndicates if license blacklist is relevant.\n" + "description": "Indicates if license blacklist is relevant.\n" }, "blockFailed": { "type": "boolean", @@ -18204,37 +25072,37 @@ }, "cvesBlackListEnabled": { "type": "boolean", - "description": "Indicates if cves blacklist is relevant.\n" + "description": "Indicates if CVEs blacklist is relevant.\n" }, "cvesBlackLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves blacklisted items.\n" + "description": "List of CVEs blacklisted items.\n" }, "cvesWhiteListEnabled": { "type": "boolean", - "description": "Indicates if cves whitelist is relevant.\n" + "description": "Indicates if CVEs whitelist is relevant.\n" }, "cvesWhiteLists": { "type": "array", "items": { "type": "string" }, - "description": "List of cves whitelisted licenses\n" + "description": "List of CVEs whitelisted licenses\n" }, "cvssSeverity": { "type": "string", - "description": "Identifier of the cvss severity.\n" + "description": "Identifier of the CVSS severity.\n" }, "cvssSeverityEnabled": { "type": "boolean", - "description": "Indicates if the cvss severity is scanned.\n" + "description": "Indicates if the CVSS severity is scanned.\n" }, "cvssSeverityExcludeNoFix": { "type": "boolean", - "description": "Indicates that policy should ignore cvss cases that do not have a known fix.\n" + "description": "Indicates that policy should ignore CVSS cases that do not have a known fix.\n" }, "description": { "type": "string" @@ -18244,7 +25112,8 @@ "description": "Indicates if malware should block the image.\n" }, "dockerCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Checks the host according to the Docker CIS benchmark, if Docker is found on the host.\n" }, "domain": { "type": "string", @@ -18275,11 +25144,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Directories to be excluded from monitoring.\n" }, "failCicd": { "type": "boolean", - "description": "Indicates if cicd failures will fail the image.\n" + "description": "Indicates if CI/CD failures will fail the image.\n" }, "forbiddenLabels": { "type": "array", @@ -18325,7 +25195,8 @@ "description": "List of images.\n" }, "kubeCisEnabled": { - "type": "boolean" + "type": "boolean", + "description": "Performs a Kubernetes CIS benchmark check for the host.\n" }, "kubernetesControlsNames": { "type": "array", @@ -18360,7 +25231,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Directories to be monitored.\n" }, "name": { "type": "string" @@ -18378,7 +25250,7 @@ "items": { "$ref": "#/types/aquasec:index/getKubernetesAssurancePolicyPackagesBlackList:getKubernetesAssurancePolicyPackagesBlackList" }, - "description": "List of backlisted images.\n" + "description": "List of blacklisted images.\n" }, "packagesWhiteListEnabled": { "type": "boolean", @@ -18425,7 +25297,7 @@ }, "scapEnabled": { "type": "boolean", - "description": "Indicates if scanning should include scap.\n" + "description": "Indicates if scanning should include SCAP.\n" }, "scapFiles": { "type": "array", diff --git a/provider/go.mod b/provider/go.mod index 726bd4f8..13c628a8 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -5,19 +5,19 @@ go 1.19 replace github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20230912190043-e6d96b3b8f7e require ( - github.com/aquasecurity/terraform-provider-aquasec v0.8.26 - github.com/pulumi/pulumi-terraform-bridge/pf v0.24.0 - github.com/pulumi/pulumi-terraform-bridge/v3 v3.71.0 - github.com/pulumi/pulumi/sdk/v3 v3.101.1 + github.com/aquasecurity/terraform-provider-aquasec v0.8.27 + github.com/pulumi/pulumi-terraform-bridge/pf v0.25.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.72.0 + github.com/pulumi/pulumi/sdk/v3 v3.103.1 ) require ( - cloud.google.com/go v0.110.4 // indirect - cloud.google.com/go/compute v1.20.1 // indirect + cloud.google.com/go v0.110.8 // indirect + cloud.google.com/go/compute v1.23.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.1 // indirect - cloud.google.com/go/kms v1.12.1 // indirect - cloud.google.com/go/logging v1.7.0 // indirect + cloud.google.com/go/iam v1.1.2 // indirect + cloud.google.com/go/kms v1.15.2 // indirect + cloud.google.com/go/logging v1.8.1 // indirect cloud.google.com/go/longrunning v0.5.1 // indirect cloud.google.com/go/storage v1.30.1 // indirect dario.cat/mergo v1.0.0 // indirect @@ -86,7 +86,7 @@ require ( github.com/gofrs/uuid v4.2.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.4.2 // indirect - github.com/golang/glog v1.1.0 // indirect + github.com/golang/glog v1.1.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.4 // indirect @@ -94,10 +94,10 @@ require ( github.com/google/go-querystring v1.1.0 // indirect github.com/google/s2a-go v0.1.4 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.3.1 // indirect github.com/google/wire v0.5.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.11.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect + github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/gopherjs/gopherjs v1.17.2 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect @@ -108,7 +108,7 @@ require ( github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.5.1 // indirect + github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect @@ -123,11 +123,11 @@ require ( github.com/hashicorp/hcl/v2 v2.18.0 // indirect github.com/hashicorp/hil v0.0.0-20190212132231-97b3a9cdfa93 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-plugin-framework v1.4.1 // indirect - github.com/hashicorp/terraform-plugin-go v0.19.0 // indirect + github.com/hashicorp/terraform-plugin-framework v1.5.0 // indirect + github.com/hashicorp/terraform-plugin-go v0.20.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 // indirect - github.com/hashicorp/terraform-registry-address v0.2.2 // indirect + github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/vault/api v1.8.2 // indirect github.com/hashicorp/vault/sdk v0.6.1 // indirect @@ -178,8 +178,8 @@ require ( github.com/pulumi/esc v0.6.2 // indirect github.com/pulumi/pulumi-java/pkg v0.9.9 // indirect github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7 // indirect - github.com/pulumi/pulumi-yaml v1.4.5 // indirect - github.com/pulumi/pulumi/pkg/v3 v3.101.1 // indirect + github.com/pulumi/pulumi-yaml v1.5.0 // indirect + github.com/pulumi/pulumi/pkg/v3 v3.103.1 // indirect github.com/pulumi/schema-tools v0.1.2 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect @@ -205,7 +205,7 @@ require ( github.com/uber/jaeger-lib v2.4.1+incompatible // indirect github.com/ulikunitz/xz v0.5.10 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect - github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect + github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect @@ -216,24 +216,24 @@ require ( go.uber.org/atomic v1.9.0 // indirect gocloud.dev v0.27.0 // indirect gocloud.dev/secrets/hashivault v0.27.0 // indirect - golang.org/x/crypto v0.17.0 // indirect + golang.org/x/crypto v0.18.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.19.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.15.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.126.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 // indirect - google.golang.org/grpc v1.57.1 // indirect + google.golang.org/api v0.128.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/grpc v1.60.0 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/provider/go.sum b/provider/go.sum index 1b8ea800..1c323f1a 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -40,8 +40,8 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.110.4 h1:1JYyxKMN9hd5dR2MYTPWkGUgcoxVVhg0LKNKEo0qvmk= -cloud.google.com/go v0.110.4/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= +cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= +cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -178,8 +178,8 @@ cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63 cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= -cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg= -cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= +cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -320,8 +320,8 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y= -cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4= +cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -341,8 +341,8 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4 cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= -cloud.google.com/go/kms v1.12.1 h1:xZmZuwy2cwzsocmKDOPu4BL7umg8QXagQx6fKVmf45U= -cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM= +cloud.google.com/go/kms v1.15.2 h1:lh6qra6oC4AyWe5fUUUBe/S27k12OHAleOOOw6KakdE= +cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -352,8 +352,9 @@ cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaML cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= -cloud.google.com/go/logging v1.7.0 h1:CJYxlNNNNAMkHp9em/YEXcfJg+rPDg7YfwoRpMU+t5I= cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= +cloud.google.com/go/logging v1.8.1 h1:26skQWPeYhvIasWKm48+Eq7oUqdcdbwsCVwz5Ys0FvU= +cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= @@ -791,8 +792,8 @@ github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJE github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/terraform-provider-aquasec v0.8.26 h1:9sGyKYuTgTGg3y//jVg9r4Gw2WxX716PcFCTl7PmM/4= -github.com/aquasecurity/terraform-provider-aquasec v0.8.26/go.mod h1:S4DZuMDbOmS1wevN+wcpXTQl0EsY+QFiNhyz6o6vaUs= +github.com/aquasecurity/terraform-provider-aquasec v0.8.27 h1:1mUQ+70lIv7cnwDz0kszDdCWcraWfs11hS3/dk+ivWg= +github.com/aquasecurity/terraform-provider-aquasec v0.8.27/go.mod h1:S4DZuMDbOmS1wevN+wcpXTQl0EsY+QFiNhyz6o6vaUs= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -1367,8 +1368,9 @@ github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EO github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= +github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1479,16 +1481,18 @@ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8= github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4= +github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -1500,8 +1504,8 @@ github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqE github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= -github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= +github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= +github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= @@ -1585,8 +1589,9 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9 github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= -github.com/hashicorp/go-plugin v1.5.1 h1:oGm7cWBaYIp3lJpx1RUEfLWophprE2EV/KUeqBYo+6k= github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4= +github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= +github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= @@ -1652,17 +1657,19 @@ github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8K github.com/hashicorp/terraform-json v0.4.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= -github.com/hashicorp/terraform-plugin-framework v1.4.1 h1:ZC29MoB3Nbov6axHdgPbMz7799pT5H8kIrM8YAsaVrs= -github.com/hashicorp/terraform-plugin-framework v1.4.1/go.mod h1:XC0hPcQbBvlbxwmjxuV/8sn8SbZRg4XwGMs22f+kqV0= -github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU= +github.com/hashicorp/terraform-plugin-framework v1.5.0 h1:8kcvqJs/x6QyOFSdeAyEgsenVOUeC/IyKpi2ul4fjTg= +github.com/hashicorp/terraform-plugin-framework v1.5.0/go.mod h1:6waavirukIlFpVpthbGd2PUNYaFedB0RwW3MDzJ/rtc= github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec= +github.com/hashicorp/terraform-plugin-go v0.20.0 h1:oqvoUlL+2EUbKNsJbIt3zqqZ7wi6lzn4ufkn/UA51xQ= +github.com/hashicorp/terraform-plugin-go v0.20.0/go.mod h1:Rr8LBdMlY53a3Z/HpP+ZU3/xCDqtKNCkeI9qOyT10QE= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-plugin-sdk v1.7.0 h1:B//oq0ZORG+EkVrIJy0uPGSonvmXqxSzXe8+GhknoW0= github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+YqKm0KNvV3QqU4hkqHqPCY= github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs= -github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno= github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo= +github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= +github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= @@ -2171,21 +2178,21 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= +github.com/pulumi/providertest v0.0.10 h1:bx77G0JYPO2Alf/SHRP05XpAYMrboKJkMIVkbFclVhI= github.com/pulumi/pulumi-java/pkg v0.9.9 h1:F3xJUtMFDVrTGCxb7Rh2Q8s6tj7gMfM5pcoUthz7vFY= github.com/pulumi/pulumi-java/pkg v0.9.9/go.mod h1:LVF1zeg3UkToHWxb67V+zEIxQc3EdMnlot5NWSt+FpA= -github.com/pulumi/pulumi-terraform-bridge/pf v0.24.0 h1:/FGQvWVfl00WJ5SILVsTrKFX0R8a3UfP5SDfA7T/uc8= -github.com/pulumi/pulumi-terraform-bridge/pf v0.24.0/go.mod h1:E0/2XXQSwxvzWn22ZencPlwM8nfe9nDSvrkRsgBS0Ew= -github.com/pulumi/pulumi-terraform-bridge/testing v0.0.1 h1:SCg1gjfY9N4yn8U8peIUYATifjoDABkyR7H9lmefsfc= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.71.0 h1:NXBrgVt/5KzEosqB5Tu2grLCUpyL6gYE4EdecqGjsz4= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.71.0/go.mod h1:tQ8A0LWPlu21YrCLZoQq4CQD3zvPSZcqkA/3yKYniN4= +github.com/pulumi/pulumi-terraform-bridge/pf v0.25.0 h1:sC3rbNhPMxbHDLVUKJQfN/VpNQj5qcMt18mjV4fQeTs= +github.com/pulumi/pulumi-terraform-bridge/pf v0.25.0/go.mod h1:rQ8amYMXznDOkg9sXXcHtsHt9ItQ3BESVVyhseSigo0= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.72.0 h1:xdGSxTC2fOZwRZ2iGLu+s0SF2lts2L7R84Y2c6ndweU= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.72.0/go.mod h1:Yzb9hyI9UxJ+chr4JjOVjwkNtS+uIcq6eiyQoZaliAA= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7 h1:Z9vmfVTW0QtJrWh+DRR3UKiRZX23f45lFtdhQiUHEqE= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7/go.mod h1:T9zHpTHyVz2EyobzByFFpjfqgGtXO4C4bNqC0j29D2I= -github.com/pulumi/pulumi-yaml v1.4.5 h1:uSSCKYgbSxhJs3RJYEty5JsZOJFEIE0x8w38VyeSkNs= -github.com/pulumi/pulumi-yaml v1.4.5/go.mod h1:wEZjuwid6ZF8aWwLPQSG3h+1NpWGat87oHOKSHSN+eM= -github.com/pulumi/pulumi/pkg/v3 v3.101.1 h1:6+fm+wIE4A7sF93nl9t8MwoaBXjjHgFwk/8LCAJXI/s= -github.com/pulumi/pulumi/pkg/v3 v3.101.1/go.mod h1:zh7NVOEB/ncG51l1+EwlR0pQVLB7RSkzMamFMGcadH0= -github.com/pulumi/pulumi/sdk/v3 v3.101.1 h1:jBUGbLZjfeQkpheacnqXbuw/zSJEq11Gmond2EENkwQ= -github.com/pulumi/pulumi/sdk/v3 v3.101.1/go.mod h1:SB8P0BEGBRaONBxwoTjUFhGPLU5P3+MHF6/tGitlHOM= +github.com/pulumi/pulumi-yaml v1.5.0 h1:HfXu+WSFNpycref9CK935cViYJzXwSgHGWM/RepyrW0= +github.com/pulumi/pulumi-yaml v1.5.0/go.mod h1:AvKSmEQv2EkPbpvAQroR1eP1LkJGC8z5NDM34rVWOtg= +github.com/pulumi/pulumi/pkg/v3 v3.103.1 h1:sxacPM2TyDSCufZkescZGnMR22t+REu9nhv68u9rLQ8= +github.com/pulumi/pulumi/pkg/v3 v3.103.1/go.mod h1:AotODpuSfN4XommpmMifBExNmucrnH84cbEhVOeqEQM= +github.com/pulumi/pulumi/sdk/v3 v3.103.1 h1:6o0zt5srgIjDsOI5JWNSwMqoB8vGiI3xow0RDZ3JX2c= +github.com/pulumi/pulumi/sdk/v3 v3.103.1/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= @@ -2372,8 +2379,9 @@ github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6Ac github.com/vmihailenco/msgpack v4.0.1+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= +github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8= +github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= @@ -2569,8 +2577,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2767,8 +2775,8 @@ golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2948,8 +2956,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2966,8 +2974,8 @@ golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3181,8 +3189,8 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= -google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o= -google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg= +google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3190,8 +3198,9 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -3344,16 +3353,16 @@ google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOl google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= -google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg= -google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU= -google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 h1:2FZP5XuJY9zQyGM5N0rtovnoXjiMUEIUMvw0m9wlpLc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= @@ -3406,8 +3415,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= -google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= -google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k= +google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/sdk/dotnet/Config/Config.cs b/sdk/dotnet/Config/Config.cs index 1e1bcb36..328cf113 100644 --- a/sdk/dotnet/Config/Config.cs +++ b/sdk/dotnet/Config/Config.cs @@ -8,7 +8,7 @@ namespace Pulumiverse.Aquasec { public static class Config { - [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "IDE1006", Justification = + [global::System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "IDE1006", Justification = "Double underscore prefix used to avoid conflicts with variable names.")] private sealed class __Value { @@ -32,7 +32,7 @@ public void Set(T value) private static readonly global::Pulumi.Config __config = new global::Pulumi.Config("aquasec"); - private static readonly __Value _aquaUrl = new __Value(() => __config.Get("aquaUrl")); + private static readonly __Value _aquaUrl = new __Value(() => __config.Get("aquaUrl") ?? Utilities.GetEnv("AQUA_URL")); /// /// This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable. /// @@ -42,7 +42,7 @@ public static string? AquaUrl set => _aquaUrl.Set(value); } - private static readonly __Value _caCertificatePath = new __Value(() => __config.Get("caCertificatePath")); + private static readonly __Value _caCertificatePath = new __Value(() => __config.Get("caCertificatePath") ?? Utilities.GetEnv("AQUA_CA_CERT_PATH")); /// /// This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced /// from the `AQUA_CA_CERT_PATH` environment variable. @@ -53,7 +53,7 @@ public static string? CaCertificatePath set => _caCertificatePath.Set(value); } - private static readonly __Value _configPath = new __Value(() => __config.Get("configPath")); + private static readonly __Value _configPath = new __Value(() => __config.Get("configPath") ?? Utilities.GetEnv("AQUA_CONFIG")); /// /// This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can /// alternatively be sourced from the `AQUA_CONFIG` environment variable. @@ -64,7 +64,7 @@ public static string? ConfigPath set => _configPath.Set(value); } - private static readonly __Value _password = new __Value(() => __config.Get("password")); + private static readonly __Value _password = new __Value(() => __config.Get("password") ?? Utilities.GetEnv("AQUA_PASSWORD")); /// /// This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD` /// environment variable. @@ -75,7 +75,7 @@ public static string? Password set => _password.Set(value); } - private static readonly __Value _username = new __Value(() => __config.Get("username")); + private static readonly __Value _username = new __Value(() => __config.Get("username") ?? Utilities.GetEnv("AQUA_USER")); /// /// This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER` /// environment variable. @@ -86,7 +86,7 @@ public static string? Username set => _username.Set(value); } - private static readonly __Value _verifyTls = new __Value(() => __config.GetBoolean("verifyTls")); + private static readonly __Value _verifyTls = new __Value(() => __config.GetBoolean("verifyTls") ?? Utilities.GetEnvBoolean("AQUA_TLS_VERIFY") ?? true); /// /// If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can /// alternatively be sourced from the `AQUA_TLS_VERIFY` environment variable. diff --git a/sdk/dotnet/ContainerRuntimePolicy.cs b/sdk/dotnet/ContainerRuntimePolicy.cs index 1c3cf3e9..a4576750 100644 --- a/sdk/dotnet/ContainerRuntimePolicy.cs +++ b/sdk/dotnet/ContainerRuntimePolicy.cs @@ -10,194 +10,20 @@ namespace Pulumiverse.Aquasec { - /// - /// ## Example Usage - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Aquasec = Pulumiverse.Aquasec; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var containerRuntimePolicy = new Aquasec.ContainerRuntimePolicy("containerRuntimePolicy", new() - /// { - /// AllowedExecutables = new[] - /// { - /// "exe", - /// "bin", - /// }, - /// AllowedRegistries = new[] - /// { - /// "registry1", - /// "registry2", - /// }, - /// ApplicationScopes = new[] - /// { - /// "Global", - /// }, - /// AuditAllNetworkActivity = true, - /// AuditAllProcessesActivity = true, - /// AuditFullCommandArguments = true, - /// BlockAccessHostNetwork = true, - /// BlockAddingCapabilities = true, - /// BlockContainerExec = true, - /// BlockCryptocurrencyMining = true, - /// BlockFilelessExec = true, - /// BlockLowPortBinding = true, - /// BlockNonCompliantImages = true, - /// BlockNonCompliantWorkloads = true, - /// BlockNonK8sContainers = true, - /// BlockPrivilegedContainers = true, - /// BlockReverseShell = true, - /// BlockRootUser = true, - /// BlockUnregisteredImages = true, - /// BlockUseIpcNamespace = true, - /// BlockUsePidNamespace = true, - /// BlockUseUserNamespace = true, - /// BlockUseUtsNamespace = true, - /// BlockedCapabilities = new[] - /// { - /// "AUDIT_CONTROL", - /// "AUDIT_WRITE", - /// }, - /// BlockedExecutables = new[] - /// { - /// "exe1", - /// "exe2", - /// }, - /// BlockedFiles = new[] - /// { - /// "test1", - /// "test2", - /// }, - /// BlockedInboundPorts = new[] - /// { - /// "80", - /// "8080", - /// }, - /// BlockedOutboundPorts = new[] - /// { - /// "90", - /// "9090", - /// }, - /// BlockedPackages = new[] - /// { - /// "pkg", - /// "pkg2", - /// }, - /// BlockedVolumes = new[] - /// { - /// "blocked", - /// "vol", - /// }, - /// ContainerExecAllowedProcesses = new[] - /// { - /// "proc1", - /// "proc2", - /// }, - /// Description = "container_runtime_policy", - /// EnableDriftPrevention = true, - /// EnableForkGuard = true, - /// EnableIpReputationSecurity = true, - /// EnablePortScanDetection = true, - /// Enabled = true, - /// Enforce = false, - /// ExceptionalReadonlyFilesAndDirectories = new[] - /// { - /// "readonly2", - /// "/dir2/", - /// }, - /// FileIntegrityMonitoring = new Aquasec.Inputs.ContainerRuntimePolicyFileIntegrityMonitoringArgs - /// { - /// ExcludedPaths = new[] - /// { - /// "expaths", - /// }, - /// ExcludedProcesses = new[] - /// { - /// "exprocess", - /// }, - /// ExcludedUsers = new[] - /// { - /// "expuser", - /// }, - /// MonitorAttributes = true, - /// MonitorCreate = true, - /// MonitorDelete = true, - /// MonitorModify = true, - /// MonitorRead = true, - /// MonitoredPaths = new[] - /// { - /// "paths", - /// }, - /// MonitoredProcesses = new[] - /// { - /// "process", - /// }, - /// MonitoredUsers = new[] - /// { - /// "user", - /// }, - /// }, - /// ForkGuardProcessLimit = 13, - /// LimitNewPrivileges = true, - /// MalwareScanOptions = new Aquasec.Inputs.ContainerRuntimePolicyMalwareScanOptionsArgs - /// { - /// Action = "alert", - /// Enabled = true, - /// }, - /// MonitorSystemTimeChanges = true, - /// ReadonlyFilesAndDirectories = new[] - /// { - /// "readonly", - /// "/dir/", - /// }, - /// ReverseShellAllowedIps = new[] - /// { - /// "ip1", - /// "ip2", - /// }, - /// ReverseShellAllowedProcesses = new[] - /// { - /// "proc1", - /// "proc2", - /// }, - /// ScopeExpression = "v1 || v2", - /// ScopeVariables = new[] - /// { - /// new Aquasec.Inputs.ContainerRuntimePolicyScopeVariableArgs - /// { - /// Attribute = "kubernetes.cluster", - /// Value = "default", - /// }, - /// new Aquasec.Inputs.ContainerRuntimePolicyScopeVariableArgs - /// { - /// Attribute = "kubernetes.label", - /// Name = "app", - /// Value = "aqua", - /// }, - /// }, - /// }); - /// - /// }); - /// ``` - /// [AquasecResourceType("aquasec:index/containerRuntimePolicy:ContainerRuntimePolicy")] public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource { /// - /// List of executables that are allowed for the user. + /// Allowed executables configuration. /// [Output("allowedExecutables")] - public Output> AllowedExecutables { get; private set; } = null!; + public Output> AllowedExecutables { get; private set; } = null!; /// - /// List of registries that allowed for running containers. + /// List of allowed registries. /// [Output("allowedRegistries")] - public Output> AllowedRegistries { get; private set; } = null!; + public Output> AllowedRegistries { get; private set; } = null!; /// /// Indicates the application scope of the service. @@ -217,18 +43,30 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("auditAllProcessesActivity")] public Output AuditAllProcessesActivity { get; private set; } = null!; + /// + /// Detects brute force login attempts + /// + [Output("auditBruteForceLogin")] + public Output AuditBruteForceLogin { get; private set; } = null!; + /// /// If true, full command arguments will be audited. /// [Output("auditFullCommandArguments")] public Output AuditFullCommandArguments { get; private set; } = null!; + [Output("auditing")] + public Output Auditing { get; private set; } = null!; + /// /// Username of the account that created the service. /// [Output("author")] public Output Author { get; private set; } = null!; + [Output("blacklistedOsUsers")] + public Output BlacklistedOsUsers { get; private set; } = null!; + /// /// If true, prevent containers from running with access to host network. /// @@ -253,6 +91,9 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("blockCryptocurrencyMining")] public Output BlockCryptocurrencyMining { get; private set; } = null!; + [Output("blockDisallowedImages")] + public Output BlockDisallowedImages { get; private set; } = null!; + /// /// Detect and prevent running in-memory execution /// @@ -265,12 +106,6 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("blockLowPortBinding")] public Output BlockLowPortBinding { get; private set; } = null!; - /// - /// If true, running non-compliant image in the container is prevented. - /// - [Output("blockNonCompliantImages")] - public Output BlockNonCompliantImages { get; private set; } = null!; - /// /// If true, running containers in non-compliant pods is prevented. /// @@ -289,24 +124,12 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("blockPrivilegedContainers")] public Output BlockPrivilegedContainers { get; private set; } = null!; - /// - /// If true, reverse shell is prevented. - /// - [Output("blockReverseShell")] - public Output BlockReverseShell { get; private set; } = null!; - /// /// If true, prevent containers from running with root user. /// [Output("blockRootUser")] public Output BlockRootUser { get; private set; } = null!; - /// - /// If true, running images in the container that are not registered in Aqua is prevented. - /// - [Output("blockUnregisteredImages")] - public Output BlockUnregisteredImages { get; private set; } = null!; - /// /// If true, prevent containers from running with the privilege to use the IPC namespace. /// @@ -373,23 +196,47 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("blockedVolumes")] public Output> BlockedVolumes { get; private set; } = null!; + /// + /// Bypass scope configuration. + /// + [Output("bypassScopes")] + public Output> BypassScopes { get; private set; } = null!; + + [Output("containerExec")] + public Output ContainerExec { get; private set; } = null!; + /// /// List of processes that will be allowed. /// [Output("containerExecAllowedProcesses")] public Output> ContainerExecAllowedProcesses { get; private set; } = null!; + [Output("created")] + public Output Created { get; private set; } = null!; + + [Output("cve")] + public Output Cve { get; private set; } = null!; + + [Output("defaultSecurityProfile")] + public Output DefaultSecurityProfile { get; private set; } = null!; + /// /// The description of the container runtime policy /// [Output("description")] public Output Description { get; private set; } = null!; + [Output("digest")] + public Output Digest { get; private set; } = null!; + /// - /// If true, executables that are not in the original image is prevented from running. + /// Drift prevention configuration. /// - [Output("enableDriftPrevention")] - public Output EnableDriftPrevention { get; private set; } = null!; + [Output("driftPreventions")] + public Output> DriftPreventions { get; private set; } = null!; + + [Output("enableCryptoMiningDns")] + public Output EnableCryptoMiningDns { get; private set; } = null!; /// /// If true, fork bombs are prevented in the containers. @@ -397,20 +244,14 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("enableForkGuard")] public Output EnableForkGuard { get; private set; } = null!; - /// - /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - /// - [Output("enableIpReputationSecurity")] - public Output EnableIpReputationSecurity { get; private set; } = null!; + [Output("enableIpReputation")] + public Output EnableIpReputation { get; private set; } = null!; - /// - /// If true, detects port scanning behavior in the container. - /// - [Output("enablePortScanDetection")] - public Output EnablePortScanDetection { get; private set; } = null!; + [Output("enablePortScanProtection")] + public Output EnablePortScanProtection { get; private set; } = null!; /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -427,23 +268,32 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("enforceAfterDays")] public Output EnforceAfterDays { get; private set; } = null!; + [Output("enforceSchedulerAddedOn")] + public Output EnforceSchedulerAddedOn { get; private set; } = null!; + /// - /// List of files and directories to be excluded from the read-only list. + /// List of excluded application scopes. /// - [Output("exceptionalReadonlyFilesAndDirectories")] - public Output> ExceptionalReadonlyFilesAndDirectories { get; private set; } = null!; + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; /// - /// Specify processes that will be allowed + /// Executable blacklist configuration. /// - [Output("execLockdownWhiteLists")] - public Output> ExecLockdownWhiteLists { get; private set; } = null!; + [Output("executableBlacklists")] + public Output> ExecutableBlacklists { get; private set; } = null!; + + [Output("failedKubernetesChecks")] + public Output FailedKubernetesChecks { get; private set; } = null!; + + [Output("fileBlock")] + public Output FileBlock { get; private set; } = null!; /// /// Configuration for file integrity monitoring. /// [Output("fileIntegrityMonitoring")] - public Output FileIntegrityMonitoring { get; private set; } = null!; + public Output FileIntegrityMonitoring { get; private set; } = null!; /// /// Process limit for the fork guard. @@ -451,17 +301,41 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("forkGuardProcessLimit")] public Output ForkGuardProcessLimit { get; private set; } = null!; + [Output("imageName")] + public Output ImageName { get; private set; } = null!; + + [Output("isAuditChecked")] + public Output IsAuditChecked { get; private set; } = null!; + + [Output("isAutoGenerated")] + public Output IsAutoGenerated { get; private set; } = null!; + + [Output("isOotbPolicy")] + public Output IsOotbPolicy { get; private set; } = null!; + + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + /// + /// Container privileges configuration. + /// + [Output("limitContainerPrivileges")] + public Output> LimitContainerPrivileges { get; private set; } = null!; + /// /// If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) /// [Output("limitNewPrivileges")] public Output LimitNewPrivileges { get; private set; } = null!; + [Output("linuxCapabilities")] + public Output LinuxCapabilities { get; private set; } = null!; + /// /// Configuration for Real-Time Malware Protection. /// [Output("malwareScanOptions")] - public Output MalwareScanOptions { get; private set; } = null!; + public Output MalwareScanOptions { get; private set; } = null!; /// /// If true, system time changes will be monitored. @@ -470,28 +344,61 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource public Output MonitorSystemTimeChanges { get; private set; } = null!; /// - /// Name of the container runtime policy + /// Name assigned to the attribute. /// [Output("name")] public Output Name { get; private set; } = null!; - /// - /// List of files and directories to be restricted as read-only - /// - [Output("readonlyFilesAndDirectories")] - public Output> ReadonlyFilesAndDirectories { get; private set; } = null!; + [Output("noNewPrivileges")] + public Output NoNewPrivileges { get; private set; } = null!; - /// - /// List of IPs/ CIDRs that will be allowed - /// - [Output("reverseShellAllowedIps")] - public Output> ReverseShellAllowedIps { get; private set; } = null!; + [Output("onlyRegisteredImages")] + public Output OnlyRegisteredImages { get; private set; } = null!; + + [Output("packageBlock")] + public Output PackageBlock { get; private set; } = null!; + + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("portBlock")] + public Output PortBlock { get; private set; } = null!; + + [Output("readonlyFiles")] + public Output ReadonlyFiles { get; private set; } = null!; + + [Output("readonlyRegistry")] + public Output ReadonlyRegistry { get; private set; } = null!; + + [Output("registry")] + public Output Registry { get; private set; } = null!; + + [Output("registryAccessMonitoring")] + public Output RegistryAccessMonitoring { get; private set; } = null!; + + [Output("repoName")] + public Output RepoName { get; private set; } = null!; + + [Output("resourceName")] + public Output ResourceName { get; private set; } = null!; + + [Output("resourceType")] + public Output ResourceType { get; private set; } = null!; /// - /// List of processes that will be allowed + /// Restricted volumes configuration. /// - [Output("reverseShellAllowedProcesses")] - public Output> ReverseShellAllowedProcesses { get; private set; } = null!; + [Output("restrictedVolumes")] + public Output> RestrictedVolumes { get; private set; } = null!; + + [Output("reverseShell")] + public Output ReverseShell { get; private set; } = null!; + + [Output("runtimeMode")] + public Output RuntimeMode { get; private set; } = null!; + + [Output("runtimeType")] + public Output RuntimeType { get; private set; } = null!; /// /// Logical expression of how to compute the dependency of the scope variables. @@ -505,6 +412,33 @@ public partial class ContainerRuntimePolicy : global::Pulumi.CustomResource [Output("scopeVariables")] public Output> ScopeVariables { get; private set; } = null!; + /// + /// Scope configuration. + /// + [Output("scopes")] + public Output> Scopes { get; private set; } = null!; + + [Output("systemIntegrityProtection")] + public Output SystemIntegrityProtection { get; private set; } = null!; + + [Output("tripwire")] + public Output Tripwire { get; private set; } = null!; + + [Output("type")] + public Output Type { get; private set; } = null!; + + [Output("updated")] + public Output Updated { get; private set; } = null!; + + [Output("version")] + public Output Version { get; private set; } = null!; + + [Output("vpatchVersion")] + public Output VpatchVersion { get; private set; } = null!; + + [Output("whitelistedOsUsers")] + public Output WhitelistedOsUsers { get; private set; } = null!; + /// /// Create a ContainerRuntimePolicy resource with the given unique name, arguments, and options. @@ -553,26 +487,26 @@ public static ContainerRuntimePolicy Get(string name, Input id, Containe public sealed class ContainerRuntimePolicyArgs : global::Pulumi.ResourceArgs { [Input("allowedExecutables")] - private InputList? _allowedExecutables; + private InputList? _allowedExecutables; /// - /// List of executables that are allowed for the user. + /// Allowed executables configuration. /// - public InputList AllowedExecutables + public InputList AllowedExecutables { - get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); set => _allowedExecutables = value; } [Input("allowedRegistries")] - private InputList? _allowedRegistries; + private InputList? _allowedRegistries; /// - /// List of registries that allowed for running containers. + /// List of allowed registries. /// - public InputList AllowedRegistries + public InputList AllowedRegistries { - get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); set => _allowedRegistries = value; } @@ -600,12 +534,30 @@ public InputList ApplicationScopes [Input("auditAllProcessesActivity")] public Input? AuditAllProcessesActivity { get; set; } + /// + /// Detects brute force login attempts + /// + [Input("auditBruteForceLogin")] + public Input? AuditBruteForceLogin { get; set; } + /// /// If true, full command arguments will be audited. /// [Input("auditFullCommandArguments")] public Input? AuditFullCommandArguments { get; set; } + [Input("auditing")] + public Input? Auditing { get; set; } + + /// + /// Username of the account that created the service. + /// + [Input("author")] + public Input? Author { get; set; } + + [Input("blacklistedOsUsers")] + public Input? BlacklistedOsUsers { get; set; } + /// /// If true, prevent containers from running with access to host network. /// @@ -630,6 +582,9 @@ public InputList ApplicationScopes [Input("blockCryptocurrencyMining")] public Input? BlockCryptocurrencyMining { get; set; } + [Input("blockDisallowedImages")] + public Input? BlockDisallowedImages { get; set; } + /// /// Detect and prevent running in-memory execution /// @@ -642,12 +597,6 @@ public InputList ApplicationScopes [Input("blockLowPortBinding")] public Input? BlockLowPortBinding { get; set; } - /// - /// If true, running non-compliant image in the container is prevented. - /// - [Input("blockNonCompliantImages")] - public Input? BlockNonCompliantImages { get; set; } - /// /// If true, running containers in non-compliant pods is prevented. /// @@ -666,24 +615,12 @@ public InputList ApplicationScopes [Input("blockPrivilegedContainers")] public Input? BlockPrivilegedContainers { get; set; } - /// - /// If true, reverse shell is prevented. - /// - [Input("blockReverseShell")] - public Input? BlockReverseShell { get; set; } - /// /// If true, prevent containers from running with root user. /// [Input("blockRootUser")] public Input? BlockRootUser { get; set; } - /// - /// If true, running images in the container that are not registered in Aqua is prevented. - /// - [Input("blockUnregisteredImages")] - public Input? BlockUnregisteredImages { get; set; } - /// /// If true, prevent containers from running with the privilege to use the IPC namespace. /// @@ -792,6 +729,21 @@ public InputList BlockedVolumes set => _blockedVolumes = value; } + [Input("bypassScopes")] + private InputList? _bypassScopes; + + /// + /// Bypass scope configuration. + /// + public InputList BypassScopes + { + get => _bypassScopes ?? (_bypassScopes = new InputList()); + set => _bypassScopes = value; + } + + [Input("containerExec")] + public Input? ContainerExec { get; set; } + [Input("containerExecAllowedProcesses")] private InputList? _containerExecAllowedProcesses; @@ -804,17 +756,38 @@ public InputList ContainerExecAllowedProcesses set => _containerExecAllowedProcesses = value; } + [Input("created")] + public Input? Created { get; set; } + + [Input("cve")] + public Input? Cve { get; set; } + + [Input("defaultSecurityProfile")] + public Input? DefaultSecurityProfile { get; set; } + /// /// The description of the container runtime policy /// [Input("description")] public Input? Description { get; set; } + [Input("digest")] + public Input? Digest { get; set; } + + [Input("driftPreventions")] + private InputList? _driftPreventions; + /// - /// If true, executables that are not in the original image is prevented from running. + /// Drift prevention configuration. /// - [Input("enableDriftPrevention")] - public Input? EnableDriftPrevention { get; set; } + public InputList DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; + } + + [Input("enableCryptoMiningDns")] + public Input? EnableCryptoMiningDns { get; set; } /// /// If true, fork bombs are prevented in the containers. @@ -822,20 +795,14 @@ public InputList ContainerExecAllowedProcesses [Input("enableForkGuard")] public Input? EnableForkGuard { get; set; } - /// - /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - /// - [Input("enableIpReputationSecurity")] - public Input? EnableIpReputationSecurity { get; set; } + [Input("enableIpReputation")] + public Input? EnableIpReputation { get; set; } - /// - /// If true, detects port scanning behavior in the container. - /// - [Input("enablePortScanDetection")] - public Input? EnablePortScanDetection { get; set; } + [Input("enablePortScanProtection")] + public Input? EnablePortScanProtection { get; set; } /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -852,30 +819,39 @@ public InputList ContainerExecAllowedProcesses [Input("enforceAfterDays")] public Input? EnforceAfterDays { get; set; } - [Input("exceptionalReadonlyFilesAndDirectories")] - private InputList? _exceptionalReadonlyFilesAndDirectories; + [Input("enforceSchedulerAddedOn")] + public Input? EnforceSchedulerAddedOn { get; set; } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; /// - /// List of files and directories to be excluded from the read-only list. + /// List of excluded application scopes. /// - public InputList ExceptionalReadonlyFilesAndDirectories + public InputList ExcludeApplicationScopes { - get => _exceptionalReadonlyFilesAndDirectories ?? (_exceptionalReadonlyFilesAndDirectories = new InputList()); - set => _exceptionalReadonlyFilesAndDirectories = value; + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; } - [Input("execLockdownWhiteLists")] - private InputList? _execLockdownWhiteLists; + [Input("executableBlacklists")] + private InputList? _executableBlacklists; /// - /// Specify processes that will be allowed + /// Executable blacklist configuration. /// - public InputList ExecLockdownWhiteLists + public InputList ExecutableBlacklists { - get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); - set => _execLockdownWhiteLists = value; + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; } + [Input("failedKubernetesChecks")] + public Input? FailedKubernetesChecks { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + /// /// Configuration for file integrity monitoring. /// @@ -888,12 +864,42 @@ public InputList ExecLockdownWhiteLists [Input("forkGuardProcessLimit")] public Input? ForkGuardProcessLimit { get; set; } + [Input("imageName")] + public Input? ImageName { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("isAutoGenerated")] + public Input? IsAutoGenerated { get; set; } + + [Input("isOotbPolicy")] + public Input? IsOotbPolicy { get; set; } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + /// /// If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) /// [Input("limitNewPrivileges")] public Input? LimitNewPrivileges { get; set; } + [Input("linuxCapabilities")] + public Input? LinuxCapabilities { get; set; } + /// /// Configuration for Real-Time Malware Protection. /// @@ -907,47 +913,68 @@ public InputList ExecLockdownWhiteLists public Input? MonitorSystemTimeChanges { get; set; } /// - /// Name of the container runtime policy + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } - [Input("readonlyFilesAndDirectories")] - private InputList? _readonlyFilesAndDirectories; + [Input("noNewPrivileges")] + public Input? NoNewPrivileges { get; set; } - /// - /// List of files and directories to be restricted as read-only - /// - public InputList ReadonlyFilesAndDirectories - { - get => _readonlyFilesAndDirectories ?? (_readonlyFilesAndDirectories = new InputList()); - set => _readonlyFilesAndDirectories = value; - } + [Input("onlyRegisteredImages")] + public Input? OnlyRegisteredImages { get; set; } - [Input("reverseShellAllowedIps")] - private InputList? _reverseShellAllowedIps; + [Input("packageBlock")] + public Input? PackageBlock { get; set; } - /// - /// List of IPs/ CIDRs that will be allowed - /// - public InputList ReverseShellAllowedIps - { - get => _reverseShellAllowedIps ?? (_reverseShellAllowedIps = new InputList()); - set => _reverseShellAllowedIps = value; - } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("readonlyRegistry")] + public Input? ReadonlyRegistry { get; set; } - [Input("reverseShellAllowedProcesses")] - private InputList? _reverseShellAllowedProcesses; + [Input("registry")] + public Input? Registry { get; set; } + + [Input("registryAccessMonitoring")] + public Input? RegistryAccessMonitoring { get; set; } + + [Input("repoName")] + public Input? RepoName { get; set; } + + [Input("resourceName")] + public Input? ResourceName { get; set; } + + [Input("resourceType")] + public Input? ResourceType { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; /// - /// List of processes that will be allowed + /// Restricted volumes configuration. /// - public InputList ReverseShellAllowedProcesses + public InputList RestrictedVolumes { - get => _reverseShellAllowedProcesses ?? (_reverseShellAllowedProcesses = new InputList()); - set => _reverseShellAllowedProcesses = value; + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; } + [Input("reverseShell")] + public Input? ReverseShell { get; set; } + + [Input("runtimeMode")] + public Input? RuntimeMode { get; set; } + + [Input("runtimeType")] + public Input? RuntimeType { get; set; } + /// /// Logical expression of how to compute the dependency of the scope variables. /// @@ -966,6 +993,39 @@ public InputList ScopeVariables set => _scopeVariables = value; } + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("systemIntegrityProtection")] + public Input? SystemIntegrityProtection { get; set; } + + [Input("tripwire")] + public Input? Tripwire { get; set; } + + [Input("type")] + public Input? Type { get; set; } + + [Input("updated")] + public Input? Updated { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("vpatchVersion")] + public Input? VpatchVersion { get; set; } + + [Input("whitelistedOsUsers")] + public Input? WhitelistedOsUsers { get; set; } + public ContainerRuntimePolicyArgs() { } @@ -975,26 +1035,26 @@ public ContainerRuntimePolicyArgs() public sealed class ContainerRuntimePolicyState : global::Pulumi.ResourceArgs { [Input("allowedExecutables")] - private InputList? _allowedExecutables; + private InputList? _allowedExecutables; /// - /// List of executables that are allowed for the user. + /// Allowed executables configuration. /// - public InputList AllowedExecutables + public InputList AllowedExecutables { - get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); set => _allowedExecutables = value; } [Input("allowedRegistries")] - private InputList? _allowedRegistries; + private InputList? _allowedRegistries; /// - /// List of registries that allowed for running containers. + /// List of allowed registries. /// - public InputList AllowedRegistries + public InputList AllowedRegistries { - get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); set => _allowedRegistries = value; } @@ -1022,18 +1082,30 @@ public InputList ApplicationScopes [Input("auditAllProcessesActivity")] public Input? AuditAllProcessesActivity { get; set; } + /// + /// Detects brute force login attempts + /// + [Input("auditBruteForceLogin")] + public Input? AuditBruteForceLogin { get; set; } + /// /// If true, full command arguments will be audited. /// [Input("auditFullCommandArguments")] public Input? AuditFullCommandArguments { get; set; } + [Input("auditing")] + public Input? Auditing { get; set; } + /// /// Username of the account that created the service. /// [Input("author")] public Input? Author { get; set; } + [Input("blacklistedOsUsers")] + public Input? BlacklistedOsUsers { get; set; } + /// /// If true, prevent containers from running with access to host network. /// @@ -1058,6 +1130,9 @@ public InputList ApplicationScopes [Input("blockCryptocurrencyMining")] public Input? BlockCryptocurrencyMining { get; set; } + [Input("blockDisallowedImages")] + public Input? BlockDisallowedImages { get; set; } + /// /// Detect and prevent running in-memory execution /// @@ -1070,12 +1145,6 @@ public InputList ApplicationScopes [Input("blockLowPortBinding")] public Input? BlockLowPortBinding { get; set; } - /// - /// If true, running non-compliant image in the container is prevented. - /// - [Input("blockNonCompliantImages")] - public Input? BlockNonCompliantImages { get; set; } - /// /// If true, running containers in non-compliant pods is prevented. /// @@ -1094,24 +1163,12 @@ public InputList ApplicationScopes [Input("blockPrivilegedContainers")] public Input? BlockPrivilegedContainers { get; set; } - /// - /// If true, reverse shell is prevented. - /// - [Input("blockReverseShell")] - public Input? BlockReverseShell { get; set; } - /// /// If true, prevent containers from running with root user. /// [Input("blockRootUser")] public Input? BlockRootUser { get; set; } - /// - /// If true, running images in the container that are not registered in Aqua is prevented. - /// - [Input("blockUnregisteredImages")] - public Input? BlockUnregisteredImages { get; set; } - /// /// If true, prevent containers from running with the privilege to use the IPC namespace. /// @@ -1220,6 +1277,21 @@ public InputList BlockedVolumes set => _blockedVolumes = value; } + [Input("bypassScopes")] + private InputList? _bypassScopes; + + /// + /// Bypass scope configuration. + /// + public InputList BypassScopes + { + get => _bypassScopes ?? (_bypassScopes = new InputList()); + set => _bypassScopes = value; + } + + [Input("containerExec")] + public Input? ContainerExec { get; set; } + [Input("containerExecAllowedProcesses")] private InputList? _containerExecAllowedProcesses; @@ -1232,17 +1304,38 @@ public InputList ContainerExecAllowedProcesses set => _containerExecAllowedProcesses = value; } + [Input("created")] + public Input? Created { get; set; } + + [Input("cve")] + public Input? Cve { get; set; } + + [Input("defaultSecurityProfile")] + public Input? DefaultSecurityProfile { get; set; } + /// /// The description of the container runtime policy /// [Input("description")] public Input? Description { get; set; } + [Input("digest")] + public Input? Digest { get; set; } + + [Input("driftPreventions")] + private InputList? _driftPreventions; + /// - /// If true, executables that are not in the original image is prevented from running. + /// Drift prevention configuration. /// - [Input("enableDriftPrevention")] - public Input? EnableDriftPrevention { get; set; } + public InputList DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; + } + + [Input("enableCryptoMiningDns")] + public Input? EnableCryptoMiningDns { get; set; } /// /// If true, fork bombs are prevented in the containers. @@ -1250,20 +1343,14 @@ public InputList ContainerExecAllowedProcesses [Input("enableForkGuard")] public Input? EnableForkGuard { get; set; } - /// - /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - /// - [Input("enableIpReputationSecurity")] - public Input? EnableIpReputationSecurity { get; set; } + [Input("enableIpReputation")] + public Input? EnableIpReputation { get; set; } - /// - /// If true, detects port scanning behavior in the container. - /// - [Input("enablePortScanDetection")] - public Input? EnablePortScanDetection { get; set; } + [Input("enablePortScanProtection")] + public Input? EnablePortScanProtection { get; set; } /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -1280,30 +1367,39 @@ public InputList ContainerExecAllowedProcesses [Input("enforceAfterDays")] public Input? EnforceAfterDays { get; set; } - [Input("exceptionalReadonlyFilesAndDirectories")] - private InputList? _exceptionalReadonlyFilesAndDirectories; + [Input("enforceSchedulerAddedOn")] + public Input? EnforceSchedulerAddedOn { get; set; } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; /// - /// List of files and directories to be excluded from the read-only list. + /// List of excluded application scopes. /// - public InputList ExceptionalReadonlyFilesAndDirectories + public InputList ExcludeApplicationScopes { - get => _exceptionalReadonlyFilesAndDirectories ?? (_exceptionalReadonlyFilesAndDirectories = new InputList()); - set => _exceptionalReadonlyFilesAndDirectories = value; + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; } - [Input("execLockdownWhiteLists")] - private InputList? _execLockdownWhiteLists; + [Input("executableBlacklists")] + private InputList? _executableBlacklists; /// - /// Specify processes that will be allowed + /// Executable blacklist configuration. /// - public InputList ExecLockdownWhiteLists + public InputList ExecutableBlacklists { - get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); - set => _execLockdownWhiteLists = value; + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; } + [Input("failedKubernetesChecks")] + public Input? FailedKubernetesChecks { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + /// /// Configuration for file integrity monitoring. /// @@ -1316,12 +1412,42 @@ public InputList ExecLockdownWhiteLists [Input("forkGuardProcessLimit")] public Input? ForkGuardProcessLimit { get; set; } + [Input("imageName")] + public Input? ImageName { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("isAutoGenerated")] + public Input? IsAutoGenerated { get; set; } + + [Input("isOotbPolicy")] + public Input? IsOotbPolicy { get; set; } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + /// /// If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) /// [Input("limitNewPrivileges")] public Input? LimitNewPrivileges { get; set; } + [Input("linuxCapabilities")] + public Input? LinuxCapabilities { get; set; } + /// /// Configuration for Real-Time Malware Protection. /// @@ -1335,47 +1461,68 @@ public InputList ExecLockdownWhiteLists public Input? MonitorSystemTimeChanges { get; set; } /// - /// Name of the container runtime policy + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } - [Input("readonlyFilesAndDirectories")] - private InputList? _readonlyFilesAndDirectories; + [Input("noNewPrivileges")] + public Input? NoNewPrivileges { get; set; } - /// - /// List of files and directories to be restricted as read-only - /// - public InputList ReadonlyFilesAndDirectories - { - get => _readonlyFilesAndDirectories ?? (_readonlyFilesAndDirectories = new InputList()); - set => _readonlyFilesAndDirectories = value; - } + [Input("onlyRegisteredImages")] + public Input? OnlyRegisteredImages { get; set; } - [Input("reverseShellAllowedIps")] - private InputList? _reverseShellAllowedIps; + [Input("packageBlock")] + public Input? PackageBlock { get; set; } - /// - /// List of IPs/ CIDRs that will be allowed - /// - public InputList ReverseShellAllowedIps - { - get => _reverseShellAllowedIps ?? (_reverseShellAllowedIps = new InputList()); - set => _reverseShellAllowedIps = value; - } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("readonlyRegistry")] + public Input? ReadonlyRegistry { get; set; } - [Input("reverseShellAllowedProcesses")] - private InputList? _reverseShellAllowedProcesses; + [Input("registry")] + public Input? Registry { get; set; } + + [Input("registryAccessMonitoring")] + public Input? RegistryAccessMonitoring { get; set; } + + [Input("repoName")] + public Input? RepoName { get; set; } + + [Input("resourceName")] + public Input? ResourceName { get; set; } + + [Input("resourceType")] + public Input? ResourceType { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; /// - /// List of processes that will be allowed + /// Restricted volumes configuration. /// - public InputList ReverseShellAllowedProcesses + public InputList RestrictedVolumes { - get => _reverseShellAllowedProcesses ?? (_reverseShellAllowedProcesses = new InputList()); - set => _reverseShellAllowedProcesses = value; + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; } + [Input("reverseShell")] + public Input? ReverseShell { get; set; } + + [Input("runtimeMode")] + public Input? RuntimeMode { get; set; } + + [Input("runtimeType")] + public Input? RuntimeType { get; set; } + /// /// Logical expression of how to compute the dependency of the scope variables. /// @@ -1394,6 +1541,39 @@ public InputList ScopeVariabl set => _scopeVariables = value; } + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("systemIntegrityProtection")] + public Input? SystemIntegrityProtection { get; set; } + + [Input("tripwire")] + public Input? Tripwire { get; set; } + + [Input("type")] + public Input? Type { get; set; } + + [Input("updated")] + public Input? Updated { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("vpatchVersion")] + public Input? VpatchVersion { get; set; } + + [Input("whitelistedOsUsers")] + public Input? WhitelistedOsUsers { get; set; } + public ContainerRuntimePolicyState() { } diff --git a/sdk/dotnet/FunctionAssurancePolicy.cs b/sdk/dotnet/FunctionAssurancePolicy.cs index 794036b4..5a5cf812 100644 --- a/sdk/dotnet/FunctionAssurancePolicy.cs +++ b/sdk/dotnet/FunctionAssurancePolicy.cs @@ -10,9 +10,23 @@ namespace Pulumiverse.Aquasec { + /// + /// Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: + /// Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. + /// Evaluating function risks based on scan results, according to Function Assurance Policies. + /// Checking function compliance with these policies. + /// For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. + /// Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. + /// [AquasecResourceType("aquasec:index/functionAssurancePolicy:FunctionAssurancePolicy")] public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource { + /// + /// Aggregated vulnerability information. + /// + [Output("aggregatedVulnerability")] + public Output?> AggregatedVulnerability { get; private set; } = null!; + /// /// List of explicitly allowed images. /// @@ -22,6 +36,12 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("applicationScopes")] public Output> ApplicationScopes { get; private set; } = null!; + /// + /// What type of assurance policy is described. + /// + [Output("assuranceType")] + public Output AssuranceType { get; private set; } = null!; + /// /// Indicates if auditing for failures. /// @@ -62,7 +82,7 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource public Output> BlacklistedLicenses { get; private set; } = null!; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Output("blacklistedLicensesEnabled")] public Output BlacklistedLicensesEnabled { get; private set; } = null!; @@ -88,23 +108,26 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("customChecksEnabled")] public Output CustomChecksEnabled { get; private set; } = null!; + [Output("customSeverity")] + public Output CustomSeverity { get; private set; } = null!; + [Output("customSeverityEnabled")] public Output CustomSeverityEnabled { get; private set; } = null!; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Output("cvesBlackListEnabled")] public Output CvesBlackListEnabled { get; private set; } = null!; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// [Output("cvesBlackLists")] public Output> CvesBlackLists { get; private set; } = null!; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Output("cvesWhiteListEnabled")] public Output CvesWhiteListEnabled { get; private set; } = null!; @@ -136,12 +159,18 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; + [Output("disallowExploitTypes")] + public Output> DisallowExploitTypes { get; private set; } = null!; + /// /// Indicates if malware should block the image. /// [Output("disallowMalware")] public Output DisallowMalware { get; private set; } = null!; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Output("dockerCisEnabled")] public Output DockerCisEnabled { get; private set; } = null!; @@ -175,6 +204,9 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("exceptionalMonitoredMalwarePaths")] public Output> ExceptionalMonitoredMalwarePaths { get; private set; } = null!; + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + /// /// Indicates if cicd failures will fail the image. /// @@ -193,6 +225,9 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("functionIntegrityEnabled")] public Output FunctionIntegrityEnabled { get; private set; } = null!; + [Output("ignoreBaseImageVln")] + public Output IgnoreBaseImageVln { get; private set; } = null!; + [Output("ignoreRecentlyPublishedVln")] public Output IgnoreRecentlyPublishedVln { get; private set; } = null!; @@ -211,21 +246,45 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("ignoredRiskResources")] public Output> IgnoredRiskResources { get; private set; } = null!; + [Output("ignoredSensitiveResources")] + public Output> IgnoredSensitiveResources { get; private set; } = null!; + /// /// List of images. /// [Output("images")] public Output> Images { get; private set; } = null!; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Output("kubeCisEnabled")] public Output KubeCisEnabled { get; private set; } = null!; + /// + /// List of Kubernetes controls. + /// + [Output("kubernetesControls")] + public Output> KubernetesControls { get; private set; } = null!; + + [Output("kubernetesControlsAvdIds")] + public Output> KubernetesControlsAvdIds { get; private set; } = null!; + + [Output("kubernetesControlsNames")] + public Output> KubernetesControlsNames { get; private set; } = null!; + /// /// List of labels. /// [Output("labels")] public Output> Labels { get; private set; } = null!; + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + [Output("linuxCisEnabled")] + public Output LinuxCisEnabled { get; private set; } = null!; + [Output("malwareAction")] public Output MalwareAction { get; private set; } = null!; @@ -241,9 +300,6 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("maximumScoreEnabled")] public Output MaximumScoreEnabled { get; private set; } = null!; - /// - /// Indicates that policy should ignore cases that do not have a known fix. - /// [Output("maximumScoreExcludeNoFix")] public Output MaximumScoreExcludeNoFix { get; private set; } = null!; @@ -259,6 +315,9 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("onlyNoneRootUsers")] public Output OnlyNoneRootUsers { get; private set; } = null!; + [Output("openshiftHardeningEnabled")] + public Output OpenshiftHardeningEnabled { get; private set; } = null!; + /// /// Indicates if packages blacklist is relevant. /// @@ -266,7 +325,7 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource public Output PackagesBlackListEnabled { get; private set; } = null!; /// - /// List of backlisted images. + /// List of blacklisted images. /// [Output("packagesBlackLists")] public Output> PackagesBlackLists { get; private set; } = null!; @@ -286,6 +345,12 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("partialResultsImageFail")] public Output PartialResultsImageFail { get; private set; } = null!; + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("policySettings")] + public Output PolicySettings { get; private set; } = null!; + [Output("readOnly")] public Output ReadOnly { get; private set; } = null!; @@ -304,15 +369,24 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("requiredLabelsEnabled")] public Output RequiredLabelsEnabled { get; private set; } = null!; + [Output("scanMalwareInArchives")] + public Output ScanMalwareInArchives { get; private set; } = null!; + [Output("scanNfsMounts")] public Output ScanNfsMounts { get; private set; } = null!; + [Output("scanProcessMemory")] + public Output ScanProcessMemory { get; private set; } = null!; + /// /// Indicates if scan should include sensitive data in the image. /// [Output("scanSensitiveData")] public Output ScanSensitiveData { get; private set; } = null!; + [Output("scanWindowsRegistry")] + public Output ScanWindowsRegistry { get; private set; } = null!; + /// /// Indicates if scanning should include scap. /// @@ -340,6 +414,12 @@ public partial class FunctionAssurancePolicy : global::Pulumi.CustomResource [Output("trustedBaseImagesEnabled")] public Output TrustedBaseImagesEnabled { get; private set; } = null!; + [Output("vulnerabilityExploitability")] + public Output VulnerabilityExploitability { get; private set; } = null!; + + [Output("vulnerabilityScoreRanges")] + public Output> VulnerabilityScoreRanges { get; private set; } = null!; + /// /// List of whitelisted licenses. /// @@ -399,6 +479,18 @@ public static FunctionAssurancePolicy Get(string name, Input id, Functio public sealed class FunctionAssurancePolicyArgs : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -419,12 +511,24 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// [Input("auditOnFailure")] public Input? AuditOnFailure { get; set; } + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + [Input("autoScanConfigured")] public Input? AutoScanConfigured { get; set; } @@ -470,7 +574,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -502,11 +606,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -515,7 +622,7 @@ public InputList CustomChecks private InputList? _cvesBlackLists; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public InputList CvesBlackLists { @@ -524,7 +631,7 @@ public InputList CvesBlackLists } /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Input("cvesWhiteListEnabled")] public Input? CvesWhiteListEnabled { get; set; } @@ -562,12 +669,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -606,6 +724,14 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + /// /// Indicates if cicd failures will fail the image. /// @@ -629,9 +755,15 @@ public InputList ForbiddenLabe [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } + [Input("ignoreRecentlyPublishedVlnPeriod")] + public Input? IgnoreRecentlyPublishedVlnPeriod { get; set; } + /// /// Indicates if risk resources are ignored. /// @@ -650,6 +782,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -662,9 +802,40 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + + /// + /// List of Kubernetes controls. + /// + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + [Input("labels")] private InputList? _labels; @@ -677,6 +848,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -692,9 +869,6 @@ public InputList Labels [Input("maximumScoreEnabled")] public Input? MaximumScoreEnabled { get; set; } - /// - /// Indicates that policy should ignore cases that do not have a known fix. - /// [Input("maximumScoreExcludeNoFix")] public Input? MaximumScoreExcludeNoFix { get; set; } @@ -715,6 +889,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -725,7 +902,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -754,6 +931,12 @@ public InputList PackagesWh [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -783,15 +966,24 @@ public InputList RequiredLabels [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -836,6 +1028,17 @@ public InputList TrustedBase [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; @@ -862,6 +1065,18 @@ public FunctionAssurancePolicyArgs() public sealed class FunctionAssurancePolicyState : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -882,6 +1097,12 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// @@ -939,7 +1160,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -971,11 +1192,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -984,7 +1208,7 @@ public InputList CustomChecks private InputList? _cvesBlackLists; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public InputList CvesBlackLists { @@ -993,7 +1217,7 @@ public InputList CvesBlackLists } /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Input("cvesWhiteListEnabled")] public Input? CvesWhiteListEnabled { get; set; } @@ -1031,12 +1255,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -1075,6 +1310,14 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + /// /// Indicates if cicd failures will fail the image. /// @@ -1098,6 +1341,9 @@ public InputList ForbiddenL [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } @@ -1122,6 +1368,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -1134,9 +1388,40 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + + /// + /// List of Kubernetes controls. + /// + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + [Input("labels")] private InputList? _labels; @@ -1149,6 +1434,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -1164,9 +1455,6 @@ public InputList Labels [Input("maximumScoreEnabled")] public Input? MaximumScoreEnabled { get; set; } - /// - /// Indicates that policy should ignore cases that do not have a known fix. - /// [Input("maximumScoreExcludeNoFix")] public Input? MaximumScoreExcludeNoFix { get; set; } @@ -1187,6 +1475,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -1197,7 +1488,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -1226,6 +1517,12 @@ public InputList Package [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -1255,15 +1552,24 @@ public InputList RequiredLab [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -1308,6 +1614,17 @@ public InputList TrustedB [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; diff --git a/sdk/dotnet/FunctionRuntimePolicy.cs b/sdk/dotnet/FunctionRuntimePolicy.cs index 267bcad5..06512f91 100644 --- a/sdk/dotnet/FunctionRuntimePolicy.cs +++ b/sdk/dotnet/FunctionRuntimePolicy.cs @@ -10,95 +10,77 @@ namespace Pulumiverse.Aquasec { - /// - /// ## Example Usage - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Aquasec = Pulumiverse.Aquasec; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var functionRuntimePolicy = new Aquasec.FunctionRuntimePolicy("functionRuntimePolicy", new() - /// { - /// ApplicationScopes = new[] - /// { - /// "Global", - /// }, - /// BlockMaliciousExecutables = true, - /// BlockMaliciousExecutablesAllowedProcesses = new[] - /// { - /// "proc1", - /// "proc2", - /// }, - /// BlockRunningExecutablesInTmpFolder = true, - /// BlockedExecutables = new[] - /// { - /// "exe1", - /// "exe2", - /// }, - /// Description = "function_runtime_policy", - /// Enabled = true, - /// Enforce = false, - /// ScopeVariables = new[] - /// { - /// new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs - /// { - /// Attribute = "kubernetes.cluster", - /// Value = "default", - /// }, - /// new Aquasec.Inputs.FunctionRuntimePolicyScopeVariableArgs - /// { - /// Attribute = "kubernetes.label", - /// Name = "app", - /// Value = "aqua", - /// }, - /// }, - /// }); - /// - /// }); - /// ``` - /// [AquasecResourceType("aquasec:index/functionRuntimePolicy:FunctionRuntimePolicy")] public partial class FunctionRuntimePolicy : global::Pulumi.CustomResource { /// - /// Indicates the application scope of the service. + /// Allowed executables configuration. /// - [Output("applicationScopes")] - public Output> ApplicationScopes { get; private set; } = null!; + [Output("allowedExecutables")] + public Output> AllowedExecutables { get; private set; } = null!; /// - /// Username of the account that created the service. + /// List of allowed registries. /// - [Output("author")] - public Output Author { get; private set; } = null!; + [Output("allowedRegistries")] + public Output> AllowedRegistries { get; private set; } = null!; /// - /// If true, prevent creation of malicious executables in functions during their runtime post invocation. + /// Indicates the application scope of the service. /// - [Output("blockMaliciousExecutables")] - public Output BlockMaliciousExecutables { get; private set; } = null!; + [Output("applicationScopes")] + public Output> ApplicationScopes { get; private set; } = null!; /// - /// List of processes that will be allowed + /// Detects brute force login attempts /// - [Output("blockMaliciousExecutablesAllowedProcesses")] - public Output> BlockMaliciousExecutablesAllowedProcesses { get; private set; } = null!; + [Output("auditBruteForceLogin")] + public Output AuditBruteForceLogin { get; private set; } = null!; + + [Output("auditing")] + public Output Auditing { get; private set; } = null!; /// - /// If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. + /// Username of the account that created the service. /// - [Output("blockRunningExecutablesInTmpFolder")] - public Output BlockRunningExecutablesInTmpFolder { get; private set; } = null!; + [Output("author")] + public Output Author { get; private set; } = null!; + + [Output("blacklistedOsUsers")] + public Output BlacklistedOsUsers { get; private set; } = null!; + + [Output("blockContainerExec")] + public Output BlockContainerExec { get; private set; } = null!; + + [Output("blockDisallowedImages")] + public Output BlockDisallowedImages { get; private set; } = null!; + + [Output("blockFilelessExec")] + public Output BlockFilelessExec { get; private set; } = null!; + + [Output("blockNonCompliantWorkloads")] + public Output BlockNonCompliantWorkloads { get; private set; } = null!; + + [Output("blockNonK8sContainers")] + public Output BlockNonK8sContainers { get; private set; } = null!; /// - /// List of executables that are prevented from running in containers. + /// Bypass scope configuration. /// - [Output("blockedExecutables")] - public Output> BlockedExecutables { get; private set; } = null!; + [Output("bypassScopes")] + public Output> BypassScopes { get; private set; } = null!; + + [Output("containerExec")] + public Output ContainerExec { get; private set; } = null!; + + [Output("created")] + public Output Created { get; private set; } = null!; + + [Output("cve")] + public Output Cve { get; private set; } = null!; + + [Output("defaultSecurityProfile")] + public Output DefaultSecurityProfile { get; private set; } = null!; /// /// The description of the function runtime policy @@ -106,8 +88,29 @@ public partial class FunctionRuntimePolicy : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; + [Output("digest")] + public Output Digest { get; private set; } = null!; + + /// + /// Drift prevention configuration. + /// + [Output("driftPreventions")] + public Output> DriftPreventions { get; private set; } = null!; + + [Output("enableCryptoMiningDns")] + public Output EnableCryptoMiningDns { get; private set; } = null!; + + [Output("enableForkGuard")] + public Output EnableForkGuard { get; private set; } = null!; + + [Output("enableIpReputation")] + public Output EnableIpReputation { get; private set; } = null!; + + [Output("enablePortScanProtection")] + public Output EnablePortScanProtection { get; private set; } = null!; + /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -118,6 +121,42 @@ public partial class FunctionRuntimePolicy : global::Pulumi.CustomResource [Output("enforce")] public Output Enforce { get; private set; } = null!; + /// + /// Indicates the number of days after which the runtime policy will be changed to enforce mode. + /// + [Output("enforceAfterDays")] + public Output EnforceAfterDays { get; private set; } = null!; + + [Output("enforceSchedulerAddedOn")] + public Output EnforceSchedulerAddedOn { get; private set; } = null!; + + /// + /// List of excluded application scopes. + /// + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + + /// + /// Executable blacklist configuration. + /// + [Output("executableBlacklists")] + public Output> ExecutableBlacklists { get; private set; } = null!; + + [Output("failedKubernetesChecks")] + public Output FailedKubernetesChecks { get; private set; } = null!; + + [Output("fileBlock")] + public Output FileBlock { get; private set; } = null!; + + /// + /// Configuration for file integrity monitoring. + /// + [Output("fileIntegrityMonitorings")] + public Output> FileIntegrityMonitorings { get; private set; } = null!; + + [Output("forkGuardProcessLimit")] + public Output ForkGuardProcessLimit { get; private set; } = null!; + /// /// Honeypot User ID (Access Key) /// @@ -142,12 +181,93 @@ public partial class FunctionRuntimePolicy : global::Pulumi.CustomResource [Output("honeypotServerlessAppName")] public Output HoneypotServerlessAppName { get; private set; } = null!; + [Output("imageName")] + public Output ImageName { get; private set; } = null!; + + [Output("isAuditChecked")] + public Output IsAuditChecked { get; private set; } = null!; + + [Output("isAutoGenerated")] + public Output IsAutoGenerated { get; private set; } = null!; + + [Output("isOotbPolicy")] + public Output IsOotbPolicy { get; private set; } = null!; + + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + /// + /// Container privileges configuration. + /// + [Output("limitContainerPrivileges")] + public Output> LimitContainerPrivileges { get; private set; } = null!; + + [Output("linuxCapabilities")] + public Output LinuxCapabilities { get; private set; } = null!; + /// - /// Name of the function runtime policy + /// Configuration for Real-Time Malware Protection. + /// + [Output("malwareScanOptions")] + public Output MalwareScanOptions { get; private set; } = null!; + + /// + /// Name assigned to the attribute. /// [Output("name")] public Output Name { get; private set; } = null!; + [Output("noNewPrivileges")] + public Output NoNewPrivileges { get; private set; } = null!; + + [Output("onlyRegisteredImages")] + public Output OnlyRegisteredImages { get; private set; } = null!; + + [Output("packageBlock")] + public Output PackageBlock { get; private set; } = null!; + + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("portBlock")] + public Output PortBlock { get; private set; } = null!; + + [Output("readonlyFiles")] + public Output ReadonlyFiles { get; private set; } = null!; + + [Output("readonlyRegistry")] + public Output ReadonlyRegistry { get; private set; } = null!; + + [Output("registry")] + public Output Registry { get; private set; } = null!; + + [Output("registryAccessMonitoring")] + public Output RegistryAccessMonitoring { get; private set; } = null!; + + [Output("repoName")] + public Output RepoName { get; private set; } = null!; + + [Output("resourceName")] + public Output ResourceName { get; private set; } = null!; + + [Output("resourceType")] + public Output ResourceType { get; private set; } = null!; + + /// + /// Restricted volumes configuration. + /// + [Output("restrictedVolumes")] + public Output> RestrictedVolumes { get; private set; } = null!; + + [Output("reverseShell")] + public Output ReverseShell { get; private set; } = null!; + + [Output("runtimeMode")] + public Output RuntimeMode { get; private set; } = null!; + + [Output("runtimeType")] + public Output RuntimeType { get; private set; } = null!; + /// /// Logical expression of how to compute the dependency of the scope variables. /// @@ -160,6 +280,33 @@ public partial class FunctionRuntimePolicy : global::Pulumi.CustomResource [Output("scopeVariables")] public Output> ScopeVariables { get; private set; } = null!; + /// + /// Scope configuration. + /// + [Output("scopes")] + public Output> Scopes { get; private set; } = null!; + + [Output("systemIntegrityProtection")] + public Output SystemIntegrityProtection { get; private set; } = null!; + + [Output("tripwire")] + public Output Tripwire { get; private set; } = null!; + + [Output("type")] + public Output Type { get; private set; } = null!; + + [Output("updated")] + public Output Updated { get; private set; } = null!; + + [Output("version")] + public Output Version { get; private set; } = null!; + + [Output("vpatchVersion")] + public Output VpatchVersion { get; private set; } = null!; + + [Output("whitelistedOsUsers")] + public Output WhitelistedOsUsers { get; private set; } = null!; + /// /// Create a FunctionRuntimePolicy resource with the given unique name, arguments, and options. @@ -211,6 +358,30 @@ public static FunctionRuntimePolicy Get(string name, Input id, FunctionR public sealed class FunctionRuntimePolicyArgs : global::Pulumi.ResourceArgs { + [Input("allowedExecutables")] + private InputList? _allowedExecutables; + + /// + /// Allowed executables configuration. + /// + public InputList AllowedExecutables + { + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + set => _allowedExecutables = value; + } + + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + [Input("applicationScopes")] private InputList? _applicationScopes; @@ -224,49 +395,97 @@ public InputList ApplicationScopes } /// - /// If true, prevent creation of malicious executables in functions during their runtime post invocation. + /// Detects brute force login attempts /// - [Input("blockMaliciousExecutables")] - public Input? BlockMaliciousExecutables { get; set; } + [Input("auditBruteForceLogin")] + public Input? AuditBruteForceLogin { get; set; } - [Input("blockMaliciousExecutablesAllowedProcesses")] - private InputList? _blockMaliciousExecutablesAllowedProcesses; + [Input("auditing")] + public Input? Auditing { get; set; } /// - /// List of processes that will be allowed + /// Username of the account that created the service. /// - public InputList BlockMaliciousExecutablesAllowedProcesses - { - get => _blockMaliciousExecutablesAllowedProcesses ?? (_blockMaliciousExecutablesAllowedProcesses = new InputList()); - set => _blockMaliciousExecutablesAllowedProcesses = value; - } + [Input("author")] + public Input? Author { get; set; } - /// - /// If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - /// - [Input("blockRunningExecutablesInTmpFolder")] - public Input? BlockRunningExecutablesInTmpFolder { get; set; } + [Input("blacklistedOsUsers")] + public Input? BlacklistedOsUsers { get; set; } + + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("blockDisallowedImages")] + public Input? BlockDisallowedImages { get; set; } + + [Input("blockFilelessExec")] + public Input? BlockFilelessExec { get; set; } - [Input("blockedExecutables")] - private InputList? _blockedExecutables; + [Input("blockNonCompliantWorkloads")] + public Input? BlockNonCompliantWorkloads { get; set; } + + [Input("blockNonK8sContainers")] + public Input? BlockNonK8sContainers { get; set; } + + [Input("bypassScopes")] + private InputList? _bypassScopes; /// - /// List of executables that are prevented from running in containers. + /// Bypass scope configuration. /// - public InputList BlockedExecutables + public InputList BypassScopes { - get => _blockedExecutables ?? (_blockedExecutables = new InputList()); - set => _blockedExecutables = value; + get => _bypassScopes ?? (_bypassScopes = new InputList()); + set => _bypassScopes = value; } + [Input("containerExec")] + public Input? ContainerExec { get; set; } + + [Input("created")] + public Input? Created { get; set; } + + [Input("cve")] + public Input? Cve { get; set; } + + [Input("defaultSecurityProfile")] + public Input? DefaultSecurityProfile { get; set; } + /// /// The description of the function runtime policy /// [Input("description")] public Input? Description { get; set; } + [Input("digest")] + public Input? Digest { get; set; } + + [Input("driftPreventions")] + private InputList? _driftPreventions; + + /// + /// Drift prevention configuration. + /// + public InputList DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; + } + + [Input("enableCryptoMiningDns")] + public Input? EnableCryptoMiningDns { get; set; } + + [Input("enableForkGuard")] + public Input? EnableForkGuard { get; set; } + + [Input("enableIpReputation")] + public Input? EnableIpReputation { get; set; } + + [Input("enablePortScanProtection")] + public Input? EnablePortScanProtection { get; set; } + /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -277,6 +496,60 @@ public InputList BlockedExecutables [Input("enforce")] public Input? Enforce { get; set; } + /// + /// Indicates the number of days after which the runtime policy will be changed to enforce mode. + /// + [Input("enforceAfterDays")] + public Input? EnforceAfterDays { get; set; } + + [Input("enforceSchedulerAddedOn")] + public Input? EnforceSchedulerAddedOn { get; set; } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + + /// + /// List of excluded application scopes. + /// + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + [Input("executableBlacklists")] + private InputList? _executableBlacklists; + + /// + /// Executable blacklist configuration. + /// + public InputList ExecutableBlacklists + { + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; + } + + [Input("failedKubernetesChecks")] + public Input? FailedKubernetesChecks { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + + [Input("fileIntegrityMonitorings")] + private InputList? _fileIntegrityMonitorings; + + /// + /// Configuration for file integrity monitoring. + /// + public InputList FileIntegrityMonitorings + { + get => _fileIntegrityMonitorings ?? (_fileIntegrityMonitorings = new InputList()); + set => _fileIntegrityMonitorings = value; + } + + [Input("forkGuardProcessLimit")] + public Input? ForkGuardProcessLimit { get; set; } + /// /// Honeypot User ID (Access Key) /// @@ -317,12 +590,105 @@ public Input? HoneypotSecretKey [Input("honeypotServerlessAppName")] public Input? HoneypotServerlessAppName { get; set; } + [Input("imageName")] + public Input? ImageName { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("isAutoGenerated")] + public Input? IsAutoGenerated { get; set; } + + [Input("isOotbPolicy")] + public Input? IsOotbPolicy { get; set; } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + /// - /// Name of the function runtime policy + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + + [Input("linuxCapabilities")] + public Input? LinuxCapabilities { get; set; } + + /// + /// Configuration for Real-Time Malware Protection. + /// + [Input("malwareScanOptions")] + public Input? MalwareScanOptions { get; set; } + + /// + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } + [Input("noNewPrivileges")] + public Input? NoNewPrivileges { get; set; } + + [Input("onlyRegisteredImages")] + public Input? OnlyRegisteredImages { get; set; } + + [Input("packageBlock")] + public Input? PackageBlock { get; set; } + + [Input("permission")] + public Input? Permission { get; set; } + + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("readonlyRegistry")] + public Input? ReadonlyRegistry { get; set; } + + [Input("registry")] + public Input? Registry { get; set; } + + [Input("registryAccessMonitoring")] + public Input? RegistryAccessMonitoring { get; set; } + + [Input("repoName")] + public Input? RepoName { get; set; } + + [Input("resourceName")] + public Input? ResourceName { get; set; } + + [Input("resourceType")] + public Input? ResourceType { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; + + /// + /// Restricted volumes configuration. + /// + public InputList RestrictedVolumes + { + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; + } + + [Input("reverseShell")] + public Input? ReverseShell { get; set; } + + [Input("runtimeMode")] + public Input? RuntimeMode { get; set; } + + [Input("runtimeType")] + public Input? RuntimeType { get; set; } + /// /// Logical expression of how to compute the dependency of the scope variables. /// @@ -341,6 +707,39 @@ public InputList ScopeVariables set => _scopeVariables = value; } + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("systemIntegrityProtection")] + public Input? SystemIntegrityProtection { get; set; } + + [Input("tripwire")] + public Input? Tripwire { get; set; } + + [Input("type")] + public Input? Type { get; set; } + + [Input("updated")] + public Input? Updated { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("vpatchVersion")] + public Input? VpatchVersion { get; set; } + + [Input("whitelistedOsUsers")] + public Input? WhitelistedOsUsers { get; set; } + public FunctionRuntimePolicyArgs() { } @@ -349,6 +748,30 @@ public FunctionRuntimePolicyArgs() public sealed class FunctionRuntimePolicyState : global::Pulumi.ResourceArgs { + [Input("allowedExecutables")] + private InputList? _allowedExecutables; + + /// + /// Allowed executables configuration. + /// + public InputList AllowedExecutables + { + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + set => _allowedExecutables = value; + } + + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + [Input("applicationScopes")] private InputList? _applicationScopes; @@ -361,56 +784,98 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// Detects brute force login attempts + /// + [Input("auditBruteForceLogin")] + public Input? AuditBruteForceLogin { get; set; } + + [Input("auditing")] + public Input? Auditing { get; set; } + /// /// Username of the account that created the service. /// [Input("author")] public Input? Author { get; set; } - /// - /// If true, prevent creation of malicious executables in functions during their runtime post invocation. - /// - [Input("blockMaliciousExecutables")] - public Input? BlockMaliciousExecutables { get; set; } + [Input("blacklistedOsUsers")] + public Input? BlacklistedOsUsers { get; set; } + + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("blockDisallowedImages")] + public Input? BlockDisallowedImages { get; set; } + + [Input("blockFilelessExec")] + public Input? BlockFilelessExec { get; set; } - [Input("blockMaliciousExecutablesAllowedProcesses")] - private InputList? _blockMaliciousExecutablesAllowedProcesses; + [Input("blockNonCompliantWorkloads")] + public Input? BlockNonCompliantWorkloads { get; set; } + + [Input("blockNonK8sContainers")] + public Input? BlockNonK8sContainers { get; set; } + + [Input("bypassScopes")] + private InputList? _bypassScopes; /// - /// List of processes that will be allowed + /// Bypass scope configuration. /// - public InputList BlockMaliciousExecutablesAllowedProcesses + public InputList BypassScopes { - get => _blockMaliciousExecutablesAllowedProcesses ?? (_blockMaliciousExecutablesAllowedProcesses = new InputList()); - set => _blockMaliciousExecutablesAllowedProcesses = value; + get => _bypassScopes ?? (_bypassScopes = new InputList()); + set => _bypassScopes = value; } + [Input("containerExec")] + public Input? ContainerExec { get; set; } + + [Input("created")] + public Input? Created { get; set; } + + [Input("cve")] + public Input? Cve { get; set; } + + [Input("defaultSecurityProfile")] + public Input? DefaultSecurityProfile { get; set; } + /// - /// If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. + /// The description of the function runtime policy /// - [Input("blockRunningExecutablesInTmpFolder")] - public Input? BlockRunningExecutablesInTmpFolder { get; set; } + [Input("description")] + public Input? Description { get; set; } + + [Input("digest")] + public Input? Digest { get; set; } - [Input("blockedExecutables")] - private InputList? _blockedExecutables; + [Input("driftPreventions")] + private InputList? _driftPreventions; /// - /// List of executables that are prevented from running in containers. + /// Drift prevention configuration. /// - public InputList BlockedExecutables + public InputList DriftPreventions { - get => _blockedExecutables ?? (_blockedExecutables = new InputList()); - set => _blockedExecutables = value; + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; } - /// - /// The description of the function runtime policy - /// - [Input("description")] - public Input? Description { get; set; } + [Input("enableCryptoMiningDns")] + public Input? EnableCryptoMiningDns { get; set; } + + [Input("enableForkGuard")] + public Input? EnableForkGuard { get; set; } + + [Input("enableIpReputation")] + public Input? EnableIpReputation { get; set; } + + [Input("enablePortScanProtection")] + public Input? EnablePortScanProtection { get; set; } /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -421,6 +886,60 @@ public InputList BlockedExecutables [Input("enforce")] public Input? Enforce { get; set; } + /// + /// Indicates the number of days after which the runtime policy will be changed to enforce mode. + /// + [Input("enforceAfterDays")] + public Input? EnforceAfterDays { get; set; } + + [Input("enforceSchedulerAddedOn")] + public Input? EnforceSchedulerAddedOn { get; set; } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + + /// + /// List of excluded application scopes. + /// + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + [Input("executableBlacklists")] + private InputList? _executableBlacklists; + + /// + /// Executable blacklist configuration. + /// + public InputList ExecutableBlacklists + { + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; + } + + [Input("failedKubernetesChecks")] + public Input? FailedKubernetesChecks { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + + [Input("fileIntegrityMonitorings")] + private InputList? _fileIntegrityMonitorings; + + /// + /// Configuration for file integrity monitoring. + /// + public InputList FileIntegrityMonitorings + { + get => _fileIntegrityMonitorings ?? (_fileIntegrityMonitorings = new InputList()); + set => _fileIntegrityMonitorings = value; + } + + [Input("forkGuardProcessLimit")] + public Input? ForkGuardProcessLimit { get; set; } + /// /// Honeypot User ID (Access Key) /// @@ -461,12 +980,105 @@ public Input? HoneypotSecretKey [Input("honeypotServerlessAppName")] public Input? HoneypotServerlessAppName { get; set; } + [Input("imageName")] + public Input? ImageName { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("isAutoGenerated")] + public Input? IsAutoGenerated { get; set; } + + [Input("isOotbPolicy")] + public Input? IsOotbPolicy { get; set; } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + + [Input("linuxCapabilities")] + public Input? LinuxCapabilities { get; set; } + + /// + /// Configuration for Real-Time Malware Protection. + /// + [Input("malwareScanOptions")] + public Input? MalwareScanOptions { get; set; } + /// - /// Name of the function runtime policy + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } + [Input("noNewPrivileges")] + public Input? NoNewPrivileges { get; set; } + + [Input("onlyRegisteredImages")] + public Input? OnlyRegisteredImages { get; set; } + + [Input("packageBlock")] + public Input? PackageBlock { get; set; } + + [Input("permission")] + public Input? Permission { get; set; } + + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("readonlyRegistry")] + public Input? ReadonlyRegistry { get; set; } + + [Input("registry")] + public Input? Registry { get; set; } + + [Input("registryAccessMonitoring")] + public Input? RegistryAccessMonitoring { get; set; } + + [Input("repoName")] + public Input? RepoName { get; set; } + + [Input("resourceName")] + public Input? ResourceName { get; set; } + + [Input("resourceType")] + public Input? ResourceType { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; + + /// + /// Restricted volumes configuration. + /// + public InputList RestrictedVolumes + { + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; + } + + [Input("reverseShell")] + public Input? ReverseShell { get; set; } + + [Input("runtimeMode")] + public Input? RuntimeMode { get; set; } + + [Input("runtimeType")] + public Input? RuntimeType { get; set; } + /// /// Logical expression of how to compute the dependency of the scope variables. /// @@ -485,6 +1097,39 @@ public InputList ScopeVariable set => _scopeVariables = value; } + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("systemIntegrityProtection")] + public Input? SystemIntegrityProtection { get; set; } + + [Input("tripwire")] + public Input? Tripwire { get; set; } + + [Input("type")] + public Input? Type { get; set; } + + [Input("updated")] + public Input? Updated { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("vpatchVersion")] + public Input? VpatchVersion { get; set; } + + [Input("whitelistedOsUsers")] + public Input? WhitelistedOsUsers { get; set; } + public FunctionRuntimePolicyState() { } diff --git a/sdk/dotnet/GetContainerRuntimePolicy.cs b/sdk/dotnet/GetContainerRuntimePolicy.cs index da06d861..9d0c07a1 100644 --- a/sdk/dotnet/GetContainerRuntimePolicy.cs +++ b/sdk/dotnet/GetContainerRuntimePolicy.cs @@ -76,6 +76,63 @@ public static Output Invoke(GetContainerRuntime public sealed class GetContainerRuntimePolicyArgs : global::Pulumi.InvokeArgs { + [Input("allowedExecutables")] + private List? _allowedExecutables; + + /// + /// Allowed executables configuration. + /// + public List AllowedExecutables + { + get => _allowedExecutables ?? (_allowedExecutables = new List()); + set => _allowedExecutables = value; + } + + [Input("allowedRegistries")] + private List? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public List AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new List()); + set => _allowedRegistries = value; + } + + [Input("auditing")] + public Inputs.GetContainerRuntimePolicyAuditingArgs? Auditing { get; set; } + + [Input("containerExec")] + public Inputs.GetContainerRuntimePolicyContainerExecArgs? ContainerExec { get; set; } + + [Input("fileBlock")] + public Inputs.GetContainerRuntimePolicyFileBlockArgs? FileBlock { get; set; } + + [Input("fileIntegrityMonitorings")] + private List? _fileIntegrityMonitorings; + + /// + /// Configuration for file integrity monitoring. + /// + public List FileIntegrityMonitorings + { + get => _fileIntegrityMonitorings ?? (_fileIntegrityMonitorings = new List()); + set => _fileIntegrityMonitorings = value; + } + + [Input("limitContainerPrivileges")] + private List? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public List LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new List()); + set => _limitContainerPrivileges = value; + } + [Input("malwareScanOptions")] private List? _malwareScanOptions; @@ -88,12 +145,27 @@ public List MalwareScanOp set => _malwareScanOptions = value; } - /// - /// Name of the container runtime policy - /// [Input("name", required: true)] public string Name { get; set; } = null!; + [Input("portBlock")] + public Inputs.GetContainerRuntimePolicyPortBlockArgs? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Inputs.GetContainerRuntimePolicyReadonlyFilesArgs? ReadonlyFiles { get; set; } + + [Input("restrictedVolumes")] + private List? _restrictedVolumes; + + /// + /// Restricted volumes configuration. + /// + public List RestrictedVolumes + { + get => _restrictedVolumes ?? (_restrictedVolumes = new List()); + set => _restrictedVolumes = value; + } + public GetContainerRuntimePolicyArgs() { } @@ -102,6 +174,63 @@ public GetContainerRuntimePolicyArgs() public sealed class GetContainerRuntimePolicyInvokeArgs : global::Pulumi.InvokeArgs { + [Input("allowedExecutables")] + private InputList? _allowedExecutables; + + /// + /// Allowed executables configuration. + /// + public InputList AllowedExecutables + { + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + set => _allowedExecutables = value; + } + + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + [Input("auditing")] + public Input? Auditing { get; set; } + + [Input("containerExec")] + public Input? ContainerExec { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + + [Input("fileIntegrityMonitorings")] + private InputList? _fileIntegrityMonitorings; + + /// + /// Configuration for file integrity monitoring. + /// + public InputList FileIntegrityMonitorings + { + get => _fileIntegrityMonitorings ?? (_fileIntegrityMonitorings = new InputList()); + set => _fileIntegrityMonitorings = value; + } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + [Input("malwareScanOptions")] private InputList? _malwareScanOptions; @@ -114,12 +243,27 @@ public InputList Mal set => _malwareScanOptions = value; } - /// - /// Name of the container runtime policy - /// [Input("name", required: true)] public Input Name { get; set; } = null!; + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; + + /// + /// Restricted volumes configuration. + /// + public InputList RestrictedVolumes + { + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; + } + public GetContainerRuntimePolicyInvokeArgs() { } @@ -131,13 +275,13 @@ public GetContainerRuntimePolicyInvokeArgs() public sealed class GetContainerRuntimePolicyResult { /// - /// List of executables that are allowed for the user. + /// Allowed executables configuration. /// - public readonly ImmutableArray AllowedExecutables; + public readonly ImmutableArray AllowedExecutables; /// - /// List of registries that allowed for running containers. + /// Allowed registries configuration. /// - public readonly ImmutableArray AllowedRegistries; + public readonly ImmutableArray AllowedRegistries; /// /// Indicates the application scope of the service. /// @@ -154,6 +298,7 @@ public sealed class GetContainerRuntimePolicyResult /// If true, full command arguments will be audited. /// public readonly bool AuditFullCommandArguments; + public readonly Outputs.GetContainerRuntimePolicyAuditingResult? Auditing; /// /// Username of the account that created the service. /// @@ -254,6 +399,7 @@ public sealed class GetContainerRuntimePolicyResult /// List of volumes that are prevented from being mounted in the containers. /// public readonly ImmutableArray BlockedVolumes; + public readonly Outputs.GetContainerRuntimePolicyContainerExecResult? ContainerExec; /// /// List of processes that will be allowed. /// @@ -298,6 +444,7 @@ public sealed class GetContainerRuntimePolicyResult /// Specify processes that will be allowed /// public readonly ImmutableArray ExecLockdownWhiteLists; + public readonly Outputs.GetContainerRuntimePolicyFileBlockResult? FileBlock; /// /// Configuration for file integrity monitoring. /// @@ -311,6 +458,10 @@ public sealed class GetContainerRuntimePolicyResult /// public readonly string Id; /// + /// Container privileges configuration. + /// + public readonly ImmutableArray LimitContainerPrivileges; + /// /// If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) /// public readonly bool LimitNewPrivileges; @@ -326,11 +477,17 @@ public sealed class GetContainerRuntimePolicyResult /// Name of the container runtime policy /// public readonly string Name; + public readonly Outputs.GetContainerRuntimePolicyPortBlockResult? PortBlock; + public readonly Outputs.GetContainerRuntimePolicyReadonlyFilesResult? ReadonlyFiles; /// /// List of files and directories to be restricted as read-only /// public readonly ImmutableArray ReadonlyFilesAndDirectories; /// + /// Restricted volumes configuration. + /// + public readonly ImmutableArray RestrictedVolumes; + /// /// List of IPs/ CIDRs that will be allowed /// public readonly ImmutableArray ReverseShellAllowedIps; @@ -349,9 +506,9 @@ public sealed class GetContainerRuntimePolicyResult [OutputConstructor] private GetContainerRuntimePolicyResult( - ImmutableArray allowedExecutables, + ImmutableArray allowedExecutables, - ImmutableArray allowedRegistries, + ImmutableArray allowedRegistries, ImmutableArray applicationScopes, @@ -361,6 +518,8 @@ private GetContainerRuntimePolicyResult( bool auditFullCommandArguments, + Outputs.GetContainerRuntimePolicyAuditingResult? auditing, + string author, bool blockAccessHostNetwork, @@ -411,6 +570,8 @@ private GetContainerRuntimePolicyResult( ImmutableArray blockedVolumes, + Outputs.GetContainerRuntimePolicyContainerExecResult? containerExec, + ImmutableArray containerExecAllowedProcesses, string description, @@ -433,12 +594,16 @@ private GetContainerRuntimePolicyResult( ImmutableArray execLockdownWhiteLists, + Outputs.GetContainerRuntimePolicyFileBlockResult? fileBlock, + ImmutableArray fileIntegrityMonitorings, int forkGuardProcessLimit, string id, + ImmutableArray limitContainerPrivileges, + bool limitNewPrivileges, ImmutableArray malwareScanOptions, @@ -447,8 +612,14 @@ private GetContainerRuntimePolicyResult( string name, + Outputs.GetContainerRuntimePolicyPortBlockResult? portBlock, + + Outputs.GetContainerRuntimePolicyReadonlyFilesResult? readonlyFiles, + ImmutableArray readonlyFilesAndDirectories, + ImmutableArray restrictedVolumes, + ImmutableArray reverseShellAllowedIps, ImmutableArray reverseShellAllowedProcesses, @@ -463,6 +634,7 @@ private GetContainerRuntimePolicyResult( AuditAllNetworkActivity = auditAllNetworkActivity; AuditAllProcessesActivity = auditAllProcessesActivity; AuditFullCommandArguments = auditFullCommandArguments; + Auditing = auditing; Author = author; BlockAccessHostNetwork = blockAccessHostNetwork; BlockAddingCapabilities = blockAddingCapabilities; @@ -488,6 +660,7 @@ private GetContainerRuntimePolicyResult( BlockedOutboundPorts = blockedOutboundPorts; BlockedPackages = blockedPackages; BlockedVolumes = blockedVolumes; + ContainerExec = containerExec; ContainerExecAllowedProcesses = containerExecAllowedProcesses; Description = description; EnableDriftPrevention = enableDriftPrevention; @@ -499,14 +672,19 @@ private GetContainerRuntimePolicyResult( EnforceAfterDays = enforceAfterDays; ExceptionalReadonlyFilesAndDirectories = exceptionalReadonlyFilesAndDirectories; ExecLockdownWhiteLists = execLockdownWhiteLists; + FileBlock = fileBlock; FileIntegrityMonitorings = fileIntegrityMonitorings; ForkGuardProcessLimit = forkGuardProcessLimit; Id = id; + LimitContainerPrivileges = limitContainerPrivileges; LimitNewPrivileges = limitNewPrivileges; MalwareScanOptions = malwareScanOptions; MonitorSystemTimeChanges = monitorSystemTimeChanges; Name = name; + PortBlock = portBlock; + ReadonlyFiles = readonlyFiles; ReadonlyFilesAndDirectories = readonlyFilesAndDirectories; + RestrictedVolumes = restrictedVolumes; ReverseShellAllowedIps = reverseShellAllowedIps; ReverseShellAllowedProcesses = reverseShellAllowedProcesses; ScopeExpression = scopeExpression; diff --git a/sdk/dotnet/GetEnforcerGroups.cs b/sdk/dotnet/GetEnforcerGroups.cs index ea95deea..e89c0cf0 100644 --- a/sdk/dotnet/GetEnforcerGroups.cs +++ b/sdk/dotnet/GetEnforcerGroups.cs @@ -13,6 +13,8 @@ namespace Pulumiverse.Aquasec public static class GetEnforcerGroups { /// + /// The data source `aquasec.EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. + /// /// {{% examples %}} /// ## Example Usage /// {{% example %}} @@ -43,6 +45,8 @@ public static Task InvokeAsync(GetEnforcerGroupsArgs ar => global::Pulumi.Deployment.Instance.InvokeAsync("aquasec:index/getEnforcerGroups:getEnforcerGroups", args ?? new GetEnforcerGroupsArgs(), options.WithDefaults()); /// + /// The data source `aquasec.EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. + /// /// {{% examples %}} /// ## Example Usage /// {{% example %}} diff --git a/sdk/dotnet/GetFunctionAssurancePolicy.cs b/sdk/dotnet/GetFunctionAssurancePolicy.cs index a6827eeb..1b62454b 100644 --- a/sdk/dotnet/GetFunctionAssurancePolicy.cs +++ b/sdk/dotnet/GetFunctionAssurancePolicy.cs @@ -75,7 +75,7 @@ public sealed class GetFunctionAssurancePolicyResult /// public readonly ImmutableArray BlacklistedLicenses; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// public readonly bool BlacklistedLicensesEnabled; /// @@ -93,15 +93,15 @@ public sealed class GetFunctionAssurancePolicyResult public readonly bool CustomChecksEnabled; public readonly bool CustomSeverityEnabled; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// public readonly bool CvesBlackListEnabled; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public readonly ImmutableArray CvesBlackLists; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// public readonly bool CvesWhiteListEnabled; /// @@ -125,6 +125,9 @@ public sealed class GetFunctionAssurancePolicyResult /// Indicates if malware should block the image. /// public readonly bool DisallowMalware; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// public readonly bool DockerCisEnabled; /// /// Name of the container image. @@ -164,6 +167,9 @@ public sealed class GetFunctionAssurancePolicyResult /// List of images. /// public readonly ImmutableArray Images; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// public readonly bool KubeCisEnabled; /// /// List of labels. @@ -193,7 +199,7 @@ public sealed class GetFunctionAssurancePolicyResult /// public readonly bool PackagesBlackListEnabled; /// - /// List of backlisted images. + /// List of blacklisted images. /// public readonly ImmutableArray PackagesBlackLists; /// diff --git a/sdk/dotnet/GetFunctionRuntimePolicy.cs b/sdk/dotnet/GetFunctionRuntimePolicy.cs index 9433d785..5c018d40 100644 --- a/sdk/dotnet/GetFunctionRuntimePolicy.cs +++ b/sdk/dotnet/GetFunctionRuntimePolicy.cs @@ -76,9 +76,30 @@ public static Output Invoke(GetFunctionRuntimePo public sealed class GetFunctionRuntimePolicyArgs : global::Pulumi.InvokeArgs { + [Input("driftPreventions")] + private List? _driftPreventions; + /// - /// Name of the function runtime policy + /// Drift prevention configuration. + /// + public List DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new List()); + set => _driftPreventions = value; + } + + [Input("executableBlacklists")] + private List? _executableBlacklists; + + /// + /// Executable blacklist configuration. /// + public List ExecutableBlacklists + { + get => _executableBlacklists ?? (_executableBlacklists = new List()); + set => _executableBlacklists = value; + } + [Input("name", required: true)] public string Name { get; set; } = null!; @@ -90,9 +111,30 @@ public GetFunctionRuntimePolicyArgs() public sealed class GetFunctionRuntimePolicyInvokeArgs : global::Pulumi.InvokeArgs { + [Input("driftPreventions")] + private InputList? _driftPreventions; + /// - /// Name of the function runtime policy + /// Drift prevention configuration. + /// + public InputList DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; + } + + [Input("executableBlacklists")] + private InputList? _executableBlacklists; + + /// + /// Executable blacklist configuration. /// + public InputList ExecutableBlacklists + { + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; + } + [Input("name", required: true)] public Input Name { get; set; } = null!; @@ -135,6 +177,10 @@ public sealed class GetFunctionRuntimePolicyResult /// public readonly string Description; /// + /// Drift prevention configuration. + /// + public readonly ImmutableArray DriftPreventions; + /// /// Indicates if the runtime policy is enabled or not. /// public readonly bool Enabled; @@ -143,6 +189,10 @@ public sealed class GetFunctionRuntimePolicyResult /// public readonly bool Enforce; /// + /// Executable blacklist configuration. + /// + public readonly ImmutableArray ExecutableBlacklists; + /// /// Honeypot User ID (Access Key) /// public readonly string HoneypotAccessKey; @@ -191,10 +241,14 @@ private GetFunctionRuntimePolicyResult( string description, + ImmutableArray driftPreventions, + bool enabled, bool enforce, + ImmutableArray executableBlacklists, + string honeypotAccessKey, ImmutableArray honeypotApplyOns, @@ -218,8 +272,10 @@ private GetFunctionRuntimePolicyResult( BlockRunningExecutablesInTmpFolder = blockRunningExecutablesInTmpFolder; BlockedExecutables = blockedExecutables; Description = description; + DriftPreventions = driftPreventions; Enabled = enabled; Enforce = enforce; + ExecutableBlacklists = executableBlacklists; HoneypotAccessKey = honeypotAccessKey; HoneypotApplyOns = honeypotApplyOns; HoneypotSecretKey = honeypotSecretKey; diff --git a/sdk/dotnet/GetHostAssurancePolicy.cs b/sdk/dotnet/GetHostAssurancePolicy.cs index 68a42f3f..706e2c82 100644 --- a/sdk/dotnet/GetHostAssurancePolicy.cs +++ b/sdk/dotnet/GetHostAssurancePolicy.cs @@ -75,7 +75,7 @@ public sealed class GetHostAssurancePolicyResult /// public readonly ImmutableArray BlacklistedLicenses; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// public readonly bool BlacklistedLicensesEnabled; /// @@ -93,15 +93,15 @@ public sealed class GetHostAssurancePolicyResult public readonly bool CustomChecksEnabled; public readonly bool CustomSeverityEnabled; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// public readonly bool CvesBlackListEnabled; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public readonly ImmutableArray CvesBlackLists; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// public readonly bool CvesWhiteListEnabled; /// @@ -125,6 +125,9 @@ public sealed class GetHostAssurancePolicyResult /// Indicates if malware should block the image. /// public readonly bool DisallowMalware; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// public readonly bool DockerCisEnabled; /// /// Name of the container image. @@ -164,6 +167,9 @@ public sealed class GetHostAssurancePolicyResult /// List of images. /// public readonly ImmutableArray Images; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// public readonly bool KubeCisEnabled; /// /// List of labels. @@ -193,7 +199,7 @@ public sealed class GetHostAssurancePolicyResult /// public readonly bool PackagesBlackListEnabled; /// - /// List of backlisted images. + /// List of blacklisted images. /// public readonly ImmutableArray PackagesBlackLists; /// diff --git a/sdk/dotnet/GetHostRuntimePolicy.cs b/sdk/dotnet/GetHostRuntimePolicy.cs index eec90f9a..1f6ee931 100644 --- a/sdk/dotnet/GetHostRuntimePolicy.cs +++ b/sdk/dotnet/GetHostRuntimePolicy.cs @@ -76,12 +76,44 @@ public static Output Invoke(GetHostRuntimePolicyInvo public sealed class GetHostRuntimePolicyArgs : global::Pulumi.InvokeArgs { + [Input("auditing")] + public Inputs.GetHostRuntimePolicyAuditingArgs? Auditing { get; set; } + + [Input("fileIntegrityMonitorings")] + private List? _fileIntegrityMonitorings; + /// - /// Name of the host runtime policy + /// Configuration for file integrity monitoring. /// + public List FileIntegrityMonitorings + { + get => _fileIntegrityMonitorings ?? (_fileIntegrityMonitorings = new List()); + set => _fileIntegrityMonitorings = value; + } + + [Input("malwareScanOptions")] + private List? _malwareScanOptions; + + /// + /// Configuration for Real-Time Malware Protection. + /// + public List MalwareScanOptions + { + get => _malwareScanOptions ?? (_malwareScanOptions = new List()); + set => _malwareScanOptions = value; + } + [Input("name", required: true)] public string Name { get; set; } = null!; + [Input("packageBlocks")] + private List? _packageBlocks; + public List PackageBlocks + { + get => _packageBlocks ?? (_packageBlocks = new List()); + set => _packageBlocks = value; + } + public GetHostRuntimePolicyArgs() { } @@ -90,12 +122,44 @@ public GetHostRuntimePolicyArgs() public sealed class GetHostRuntimePolicyInvokeArgs : global::Pulumi.InvokeArgs { + [Input("auditing")] + public Input? Auditing { get; set; } + + [Input("fileIntegrityMonitorings")] + private InputList? _fileIntegrityMonitorings; + /// - /// Name of the host runtime policy + /// Configuration for file integrity monitoring. + /// + public InputList FileIntegrityMonitorings + { + get => _fileIntegrityMonitorings ?? (_fileIntegrityMonitorings = new InputList()); + set => _fileIntegrityMonitorings = value; + } + + [Input("malwareScanOptions")] + private InputList? _malwareScanOptions; + + /// + /// Configuration for Real-Time Malware Protection. /// + public InputList MalwareScanOptions + { + get => _malwareScanOptions ?? (_malwareScanOptions = new InputList()); + set => _malwareScanOptions = value; + } + [Input("name", required: true)] public Input Name { get; set; } = null!; + [Input("packageBlocks")] + private InputList? _packageBlocks; + public InputList PackageBlocks + { + get => _packageBlocks ?? (_packageBlocks = new InputList()); + set => _packageBlocks = value; + } + public GetHostRuntimePolicyInvokeArgs() { } @@ -134,6 +198,7 @@ public sealed class GetHostRuntimePolicyResult /// If true, account management will be audited. /// public readonly bool AuditUserAccountManagement; + public readonly Outputs.GetHostRuntimePolicyAuditingResult? Auditing; /// /// Username of the account that created the service. /// @@ -153,7 +218,7 @@ public sealed class GetHostRuntimePolicyResult /// /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. /// - public readonly bool EnableIpReputationSecurity; + public readonly bool EnableIpReputation; /// /// Indicates if the runtime policy is enabled or not. /// @@ -210,10 +275,7 @@ public sealed class GetHostRuntimePolicyResult /// List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. /// public readonly ImmutableArray OsUsersBlockeds; - /// - /// List of packages that are not allowed read, write or execute all files that under the packages. - /// - public readonly ImmutableArray PackageBlocks; + public readonly ImmutableArray PackageBlocks; /// /// If true, port scanning behaviors will be audited. /// @@ -251,6 +313,8 @@ private GetHostRuntimePolicyResult( bool auditUserAccountManagement, + Outputs.GetHostRuntimePolicyAuditingResult? auditing, + string author, bool blockCryptocurrencyMining, @@ -259,7 +323,7 @@ private GetHostRuntimePolicyResult( string description, - bool enableIpReputationSecurity, + bool enableIpReputation, bool enabled, @@ -289,7 +353,7 @@ private GetHostRuntimePolicyResult( ImmutableArray osUsersBlockeds, - ImmutableArray packageBlocks, + ImmutableArray packageBlocks, bool portScanningDetection, @@ -308,11 +372,12 @@ private GetHostRuntimePolicyResult( AuditHostFailedLoginEvents = auditHostFailedLoginEvents; AuditHostSuccessfulLoginEvents = auditHostSuccessfulLoginEvents; AuditUserAccountManagement = auditUserAccountManagement; + Auditing = auditing; Author = author; BlockCryptocurrencyMining = blockCryptocurrencyMining; BlockedFiles = blockedFiles; Description = description; - EnableIpReputationSecurity = enableIpReputationSecurity; + EnableIpReputation = enableIpReputation; Enabled = enabled; Enforce = enforce; EnforceAfterDays = enforceAfterDays; diff --git a/sdk/dotnet/GetImage.cs b/sdk/dotnet/GetImage.cs index 8ef70c1a..03969bc9 100644 --- a/sdk/dotnet/GetImage.cs +++ b/sdk/dotnet/GetImage.cs @@ -22,15 +22,9 @@ public static Output Invoke(GetImageInvokeArgs args, InvokeOptio public sealed class GetImageArgs : global::Pulumi.InvokeArgs { - /// - /// The name of the registry where the image is stored. - /// [Input("registry", required: true)] public string Registry { get; set; } = null!; - /// - /// The name of the image's repository. - /// [Input("repository", required: true)] public string Repository { get; set; } = null!; @@ -48,15 +42,9 @@ public GetImageArgs() public sealed class GetImageInvokeArgs : global::Pulumi.InvokeArgs { - /// - /// The name of the registry where the image is stored. - /// [Input("registry", required: true)] public Input Registry { get; set; } = null!; - /// - /// The name of the image's repository. - /// [Input("repository", required: true)] public Input Repository { get; set; } = null!; diff --git a/sdk/dotnet/GetImageAssurancePolicy.cs b/sdk/dotnet/GetImageAssurancePolicy.cs index 8f601b7b..5f8cd638 100644 --- a/sdk/dotnet/GetImageAssurancePolicy.cs +++ b/sdk/dotnet/GetImageAssurancePolicy.cs @@ -75,7 +75,7 @@ public sealed class GetImageAssurancePolicyResult /// public readonly ImmutableArray BlacklistedLicenses; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// public readonly bool BlacklistedLicensesEnabled; /// @@ -93,15 +93,15 @@ public sealed class GetImageAssurancePolicyResult public readonly bool CustomChecksEnabled; public readonly bool CustomSeverityEnabled; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// public readonly bool CvesBlackListEnabled; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public readonly ImmutableArray CvesBlackLists; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// public readonly bool CvesWhiteListEnabled; /// @@ -125,6 +125,9 @@ public sealed class GetImageAssurancePolicyResult /// Indicates if malware should block the image. /// public readonly bool DisallowMalware; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// public readonly bool DockerCisEnabled; /// /// Name of the container image. @@ -164,6 +167,9 @@ public sealed class GetImageAssurancePolicyResult /// List of images. /// public readonly ImmutableArray Images; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// public readonly bool KubeCisEnabled; /// /// List of labels. @@ -193,7 +199,7 @@ public sealed class GetImageAssurancePolicyResult /// public readonly bool PackagesBlackListEnabled; /// - /// List of backlisted images. + /// List of blacklisted images. /// public readonly ImmutableArray PackagesBlackLists; /// diff --git a/sdk/dotnet/GetIntegrationRegistries.cs b/sdk/dotnet/GetIntegrationRegistries.cs new file mode 100644 index 00000000..59d79a86 --- /dev/null +++ b/sdk/dotnet/GetIntegrationRegistries.cs @@ -0,0 +1,466 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec +{ + public static class GetIntegrationRegistries + { + public static Task InvokeAsync(GetIntegrationRegistriesArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("aquasec:index/getIntegrationRegistries:getIntegrationRegistries", args ?? new GetIntegrationRegistriesArgs(), options.WithDefaults()); + + public static Output Invoke(GetIntegrationRegistriesInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("aquasec:index/getIntegrationRegistries:getIntegrationRegistries", args ?? new GetIntegrationRegistriesInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetIntegrationRegistriesArgs : global::Pulumi.InvokeArgs + { + /// + /// Automatically clean up that don't match the pull criteria + /// + [Input("advancedSettingsCleanup")] + public bool? AdvancedSettingsCleanup { get; set; } + + [Input("alwaysPullPatterns")] + private List? _alwaysPullPatterns; + + /// + /// List of image patterns to pull always + /// + public List AlwaysPullPatterns + { + get => _alwaysPullPatterns ?? (_alwaysPullPatterns = new List()); + set => _alwaysPullPatterns = value; + } + + /// + /// Additional condition for pulling and rescanning images, Defaults to 'none' + /// + [Input("imageCreationDateCondition")] + public string? ImageCreationDateCondition { get; set; } + + /// + /// The last time the registry was modified in UNIX time + /// + [Input("lastupdate")] + public int? Lastupdate { get; set; } + + /// + /// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + /// + [Input("name", required: true)] + public string Name { get; set; } = null!; + + [Input("options")] + private List? _options; + public List Options + { + get => _options ?? (_options = new List()); + set => _options = value; + } + + /// + /// When auto pull image enabled, sets maximum age of auto pulled images + /// + [Input("pullImageAge")] + public string? PullImageAge { get; set; } + + /// + /// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + /// + [Input("pullImageCount")] + public int? PullImageCount { get; set; } + + [Input("pullImageTagPatterns")] + private List? _pullImageTagPatterns; + + /// + /// List of image tags patterns to pull + /// + public List PullImageTagPatterns + { + get => _pullImageTagPatterns ?? (_pullImageTagPatterns = new List()); + set => _pullImageTagPatterns = value; + } + + [Input("pullRepoPatternsExcludeds")] + private List? _pullRepoPatternsExcludeds; + + /// + /// List of image patterns to exclude + /// + public List PullRepoPatternsExcludeds + { + get => _pullRepoPatternsExcludeds ?? (_pullRepoPatternsExcludeds = new List()); + set => _pullRepoPatternsExcludeds = value; + } + + /// + /// Registry scan timeout in Minutes + /// + [Input("registryScanTimeout")] + public int? RegistryScanTimeout { get; set; } + + [Input("scannerNames")] + private List? _scannerNames; + + /// + /// List of scanner names + /// + public List ScannerNames + { + get => _scannerNames ?? (_scannerNames = new List()); + set => _scannerNames = value; + } + + /// + /// Scanner type + /// + [Input("scannerType")] + public string? ScannerType { get; set; } + + [Input("webhooks")] + private List? _webhooks; + + /// + /// When enabled, registry events are sent to the given Aqua webhook url + /// + public List Webhooks + { + get => _webhooks ?? (_webhooks = new List()); + set => _webhooks = value; + } + + public GetIntegrationRegistriesArgs() + { + } + public static new GetIntegrationRegistriesArgs Empty => new GetIntegrationRegistriesArgs(); + } + + public sealed class GetIntegrationRegistriesInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// Automatically clean up that don't match the pull criteria + /// + [Input("advancedSettingsCleanup")] + public Input? AdvancedSettingsCleanup { get; set; } + + [Input("alwaysPullPatterns")] + private InputList? _alwaysPullPatterns; + + /// + /// List of image patterns to pull always + /// + public InputList AlwaysPullPatterns + { + get => _alwaysPullPatterns ?? (_alwaysPullPatterns = new InputList()); + set => _alwaysPullPatterns = value; + } + + /// + /// Additional condition for pulling and rescanning images, Defaults to 'none' + /// + [Input("imageCreationDateCondition")] + public Input? ImageCreationDateCondition { get; set; } + + /// + /// The last time the registry was modified in UNIX time + /// + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + /// + /// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + /// + [Input("name", required: true)] + public Input Name { get; set; } = null!; + + [Input("options")] + private InputList? _options; + public InputList Options + { + get => _options ?? (_options = new InputList()); + set => _options = value; + } + + /// + /// When auto pull image enabled, sets maximum age of auto pulled images + /// + [Input("pullImageAge")] + public Input? PullImageAge { get; set; } + + /// + /// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + /// + [Input("pullImageCount")] + public Input? PullImageCount { get; set; } + + [Input("pullImageTagPatterns")] + private InputList? _pullImageTagPatterns; + + /// + /// List of image tags patterns to pull + /// + public InputList PullImageTagPatterns + { + get => _pullImageTagPatterns ?? (_pullImageTagPatterns = new InputList()); + set => _pullImageTagPatterns = value; + } + + [Input("pullRepoPatternsExcludeds")] + private InputList? _pullRepoPatternsExcludeds; + + /// + /// List of image patterns to exclude + /// + public InputList PullRepoPatternsExcludeds + { + get => _pullRepoPatternsExcludeds ?? (_pullRepoPatternsExcludeds = new InputList()); + set => _pullRepoPatternsExcludeds = value; + } + + /// + /// Registry scan timeout in Minutes + /// + [Input("registryScanTimeout")] + public Input? RegistryScanTimeout { get; set; } + + [Input("scannerNames")] + private InputList? _scannerNames; + + /// + /// List of scanner names + /// + public InputList ScannerNames + { + get => _scannerNames ?? (_scannerNames = new InputList()); + set => _scannerNames = value; + } + + /// + /// Scanner type + /// + [Input("scannerType")] + public Input? ScannerType { get; set; } + + [Input("webhooks")] + private InputList? _webhooks; + + /// + /// When enabled, registry events are sent to the given Aqua webhook url + /// + public InputList Webhooks + { + get => _webhooks ?? (_webhooks = new InputList()); + set => _webhooks = value; + } + + public GetIntegrationRegistriesInvokeArgs() + { + } + public static new GetIntegrationRegistriesInvokeArgs Empty => new GetIntegrationRegistriesInvokeArgs(); + } + + + [OutputType] + public sealed class GetIntegrationRegistriesResult + { + /// + /// Automatically clean up that don't match the pull criteria + /// + public readonly bool? AdvancedSettingsCleanup; + /// + /// List of image patterns to pull always + /// + public readonly ImmutableArray AlwaysPullPatterns; + /// + /// Automatically clean up images and repositories which are no longer present in the registry from Aqua console + /// + public readonly bool AutoCleanup; + /// + /// Whether to automatically pull images from the registry on creation and daily + /// + public readonly bool AutoPull; + /// + /// The interval in days to start pulling new images from the registry, Defaults to 1 + /// + public readonly int AutoPullInterval; + /// + /// Maximum number of repositories to pull every day, defaults to 100 + /// + public readonly int AutoPullMax; + /// + /// Whether to automatically pull and rescan images from the registry on creation and daily + /// + public readonly bool AutoPullRescan; + /// + /// The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 + /// + public readonly string AutoPullTime; + /// + /// The description of the registry + /// + public readonly string Description; + /// + /// The provider-assigned unique ID for this managed resource. + /// + public readonly string Id; + /// + /// Additional condition for pulling and rescanning images, Defaults to 'none' + /// + public readonly string ImageCreationDateCondition; + /// + /// The last time the registry was modified in UNIX time + /// + public readonly int Lastupdate; + /// + /// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + /// + public readonly string Name; + public readonly ImmutableArray Options; + /// + /// The password for registry authentication + /// + public readonly string Password; + /// + /// List of possible prefixes to image names pulled from the registry + /// + public readonly ImmutableArray Prefixes; + /// + /// When auto pull image enabled, sets maximum age of auto pulled images + /// + public readonly string PullImageAge; + /// + /// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + /// + public readonly int PullImageCount; + /// + /// List of image tags patterns to pull + /// + public readonly ImmutableArray PullImageTagPatterns; + /// + /// List of image patterns to exclude + /// + public readonly ImmutableArray PullRepoPatternsExcludeds; + /// + /// Registry scan timeout in Minutes + /// + public readonly int? RegistryScanTimeout; + /// + /// List of scanner names + /// + public readonly ImmutableArray ScannerNames; + /// + /// Scanner type + /// + public readonly string ScannerType; + /// + /// Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). + /// + public readonly string Type; + /// + /// The URL, address or region of the registry + /// + public readonly string Url; + /// + /// The username for registry authentication. + /// + public readonly string Username; + /// + /// When enabled, registry events are sent to the given Aqua webhook url + /// + public readonly ImmutableArray Webhooks; + + [OutputConstructor] + private GetIntegrationRegistriesResult( + bool? advancedSettingsCleanup, + + ImmutableArray alwaysPullPatterns, + + bool autoCleanup, + + bool autoPull, + + int autoPullInterval, + + int autoPullMax, + + bool autoPullRescan, + + string autoPullTime, + + string description, + + string id, + + string imageCreationDateCondition, + + int lastupdate, + + string name, + + ImmutableArray options, + + string password, + + ImmutableArray prefixes, + + string pullImageAge, + + int pullImageCount, + + ImmutableArray pullImageTagPatterns, + + ImmutableArray pullRepoPatternsExcludeds, + + int? registryScanTimeout, + + ImmutableArray scannerNames, + + string scannerType, + + string type, + + string url, + + string username, + + ImmutableArray webhooks) + { + AdvancedSettingsCleanup = advancedSettingsCleanup; + AlwaysPullPatterns = alwaysPullPatterns; + AutoCleanup = autoCleanup; + AutoPull = autoPull; + AutoPullInterval = autoPullInterval; + AutoPullMax = autoPullMax; + AutoPullRescan = autoPullRescan; + AutoPullTime = autoPullTime; + Description = description; + Id = id; + ImageCreationDateCondition = imageCreationDateCondition; + Lastupdate = lastupdate; + Name = name; + Options = options; + Password = password; + Prefixes = prefixes; + PullImageAge = pullImageAge; + PullImageCount = pullImageCount; + PullImageTagPatterns = pullImageTagPatterns; + PullRepoPatternsExcludeds = pullRepoPatternsExcludeds; + RegistryScanTimeout = registryScanTimeout; + ScannerNames = scannerNames; + ScannerType = scannerType; + Type = type; + Url = url; + Username = username; + Webhooks = webhooks; + } + } +} diff --git a/sdk/dotnet/GetIntegrationRegistry.cs b/sdk/dotnet/GetIntegrationRegistry.cs index e5a281f8..39853658 100644 --- a/sdk/dotnet/GetIntegrationRegistry.cs +++ b/sdk/dotnet/GetIntegrationRegistry.cs @@ -10,6 +10,7 @@ namespace Pulumiverse.Aquasec { + [Obsolete(@"aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries")] public static class GetIntegrationRegistry { public static Task InvokeAsync(GetIntegrationRegistryArgs args, InvokeOptions? options = null) @@ -22,39 +23,23 @@ public static Output Invoke(GetIntegrationRegistry public sealed class GetIntegrationRegistryArgs : global::Pulumi.InvokeArgs { - /// - /// Automatically clean up that don't match the pull criteria - /// [Input("advancedSettingsCleanup")] public bool? AdvancedSettingsCleanup { get; set; } [Input("alwaysPullPatterns")] private List? _alwaysPullPatterns; - - /// - /// List of image patterns to pull always - /// public List AlwaysPullPatterns { get => _alwaysPullPatterns ?? (_alwaysPullPatterns = new List()); set => _alwaysPullPatterns = value; } - /// - /// Additional condition for pulling and rescanning images, Defaults to 'none' - /// [Input("imageCreationDateCondition")] public string? ImageCreationDateCondition { get; set; } - /// - /// The last time the registry was modified in UNIX time - /// [Input("lastupdate")] public int? Lastupdate { get; set; } - /// - /// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - /// [Input("name", required: true)] public string Name { get; set; } = null!; @@ -66,24 +51,14 @@ public List Options set => _options = value; } - /// - /// When auto pull image enabled, sets maximum age of auto pulled images - /// [Input("pullImageAge")] public string? PullImageAge { get; set; } - /// - /// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - /// [Input("pullImageCount")] public int? PullImageCount { get; set; } [Input("pullImageTagPatterns")] private List? _pullImageTagPatterns; - - /// - /// List of image tags patterns to pull - /// public List PullImageTagPatterns { get => _pullImageTagPatterns ?? (_pullImageTagPatterns = new List()); @@ -92,46 +67,28 @@ public List PullImageTagPatterns [Input("pullRepoPatternsExcludeds")] private List? _pullRepoPatternsExcludeds; - - /// - /// List of image patterns to exclude - /// public List PullRepoPatternsExcludeds { get => _pullRepoPatternsExcludeds ?? (_pullRepoPatternsExcludeds = new List()); set => _pullRepoPatternsExcludeds = value; } - /// - /// Registry scan timeout in Minutes - /// [Input("registryScanTimeout")] public int? RegistryScanTimeout { get; set; } [Input("scannerNames")] private List? _scannerNames; - - /// - /// List of scanner names - /// public List ScannerNames { get => _scannerNames ?? (_scannerNames = new List()); set => _scannerNames = value; } - /// - /// Scanner type - /// [Input("scannerType")] public string? ScannerType { get; set; } [Input("webhooks")] private List? _webhooks; - - /// - /// When enabled, registry events are sent to the given Aqua webhook url - /// public List Webhooks { get => _webhooks ?? (_webhooks = new List()); @@ -146,39 +103,23 @@ public GetIntegrationRegistryArgs() public sealed class GetIntegrationRegistryInvokeArgs : global::Pulumi.InvokeArgs { - /// - /// Automatically clean up that don't match the pull criteria - /// [Input("advancedSettingsCleanup")] public Input? AdvancedSettingsCleanup { get; set; } [Input("alwaysPullPatterns")] private InputList? _alwaysPullPatterns; - - /// - /// List of image patterns to pull always - /// public InputList AlwaysPullPatterns { get => _alwaysPullPatterns ?? (_alwaysPullPatterns = new InputList()); set => _alwaysPullPatterns = value; } - /// - /// Additional condition for pulling and rescanning images, Defaults to 'none' - /// [Input("imageCreationDateCondition")] public Input? ImageCreationDateCondition { get; set; } - /// - /// The last time the registry was modified in UNIX time - /// [Input("lastupdate")] public Input? Lastupdate { get; set; } - /// - /// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - /// [Input("name", required: true)] public Input Name { get; set; } = null!; @@ -190,24 +131,14 @@ public InputList Options set => _options = value; } - /// - /// When auto pull image enabled, sets maximum age of auto pulled images - /// [Input("pullImageAge")] public Input? PullImageAge { get; set; } - /// - /// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - /// [Input("pullImageCount")] public Input? PullImageCount { get; set; } [Input("pullImageTagPatterns")] private InputList? _pullImageTagPatterns; - - /// - /// List of image tags patterns to pull - /// public InputList PullImageTagPatterns { get => _pullImageTagPatterns ?? (_pullImageTagPatterns = new InputList()); @@ -216,46 +147,28 @@ public InputList PullImageTagPatterns [Input("pullRepoPatternsExcludeds")] private InputList? _pullRepoPatternsExcludeds; - - /// - /// List of image patterns to exclude - /// public InputList PullRepoPatternsExcludeds { get => _pullRepoPatternsExcludeds ?? (_pullRepoPatternsExcludeds = new InputList()); set => _pullRepoPatternsExcludeds = value; } - /// - /// Registry scan timeout in Minutes - /// [Input("registryScanTimeout")] public Input? RegistryScanTimeout { get; set; } [Input("scannerNames")] private InputList? _scannerNames; - - /// - /// List of scanner names - /// public InputList ScannerNames { get => _scannerNames ?? (_scannerNames = new InputList()); set => _scannerNames = value; } - /// - /// Scanner type - /// [Input("scannerType")] public Input? ScannerType { get; set; } [Input("webhooks")] private InputList? _webhooks; - - /// - /// When enabled, registry events are sent to the given Aqua webhook url - /// public InputList Webhooks { get => _webhooks ?? (_webhooks = new InputList()); @@ -272,110 +185,35 @@ public GetIntegrationRegistryInvokeArgs() [OutputType] public sealed class GetIntegrationRegistryResult { - /// - /// Automatically clean up that don't match the pull criteria - /// public readonly bool? AdvancedSettingsCleanup; - /// - /// List of image patterns to pull always - /// public readonly ImmutableArray AlwaysPullPatterns; - /// - /// Automatically clean up images and repositories which are no longer present in the registry from Aqua console - /// public readonly bool AutoCleanup; - /// - /// Whether to automatically pull images from the registry on creation and daily - /// public readonly bool AutoPull; - /// - /// The interval in days to start pulling new images from the registry, Defaults to 1 - /// public readonly int AutoPullInterval; - /// - /// Maximum number of repositories to pull every day, defaults to 100 - /// public readonly int AutoPullMax; - /// - /// Whether to automatically pull and rescan images from the registry on creation and daily - /// public readonly bool AutoPullRescan; - /// - /// The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 - /// public readonly string AutoPullTime; - /// - /// The description of the registry - /// public readonly string Description; /// /// The provider-assigned unique ID for this managed resource. /// public readonly string Id; - /// - /// Additional condition for pulling and rescanning images, Defaults to 'none' - /// public readonly string ImageCreationDateCondition; - /// - /// The last time the registry was modified in UNIX time - /// public readonly int Lastupdate; - /// - /// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - /// public readonly string Name; public readonly ImmutableArray Options; - /// - /// The password for registry authentication - /// public readonly string Password; - /// - /// List of possible prefixes to image names pulled from the registry - /// public readonly ImmutableArray Prefixes; - /// - /// When auto pull image enabled, sets maximum age of auto pulled images - /// public readonly string PullImageAge; - /// - /// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - /// public readonly int PullImageCount; - /// - /// List of image tags patterns to pull - /// public readonly ImmutableArray PullImageTagPatterns; - /// - /// List of image patterns to exclude - /// public readonly ImmutableArray PullRepoPatternsExcludeds; - /// - /// Registry scan timeout in Minutes - /// public readonly int? RegistryScanTimeout; - /// - /// List of scanner names - /// public readonly ImmutableArray ScannerNames; - /// - /// Scanner type - /// public readonly string ScannerType; - /// - /// Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). - /// public readonly string Type; - /// - /// The URL, address or region of the registry - /// public readonly string Url; - /// - /// The username for registry authentication. - /// public readonly string Username; - /// - /// When enabled, registry events are sent to the given Aqua webhook url - /// public readonly ImmutableArray Webhooks; [OutputConstructor] diff --git a/sdk/dotnet/GetKubernetesAssurancePolicy.cs b/sdk/dotnet/GetKubernetesAssurancePolicy.cs index 06a5a916..fdcbf0ab 100644 --- a/sdk/dotnet/GetKubernetesAssurancePolicy.cs +++ b/sdk/dotnet/GetKubernetesAssurancePolicy.cs @@ -75,7 +75,7 @@ public sealed class GetKubernetesAssurancePolicyResult /// public readonly ImmutableArray BlacklistedLicenses; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// public readonly bool BlacklistedLicensesEnabled; /// @@ -93,31 +93,31 @@ public sealed class GetKubernetesAssurancePolicyResult public readonly bool CustomChecksEnabled; public readonly bool CustomSeverityEnabled; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// public readonly bool CvesBlackListEnabled; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public readonly ImmutableArray CvesBlackLists; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// public readonly bool CvesWhiteListEnabled; /// - /// List of cves whitelisted licenses + /// List of CVEs whitelisted licenses /// public readonly ImmutableArray CvesWhiteLists; /// - /// Identifier of the cvss severity. + /// Identifier of the CVSS severity. /// public readonly string CvssSeverity; /// - /// Indicates if the cvss severity is scanned. + /// Indicates if the CVSS severity is scanned. /// public readonly bool CvssSeverityEnabled; /// - /// Indicates that policy should ignore cvss cases that do not have a known fix. + /// Indicates that policy should ignore CVSS cases that do not have a known fix. /// public readonly bool CvssSeverityExcludeNoFix; public readonly string Description; @@ -125,6 +125,9 @@ public sealed class GetKubernetesAssurancePolicyResult /// Indicates if malware should block the image. /// public readonly bool DisallowMalware; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// public readonly bool DockerCisEnabled; /// /// Name of the container image. @@ -137,9 +140,12 @@ public sealed class GetKubernetesAssurancePolicyResult public readonly bool Enforce; public readonly int EnforceAfterDays; public readonly bool EnforceExcessivePermissions; + /// + /// Directories to be excluded from monitoring. + /// public readonly ImmutableArray ExceptionalMonitoredMalwarePaths; /// - /// Indicates if cicd failures will fail the image. + /// Indicates if CI/CD failures will fail the image. /// public readonly bool FailCicd; public readonly ImmutableArray ForbiddenLabels; @@ -164,6 +170,9 @@ public sealed class GetKubernetesAssurancePolicyResult /// List of images. /// public readonly ImmutableArray Images; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// public readonly bool KubeCisEnabled; /// /// List of kubernetes control names @@ -186,6 +195,9 @@ public sealed class GetKubernetesAssurancePolicyResult /// Indicates that policy should ignore cases that do not have a known fix. /// public readonly bool MaximumScoreExcludeNoFix; + /// + /// Directories to be monitored. + /// public readonly ImmutableArray MonitoredMalwarePaths; public readonly string Name; /// @@ -197,7 +209,7 @@ public sealed class GetKubernetesAssurancePolicyResult /// public readonly bool PackagesBlackListEnabled; /// - /// List of backlisted images. + /// List of blacklisted images. /// public readonly ImmutableArray PackagesBlackLists; /// @@ -223,7 +235,7 @@ public sealed class GetKubernetesAssurancePolicyResult /// public readonly bool ScanSensitiveData; /// - /// Indicates if scanning should include scap. + /// Indicates if scanning should include SCAP. /// public readonly bool ScapEnabled; /// diff --git a/sdk/dotnet/GetService.cs b/sdk/dotnet/GetService.cs index b7eda7b0..bfa8f68e 100644 --- a/sdk/dotnet/GetService.cs +++ b/sdk/dotnet/GetService.cs @@ -22,9 +22,6 @@ public static Output Invoke(GetServiceInvokeArgs args, InvokeO public sealed class GetServiceArgs : global::Pulumi.InvokeArgs { - /// - /// The name of the service. It is recommended not to use whitespace characters in the name. - /// [Input("name", required: true)] public string Name { get; set; } = null!; @@ -36,9 +33,6 @@ public GetServiceArgs() public sealed class GetServiceInvokeArgs : global::Pulumi.InvokeArgs { - /// - /// The name of the service. It is recommended not to use whitespace characters in the name. - /// [Input("name", required: true)] public Input Name { get; set; } = null!; diff --git a/sdk/dotnet/HostAssurancePolicy.cs b/sdk/dotnet/HostAssurancePolicy.cs index 59386d65..832c4975 100644 --- a/sdk/dotnet/HostAssurancePolicy.cs +++ b/sdk/dotnet/HostAssurancePolicy.cs @@ -10,9 +10,22 @@ namespace Pulumiverse.Aquasec { + /// + /// Host Assurance is a subsystem of Aqua. It is responsible for: + /// Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. + /// Evaluates scan findings according to defined Host Assurance Policies. + /// Determines host compliance based on these policies. + /// Generates an audit event for host assurance failure. + /// [AquasecResourceType("aquasec:index/hostAssurancePolicy:HostAssurancePolicy")] public partial class HostAssurancePolicy : global::Pulumi.CustomResource { + /// + /// Aggregated vulnerability information. + /// + [Output("aggregatedVulnerability")] + public Output?> AggregatedVulnerability { get; private set; } = null!; + /// /// List of explicitly allowed images. /// @@ -22,6 +35,12 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("applicationScopes")] public Output> ApplicationScopes { get; private set; } = null!; + /// + /// What type of assurance policy is described. + /// + [Output("assuranceType")] + public Output AssuranceType { get; private set; } = null!; + /// /// Indicates if auditing for failures. /// @@ -62,7 +81,7 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource public Output> BlacklistedLicenses { get; private set; } = null!; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Output("blacklistedLicensesEnabled")] public Output BlacklistedLicensesEnabled { get; private set; } = null!; @@ -88,23 +107,26 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("customChecksEnabled")] public Output CustomChecksEnabled { get; private set; } = null!; + [Output("customSeverity")] + public Output CustomSeverity { get; private set; } = null!; + [Output("customSeverityEnabled")] public Output CustomSeverityEnabled { get; private set; } = null!; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Output("cvesBlackListEnabled")] public Output CvesBlackListEnabled { get; private set; } = null!; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// [Output("cvesBlackLists")] public Output> CvesBlackLists { get; private set; } = null!; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Output("cvesWhiteListEnabled")] public Output CvesWhiteListEnabled { get; private set; } = null!; @@ -136,12 +158,18 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; + [Output("disallowExploitTypes")] + public Output> DisallowExploitTypes { get; private set; } = null!; + /// /// Indicates if malware should block the image. /// [Output("disallowMalware")] public Output DisallowMalware { get; private set; } = null!; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Output("dockerCisEnabled")] public Output DockerCisEnabled { get; private set; } = null!; @@ -175,6 +203,9 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("exceptionalMonitoredMalwarePaths")] public Output> ExceptionalMonitoredMalwarePaths { get; private set; } = null!; + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + /// /// Indicates if cicd failures will fail the image. /// @@ -193,6 +224,9 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("functionIntegrityEnabled")] public Output FunctionIntegrityEnabled { get; private set; } = null!; + [Output("ignoreBaseImageVln")] + public Output IgnoreBaseImageVln { get; private set; } = null!; + [Output("ignoreRecentlyPublishedVln")] public Output IgnoreRecentlyPublishedVln { get; private set; } = null!; @@ -211,21 +245,42 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("ignoredRiskResources")] public Output> IgnoredRiskResources { get; private set; } = null!; + [Output("ignoredSensitiveResources")] + public Output> IgnoredSensitiveResources { get; private set; } = null!; + /// /// List of images. /// [Output("images")] public Output> Images { get; private set; } = null!; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Output("kubeCisEnabled")] public Output KubeCisEnabled { get; private set; } = null!; + [Output("kubernetesControls")] + public Output> KubernetesControls { get; private set; } = null!; + + [Output("kubernetesControlsAvdIds")] + public Output> KubernetesControlsAvdIds { get; private set; } = null!; + + [Output("kubernetesControlsNames")] + public Output> KubernetesControlsNames { get; private set; } = null!; + /// /// List of labels. /// [Output("labels")] public Output> Labels { get; private set; } = null!; + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + [Output("linuxCisEnabled")] + public Output LinuxCisEnabled { get; private set; } = null!; + [Output("malwareAction")] public Output MalwareAction { get; private set; } = null!; @@ -259,6 +314,9 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("onlyNoneRootUsers")] public Output OnlyNoneRootUsers { get; private set; } = null!; + [Output("openshiftHardeningEnabled")] + public Output OpenshiftHardeningEnabled { get; private set; } = null!; + /// /// Indicates if packages blacklist is relevant. /// @@ -266,7 +324,7 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource public Output PackagesBlackListEnabled { get; private set; } = null!; /// - /// List of backlisted images. + /// List of blacklisted images. /// [Output("packagesBlackLists")] public Output> PackagesBlackLists { get; private set; } = null!; @@ -286,6 +344,12 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("partialResultsImageFail")] public Output PartialResultsImageFail { get; private set; } = null!; + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("policySettings")] + public Output PolicySettings { get; private set; } = null!; + [Output("readOnly")] public Output ReadOnly { get; private set; } = null!; @@ -304,15 +368,24 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("requiredLabelsEnabled")] public Output RequiredLabelsEnabled { get; private set; } = null!; + [Output("scanMalwareInArchives")] + public Output ScanMalwareInArchives { get; private set; } = null!; + [Output("scanNfsMounts")] public Output ScanNfsMounts { get; private set; } = null!; + [Output("scanProcessMemory")] + public Output ScanProcessMemory { get; private set; } = null!; + /// /// Indicates if scan should include sensitive data in the image. /// [Output("scanSensitiveData")] public Output ScanSensitiveData { get; private set; } = null!; + [Output("scanWindowsRegistry")] + public Output ScanWindowsRegistry { get; private set; } = null!; + /// /// Indicates if scanning should include scap. /// @@ -340,6 +413,12 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("trustedBaseImagesEnabled")] public Output TrustedBaseImagesEnabled { get; private set; } = null!; + [Output("vulnerabilityExploitability")] + public Output VulnerabilityExploitability { get; private set; } = null!; + + [Output("vulnerabilityScoreRanges")] + public Output> VulnerabilityScoreRanges { get; private set; } = null!; + /// /// List of whitelisted licenses. /// @@ -352,6 +431,12 @@ public partial class HostAssurancePolicy : global::Pulumi.CustomResource [Output("whitelistedLicensesEnabled")] public Output WhitelistedLicensesEnabled { get; private set; } = null!; + /// + /// Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + /// + [Output("windowsCisEnabled")] + public Output WindowsCisEnabled { get; private set; } = null!; + /// /// Create a HostAssurancePolicy resource with the given unique name, arguments, and options. @@ -399,6 +484,18 @@ public static HostAssurancePolicy Get(string name, Input id, HostAssuran public sealed class HostAssurancePolicyArgs : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -419,12 +516,24 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// [Input("auditOnFailure")] public Input? AuditOnFailure { get; set; } + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + [Input("autoScanConfigured")] public Input? AutoScanConfigured { get; set; } @@ -470,7 +579,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -502,11 +611,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -515,7 +627,7 @@ public InputList CustomChecks private InputList? _cvesBlackLists; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public InputList CvesBlackLists { @@ -524,7 +636,7 @@ public InputList CvesBlackLists } /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Input("cvesWhiteListEnabled")] public Input? CvesWhiteListEnabled { get; set; } @@ -562,12 +674,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -606,6 +729,14 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + /// /// Indicates if cicd failures will fail the image. /// @@ -629,9 +760,15 @@ public InputList ForbiddenLabels [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } + [Input("ignoreRecentlyPublishedVlnPeriod")] + public Input? IgnoreRecentlyPublishedVlnPeriod { get; set; } + /// /// Indicates if risk resources are ignored. /// @@ -650,6 +787,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -662,9 +807,36 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + [Input("labels")] private InputList? _labels; @@ -677,6 +849,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -715,6 +893,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -725,7 +906,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -754,6 +935,12 @@ public InputList PackagesWhiteL [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -783,15 +970,24 @@ public InputList RequiredLabels [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -836,6 +1032,17 @@ public InputList TrustedBaseImag [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; @@ -854,6 +1061,12 @@ public InputList WhitelistedLicenses [Input("whitelistedLicensesEnabled")] public Input? WhitelistedLicensesEnabled { get; set; } + /// + /// Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + /// + [Input("windowsCisEnabled")] + public Input? WindowsCisEnabled { get; set; } + public HostAssurancePolicyArgs() { } @@ -862,6 +1075,18 @@ public HostAssurancePolicyArgs() public sealed class HostAssurancePolicyState : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -882,6 +1107,12 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// @@ -939,7 +1170,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -971,11 +1202,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -984,7 +1218,7 @@ public InputList CustomChecks private InputList? _cvesBlackLists; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public InputList CvesBlackLists { @@ -993,7 +1227,7 @@ public InputList CvesBlackLists } /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Input("cvesWhiteListEnabled")] public Input? CvesWhiteListEnabled { get; set; } @@ -1031,12 +1265,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -1075,6 +1320,14 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + /// /// Indicates if cicd failures will fail the image. /// @@ -1098,6 +1351,9 @@ public InputList ForbiddenLabel [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } @@ -1122,6 +1378,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -1134,9 +1398,36 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + [Input("labels")] private InputList? _labels; @@ -1149,6 +1440,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -1187,6 +1484,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -1197,7 +1497,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -1226,6 +1526,12 @@ public InputList PackagesWhi [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -1255,15 +1561,24 @@ public InputList RequiredLabels [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -1308,6 +1623,17 @@ public InputList TrustedBaseI [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; @@ -1326,6 +1652,12 @@ public InputList WhitelistedLicenses [Input("whitelistedLicensesEnabled")] public Input? WhitelistedLicensesEnabled { get; set; } + /// + /// Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + /// + [Input("windowsCisEnabled")] + public Input? WindowsCisEnabled { get; set; } + public HostAssurancePolicyState() { } diff --git a/sdk/dotnet/HostRuntimePolicy.cs b/sdk/dotnet/HostRuntimePolicy.cs index a5ed8551..1abb5165 100644 --- a/sdk/dotnet/HostRuntimePolicy.cs +++ b/sdk/dotnet/HostRuntimePolicy.cs @@ -10,186 +10,26 @@ namespace Pulumiverse.Aquasec { - /// - /// ## Example Usage - /// - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Aquasec = Pulumiverse.Aquasec; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var hostRuntimePolicy = new Aquasec.HostRuntimePolicy("hostRuntimePolicy", new() - /// { - /// ApplicationScopes = new[] - /// { - /// "Global", - /// }, - /// AuditAllOsUserActivity = true, - /// AuditBruteForceLogin = true, - /// AuditFullCommandArguments = true, - /// AuditHostFailedLoginEvents = true, - /// AuditHostSuccessfulLoginEvents = true, - /// AuditUserAccountManagement = true, - /// BlockCryptocurrencyMining = true, - /// BlockedFiles = new[] - /// { - /// "blocked", - /// }, - /// Description = "host_runtime_policy", - /// EnableIpReputationSecurity = true, - /// Enabled = true, - /// Enforce = false, - /// FileIntegrityMonitoring = new Aquasec.Inputs.HostRuntimePolicyFileIntegrityMonitoringArgs - /// { - /// ExcludedPaths = new[] - /// { - /// "expaths", - /// }, - /// ExcludedProcesses = new[] - /// { - /// "exprocess", - /// }, - /// ExcludedUsers = new[] - /// { - /// "expuser", - /// }, - /// MonitorAttributes = true, - /// MonitorCreate = true, - /// MonitorDelete = true, - /// MonitorModify = true, - /// MonitorRead = true, - /// MonitoredPaths = new[] - /// { - /// "paths", - /// }, - /// MonitoredProcesses = new[] - /// { - /// "process", - /// }, - /// MonitoredUsers = new[] - /// { - /// "user", - /// }, - /// }, - /// MonitorSystemLogIntegrity = true, - /// MonitorSystemTimeChanges = true, - /// MonitorWindowsServices = true, - /// OsGroupsAlloweds = new[] - /// { - /// "group1", - /// }, - /// OsGroupsBlockeds = new[] - /// { - /// "group2", - /// }, - /// OsUsersAlloweds = new[] - /// { - /// "user1", - /// }, - /// OsUsersBlockeds = new[] - /// { - /// "user2", - /// }, - /// PackageBlocks = new[] - /// { - /// "package1", - /// }, - /// PortScanningDetection = true, - /// ScopeVariables = new[] - /// { - /// new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs - /// { - /// Attribute = "kubernetes.cluster", - /// Value = "default", - /// }, - /// new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs - /// { - /// Attribute = "kubernetes.label", - /// Name = "app", - /// Value = "aqua", - /// }, - /// }, - /// WindowsRegistryMonitoring = new Aquasec.Inputs.HostRuntimePolicyWindowsRegistryMonitoringArgs - /// { - /// ExcludedPaths = new[] - /// { - /// "expaths", - /// }, - /// ExcludedProcesses = new[] - /// { - /// "exprocess", - /// }, - /// ExcludedUsers = new[] - /// { - /// "expuser", - /// }, - /// MonitorAttributes = true, - /// MonitorCreate = true, - /// MonitorDelete = true, - /// MonitorModify = true, - /// MonitorRead = true, - /// MonitoredPaths = new[] - /// { - /// "paths", - /// }, - /// MonitoredProcesses = new[] - /// { - /// "process", - /// }, - /// MonitoredUsers = new[] - /// { - /// "user", - /// }, - /// }, - /// WindowsRegistryProtection = new Aquasec.Inputs.HostRuntimePolicyWindowsRegistryProtectionArgs - /// { - /// ExcludedPaths = new[] - /// { - /// "expaths", - /// }, - /// ExcludedProcesses = new[] - /// { - /// "exprocess", - /// }, - /// ExcludedUsers = new[] - /// { - /// "expuser", - /// }, - /// ProtectedPaths = new[] - /// { - /// "paths", - /// }, - /// ProtectedProcesses = new[] - /// { - /// "process", - /// }, - /// ProtectedUsers = new[] - /// { - /// "user", - /// }, - /// }, - /// }); - /// - /// }); - /// ``` - /// [AquasecResourceType("aquasec:index/hostRuntimePolicy:HostRuntimePolicy")] public partial class HostRuntimePolicy : global::Pulumi.CustomResource { /// - /// Indicates the application scope of the service. + /// Allowed executables configuration. /// - [Output("applicationScopes")] - public Output> ApplicationScopes { get; private set; } = null!; + [Output("allowedExecutables")] + public Output> AllowedExecutables { get; private set; } = null!; /// - /// If true, all process activity will be audited. + /// List of allowed registries. /// - [Output("auditAllOsUserActivity")] - public Output AuditAllOsUserActivity { get; private set; } = null!; + [Output("allowedRegistries")] + public Output> AllowedRegistries { get; private set; } = null!; + + /// + /// Indicates the application scope of the service. + /// + [Output("applicationScopes")] + public Output> ApplicationScopes { get; private set; } = null!; /// /// Detects brute force login attempts @@ -221,38 +61,92 @@ public partial class HostRuntimePolicy : global::Pulumi.CustomResource [Output("auditUserAccountManagement")] public Output AuditUserAccountManagement { get; private set; } = null!; + [Output("auditing")] + public Output Auditing { get; private set; } = null!; + /// /// Username of the account that created the service. /// [Output("author")] public Output Author { get; private set; } = null!; + [Output("blacklistedOsUsers")] + public Output BlacklistedOsUsers { get; private set; } = null!; + + [Output("blockContainerExec")] + public Output BlockContainerExec { get; private set; } = null!; + /// /// Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining /// [Output("blockCryptocurrencyMining")] public Output BlockCryptocurrencyMining { get; private set; } = null!; + [Output("blockDisallowedImages")] + public Output BlockDisallowedImages { get; private set; } = null!; + + [Output("blockFilelessExec")] + public Output BlockFilelessExec { get; private set; } = null!; + + [Output("blockNonCompliantWorkloads")] + public Output BlockNonCompliantWorkloads { get; private set; } = null!; + + [Output("blockNonK8sContainers")] + public Output BlockNonK8sContainers { get; private set; } = null!; + /// /// List of files that are prevented from being read, modified and executed in the containers. /// [Output("blockedFiles")] public Output> BlockedFiles { get; private set; } = null!; + /// + /// Bypass scope configuration. + /// + [Output("bypassScopes")] + public Output> BypassScopes { get; private set; } = null!; + + [Output("containerExec")] + public Output ContainerExec { get; private set; } = null!; + + [Output("created")] + public Output Created { get; private set; } = null!; + + [Output("cve")] + public Output Cve { get; private set; } = null!; + + [Output("defaultSecurityProfile")] + public Output DefaultSecurityProfile { get; private set; } = null!; + /// /// The description of the host runtime policy /// [Output("description")] public Output Description { get; private set; } = null!; + [Output("digest")] + public Output Digest { get; private set; } = null!; + /// - /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + /// Drift prevention configuration. /// - [Output("enableIpReputationSecurity")] - public Output EnableIpReputationSecurity { get; private set; } = null!; + [Output("driftPreventions")] + public Output> DriftPreventions { get; private set; } = null!; + + [Output("enableCryptoMiningDns")] + public Output EnableCryptoMiningDns { get; private set; } = null!; + + [Output("enableForkGuard")] + public Output EnableForkGuard { get; private set; } = null!; + + [Output("enableIpReputation")] + public Output EnableIpReputation { get; private set; } = null!; + + [Output("enablePortScanProtection")] + public Output EnablePortScanProtection { get; private set; } = null!; /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -269,17 +163,65 @@ public partial class HostRuntimePolicy : global::Pulumi.CustomResource [Output("enforceAfterDays")] public Output EnforceAfterDays { get; private set; } = null!; + [Output("enforceSchedulerAddedOn")] + public Output EnforceSchedulerAddedOn { get; private set; } = null!; + + /// + /// List of excluded application scopes. + /// + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + + /// + /// Executable blacklist configuration. + /// + [Output("executableBlacklists")] + public Output> ExecutableBlacklists { get; private set; } = null!; + + [Output("failedKubernetesChecks")] + public Output FailedKubernetesChecks { get; private set; } = null!; + + [Output("fileBlock")] + public Output FileBlock { get; private set; } = null!; + /// /// Configuration for file integrity monitoring. /// [Output("fileIntegrityMonitoring")] - public Output FileIntegrityMonitoring { get; private set; } = null!; + public Output FileIntegrityMonitoring { get; private set; } = null!; + + [Output("forkGuardProcessLimit")] + public Output ForkGuardProcessLimit { get; private set; } = null!; + + [Output("imageName")] + public Output ImageName { get; private set; } = null!; + + [Output("isAuditChecked")] + public Output IsAuditChecked { get; private set; } = null!; + + [Output("isAutoGenerated")] + public Output IsAutoGenerated { get; private set; } = null!; + + [Output("isOotbPolicy")] + public Output IsOotbPolicy { get; private set; } = null!; + + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + /// + /// Container privileges configuration. + /// + [Output("limitContainerPrivileges")] + public Output> LimitContainerPrivileges { get; private set; } = null!; + + [Output("linuxCapabilities")] + public Output LinuxCapabilities { get; private set; } = null!; /// /// Configuration for Real-Time Malware Protection. /// [Output("malwareScanOptions")] - public Output MalwareScanOptions { get; private set; } = null!; + public Output MalwareScanOptions { get; private set; } = null!; /// /// If true, system log will be monitored. @@ -300,11 +242,17 @@ public partial class HostRuntimePolicy : global::Pulumi.CustomResource public Output MonitorWindowsServices { get; private set; } = null!; /// - /// Name of the host runtime policy + /// Name assigned to the attribute. /// [Output("name")] public Output Name { get; private set; } = null!; + [Output("noNewPrivileges")] + public Output NoNewPrivileges { get; private set; } = null!; + + [Output("onlyRegisteredImages")] + public Output OnlyRegisteredImages { get; private set; } = null!; + /// /// List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. /// @@ -329,17 +277,50 @@ public partial class HostRuntimePolicy : global::Pulumi.CustomResource [Output("osUsersBlockeds")] public Output> OsUsersBlockeds { get; private set; } = null!; - /// - /// List of packages that are not allowed read, write or execute all files that under the packages. - /// [Output("packageBlocks")] - public Output> PackageBlocks { get; private set; } = null!; + public Output> PackageBlocks { get; private set; } = null!; + + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("portBlock")] + public Output PortBlock { get; private set; } = null!; + + [Output("readonlyFiles")] + public Output ReadonlyFiles { get; private set; } = null!; + + [Output("readonlyRegistry")] + public Output ReadonlyRegistry { get; private set; } = null!; + + [Output("registry")] + public Output Registry { get; private set; } = null!; + + [Output("registryAccessMonitoring")] + public Output RegistryAccessMonitoring { get; private set; } = null!; + + [Output("repoName")] + public Output RepoName { get; private set; } = null!; + + [Output("resourceName")] + public Output ResourceName { get; private set; } = null!; + + [Output("resourceType")] + public Output ResourceType { get; private set; } = null!; /// - /// If true, port scanning behaviors will be audited. + /// Restricted volumes configuration. /// - [Output("portScanningDetection")] - public Output PortScanningDetection { get; private set; } = null!; + [Output("restrictedVolumes")] + public Output> RestrictedVolumes { get; private set; } = null!; + + [Output("reverseShell")] + public Output ReverseShell { get; private set; } = null!; + + [Output("runtimeMode")] + public Output RuntimeMode { get; private set; } = null!; + + [Output("runtimeType")] + public Output RuntimeType { get; private set; } = null!; /// /// Logical expression of how to compute the dependency of the scope variables. @@ -354,16 +335,31 @@ public partial class HostRuntimePolicy : global::Pulumi.CustomResource public Output> ScopeVariables { get; private set; } = null!; /// - /// Configuration for windows registry monitoring. + /// Scope configuration. /// - [Output("windowsRegistryMonitoring")] - public Output WindowsRegistryMonitoring { get; private set; } = null!; + [Output("scopes")] + public Output> Scopes { get; private set; } = null!; - /// - /// Configuration for windows registry protection. - /// - [Output("windowsRegistryProtection")] - public Output WindowsRegistryProtection { get; private set; } = null!; + [Output("systemIntegrityProtection")] + public Output SystemIntegrityProtection { get; private set; } = null!; + + [Output("tripwire")] + public Output Tripwire { get; private set; } = null!; + + [Output("type")] + public Output Type { get; private set; } = null!; + + [Output("updated")] + public Output Updated { get; private set; } = null!; + + [Output("version")] + public Output Version { get; private set; } = null!; + + [Output("vpatchVersion")] + public Output VpatchVersion { get; private set; } = null!; + + [Output("whitelistedOsUsers")] + public Output WhitelistedOsUsers { get; private set; } = null!; /// @@ -412,6 +408,30 @@ public static HostRuntimePolicy Get(string name, Input id, HostRuntimePo public sealed class HostRuntimePolicyArgs : global::Pulumi.ResourceArgs { + [Input("allowedExecutables")] + private InputList? _allowedExecutables; + + /// + /// Allowed executables configuration. + /// + public InputList AllowedExecutables + { + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + set => _allowedExecutables = value; + } + + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + [Input("applicationScopes")] private InputList? _applicationScopes; @@ -424,12 +444,6 @@ public InputList ApplicationScopes set => _applicationScopes = value; } - /// - /// If true, all process activity will be audited. - /// - [Input("auditAllOsUserActivity")] - public Input? AuditAllOsUserActivity { get; set; } - /// /// Detects brute force login attempts /// @@ -460,12 +474,39 @@ public InputList ApplicationScopes [Input("auditUserAccountManagement")] public Input? AuditUserAccountManagement { get; set; } + [Input("auditing")] + public Input? Auditing { get; set; } + + /// + /// Username of the account that created the service. + /// + [Input("author")] + public Input? Author { get; set; } + + [Input("blacklistedOsUsers")] + public Input? BlacklistedOsUsers { get; set; } + + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + /// /// Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining /// [Input("blockCryptocurrencyMining")] public Input? BlockCryptocurrencyMining { get; set; } + [Input("blockDisallowedImages")] + public Input? BlockDisallowedImages { get; set; } + + [Input("blockFilelessExec")] + public Input? BlockFilelessExec { get; set; } + + [Input("blockNonCompliantWorkloads")] + public Input? BlockNonCompliantWorkloads { get; set; } + + [Input("blockNonK8sContainers")] + public Input? BlockNonK8sContainers { get; set; } + [Input("blockedFiles")] private InputList? _blockedFiles; @@ -478,20 +519,65 @@ public InputList BlockedFiles set => _blockedFiles = value; } + [Input("bypassScopes")] + private InputList? _bypassScopes; + + /// + /// Bypass scope configuration. + /// + public InputList BypassScopes + { + get => _bypassScopes ?? (_bypassScopes = new InputList()); + set => _bypassScopes = value; + } + + [Input("containerExec")] + public Input? ContainerExec { get; set; } + + [Input("created")] + public Input? Created { get; set; } + + [Input("cve")] + public Input? Cve { get; set; } + + [Input("defaultSecurityProfile")] + public Input? DefaultSecurityProfile { get; set; } + /// /// The description of the host runtime policy /// [Input("description")] public Input? Description { get; set; } + [Input("digest")] + public Input? Digest { get; set; } + + [Input("driftPreventions")] + private InputList? _driftPreventions; + /// - /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + /// Drift prevention configuration. /// - [Input("enableIpReputationSecurity")] - public Input? EnableIpReputationSecurity { get; set; } + public InputList DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; + } + + [Input("enableCryptoMiningDns")] + public Input? EnableCryptoMiningDns { get; set; } + + [Input("enableForkGuard")] + public Input? EnableForkGuard { get; set; } + + [Input("enableIpReputation")] + public Input? EnableIpReputation { get; set; } + + [Input("enablePortScanProtection")] + public Input? EnablePortScanProtection { get; set; } /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -508,12 +594,78 @@ public InputList BlockedFiles [Input("enforceAfterDays")] public Input? EnforceAfterDays { get; set; } + [Input("enforceSchedulerAddedOn")] + public Input? EnforceSchedulerAddedOn { get; set; } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + + /// + /// List of excluded application scopes. + /// + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + [Input("executableBlacklists")] + private InputList? _executableBlacklists; + + /// + /// Executable blacklist configuration. + /// + public InputList ExecutableBlacklists + { + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; + } + + [Input("failedKubernetesChecks")] + public Input? FailedKubernetesChecks { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + /// /// Configuration for file integrity monitoring. /// [Input("fileIntegrityMonitoring")] public Input? FileIntegrityMonitoring { get; set; } + [Input("forkGuardProcessLimit")] + public Input? ForkGuardProcessLimit { get; set; } + + [Input("imageName")] + public Input? ImageName { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("isAutoGenerated")] + public Input? IsAutoGenerated { get; set; } + + [Input("isOotbPolicy")] + public Input? IsOotbPolicy { get; set; } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + + [Input("linuxCapabilities")] + public Input? LinuxCapabilities { get; set; } + /// /// Configuration for Real-Time Malware Protection. /// @@ -539,11 +691,17 @@ public InputList BlockedFiles public Input? MonitorWindowsServices { get; set; } /// - /// Name of the host runtime policy + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } + [Input("noNewPrivileges")] + public Input? NoNewPrivileges { get; set; } + + [Input("onlyRegisteredImages")] + public Input? OnlyRegisteredImages { get; set; } + [Input("osGroupsAlloweds")] private InputList? _osGroupsAlloweds; @@ -593,22 +751,60 @@ public InputList OsUsersBlockeds } [Input("packageBlocks")] - private InputList? _packageBlocks; - - /// - /// List of packages that are not allowed read, write or execute all files that under the packages. - /// - public InputList PackageBlocks + private InputList? _packageBlocks; + public InputList PackageBlocks { - get => _packageBlocks ?? (_packageBlocks = new InputList()); + get => _packageBlocks ?? (_packageBlocks = new InputList()); set => _packageBlocks = value; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("readonlyRegistry")] + public Input? ReadonlyRegistry { get; set; } + + [Input("registry")] + public Input? Registry { get; set; } + + [Input("registryAccessMonitoring")] + public Input? RegistryAccessMonitoring { get; set; } + + [Input("repoName")] + public Input? RepoName { get; set; } + + [Input("resourceName")] + public Input? ResourceName { get; set; } + + [Input("resourceType")] + public Input? ResourceType { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; + /// - /// If true, port scanning behaviors will be audited. + /// Restricted volumes configuration. /// - [Input("portScanningDetection")] - public Input? PortScanningDetection { get; set; } + public InputList RestrictedVolumes + { + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; + } + + [Input("reverseShell")] + public Input? ReverseShell { get; set; } + + [Input("runtimeMode")] + public Input? RuntimeMode { get; set; } + + [Input("runtimeType")] + public Input? RuntimeType { get; set; } /// /// Logical expression of how to compute the dependency of the scope variables. @@ -628,17 +824,38 @@ public InputList ScopeVariables set => _scopeVariables = value; } - /// - /// Configuration for windows registry monitoring. - /// - [Input("windowsRegistryMonitoring")] - public Input? WindowsRegistryMonitoring { get; set; } + [Input("scopes")] + private InputList? _scopes; /// - /// Configuration for windows registry protection. + /// Scope configuration. /// - [Input("windowsRegistryProtection")] - public Input? WindowsRegistryProtection { get; set; } + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("systemIntegrityProtection")] + public Input? SystemIntegrityProtection { get; set; } + + [Input("tripwire")] + public Input? Tripwire { get; set; } + + [Input("type")] + public Input? Type { get; set; } + + [Input("updated")] + public Input? Updated { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("vpatchVersion")] + public Input? VpatchVersion { get; set; } + + [Input("whitelistedOsUsers")] + public Input? WhitelistedOsUsers { get; set; } public HostRuntimePolicyArgs() { @@ -648,6 +865,30 @@ public HostRuntimePolicyArgs() public sealed class HostRuntimePolicyState : global::Pulumi.ResourceArgs { + [Input("allowedExecutables")] + private InputList? _allowedExecutables; + + /// + /// Allowed executables configuration. + /// + public InputList AllowedExecutables + { + get => _allowedExecutables ?? (_allowedExecutables = new InputList()); + set => _allowedExecutables = value; + } + + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + [Input("applicationScopes")] private InputList? _applicationScopes; @@ -660,12 +901,6 @@ public InputList ApplicationScopes set => _applicationScopes = value; } - /// - /// If true, all process activity will be audited. - /// - [Input("auditAllOsUserActivity")] - public Input? AuditAllOsUserActivity { get; set; } - /// /// Detects brute force login attempts /// @@ -696,18 +931,39 @@ public InputList ApplicationScopes [Input("auditUserAccountManagement")] public Input? AuditUserAccountManagement { get; set; } + [Input("auditing")] + public Input? Auditing { get; set; } + /// /// Username of the account that created the service. /// [Input("author")] public Input? Author { get; set; } + [Input("blacklistedOsUsers")] + public Input? BlacklistedOsUsers { get; set; } + + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + /// /// Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining /// [Input("blockCryptocurrencyMining")] public Input? BlockCryptocurrencyMining { get; set; } + [Input("blockDisallowedImages")] + public Input? BlockDisallowedImages { get; set; } + + [Input("blockFilelessExec")] + public Input? BlockFilelessExec { get; set; } + + [Input("blockNonCompliantWorkloads")] + public Input? BlockNonCompliantWorkloads { get; set; } + + [Input("blockNonK8sContainers")] + public Input? BlockNonK8sContainers { get; set; } + [Input("blockedFiles")] private InputList? _blockedFiles; @@ -720,20 +976,65 @@ public InputList BlockedFiles set => _blockedFiles = value; } + [Input("bypassScopes")] + private InputList? _bypassScopes; + + /// + /// Bypass scope configuration. + /// + public InputList BypassScopes + { + get => _bypassScopes ?? (_bypassScopes = new InputList()); + set => _bypassScopes = value; + } + + [Input("containerExec")] + public Input? ContainerExec { get; set; } + + [Input("created")] + public Input? Created { get; set; } + + [Input("cve")] + public Input? Cve { get; set; } + + [Input("defaultSecurityProfile")] + public Input? DefaultSecurityProfile { get; set; } + /// /// The description of the host runtime policy /// [Input("description")] public Input? Description { get; set; } + [Input("digest")] + public Input? Digest { get; set; } + + [Input("driftPreventions")] + private InputList? _driftPreventions; + /// - /// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + /// Drift prevention configuration. /// - [Input("enableIpReputationSecurity")] - public Input? EnableIpReputationSecurity { get; set; } + public InputList DriftPreventions + { + get => _driftPreventions ?? (_driftPreventions = new InputList()); + set => _driftPreventions = value; + } + + [Input("enableCryptoMiningDns")] + public Input? EnableCryptoMiningDns { get; set; } + + [Input("enableForkGuard")] + public Input? EnableForkGuard { get; set; } + + [Input("enableIpReputation")] + public Input? EnableIpReputation { get; set; } + + [Input("enablePortScanProtection")] + public Input? EnablePortScanProtection { get; set; } /// - /// Indicates if the runtime policy is enabled or not. + /// Whether allowed executables configuration is enabled. /// [Input("enabled")] public Input? Enabled { get; set; } @@ -750,12 +1051,78 @@ public InputList BlockedFiles [Input("enforceAfterDays")] public Input? EnforceAfterDays { get; set; } + [Input("enforceSchedulerAddedOn")] + public Input? EnforceSchedulerAddedOn { get; set; } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + + /// + /// List of excluded application scopes. + /// + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + [Input("executableBlacklists")] + private InputList? _executableBlacklists; + + /// + /// Executable blacklist configuration. + /// + public InputList ExecutableBlacklists + { + get => _executableBlacklists ?? (_executableBlacklists = new InputList()); + set => _executableBlacklists = value; + } + + [Input("failedKubernetesChecks")] + public Input? FailedKubernetesChecks { get; set; } + + [Input("fileBlock")] + public Input? FileBlock { get; set; } + /// /// Configuration for file integrity monitoring. /// [Input("fileIntegrityMonitoring")] public Input? FileIntegrityMonitoring { get; set; } + [Input("forkGuardProcessLimit")] + public Input? ForkGuardProcessLimit { get; set; } + + [Input("imageName")] + public Input? ImageName { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("isAutoGenerated")] + public Input? IsAutoGenerated { get; set; } + + [Input("isOotbPolicy")] + public Input? IsOotbPolicy { get; set; } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("limitContainerPrivileges")] + private InputList? _limitContainerPrivileges; + + /// + /// Container privileges configuration. + /// + public InputList LimitContainerPrivileges + { + get => _limitContainerPrivileges ?? (_limitContainerPrivileges = new InputList()); + set => _limitContainerPrivileges = value; + } + + [Input("linuxCapabilities")] + public Input? LinuxCapabilities { get; set; } + /// /// Configuration for Real-Time Malware Protection. /// @@ -781,11 +1148,17 @@ public InputList BlockedFiles public Input? MonitorWindowsServices { get; set; } /// - /// Name of the host runtime policy + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } + [Input("noNewPrivileges")] + public Input? NoNewPrivileges { get; set; } + + [Input("onlyRegisteredImages")] + public Input? OnlyRegisteredImages { get; set; } + [Input("osGroupsAlloweds")] private InputList? _osGroupsAlloweds; @@ -835,22 +1208,60 @@ public InputList OsUsersBlockeds } [Input("packageBlocks")] - private InputList? _packageBlocks; - - /// - /// List of packages that are not allowed read, write or execute all files that under the packages. - /// - public InputList PackageBlocks + private InputList? _packageBlocks; + public InputList PackageBlocks { - get => _packageBlocks ?? (_packageBlocks = new InputList()); + get => _packageBlocks ?? (_packageBlocks = new InputList()); set => _packageBlocks = value; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("portBlock")] + public Input? PortBlock { get; set; } + + [Input("readonlyFiles")] + public Input? ReadonlyFiles { get; set; } + + [Input("readonlyRegistry")] + public Input? ReadonlyRegistry { get; set; } + + [Input("registry")] + public Input? Registry { get; set; } + + [Input("registryAccessMonitoring")] + public Input? RegistryAccessMonitoring { get; set; } + + [Input("repoName")] + public Input? RepoName { get; set; } + + [Input("resourceName")] + public Input? ResourceName { get; set; } + + [Input("resourceType")] + public Input? ResourceType { get; set; } + + [Input("restrictedVolumes")] + private InputList? _restrictedVolumes; + /// - /// If true, port scanning behaviors will be audited. + /// Restricted volumes configuration. /// - [Input("portScanningDetection")] - public Input? PortScanningDetection { get; set; } + public InputList RestrictedVolumes + { + get => _restrictedVolumes ?? (_restrictedVolumes = new InputList()); + set => _restrictedVolumes = value; + } + + [Input("reverseShell")] + public Input? ReverseShell { get; set; } + + [Input("runtimeMode")] + public Input? RuntimeMode { get; set; } + + [Input("runtimeType")] + public Input? RuntimeType { get; set; } /// /// Logical expression of how to compute the dependency of the scope variables. @@ -870,17 +1281,38 @@ public InputList ScopeVariables set => _scopeVariables = value; } - /// - /// Configuration for windows registry monitoring. - /// - [Input("windowsRegistryMonitoring")] - public Input? WindowsRegistryMonitoring { get; set; } + [Input("scopes")] + private InputList? _scopes; /// - /// Configuration for windows registry protection. + /// Scope configuration. /// - [Input("windowsRegistryProtection")] - public Input? WindowsRegistryProtection { get; set; } + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("systemIntegrityProtection")] + public Input? SystemIntegrityProtection { get; set; } + + [Input("tripwire")] + public Input? Tripwire { get; set; } + + [Input("type")] + public Input? Type { get; set; } + + [Input("updated")] + public Input? Updated { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("vpatchVersion")] + public Input? VpatchVersion { get; set; } + + [Input("whitelistedOsUsers")] + public Input? WhitelistedOsUsers { get; set; } public HostRuntimePolicyState() { diff --git a/sdk/dotnet/ImageAssurancePolicy.cs b/sdk/dotnet/ImageAssurancePolicy.cs index 16ea9a5c..254a136a 100644 --- a/sdk/dotnet/ImageAssurancePolicy.cs +++ b/sdk/dotnet/ImageAssurancePolicy.cs @@ -10,9 +10,18 @@ namespace Pulumiverse.Aquasec { + /// + /// Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. + /// [AquasecResourceType("aquasec:index/imageAssurancePolicy:ImageAssurancePolicy")] public partial class ImageAssurancePolicy : global::Pulumi.CustomResource { + /// + /// Aggregated vulnerability information. + /// + [Output("aggregatedVulnerability")] + public Output?> AggregatedVulnerability { get; private set; } = null!; + /// /// List of explicitly allowed images. /// @@ -22,6 +31,12 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("applicationScopes")] public Output> ApplicationScopes { get; private set; } = null!; + /// + /// What type of assurance policy is described. + /// + [Output("assuranceType")] + public Output AssuranceType { get; private set; } = null!; + /// /// Indicates if auditing for failures. /// @@ -62,7 +77,7 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource public Output> BlacklistedLicenses { get; private set; } = null!; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Output("blacklistedLicensesEnabled")] public Output BlacklistedLicensesEnabled { get; private set; } = null!; @@ -88,11 +103,14 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("customChecksEnabled")] public Output CustomChecksEnabled { get; private set; } = null!; + [Output("customSeverity")] + public Output CustomSeverity { get; private set; } = null!; + [Output("customSeverityEnabled")] public Output CustomSeverityEnabled { get; private set; } = null!; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Output("cvesBlackListEnabled")] public Output CvesBlackListEnabled { get; private set; } = null!; @@ -136,12 +154,18 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; + [Output("disallowExploitTypes")] + public Output> DisallowExploitTypes { get; private set; } = null!; + /// /// Indicates if malware should block the image. /// [Output("disallowMalware")] public Output DisallowMalware { get; private set; } = null!; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Output("dockerCisEnabled")] public Output DockerCisEnabled { get; private set; } = null!; @@ -175,6 +199,9 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("exceptionalMonitoredMalwarePaths")] public Output> ExceptionalMonitoredMalwarePaths { get; private set; } = null!; + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + /// /// Indicates if cicd failures will fail the image. /// @@ -193,6 +220,9 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("functionIntegrityEnabled")] public Output FunctionIntegrityEnabled { get; private set; } = null!; + [Output("ignoreBaseImageVln")] + public Output IgnoreBaseImageVln { get; private set; } = null!; + [Output("ignoreRecentlyPublishedVln")] public Output IgnoreRecentlyPublishedVln { get; private set; } = null!; @@ -211,21 +241,45 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("ignoredRiskResources")] public Output> IgnoredRiskResources { get; private set; } = null!; + [Output("ignoredSensitiveResources")] + public Output> IgnoredSensitiveResources { get; private set; } = null!; + /// /// List of images. /// [Output("images")] public Output> Images { get; private set; } = null!; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Output("kubeCisEnabled")] public Output KubeCisEnabled { get; private set; } = null!; + /// + /// List of Kubernetes controls. + /// + [Output("kubernetesControls")] + public Output KubernetesControls { get; private set; } = null!; + + [Output("kubernetesControlsAvdIds")] + public Output> KubernetesControlsAvdIds { get; private set; } = null!; + + [Output("kubernetesControlsNames")] + public Output> KubernetesControlsNames { get; private set; } = null!; + /// /// List of labels. /// [Output("labels")] public Output> Labels { get; private set; } = null!; + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + [Output("linuxCisEnabled")] + public Output LinuxCisEnabled { get; private set; } = null!; + [Output("malwareAction")] public Output MalwareAction { get; private set; } = null!; @@ -241,9 +295,6 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("maximumScoreEnabled")] public Output MaximumScoreEnabled { get; private set; } = null!; - /// - /// Indicates that policy should ignore cases that do not have a known fix. - /// [Output("maximumScoreExcludeNoFix")] public Output MaximumScoreExcludeNoFix { get; private set; } = null!; @@ -259,6 +310,9 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("onlyNoneRootUsers")] public Output OnlyNoneRootUsers { get; private set; } = null!; + [Output("openshiftHardeningEnabled")] + public Output OpenshiftHardeningEnabled { get; private set; } = null!; + /// /// Indicates if packages blacklist is relevant. /// @@ -266,7 +320,7 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource public Output PackagesBlackListEnabled { get; private set; } = null!; /// - /// List of backlisted images. + /// List of blacklisted images. /// [Output("packagesBlackLists")] public Output> PackagesBlackLists { get; private set; } = null!; @@ -286,6 +340,12 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("partialResultsImageFail")] public Output PartialResultsImageFail { get; private set; } = null!; + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("policySettings")] + public Output PolicySettings { get; private set; } = null!; + [Output("readOnly")] public Output ReadOnly { get; private set; } = null!; @@ -304,15 +364,24 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("requiredLabelsEnabled")] public Output RequiredLabelsEnabled { get; private set; } = null!; + [Output("scanMalwareInArchives")] + public Output ScanMalwareInArchives { get; private set; } = null!; + [Output("scanNfsMounts")] public Output ScanNfsMounts { get; private set; } = null!; + [Output("scanProcessMemory")] + public Output ScanProcessMemory { get; private set; } = null!; + /// /// Indicates if scan should include sensitive data in the image. /// [Output("scanSensitiveData")] public Output ScanSensitiveData { get; private set; } = null!; + [Output("scanWindowsRegistry")] + public Output ScanWindowsRegistry { get; private set; } = null!; + /// /// Indicates if scanning should include scap. /// @@ -340,6 +409,12 @@ public partial class ImageAssurancePolicy : global::Pulumi.CustomResource [Output("trustedBaseImagesEnabled")] public Output TrustedBaseImagesEnabled { get; private set; } = null!; + [Output("vulnerabilityExploitability")] + public Output VulnerabilityExploitability { get; private set; } = null!; + + [Output("vulnerabilityScoreRanges")] + public Output> VulnerabilityScoreRanges { get; private set; } = null!; + /// /// List of whitelisted licenses. /// @@ -399,6 +474,18 @@ public static ImageAssurancePolicy Get(string name, Input id, ImageAssur public sealed class ImageAssurancePolicyArgs : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -419,12 +506,24 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// [Input("auditOnFailure")] public Input? AuditOnFailure { get; set; } + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + [Input("autoScanConfigured")] public Input? AutoScanConfigured { get; set; } @@ -470,7 +569,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -502,11 +601,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -562,12 +664,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -606,6 +719,14 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + /// /// Indicates if cicd failures will fail the image. /// @@ -629,9 +750,15 @@ public InputList ForbiddenLabels [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } + [Input("ignoreRecentlyPublishedVlnPeriod")] + public Input? IgnoreRecentlyPublishedVlnPeriod { get; set; } + /// /// Indicates if risk resources are ignored. /// @@ -650,6 +777,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -662,9 +797,34 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + /// + /// List of Kubernetes controls. + /// + [Input("kubernetesControls")] + public Input? KubernetesControls { get; set; } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + [Input("labels")] private InputList? _labels; @@ -677,6 +837,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -692,9 +858,6 @@ public InputList Labels [Input("maximumScoreEnabled")] public Input? MaximumScoreEnabled { get; set; } - /// - /// Indicates that policy should ignore cases that do not have a known fix. - /// [Input("maximumScoreExcludeNoFix")] public Input? MaximumScoreExcludeNoFix { get; set; } @@ -715,6 +878,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -725,7 +891,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -754,6 +920,12 @@ public InputList PackagesWhite [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -783,15 +955,24 @@ public InputList RequiredLabels [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -836,6 +1017,17 @@ public InputList TrustedBaseIma [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; @@ -862,6 +1054,18 @@ public ImageAssurancePolicyArgs() public sealed class ImageAssurancePolicyState : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -882,6 +1086,12 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// @@ -939,7 +1149,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -971,11 +1181,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -1031,12 +1244,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -1075,6 +1299,14 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + /// /// Indicates if cicd failures will fail the image. /// @@ -1098,6 +1330,9 @@ public InputList ForbiddenLabe [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } @@ -1122,6 +1357,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -1134,9 +1377,34 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + /// + /// List of Kubernetes controls. + /// + [Input("kubernetesControls")] + public Input? KubernetesControls { get; set; } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + [Input("labels")] private InputList? _labels; @@ -1149,6 +1417,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -1164,9 +1438,6 @@ public InputList Labels [Input("maximumScoreEnabled")] public Input? MaximumScoreEnabled { get; set; } - /// - /// Indicates that policy should ignore cases that do not have a known fix. - /// [Input("maximumScoreExcludeNoFix")] public Input? MaximumScoreExcludeNoFix { get; set; } @@ -1187,6 +1458,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -1197,7 +1471,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -1226,6 +1500,12 @@ public InputList PackagesWh [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -1255,15 +1535,24 @@ public InputList RequiredLabels [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -1308,6 +1597,17 @@ public InputList TrustedBase [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; diff --git a/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactArgs.cs b/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactArgs.cs index 11bc1803..c385ad01 100644 --- a/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactArgs.cs +++ b/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactArgs.cs @@ -23,6 +23,10 @@ public InputList Cfs [Input("functions")] private InputList? _functions; + + /// + /// Function name + /// public InputList Functions { get => _functions ?? (_functions = new InputList()); @@ -31,6 +35,10 @@ public InputList Functions [Input("images")] private InputList? _images; + + /// + /// Name of a registry as defined in Aqua + /// public InputList Images { get => _images ?? (_images = new InputList()); diff --git a/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactGetArgs.cs b/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactGetArgs.cs index d2a664e3..6a0258a7 100644 --- a/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactGetArgs.cs +++ b/sdk/dotnet/Inputs/ApplicationScopeCategoryArtifactGetArgs.cs @@ -23,6 +23,10 @@ public InputList Cfs [Input("functions")] private InputList? _functions; + + /// + /// Function name + /// public InputList Functions { get => _functions ?? (_functions = new InputList()); @@ -31,6 +35,10 @@ public InputList Functio [Input("images")] private InputList? _images; + + /// + /// Name of a registry as defined in Aqua + /// public InputList Images { get => _images ?? (_images = new InputList()); diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedExecutableArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedExecutableArgs.cs new file mode 100644 index 00000000..56120bbe --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedExecutableArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyAllowedExecutableArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public ContainerRuntimePolicyAllowedExecutableArgs() + { + } + public static new ContainerRuntimePolicyAllowedExecutableArgs Empty => new ContainerRuntimePolicyAllowedExecutableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedExecutableGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedExecutableGetArgs.cs new file mode 100644 index 00000000..da7997ee --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedExecutableGetArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyAllowedExecutableGetArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public ContainerRuntimePolicyAllowedExecutableGetArgs() + { + } + public static new ContainerRuntimePolicyAllowedExecutableGetArgs Empty => new ContainerRuntimePolicyAllowedExecutableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedRegistryArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedRegistryArgs.cs new file mode 100644 index 00000000..a6f05fc4 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedRegistryArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyAllowedRegistryArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public ContainerRuntimePolicyAllowedRegistryArgs() + { + } + public static new ContainerRuntimePolicyAllowedRegistryArgs Empty => new ContainerRuntimePolicyAllowedRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedRegistryGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedRegistryGetArgs.cs new file mode 100644 index 00000000..1ec20ea4 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyAllowedRegistryGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyAllowedRegistryGetArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public ContainerRuntimePolicyAllowedRegistryGetArgs() + { + } + public static new ContainerRuntimePolicyAllowedRegistryGetArgs Empty => new ContainerRuntimePolicyAllowedRegistryGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyAuditingArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyAuditingArgs.cs new file mode 100644 index 00000000..333cebac --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyAuditingArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyAuditingArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public ContainerRuntimePolicyAuditingArgs() + { + } + public static new ContainerRuntimePolicyAuditingArgs Empty => new ContainerRuntimePolicyAuditingArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyAuditingGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyAuditingGetArgs.cs new file mode 100644 index 00000000..5b1d9e77 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyAuditingGetArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyAuditingGetArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public ContainerRuntimePolicyAuditingGetArgs() + { + } + public static new ContainerRuntimePolicyAuditingGetArgs Empty => new ContainerRuntimePolicyAuditingGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBlacklistedOsUsersArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBlacklistedOsUsersArgs.cs new file mode 100644 index 00000000..b91559af --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBlacklistedOsUsersArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBlacklistedOsUsersArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupBlackLists")] + private InputList? _groupBlackLists; + public InputList GroupBlackLists + { + get => _groupBlackLists ?? (_groupBlackLists = new InputList()); + set => _groupBlackLists = value; + } + + [Input("userBlackLists")] + private InputList? _userBlackLists; + public InputList UserBlackLists + { + get => _userBlackLists ?? (_userBlackLists = new InputList()); + set => _userBlackLists = value; + } + + public ContainerRuntimePolicyBlacklistedOsUsersArgs() + { + } + public static new ContainerRuntimePolicyBlacklistedOsUsersArgs Empty => new ContainerRuntimePolicyBlacklistedOsUsersArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBlacklistedOsUsersGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBlacklistedOsUsersGetArgs.cs new file mode 100644 index 00000000..3abcd52c --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBlacklistedOsUsersGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBlacklistedOsUsersGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupBlackLists")] + private InputList? _groupBlackLists; + public InputList GroupBlackLists + { + get => _groupBlackLists ?? (_groupBlackLists = new InputList()); + set => _groupBlackLists = value; + } + + [Input("userBlackLists")] + private InputList? _userBlackLists; + public InputList UserBlackLists + { + get => _userBlackLists ?? (_userBlackLists = new InputList()); + set => _userBlackLists = value; + } + + public ContainerRuntimePolicyBlacklistedOsUsersGetArgs() + { + } + public static new ContainerRuntimePolicyBlacklistedOsUsersGetArgs Empty => new ContainerRuntimePolicyBlacklistedOsUsersGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeArgs.cs new file mode 100644 index 00000000..51357c9f --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBypassScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether bypassing the scope is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + public ContainerRuntimePolicyBypassScopeArgs() + { + } + public static new ContainerRuntimePolicyBypassScopeArgs Empty => new ContainerRuntimePolicyBypassScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeGetArgs.cs new file mode 100644 index 00000000..04c9ffd1 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBypassScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether bypassing the scope is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + public ContainerRuntimePolicyBypassScopeGetArgs() + { + } + public static new ContainerRuntimePolicyBypassScopeGetArgs Empty => new ContainerRuntimePolicyBypassScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeArgs.cs new file mode 100644 index 00000000..d17ee849 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBypassScopeScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public ContainerRuntimePolicyBypassScopeScopeArgs() + { + } + public static new ContainerRuntimePolicyBypassScopeScopeArgs Empty => new ContainerRuntimePolicyBypassScopeScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeGetArgs.cs new file mode 100644 index 00000000..c2fbec98 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBypassScopeScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public ContainerRuntimePolicyBypassScopeScopeGetArgs() + { + } + public static new ContainerRuntimePolicyBypassScopeScopeGetArgs Empty => new ContainerRuntimePolicyBypassScopeScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeVariableArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeVariableArgs.cs new file mode 100644 index 00000000..bad61f64 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeVariableArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBypassScopeScopeVariableArgs : global::Pulumi.ResourceArgs + { + /// + /// Variable attribute. + /// + [Input("attribute")] + public Input? Attribute { get; set; } + + /// + /// Variable value. + /// + [Input("value")] + public Input? Value { get; set; } + + public ContainerRuntimePolicyBypassScopeScopeVariableArgs() + { + } + public static new ContainerRuntimePolicyBypassScopeScopeVariableArgs Empty => new ContainerRuntimePolicyBypassScopeScopeVariableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeVariableGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeVariableGetArgs.cs new file mode 100644 index 00000000..7328cb14 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyBypassScopeScopeVariableGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyBypassScopeScopeVariableGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Variable attribute. + /// + [Input("attribute")] + public Input? Attribute { get; set; } + + /// + /// Variable value. + /// + [Input("value")] + public Input? Value { get; set; } + + public ContainerRuntimePolicyBypassScopeScopeVariableGetArgs() + { + } + public static new ContainerRuntimePolicyBypassScopeScopeVariableGetArgs Empty => new ContainerRuntimePolicyBypassScopeScopeVariableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyContainerExecArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyContainerExecArgs.cs new file mode 100644 index 00000000..058a6589 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyContainerExecArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyContainerExecArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public ContainerRuntimePolicyContainerExecArgs() + { + } + public static new ContainerRuntimePolicyContainerExecArgs Empty => new ContainerRuntimePolicyContainerExecArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyContainerExecGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyContainerExecGetArgs.cs new file mode 100644 index 00000000..82675c32 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyContainerExecGetArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyContainerExecGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public ContainerRuntimePolicyContainerExecGetArgs() + { + } + public static new ContainerRuntimePolicyContainerExecGetArgs Empty => new ContainerRuntimePolicyContainerExecGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyDriftPreventionArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyDriftPreventionArgs.cs new file mode 100644 index 00000000..148df3ec --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyDriftPreventionArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyDriftPreventionArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public ContainerRuntimePolicyDriftPreventionArgs() + { + } + public static new ContainerRuntimePolicyDriftPreventionArgs Empty => new ContainerRuntimePolicyDriftPreventionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyDriftPreventionGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyDriftPreventionGetArgs.cs new file mode 100644 index 00000000..2542a4f3 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyDriftPreventionGetArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyDriftPreventionGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public ContainerRuntimePolicyDriftPreventionGetArgs() + { + } + public static new ContainerRuntimePolicyDriftPreventionGetArgs Empty => new ContainerRuntimePolicyDriftPreventionGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyExecutableBlacklistArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyExecutableBlacklistArgs.cs new file mode 100644 index 00000000..4ca3726c --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyExecutableBlacklistArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyExecutableBlacklistArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public ContainerRuntimePolicyExecutableBlacklistArgs() + { + } + public static new ContainerRuntimePolicyExecutableBlacklistArgs Empty => new ContainerRuntimePolicyExecutableBlacklistArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyExecutableBlacklistGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyExecutableBlacklistGetArgs.cs new file mode 100644 index 00000000..8167fe72 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyExecutableBlacklistGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyExecutableBlacklistGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public ContainerRuntimePolicyExecutableBlacklistGetArgs() + { + } + public static new ContainerRuntimePolicyExecutableBlacklistGetArgs Empty => new ContainerRuntimePolicyExecutableBlacklistGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyFailedKubernetesChecksArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyFailedKubernetesChecksArgs.cs new file mode 100644 index 00000000..957fdb2a --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyFailedKubernetesChecksArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyFailedKubernetesChecksArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("failedChecks")] + private InputList? _failedChecks; + public InputList FailedChecks + { + get => _failedChecks ?? (_failedChecks = new InputList()); + set => _failedChecks = value; + } + + public ContainerRuntimePolicyFailedKubernetesChecksArgs() + { + } + public static new ContainerRuntimePolicyFailedKubernetesChecksArgs Empty => new ContainerRuntimePolicyFailedKubernetesChecksArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyFailedKubernetesChecksGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyFailedKubernetesChecksGetArgs.cs new file mode 100644 index 00000000..8ade51c6 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyFailedKubernetesChecksGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyFailedKubernetesChecksGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("failedChecks")] + private InputList? _failedChecks; + public InputList FailedChecks + { + get => _failedChecks ?? (_failedChecks = new InputList()); + set => _failedChecks = value; + } + + public ContainerRuntimePolicyFailedKubernetesChecksGetArgs() + { + } + public static new ContainerRuntimePolicyFailedKubernetesChecksGetArgs Empty => new ContainerRuntimePolicyFailedKubernetesChecksGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyFileBlockArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileBlockArgs.cs new file mode 100644 index 00000000..b516b630 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyFileBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public ContainerRuntimePolicyFileBlockArgs() + { + } + public static new ContainerRuntimePolicyFileBlockArgs Empty => new ContainerRuntimePolicyFileBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyFileBlockGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileBlockGetArgs.cs new file mode 100644 index 00000000..2ebf7b8d --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileBlockGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyFileBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public ContainerRuntimePolicyFileBlockGetArgs() + { + } + public static new ContainerRuntimePolicyFileBlockGetArgs Empty => new ContainerRuntimePolicyFileBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringArgs.cs index 2d349e36..23ac6daf 100644 --- a/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringArgs.cs +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringArgs.cs @@ -13,106 +13,112 @@ namespace Pulumiverse.Aquasec.Inputs public sealed class ContainerRuntimePolicyFileIntegrityMonitoringArgs : global::Pulumi.ResourceArgs { - [Input("excludedPaths")] - private InputList? _excludedPaths; + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; /// - /// List of paths to be excluded from being monitored. + /// List of paths to be excluded from monitoring. /// - public InputList ExcludedPaths + public InputList ExceptionalMonitoredFiles { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; } - [Input("excludedProcesses")] - private InputList? _excludedProcesses; + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; /// - /// List of processes to be excluded from being monitored. + /// List of processes to be excluded from monitoring. /// - public InputList ExcludedProcesses + public InputList ExceptionalMonitoredFilesProcesses { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; } - [Input("excludedUsers")] - private InputList? _excludedUsers; + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; /// - /// List of users to be excluded from being monitored. + /// List of users to be excluded from monitoring. /// - public InputList ExcludedUsers + public InputList ExceptionalMonitoredFilesUsers { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; } + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + /// - /// If true, add attributes operations will be monitored. + /// List of paths to be monitored. /// - [Input("monitorAttributes")] - public Input? MonitorAttributes { get; set; } + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } /// - /// If true, create operations will be monitored. + /// Whether to monitor file attribute operations. /// - [Input("monitorCreate")] - public Input? MonitorCreate { get; set; } + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } /// - /// If true, deletion operations will be monitored. + /// Whether to monitor file create operations. /// - [Input("monitorDelete")] - public Input? MonitorDelete { get; set; } + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } /// - /// If true, modification operations will be monitored. + /// Whether to monitor file delete operations. /// - [Input("monitorModify")] - public Input? MonitorModify { get; set; } + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } /// - /// If true, read operations will be monitored. + /// Whether to monitor file modify operations. /// - [Input("monitorRead")] - public Input? MonitorRead { get; set; } + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } - [Input("monitoredPaths")] - private InputList? _monitoredPaths; + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; /// - /// List of paths to be monitored. + /// List of processes associated with monitored files. /// - public InputList MonitoredPaths + public InputList MonitoredFilesProcesses { - get => _monitoredPaths ?? (_monitoredPaths = new InputList()); - set => _monitoredPaths = value; + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; } - [Input("monitoredProcesses")] - private InputList? _monitoredProcesses; - /// - /// List of processes to be monitored. + /// Whether to monitor file read operations. /// - public InputList MonitoredProcesses - { - get => _monitoredProcesses ?? (_monitoredProcesses = new InputList()); - set => _monitoredProcesses = value; - } + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } - [Input("monitoredUsers")] - private InputList? _monitoredUsers; + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; /// - /// List of users to be monitored. + /// List of users associated with monitored files. /// - public InputList MonitoredUsers + public InputList MonitoredFilesUsers { - get => _monitoredUsers ?? (_monitoredUsers = new InputList()); - set => _monitoredUsers = value; + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; } public ContainerRuntimePolicyFileIntegrityMonitoringArgs() diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringGetArgs.cs index 4874e058..0f06f9ea 100644 --- a/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringGetArgs.cs +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyFileIntegrityMonitoringGetArgs.cs @@ -13,106 +13,112 @@ namespace Pulumiverse.Aquasec.Inputs public sealed class ContainerRuntimePolicyFileIntegrityMonitoringGetArgs : global::Pulumi.ResourceArgs { - [Input("excludedPaths")] - private InputList? _excludedPaths; + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; /// - /// List of paths to be excluded from being monitored. + /// List of paths to be excluded from monitoring. /// - public InputList ExcludedPaths + public InputList ExceptionalMonitoredFiles { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; } - [Input("excludedProcesses")] - private InputList? _excludedProcesses; + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; /// - /// List of processes to be excluded from being monitored. + /// List of processes to be excluded from monitoring. /// - public InputList ExcludedProcesses + public InputList ExceptionalMonitoredFilesProcesses { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; } - [Input("excludedUsers")] - private InputList? _excludedUsers; + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; /// - /// List of users to be excluded from being monitored. + /// List of users to be excluded from monitoring. /// - public InputList ExcludedUsers + public InputList ExceptionalMonitoredFilesUsers { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; } + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + /// - /// If true, add attributes operations will be monitored. + /// List of paths to be monitored. /// - [Input("monitorAttributes")] - public Input? MonitorAttributes { get; set; } + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } /// - /// If true, create operations will be monitored. + /// Whether to monitor file attribute operations. /// - [Input("monitorCreate")] - public Input? MonitorCreate { get; set; } + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } /// - /// If true, deletion operations will be monitored. + /// Whether to monitor file create operations. /// - [Input("monitorDelete")] - public Input? MonitorDelete { get; set; } + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } /// - /// If true, modification operations will be monitored. + /// Whether to monitor file delete operations. /// - [Input("monitorModify")] - public Input? MonitorModify { get; set; } + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } /// - /// If true, read operations will be monitored. + /// Whether to monitor file modify operations. /// - [Input("monitorRead")] - public Input? MonitorRead { get; set; } + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } - [Input("monitoredPaths")] - private InputList? _monitoredPaths; + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; /// - /// List of paths to be monitored. + /// List of processes associated with monitored files. /// - public InputList MonitoredPaths + public InputList MonitoredFilesProcesses { - get => _monitoredPaths ?? (_monitoredPaths = new InputList()); - set => _monitoredPaths = value; + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; } - [Input("monitoredProcesses")] - private InputList? _monitoredProcesses; - /// - /// List of processes to be monitored. + /// Whether to monitor file read operations. /// - public InputList MonitoredProcesses - { - get => _monitoredProcesses ?? (_monitoredProcesses = new InputList()); - set => _monitoredProcesses = value; - } + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } - [Input("monitoredUsers")] - private InputList? _monitoredUsers; + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; /// - /// List of users to be monitored. + /// List of users associated with monitored files. /// - public InputList MonitoredUsers + public InputList MonitoredFilesUsers { - get => _monitoredUsers ?? (_monitoredUsers = new InputList()); - set => _monitoredUsers = value; + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; } public ContainerRuntimePolicyFileIntegrityMonitoringGetArgs() diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyLimitContainerPrivilegeArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyLimitContainerPrivilegeArgs.cs new file mode 100644 index 00000000..82b8821f --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyLimitContainerPrivilegeArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyLimitContainerPrivilegeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public ContainerRuntimePolicyLimitContainerPrivilegeArgs() + { + } + public static new ContainerRuntimePolicyLimitContainerPrivilegeArgs Empty => new ContainerRuntimePolicyLimitContainerPrivilegeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyLimitContainerPrivilegeGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyLimitContainerPrivilegeGetArgs.cs new file mode 100644 index 00000000..42d13d72 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyLimitContainerPrivilegeGetArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyLimitContainerPrivilegeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public ContainerRuntimePolicyLimitContainerPrivilegeGetArgs() + { + } + public static new ContainerRuntimePolicyLimitContainerPrivilegeGetArgs Empty => new ContainerRuntimePolicyLimitContainerPrivilegeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyLinuxCapabilitiesArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyLinuxCapabilitiesArgs.cs new file mode 100644 index 00000000..010ccc0a --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyLinuxCapabilitiesArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyLinuxCapabilitiesArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("removeLinuxCapabilities")] + private InputList? _removeLinuxCapabilities; + public InputList RemoveLinuxCapabilities + { + get => _removeLinuxCapabilities ?? (_removeLinuxCapabilities = new InputList()); + set => _removeLinuxCapabilities = value; + } + + public ContainerRuntimePolicyLinuxCapabilitiesArgs() + { + } + public static new ContainerRuntimePolicyLinuxCapabilitiesArgs Empty => new ContainerRuntimePolicyLinuxCapabilitiesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyLinuxCapabilitiesGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyLinuxCapabilitiesGetArgs.cs new file mode 100644 index 00000000..d9e58a79 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyLinuxCapabilitiesGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyLinuxCapabilitiesGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("removeLinuxCapabilities")] + private InputList? _removeLinuxCapabilities; + public InputList RemoveLinuxCapabilities + { + get => _removeLinuxCapabilities ?? (_removeLinuxCapabilities = new InputList()); + set => _removeLinuxCapabilities = value; + } + + public ContainerRuntimePolicyLinuxCapabilitiesGetArgs() + { + } + public static new ContainerRuntimePolicyLinuxCapabilitiesGetArgs Empty => new ContainerRuntimePolicyLinuxCapabilitiesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsArgs.cs index d15884f1..c2728c05 100644 --- a/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsArgs.cs +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsArgs.cs @@ -49,6 +49,18 @@ public InputList ExcludeProcesses set => _excludeProcesses = value; } + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + public ContainerRuntimePolicyMalwareScanOptionsArgs() { } diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsGetArgs.cs index b0f7635d..02338c9a 100644 --- a/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsGetArgs.cs +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyMalwareScanOptionsGetArgs.cs @@ -49,6 +49,18 @@ public InputList ExcludeProcesses set => _excludeProcesses = value; } + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + public ContainerRuntimePolicyMalwareScanOptionsGetArgs() { } diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyPackageBlockArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyPackageBlockArgs.cs new file mode 100644 index 00000000..1d41b994 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyPackageBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyPackageBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public ContainerRuntimePolicyPackageBlockArgs() + { + } + public static new ContainerRuntimePolicyPackageBlockArgs Empty => new ContainerRuntimePolicyPackageBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyPackageBlockGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyPackageBlockGetArgs.cs new file mode 100644 index 00000000..51332904 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyPackageBlockGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyPackageBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public ContainerRuntimePolicyPackageBlockGetArgs() + { + } + public static new ContainerRuntimePolicyPackageBlockGetArgs Empty => new ContainerRuntimePolicyPackageBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyPortBlockArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyPortBlockArgs.cs new file mode 100644 index 00000000..6e1bd686 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyPortBlockArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyPortBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public ContainerRuntimePolicyPortBlockArgs() + { + } + public static new ContainerRuntimePolicyPortBlockArgs Empty => new ContainerRuntimePolicyPortBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyPortBlockGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyPortBlockGetArgs.cs new file mode 100644 index 00000000..74a8a3f1 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyPortBlockGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyPortBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public ContainerRuntimePolicyPortBlockGetArgs() + { + } + public static new ContainerRuntimePolicyPortBlockGetArgs Empty => new ContainerRuntimePolicyPortBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyFilesArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyFilesArgs.cs new file mode 100644 index 00000000..1bdcae6b --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyFilesArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyReadonlyFilesArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public ContainerRuntimePolicyReadonlyFilesArgs() + { + } + public static new ContainerRuntimePolicyReadonlyFilesArgs Empty => new ContainerRuntimePolicyReadonlyFilesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyFilesGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyFilesGetArgs.cs new file mode 100644 index 00000000..11c48820 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyFilesGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyReadonlyFilesGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public ContainerRuntimePolicyReadonlyFilesGetArgs() + { + } + public static new ContainerRuntimePolicyReadonlyFilesGetArgs Empty => new ContainerRuntimePolicyReadonlyFilesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyRegistryArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyRegistryArgs.cs new file mode 100644 index 00000000..9638330b --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyRegistryArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyReadonlyRegistryArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyRegistryPaths")] + private InputList? _exceptionalReadonlyRegistryPaths; + public InputList ExceptionalReadonlyRegistryPaths + { + get => _exceptionalReadonlyRegistryPaths ?? (_exceptionalReadonlyRegistryPaths = new InputList()); + set => _exceptionalReadonlyRegistryPaths = value; + } + + [Input("exceptionalReadonlyRegistryProcesses")] + private InputList? _exceptionalReadonlyRegistryProcesses; + public InputList ExceptionalReadonlyRegistryProcesses + { + get => _exceptionalReadonlyRegistryProcesses ?? (_exceptionalReadonlyRegistryProcesses = new InputList()); + set => _exceptionalReadonlyRegistryProcesses = value; + } + + [Input("exceptionalReadonlyRegistryUsers")] + private InputList? _exceptionalReadonlyRegistryUsers; + public InputList ExceptionalReadonlyRegistryUsers + { + get => _exceptionalReadonlyRegistryUsers ?? (_exceptionalReadonlyRegistryUsers = new InputList()); + set => _exceptionalReadonlyRegistryUsers = value; + } + + [Input("readonlyRegistryPaths")] + private InputList? _readonlyRegistryPaths; + public InputList ReadonlyRegistryPaths + { + get => _readonlyRegistryPaths ?? (_readonlyRegistryPaths = new InputList()); + set => _readonlyRegistryPaths = value; + } + + [Input("readonlyRegistryProcesses")] + private InputList? _readonlyRegistryProcesses; + public InputList ReadonlyRegistryProcesses + { + get => _readonlyRegistryProcesses ?? (_readonlyRegistryProcesses = new InputList()); + set => _readonlyRegistryProcesses = value; + } + + [Input("readonlyRegistryUsers")] + private InputList? _readonlyRegistryUsers; + public InputList ReadonlyRegistryUsers + { + get => _readonlyRegistryUsers ?? (_readonlyRegistryUsers = new InputList()); + set => _readonlyRegistryUsers = value; + } + + public ContainerRuntimePolicyReadonlyRegistryArgs() + { + } + public static new ContainerRuntimePolicyReadonlyRegistryArgs Empty => new ContainerRuntimePolicyReadonlyRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyRegistryGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyRegistryGetArgs.cs new file mode 100644 index 00000000..d968ec80 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyReadonlyRegistryGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyReadonlyRegistryGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyRegistryPaths")] + private InputList? _exceptionalReadonlyRegistryPaths; + public InputList ExceptionalReadonlyRegistryPaths + { + get => _exceptionalReadonlyRegistryPaths ?? (_exceptionalReadonlyRegistryPaths = new InputList()); + set => _exceptionalReadonlyRegistryPaths = value; + } + + [Input("exceptionalReadonlyRegistryProcesses")] + private InputList? _exceptionalReadonlyRegistryProcesses; + public InputList ExceptionalReadonlyRegistryProcesses + { + get => _exceptionalReadonlyRegistryProcesses ?? (_exceptionalReadonlyRegistryProcesses = new InputList()); + set => _exceptionalReadonlyRegistryProcesses = value; + } + + [Input("exceptionalReadonlyRegistryUsers")] + private InputList? _exceptionalReadonlyRegistryUsers; + public InputList ExceptionalReadonlyRegistryUsers + { + get => _exceptionalReadonlyRegistryUsers ?? (_exceptionalReadonlyRegistryUsers = new InputList()); + set => _exceptionalReadonlyRegistryUsers = value; + } + + [Input("readonlyRegistryPaths")] + private InputList? _readonlyRegistryPaths; + public InputList ReadonlyRegistryPaths + { + get => _readonlyRegistryPaths ?? (_readonlyRegistryPaths = new InputList()); + set => _readonlyRegistryPaths = value; + } + + [Input("readonlyRegistryProcesses")] + private InputList? _readonlyRegistryProcesses; + public InputList ReadonlyRegistryProcesses + { + get => _readonlyRegistryProcesses ?? (_readonlyRegistryProcesses = new InputList()); + set => _readonlyRegistryProcesses = value; + } + + [Input("readonlyRegistryUsers")] + private InputList? _readonlyRegistryUsers; + public InputList ReadonlyRegistryUsers + { + get => _readonlyRegistryUsers ?? (_readonlyRegistryUsers = new InputList()); + set => _readonlyRegistryUsers = value; + } + + public ContainerRuntimePolicyReadonlyRegistryGetArgs() + { + } + public static new ContainerRuntimePolicyReadonlyRegistryGetArgs Empty => new ContainerRuntimePolicyReadonlyRegistryGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyRegistryAccessMonitoringArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyRegistryAccessMonitoringArgs.cs new file mode 100644 index 00000000..9b1c87d1 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyRegistryAccessMonitoringArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyRegistryAccessMonitoringArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredRegistryPaths")] + private InputList? _exceptionalMonitoredRegistryPaths; + public InputList ExceptionalMonitoredRegistryPaths + { + get => _exceptionalMonitoredRegistryPaths ?? (_exceptionalMonitoredRegistryPaths = new InputList()); + set => _exceptionalMonitoredRegistryPaths = value; + } + + [Input("exceptionalMonitoredRegistryProcesses")] + private InputList? _exceptionalMonitoredRegistryProcesses; + public InputList ExceptionalMonitoredRegistryProcesses + { + get => _exceptionalMonitoredRegistryProcesses ?? (_exceptionalMonitoredRegistryProcesses = new InputList()); + set => _exceptionalMonitoredRegistryProcesses = value; + } + + [Input("exceptionalMonitoredRegistryUsers")] + private InputList? _exceptionalMonitoredRegistryUsers; + public InputList ExceptionalMonitoredRegistryUsers + { + get => _exceptionalMonitoredRegistryUsers ?? (_exceptionalMonitoredRegistryUsers = new InputList()); + set => _exceptionalMonitoredRegistryUsers = value; + } + + [Input("monitoredRegistryAttributes")] + public Input? MonitoredRegistryAttributes { get; set; } + + [Input("monitoredRegistryCreate")] + public Input? MonitoredRegistryCreate { get; set; } + + [Input("monitoredRegistryDelete")] + public Input? MonitoredRegistryDelete { get; set; } + + [Input("monitoredRegistryModify")] + public Input? MonitoredRegistryModify { get; set; } + + [Input("monitoredRegistryPaths")] + private InputList? _monitoredRegistryPaths; + public InputList MonitoredRegistryPaths + { + get => _monitoredRegistryPaths ?? (_monitoredRegistryPaths = new InputList()); + set => _monitoredRegistryPaths = value; + } + + [Input("monitoredRegistryProcesses")] + private InputList? _monitoredRegistryProcesses; + public InputList MonitoredRegistryProcesses + { + get => _monitoredRegistryProcesses ?? (_monitoredRegistryProcesses = new InputList()); + set => _monitoredRegistryProcesses = value; + } + + [Input("monitoredRegistryRead")] + public Input? MonitoredRegistryRead { get; set; } + + [Input("monitoredRegistryUsers")] + private InputList? _monitoredRegistryUsers; + public InputList MonitoredRegistryUsers + { + get => _monitoredRegistryUsers ?? (_monitoredRegistryUsers = new InputList()); + set => _monitoredRegistryUsers = value; + } + + public ContainerRuntimePolicyRegistryAccessMonitoringArgs() + { + } + public static new ContainerRuntimePolicyRegistryAccessMonitoringArgs Empty => new ContainerRuntimePolicyRegistryAccessMonitoringArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyRegistryAccessMonitoringGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyRegistryAccessMonitoringGetArgs.cs new file mode 100644 index 00000000..1b7daff6 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyRegistryAccessMonitoringGetArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyRegistryAccessMonitoringGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredRegistryPaths")] + private InputList? _exceptionalMonitoredRegistryPaths; + public InputList ExceptionalMonitoredRegistryPaths + { + get => _exceptionalMonitoredRegistryPaths ?? (_exceptionalMonitoredRegistryPaths = new InputList()); + set => _exceptionalMonitoredRegistryPaths = value; + } + + [Input("exceptionalMonitoredRegistryProcesses")] + private InputList? _exceptionalMonitoredRegistryProcesses; + public InputList ExceptionalMonitoredRegistryProcesses + { + get => _exceptionalMonitoredRegistryProcesses ?? (_exceptionalMonitoredRegistryProcesses = new InputList()); + set => _exceptionalMonitoredRegistryProcesses = value; + } + + [Input("exceptionalMonitoredRegistryUsers")] + private InputList? _exceptionalMonitoredRegistryUsers; + public InputList ExceptionalMonitoredRegistryUsers + { + get => _exceptionalMonitoredRegistryUsers ?? (_exceptionalMonitoredRegistryUsers = new InputList()); + set => _exceptionalMonitoredRegistryUsers = value; + } + + [Input("monitoredRegistryAttributes")] + public Input? MonitoredRegistryAttributes { get; set; } + + [Input("monitoredRegistryCreate")] + public Input? MonitoredRegistryCreate { get; set; } + + [Input("monitoredRegistryDelete")] + public Input? MonitoredRegistryDelete { get; set; } + + [Input("monitoredRegistryModify")] + public Input? MonitoredRegistryModify { get; set; } + + [Input("monitoredRegistryPaths")] + private InputList? _monitoredRegistryPaths; + public InputList MonitoredRegistryPaths + { + get => _monitoredRegistryPaths ?? (_monitoredRegistryPaths = new InputList()); + set => _monitoredRegistryPaths = value; + } + + [Input("monitoredRegistryProcesses")] + private InputList? _monitoredRegistryProcesses; + public InputList MonitoredRegistryProcesses + { + get => _monitoredRegistryProcesses ?? (_monitoredRegistryProcesses = new InputList()); + set => _monitoredRegistryProcesses = value; + } + + [Input("monitoredRegistryRead")] + public Input? MonitoredRegistryRead { get; set; } + + [Input("monitoredRegistryUsers")] + private InputList? _monitoredRegistryUsers; + public InputList MonitoredRegistryUsers + { + get => _monitoredRegistryUsers ?? (_monitoredRegistryUsers = new InputList()); + set => _monitoredRegistryUsers = value; + } + + public ContainerRuntimePolicyRegistryAccessMonitoringGetArgs() + { + } + public static new ContainerRuntimePolicyRegistryAccessMonitoringGetArgs Empty => new ContainerRuntimePolicyRegistryAccessMonitoringGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyRestrictedVolumeArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyRestrictedVolumeArgs.cs new file mode 100644 index 00000000..23e04335 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyRestrictedVolumeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyRestrictedVolumeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public ContainerRuntimePolicyRestrictedVolumeArgs() + { + } + public static new ContainerRuntimePolicyRestrictedVolumeArgs Empty => new ContainerRuntimePolicyRestrictedVolumeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyRestrictedVolumeGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyRestrictedVolumeGetArgs.cs new file mode 100644 index 00000000..c4c32be5 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyRestrictedVolumeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyRestrictedVolumeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public ContainerRuntimePolicyRestrictedVolumeGetArgs() + { + } + public static new ContainerRuntimePolicyRestrictedVolumeGetArgs Empty => new ContainerRuntimePolicyRestrictedVolumeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyReverseShellArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyReverseShellArgs.cs new file mode 100644 index 00000000..3d71fed5 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyReverseShellArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyReverseShellArgs : global::Pulumi.ResourceArgs + { + [Input("blockReverseShell")] + public Input? BlockReverseShell { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + [Input("reverseShellProcWhiteLists")] + private InputList? _reverseShellProcWhiteLists; + public InputList ReverseShellProcWhiteLists + { + get => _reverseShellProcWhiteLists ?? (_reverseShellProcWhiteLists = new InputList()); + set => _reverseShellProcWhiteLists = value; + } + + public ContainerRuntimePolicyReverseShellArgs() + { + } + public static new ContainerRuntimePolicyReverseShellArgs Empty => new ContainerRuntimePolicyReverseShellArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyReverseShellGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyReverseShellGetArgs.cs new file mode 100644 index 00000000..2b5ea184 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyReverseShellGetArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyReverseShellGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockReverseShell")] + public Input? BlockReverseShell { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + [Input("reverseShellProcWhiteLists")] + private InputList? _reverseShellProcWhiteLists; + public InputList ReverseShellProcWhiteLists + { + get => _reverseShellProcWhiteLists ?? (_reverseShellProcWhiteLists = new InputList()); + set => _reverseShellProcWhiteLists = value; + } + + public ContainerRuntimePolicyReverseShellGetArgs() + { + } + public static new ContainerRuntimePolicyReverseShellGetArgs Empty => new ContainerRuntimePolicyReverseShellGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyScopeArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyScopeArgs.cs new file mode 100644 index 00000000..b231ec23 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("variables", required: true)] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public ContainerRuntimePolicyScopeArgs() + { + } + public static new ContainerRuntimePolicyScopeArgs Empty => new ContainerRuntimePolicyScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyScopeGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyScopeGetArgs.cs new file mode 100644 index 00000000..5c0d2d2d --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("variables", required: true)] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public ContainerRuntimePolicyScopeGetArgs() + { + } + public static new ContainerRuntimePolicyScopeGetArgs Empty => new ContainerRuntimePolicyScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicySystemIntegrityProtectionArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicySystemIntegrityProtectionArgs.cs new file mode 100644 index 00000000..6f36c87f --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicySystemIntegrityProtectionArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicySystemIntegrityProtectionArgs : global::Pulumi.ResourceArgs + { + [Input("auditSystemtimeChange")] + public Input? AuditSystemtimeChange { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("monitorAuditLogIntegrity")] + public Input? MonitorAuditLogIntegrity { get; set; } + + [Input("windowsServicesMonitoring")] + public Input? WindowsServicesMonitoring { get; set; } + + public ContainerRuntimePolicySystemIntegrityProtectionArgs() + { + } + public static new ContainerRuntimePolicySystemIntegrityProtectionArgs Empty => new ContainerRuntimePolicySystemIntegrityProtectionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicySystemIntegrityProtectionGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicySystemIntegrityProtectionGetArgs.cs new file mode 100644 index 00000000..11995650 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicySystemIntegrityProtectionGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicySystemIntegrityProtectionGetArgs : global::Pulumi.ResourceArgs + { + [Input("auditSystemtimeChange")] + public Input? AuditSystemtimeChange { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("monitorAuditLogIntegrity")] + public Input? MonitorAuditLogIntegrity { get; set; } + + [Input("windowsServicesMonitoring")] + public Input? WindowsServicesMonitoring { get; set; } + + public ContainerRuntimePolicySystemIntegrityProtectionGetArgs() + { + } + public static new ContainerRuntimePolicySystemIntegrityProtectionGetArgs Empty => new ContainerRuntimePolicySystemIntegrityProtectionGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyTripwireArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyTripwireArgs.cs new file mode 100644 index 00000000..f41ef63d --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyTripwireArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyTripwireArgs : global::Pulumi.ResourceArgs + { + [Input("applyOns")] + private InputList? _applyOns; + public InputList ApplyOns + { + get => _applyOns ?? (_applyOns = new InputList()); + set => _applyOns = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("serverlessApp")] + public Input? ServerlessApp { get; set; } + + [Input("userId")] + public Input? UserId { get; set; } + + [Input("userPassword")] + public Input? UserPassword { get; set; } + + public ContainerRuntimePolicyTripwireArgs() + { + } + public static new ContainerRuntimePolicyTripwireArgs Empty => new ContainerRuntimePolicyTripwireArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyTripwireGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyTripwireGetArgs.cs new file mode 100644 index 00000000..8cbf7d84 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyTripwireGetArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyTripwireGetArgs : global::Pulumi.ResourceArgs + { + [Input("applyOns")] + private InputList? _applyOns; + public InputList ApplyOns + { + get => _applyOns ?? (_applyOns = new InputList()); + set => _applyOns = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("serverlessApp")] + public Input? ServerlessApp { get; set; } + + [Input("userId")] + public Input? UserId { get; set; } + + [Input("userPassword")] + public Input? UserPassword { get; set; } + + public ContainerRuntimePolicyTripwireGetArgs() + { + } + public static new ContainerRuntimePolicyTripwireGetArgs Empty => new ContainerRuntimePolicyTripwireGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyWhitelistedOsUsersArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyWhitelistedOsUsersArgs.cs new file mode 100644 index 00000000..14f98f93 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyWhitelistedOsUsersArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyWhitelistedOsUsersArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupWhiteLists")] + private InputList? _groupWhiteLists; + public InputList GroupWhiteLists + { + get => _groupWhiteLists ?? (_groupWhiteLists = new InputList()); + set => _groupWhiteLists = value; + } + + [Input("userWhiteLists")] + private InputList? _userWhiteLists; + public InputList UserWhiteLists + { + get => _userWhiteLists ?? (_userWhiteLists = new InputList()); + set => _userWhiteLists = value; + } + + public ContainerRuntimePolicyWhitelistedOsUsersArgs() + { + } + public static new ContainerRuntimePolicyWhitelistedOsUsersArgs Empty => new ContainerRuntimePolicyWhitelistedOsUsersArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ContainerRuntimePolicyWhitelistedOsUsersGetArgs.cs b/sdk/dotnet/Inputs/ContainerRuntimePolicyWhitelistedOsUsersGetArgs.cs new file mode 100644 index 00000000..f7bb9613 --- /dev/null +++ b/sdk/dotnet/Inputs/ContainerRuntimePolicyWhitelistedOsUsersGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ContainerRuntimePolicyWhitelistedOsUsersGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupWhiteLists")] + private InputList? _groupWhiteLists; + public InputList GroupWhiteLists + { + get => _groupWhiteLists ?? (_groupWhiteLists = new InputList()); + set => _groupWhiteLists = value; + } + + [Input("userWhiteLists")] + private InputList? _userWhiteLists; + public InputList UserWhiteLists + { + get => _userWhiteLists ?? (_userWhiteLists = new InputList()); + set => _userWhiteLists = value; + } + + public ContainerRuntimePolicyWhitelistedOsUsersGetArgs() + { + } + public static new ContainerRuntimePolicyWhitelistedOsUsersGetArgs Empty => new ContainerRuntimePolicyWhitelistedOsUsersGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorArgs.cs b/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorArgs.cs index 00c81ea7..751f70d6 100644 --- a/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorArgs.cs +++ b/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorArgs.cs @@ -28,9 +28,6 @@ public sealed class EnforcerGroupsOrchestratorArgs : global::Pulumi.ResourceArgs [Input("serviceAccount")] public Input? ServiceAccount { get; set; } - /// - /// Enforcer Type. - /// [Input("type")] public Input? Type { get; set; } diff --git a/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorGetArgs.cs b/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorGetArgs.cs index 251d058e..8fb76b5a 100644 --- a/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorGetArgs.cs +++ b/sdk/dotnet/Inputs/EnforcerGroupsOrchestratorGetArgs.cs @@ -28,9 +28,6 @@ public sealed class EnforcerGroupsOrchestratorGetArgs : global::Pulumi.ResourceA [Input("serviceAccount")] public Input? ServiceAccount { get; set; } - /// - /// Enforcer Type. - /// [Input("type")] public Input? Type { get; set; } diff --git a/sdk/dotnet/Inputs/FunctionAssurancePolicyKubernetesControlArgs.cs b/sdk/dotnet/Inputs/FunctionAssurancePolicyKubernetesControlArgs.cs new file mode 100644 index 00000000..9bf5ae0a --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionAssurancePolicyKubernetesControlArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionAssurancePolicyKubernetesControlArgs : global::Pulumi.ResourceArgs + { + [Input("avdId")] + public Input? AvdId { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("kind")] + public Input? Kind { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("ootb")] + public Input? Ootb { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + public FunctionAssurancePolicyKubernetesControlArgs() + { + } + public static new FunctionAssurancePolicyKubernetesControlArgs Empty => new FunctionAssurancePolicyKubernetesControlArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionAssurancePolicyKubernetesControlGetArgs.cs b/sdk/dotnet/Inputs/FunctionAssurancePolicyKubernetesControlGetArgs.cs new file mode 100644 index 00000000..5fd443f6 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionAssurancePolicyKubernetesControlGetArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionAssurancePolicyKubernetesControlGetArgs : global::Pulumi.ResourceArgs + { + [Input("avdId")] + public Input? AvdId { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("kind")] + public Input? Kind { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("ootb")] + public Input? Ootb { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + public FunctionAssurancePolicyKubernetesControlGetArgs() + { + } + public static new FunctionAssurancePolicyKubernetesControlGetArgs Empty => new FunctionAssurancePolicyKubernetesControlGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionAssurancePolicyPolicySettingsArgs.cs b/sdk/dotnet/Inputs/FunctionAssurancePolicyPolicySettingsArgs.cs new file mode 100644 index 00000000..01877fcf --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionAssurancePolicyPolicySettingsArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionAssurancePolicyPolicySettingsArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public FunctionAssurancePolicyPolicySettingsArgs() + { + } + public static new FunctionAssurancePolicyPolicySettingsArgs Empty => new FunctionAssurancePolicyPolicySettingsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionAssurancePolicyPolicySettingsGetArgs.cs b/sdk/dotnet/Inputs/FunctionAssurancePolicyPolicySettingsGetArgs.cs new file mode 100644 index 00000000..ea42e976 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionAssurancePolicyPolicySettingsGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionAssurancePolicyPolicySettingsGetArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public FunctionAssurancePolicyPolicySettingsGetArgs() + { + } + public static new FunctionAssurancePolicyPolicySettingsGetArgs Empty => new FunctionAssurancePolicyPolicySettingsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedExecutableArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedExecutableArgs.cs new file mode 100644 index 00000000..e6ec26cf --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedExecutableArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyAllowedExecutableArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public FunctionRuntimePolicyAllowedExecutableArgs() + { + } + public static new FunctionRuntimePolicyAllowedExecutableArgs Empty => new FunctionRuntimePolicyAllowedExecutableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedExecutableGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedExecutableGetArgs.cs new file mode 100644 index 00000000..9c34f928 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedExecutableGetArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyAllowedExecutableGetArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public FunctionRuntimePolicyAllowedExecutableGetArgs() + { + } + public static new FunctionRuntimePolicyAllowedExecutableGetArgs Empty => new FunctionRuntimePolicyAllowedExecutableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedRegistryArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedRegistryArgs.cs new file mode 100644 index 00000000..502a6124 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedRegistryArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyAllowedRegistryArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public FunctionRuntimePolicyAllowedRegistryArgs() + { + } + public static new FunctionRuntimePolicyAllowedRegistryArgs Empty => new FunctionRuntimePolicyAllowedRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedRegistryGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedRegistryGetArgs.cs new file mode 100644 index 00000000..b6253744 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyAllowedRegistryGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyAllowedRegistryGetArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public FunctionRuntimePolicyAllowedRegistryGetArgs() + { + } + public static new FunctionRuntimePolicyAllowedRegistryGetArgs Empty => new FunctionRuntimePolicyAllowedRegistryGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyAuditingArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyAuditingArgs.cs new file mode 100644 index 00000000..8fc995fc --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyAuditingArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyAuditingArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public FunctionRuntimePolicyAuditingArgs() + { + } + public static new FunctionRuntimePolicyAuditingArgs Empty => new FunctionRuntimePolicyAuditingArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyAuditingGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyAuditingGetArgs.cs new file mode 100644 index 00000000..0de0f844 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyAuditingGetArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyAuditingGetArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public FunctionRuntimePolicyAuditingGetArgs() + { + } + public static new FunctionRuntimePolicyAuditingGetArgs Empty => new FunctionRuntimePolicyAuditingGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBlacklistedOsUsersArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBlacklistedOsUsersArgs.cs new file mode 100644 index 00000000..5d2cfa98 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBlacklistedOsUsersArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBlacklistedOsUsersArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupBlackLists")] + private InputList? _groupBlackLists; + public InputList GroupBlackLists + { + get => _groupBlackLists ?? (_groupBlackLists = new InputList()); + set => _groupBlackLists = value; + } + + [Input("userBlackLists")] + private InputList? _userBlackLists; + public InputList UserBlackLists + { + get => _userBlackLists ?? (_userBlackLists = new InputList()); + set => _userBlackLists = value; + } + + public FunctionRuntimePolicyBlacklistedOsUsersArgs() + { + } + public static new FunctionRuntimePolicyBlacklistedOsUsersArgs Empty => new FunctionRuntimePolicyBlacklistedOsUsersArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBlacklistedOsUsersGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBlacklistedOsUsersGetArgs.cs new file mode 100644 index 00000000..19b11016 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBlacklistedOsUsersGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBlacklistedOsUsersGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupBlackLists")] + private InputList? _groupBlackLists; + public InputList GroupBlackLists + { + get => _groupBlackLists ?? (_groupBlackLists = new InputList()); + set => _groupBlackLists = value; + } + + [Input("userBlackLists")] + private InputList? _userBlackLists; + public InputList UserBlackLists + { + get => _userBlackLists ?? (_userBlackLists = new InputList()); + set => _userBlackLists = value; + } + + public FunctionRuntimePolicyBlacklistedOsUsersGetArgs() + { + } + public static new FunctionRuntimePolicyBlacklistedOsUsersGetArgs Empty => new FunctionRuntimePolicyBlacklistedOsUsersGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeArgs.cs new file mode 100644 index 00000000..ffd12b27 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBypassScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether bypassing the scope is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + public FunctionRuntimePolicyBypassScopeArgs() + { + } + public static new FunctionRuntimePolicyBypassScopeArgs Empty => new FunctionRuntimePolicyBypassScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeGetArgs.cs new file mode 100644 index 00000000..14c7a6de --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBypassScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether bypassing the scope is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + public FunctionRuntimePolicyBypassScopeGetArgs() + { + } + public static new FunctionRuntimePolicyBypassScopeGetArgs Empty => new FunctionRuntimePolicyBypassScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeArgs.cs new file mode 100644 index 00000000..0d719ab2 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBypassScopeScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public FunctionRuntimePolicyBypassScopeScopeArgs() + { + } + public static new FunctionRuntimePolicyBypassScopeScopeArgs Empty => new FunctionRuntimePolicyBypassScopeScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeGetArgs.cs new file mode 100644 index 00000000..326f23d2 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBypassScopeScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public FunctionRuntimePolicyBypassScopeScopeGetArgs() + { + } + public static new FunctionRuntimePolicyBypassScopeScopeGetArgs Empty => new FunctionRuntimePolicyBypassScopeScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeVariableArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeVariableArgs.cs new file mode 100644 index 00000000..5bc89d77 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeVariableArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBypassScopeScopeVariableArgs : global::Pulumi.ResourceArgs + { + /// + /// Variable attribute. + /// + [Input("attribute")] + public Input? Attribute { get; set; } + + /// + /// Variable value. + /// + [Input("value")] + public Input? Value { get; set; } + + public FunctionRuntimePolicyBypassScopeScopeVariableArgs() + { + } + public static new FunctionRuntimePolicyBypassScopeScopeVariableArgs Empty => new FunctionRuntimePolicyBypassScopeScopeVariableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeVariableGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeVariableGetArgs.cs new file mode 100644 index 00000000..9120bab1 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyBypassScopeScopeVariableGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyBypassScopeScopeVariableGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Variable attribute. + /// + [Input("attribute")] + public Input? Attribute { get; set; } + + /// + /// Variable value. + /// + [Input("value")] + public Input? Value { get; set; } + + public FunctionRuntimePolicyBypassScopeScopeVariableGetArgs() + { + } + public static new FunctionRuntimePolicyBypassScopeScopeVariableGetArgs Empty => new FunctionRuntimePolicyBypassScopeScopeVariableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyContainerExecArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyContainerExecArgs.cs new file mode 100644 index 00000000..1bfb086e --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyContainerExecArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyContainerExecArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public FunctionRuntimePolicyContainerExecArgs() + { + } + public static new FunctionRuntimePolicyContainerExecArgs Empty => new FunctionRuntimePolicyContainerExecArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyContainerExecGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyContainerExecGetArgs.cs new file mode 100644 index 00000000..e3f62e17 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyContainerExecGetArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyContainerExecGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public FunctionRuntimePolicyContainerExecGetArgs() + { + } + public static new FunctionRuntimePolicyContainerExecGetArgs Empty => new FunctionRuntimePolicyContainerExecGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyDriftPreventionArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyDriftPreventionArgs.cs new file mode 100644 index 00000000..9cdb14c4 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyDriftPreventionArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyDriftPreventionArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public FunctionRuntimePolicyDriftPreventionArgs() + { + } + public static new FunctionRuntimePolicyDriftPreventionArgs Empty => new FunctionRuntimePolicyDriftPreventionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyDriftPreventionGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyDriftPreventionGetArgs.cs new file mode 100644 index 00000000..f92aeae8 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyDriftPreventionGetArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyDriftPreventionGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public FunctionRuntimePolicyDriftPreventionGetArgs() + { + } + public static new FunctionRuntimePolicyDriftPreventionGetArgs Empty => new FunctionRuntimePolicyDriftPreventionGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyExecutableBlacklistArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyExecutableBlacklistArgs.cs new file mode 100644 index 00000000..d75340fe --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyExecutableBlacklistArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyExecutableBlacklistArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public FunctionRuntimePolicyExecutableBlacklistArgs() + { + } + public static new FunctionRuntimePolicyExecutableBlacklistArgs Empty => new FunctionRuntimePolicyExecutableBlacklistArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyExecutableBlacklistGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyExecutableBlacklistGetArgs.cs new file mode 100644 index 00000000..468d671d --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyExecutableBlacklistGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyExecutableBlacklistGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public FunctionRuntimePolicyExecutableBlacklistGetArgs() + { + } + public static new FunctionRuntimePolicyExecutableBlacklistGetArgs Empty => new FunctionRuntimePolicyExecutableBlacklistGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyFailedKubernetesChecksArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyFailedKubernetesChecksArgs.cs new file mode 100644 index 00000000..6dee7750 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyFailedKubernetesChecksArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyFailedKubernetesChecksArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("failedChecks")] + private InputList? _failedChecks; + public InputList FailedChecks + { + get => _failedChecks ?? (_failedChecks = new InputList()); + set => _failedChecks = value; + } + + public FunctionRuntimePolicyFailedKubernetesChecksArgs() + { + } + public static new FunctionRuntimePolicyFailedKubernetesChecksArgs Empty => new FunctionRuntimePolicyFailedKubernetesChecksArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyFailedKubernetesChecksGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyFailedKubernetesChecksGetArgs.cs new file mode 100644 index 00000000..f8282392 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyFailedKubernetesChecksGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyFailedKubernetesChecksGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("failedChecks")] + private InputList? _failedChecks; + public InputList FailedChecks + { + get => _failedChecks ?? (_failedChecks = new InputList()); + set => _failedChecks = value; + } + + public FunctionRuntimePolicyFailedKubernetesChecksGetArgs() + { + } + public static new FunctionRuntimePolicyFailedKubernetesChecksGetArgs Empty => new FunctionRuntimePolicyFailedKubernetesChecksGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyFileBlockArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileBlockArgs.cs new file mode 100644 index 00000000..256b50db --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyFileBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public FunctionRuntimePolicyFileBlockArgs() + { + } + public static new FunctionRuntimePolicyFileBlockArgs Empty => new FunctionRuntimePolicyFileBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyFileBlockGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileBlockGetArgs.cs new file mode 100644 index 00000000..87313ee7 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileBlockGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyFileBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public FunctionRuntimePolicyFileBlockGetArgs() + { + } + public static new FunctionRuntimePolicyFileBlockGetArgs Empty => new FunctionRuntimePolicyFileBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyFileIntegrityMonitoringArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileIntegrityMonitoringArgs.cs new file mode 100644 index 00000000..2ca3b584 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileIntegrityMonitoringArgs.cs @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyFileIntegrityMonitoringArgs : global::Pulumi.ResourceArgs + { + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; + + /// + /// List of paths to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFiles + { + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; + } + + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; + + /// + /// List of processes to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesProcesses + { + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; + } + + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; + + /// + /// List of users to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesUsers + { + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; + } + + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + + /// + /// List of paths to be monitored. + /// + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } + + /// + /// Whether to monitor file attribute operations. + /// + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } + + /// + /// Whether to monitor file create operations. + /// + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } + + /// + /// Whether to monitor file delete operations. + /// + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } + + /// + /// Whether to monitor file modify operations. + /// + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } + + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; + + /// + /// List of processes associated with monitored files. + /// + public InputList MonitoredFilesProcesses + { + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; + } + + /// + /// Whether to monitor file read operations. + /// + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } + + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; + + /// + /// List of users associated with monitored files. + /// + public InputList MonitoredFilesUsers + { + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; + } + + public FunctionRuntimePolicyFileIntegrityMonitoringArgs() + { + } + public static new FunctionRuntimePolicyFileIntegrityMonitoringArgs Empty => new FunctionRuntimePolicyFileIntegrityMonitoringArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyFileIntegrityMonitoringGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileIntegrityMonitoringGetArgs.cs new file mode 100644 index 00000000..62b98a7e --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyFileIntegrityMonitoringGetArgs.cs @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyFileIntegrityMonitoringGetArgs : global::Pulumi.ResourceArgs + { + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; + + /// + /// List of paths to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFiles + { + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; + } + + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; + + /// + /// List of processes to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesProcesses + { + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; + } + + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; + + /// + /// List of users to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesUsers + { + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; + } + + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + + /// + /// List of paths to be monitored. + /// + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } + + /// + /// Whether to monitor file attribute operations. + /// + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } + + /// + /// Whether to monitor file create operations. + /// + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } + + /// + /// Whether to monitor file delete operations. + /// + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } + + /// + /// Whether to monitor file modify operations. + /// + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } + + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; + + /// + /// List of processes associated with monitored files. + /// + public InputList MonitoredFilesProcesses + { + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; + } + + /// + /// Whether to monitor file read operations. + /// + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } + + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; + + /// + /// List of users associated with monitored files. + /// + public InputList MonitoredFilesUsers + { + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; + } + + public FunctionRuntimePolicyFileIntegrityMonitoringGetArgs() + { + } + public static new FunctionRuntimePolicyFileIntegrityMonitoringGetArgs Empty => new FunctionRuntimePolicyFileIntegrityMonitoringGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyLimitContainerPrivilegeArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyLimitContainerPrivilegeArgs.cs new file mode 100644 index 00000000..c079e8a3 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyLimitContainerPrivilegeArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyLimitContainerPrivilegeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public FunctionRuntimePolicyLimitContainerPrivilegeArgs() + { + } + public static new FunctionRuntimePolicyLimitContainerPrivilegeArgs Empty => new FunctionRuntimePolicyLimitContainerPrivilegeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyLimitContainerPrivilegeGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyLimitContainerPrivilegeGetArgs.cs new file mode 100644 index 00000000..6a26ca8f --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyLimitContainerPrivilegeGetArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyLimitContainerPrivilegeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public FunctionRuntimePolicyLimitContainerPrivilegeGetArgs() + { + } + public static new FunctionRuntimePolicyLimitContainerPrivilegeGetArgs Empty => new FunctionRuntimePolicyLimitContainerPrivilegeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyLinuxCapabilitiesArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyLinuxCapabilitiesArgs.cs new file mode 100644 index 00000000..79bdc55a --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyLinuxCapabilitiesArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyLinuxCapabilitiesArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("removeLinuxCapabilities")] + private InputList? _removeLinuxCapabilities; + public InputList RemoveLinuxCapabilities + { + get => _removeLinuxCapabilities ?? (_removeLinuxCapabilities = new InputList()); + set => _removeLinuxCapabilities = value; + } + + public FunctionRuntimePolicyLinuxCapabilitiesArgs() + { + } + public static new FunctionRuntimePolicyLinuxCapabilitiesArgs Empty => new FunctionRuntimePolicyLinuxCapabilitiesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyLinuxCapabilitiesGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyLinuxCapabilitiesGetArgs.cs new file mode 100644 index 00000000..d1cb49a7 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyLinuxCapabilitiesGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyLinuxCapabilitiesGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("removeLinuxCapabilities")] + private InputList? _removeLinuxCapabilities; + public InputList RemoveLinuxCapabilities + { + get => _removeLinuxCapabilities ?? (_removeLinuxCapabilities = new InputList()); + set => _removeLinuxCapabilities = value; + } + + public FunctionRuntimePolicyLinuxCapabilitiesGetArgs() + { + } + public static new FunctionRuntimePolicyLinuxCapabilitiesGetArgs Empty => new FunctionRuntimePolicyLinuxCapabilitiesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyMalwareScanOptionsArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyMalwareScanOptionsArgs.cs new file mode 100644 index 00000000..c174c91e --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyMalwareScanOptionsArgs.cs @@ -0,0 +1,69 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyMalwareScanOptionsArgs : global::Pulumi.ResourceArgs + { + /// + /// Set Action, Defaults to 'Alert' when empty + /// + [Input("action")] + public Input? Action { get; set; } + + /// + /// Defines if enabled or not + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("excludeDirectories")] + private InputList? _excludeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList ExcludeDirectories + { + get => _excludeDirectories ?? (_excludeDirectories = new InputList()); + set => _excludeDirectories = value; + } + + [Input("excludeProcesses")] + private InputList? _excludeProcesses; + + /// + /// List of registry processes to be excluded from being protected. + /// + public InputList ExcludeProcesses + { + get => _excludeProcesses ?? (_excludeProcesses = new InputList()); + set => _excludeProcesses = value; + } + + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + + public FunctionRuntimePolicyMalwareScanOptionsArgs() + { + } + public static new FunctionRuntimePolicyMalwareScanOptionsArgs Empty => new FunctionRuntimePolicyMalwareScanOptionsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyMalwareScanOptionsGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyMalwareScanOptionsGetArgs.cs new file mode 100644 index 00000000..cff9ef19 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyMalwareScanOptionsGetArgs.cs @@ -0,0 +1,69 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyMalwareScanOptionsGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Set Action, Defaults to 'Alert' when empty + /// + [Input("action")] + public Input? Action { get; set; } + + /// + /// Defines if enabled or not + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("excludeDirectories")] + private InputList? _excludeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList ExcludeDirectories + { + get => _excludeDirectories ?? (_excludeDirectories = new InputList()); + set => _excludeDirectories = value; + } + + [Input("excludeProcesses")] + private InputList? _excludeProcesses; + + /// + /// List of registry processes to be excluded from being protected. + /// + public InputList ExcludeProcesses + { + get => _excludeProcesses ?? (_excludeProcesses = new InputList()); + set => _excludeProcesses = value; + } + + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + + public FunctionRuntimePolicyMalwareScanOptionsGetArgs() + { + } + public static new FunctionRuntimePolicyMalwareScanOptionsGetArgs Empty => new FunctionRuntimePolicyMalwareScanOptionsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyPackageBlockArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyPackageBlockArgs.cs new file mode 100644 index 00000000..23eb1542 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyPackageBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyPackageBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public FunctionRuntimePolicyPackageBlockArgs() + { + } + public static new FunctionRuntimePolicyPackageBlockArgs Empty => new FunctionRuntimePolicyPackageBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyPackageBlockGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyPackageBlockGetArgs.cs new file mode 100644 index 00000000..b3395909 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyPackageBlockGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyPackageBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public FunctionRuntimePolicyPackageBlockGetArgs() + { + } + public static new FunctionRuntimePolicyPackageBlockGetArgs Empty => new FunctionRuntimePolicyPackageBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyPortBlockArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyPortBlockArgs.cs new file mode 100644 index 00000000..89b5912f --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyPortBlockArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyPortBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public FunctionRuntimePolicyPortBlockArgs() + { + } + public static new FunctionRuntimePolicyPortBlockArgs Empty => new FunctionRuntimePolicyPortBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyPortBlockGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyPortBlockGetArgs.cs new file mode 100644 index 00000000..5c529dd8 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyPortBlockGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyPortBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public FunctionRuntimePolicyPortBlockGetArgs() + { + } + public static new FunctionRuntimePolicyPortBlockGetArgs Empty => new FunctionRuntimePolicyPortBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyFilesArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyFilesArgs.cs new file mode 100644 index 00000000..2233fe32 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyFilesArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyReadonlyFilesArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public FunctionRuntimePolicyReadonlyFilesArgs() + { + } + public static new FunctionRuntimePolicyReadonlyFilesArgs Empty => new FunctionRuntimePolicyReadonlyFilesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyFilesGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyFilesGetArgs.cs new file mode 100644 index 00000000..631a8139 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyFilesGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyReadonlyFilesGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public FunctionRuntimePolicyReadonlyFilesGetArgs() + { + } + public static new FunctionRuntimePolicyReadonlyFilesGetArgs Empty => new FunctionRuntimePolicyReadonlyFilesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyRegistryArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyRegistryArgs.cs new file mode 100644 index 00000000..f8761b57 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyRegistryArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyReadonlyRegistryArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyRegistryPaths")] + private InputList? _exceptionalReadonlyRegistryPaths; + public InputList ExceptionalReadonlyRegistryPaths + { + get => _exceptionalReadonlyRegistryPaths ?? (_exceptionalReadonlyRegistryPaths = new InputList()); + set => _exceptionalReadonlyRegistryPaths = value; + } + + [Input("exceptionalReadonlyRegistryProcesses")] + private InputList? _exceptionalReadonlyRegistryProcesses; + public InputList ExceptionalReadonlyRegistryProcesses + { + get => _exceptionalReadonlyRegistryProcesses ?? (_exceptionalReadonlyRegistryProcesses = new InputList()); + set => _exceptionalReadonlyRegistryProcesses = value; + } + + [Input("exceptionalReadonlyRegistryUsers")] + private InputList? _exceptionalReadonlyRegistryUsers; + public InputList ExceptionalReadonlyRegistryUsers + { + get => _exceptionalReadonlyRegistryUsers ?? (_exceptionalReadonlyRegistryUsers = new InputList()); + set => _exceptionalReadonlyRegistryUsers = value; + } + + [Input("readonlyRegistryPaths")] + private InputList? _readonlyRegistryPaths; + public InputList ReadonlyRegistryPaths + { + get => _readonlyRegistryPaths ?? (_readonlyRegistryPaths = new InputList()); + set => _readonlyRegistryPaths = value; + } + + [Input("readonlyRegistryProcesses")] + private InputList? _readonlyRegistryProcesses; + public InputList ReadonlyRegistryProcesses + { + get => _readonlyRegistryProcesses ?? (_readonlyRegistryProcesses = new InputList()); + set => _readonlyRegistryProcesses = value; + } + + [Input("readonlyRegistryUsers")] + private InputList? _readonlyRegistryUsers; + public InputList ReadonlyRegistryUsers + { + get => _readonlyRegistryUsers ?? (_readonlyRegistryUsers = new InputList()); + set => _readonlyRegistryUsers = value; + } + + public FunctionRuntimePolicyReadonlyRegistryArgs() + { + } + public static new FunctionRuntimePolicyReadonlyRegistryArgs Empty => new FunctionRuntimePolicyReadonlyRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyRegistryGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyRegistryGetArgs.cs new file mode 100644 index 00000000..960cd3fd --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyReadonlyRegistryGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyReadonlyRegistryGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyRegistryPaths")] + private InputList? _exceptionalReadonlyRegistryPaths; + public InputList ExceptionalReadonlyRegistryPaths + { + get => _exceptionalReadonlyRegistryPaths ?? (_exceptionalReadonlyRegistryPaths = new InputList()); + set => _exceptionalReadonlyRegistryPaths = value; + } + + [Input("exceptionalReadonlyRegistryProcesses")] + private InputList? _exceptionalReadonlyRegistryProcesses; + public InputList ExceptionalReadonlyRegistryProcesses + { + get => _exceptionalReadonlyRegistryProcesses ?? (_exceptionalReadonlyRegistryProcesses = new InputList()); + set => _exceptionalReadonlyRegistryProcesses = value; + } + + [Input("exceptionalReadonlyRegistryUsers")] + private InputList? _exceptionalReadonlyRegistryUsers; + public InputList ExceptionalReadonlyRegistryUsers + { + get => _exceptionalReadonlyRegistryUsers ?? (_exceptionalReadonlyRegistryUsers = new InputList()); + set => _exceptionalReadonlyRegistryUsers = value; + } + + [Input("readonlyRegistryPaths")] + private InputList? _readonlyRegistryPaths; + public InputList ReadonlyRegistryPaths + { + get => _readonlyRegistryPaths ?? (_readonlyRegistryPaths = new InputList()); + set => _readonlyRegistryPaths = value; + } + + [Input("readonlyRegistryProcesses")] + private InputList? _readonlyRegistryProcesses; + public InputList ReadonlyRegistryProcesses + { + get => _readonlyRegistryProcesses ?? (_readonlyRegistryProcesses = new InputList()); + set => _readonlyRegistryProcesses = value; + } + + [Input("readonlyRegistryUsers")] + private InputList? _readonlyRegistryUsers; + public InputList ReadonlyRegistryUsers + { + get => _readonlyRegistryUsers ?? (_readonlyRegistryUsers = new InputList()); + set => _readonlyRegistryUsers = value; + } + + public FunctionRuntimePolicyReadonlyRegistryGetArgs() + { + } + public static new FunctionRuntimePolicyReadonlyRegistryGetArgs Empty => new FunctionRuntimePolicyReadonlyRegistryGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyRegistryAccessMonitoringArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyRegistryAccessMonitoringArgs.cs new file mode 100644 index 00000000..acd6c826 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyRegistryAccessMonitoringArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyRegistryAccessMonitoringArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredRegistryPaths")] + private InputList? _exceptionalMonitoredRegistryPaths; + public InputList ExceptionalMonitoredRegistryPaths + { + get => _exceptionalMonitoredRegistryPaths ?? (_exceptionalMonitoredRegistryPaths = new InputList()); + set => _exceptionalMonitoredRegistryPaths = value; + } + + [Input("exceptionalMonitoredRegistryProcesses")] + private InputList? _exceptionalMonitoredRegistryProcesses; + public InputList ExceptionalMonitoredRegistryProcesses + { + get => _exceptionalMonitoredRegistryProcesses ?? (_exceptionalMonitoredRegistryProcesses = new InputList()); + set => _exceptionalMonitoredRegistryProcesses = value; + } + + [Input("exceptionalMonitoredRegistryUsers")] + private InputList? _exceptionalMonitoredRegistryUsers; + public InputList ExceptionalMonitoredRegistryUsers + { + get => _exceptionalMonitoredRegistryUsers ?? (_exceptionalMonitoredRegistryUsers = new InputList()); + set => _exceptionalMonitoredRegistryUsers = value; + } + + [Input("monitoredRegistryAttributes")] + public Input? MonitoredRegistryAttributes { get; set; } + + [Input("monitoredRegistryCreate")] + public Input? MonitoredRegistryCreate { get; set; } + + [Input("monitoredRegistryDelete")] + public Input? MonitoredRegistryDelete { get; set; } + + [Input("monitoredRegistryModify")] + public Input? MonitoredRegistryModify { get; set; } + + [Input("monitoredRegistryPaths")] + private InputList? _monitoredRegistryPaths; + public InputList MonitoredRegistryPaths + { + get => _monitoredRegistryPaths ?? (_monitoredRegistryPaths = new InputList()); + set => _monitoredRegistryPaths = value; + } + + [Input("monitoredRegistryProcesses")] + private InputList? _monitoredRegistryProcesses; + public InputList MonitoredRegistryProcesses + { + get => _monitoredRegistryProcesses ?? (_monitoredRegistryProcesses = new InputList()); + set => _monitoredRegistryProcesses = value; + } + + [Input("monitoredRegistryRead")] + public Input? MonitoredRegistryRead { get; set; } + + [Input("monitoredRegistryUsers")] + private InputList? _monitoredRegistryUsers; + public InputList MonitoredRegistryUsers + { + get => _monitoredRegistryUsers ?? (_monitoredRegistryUsers = new InputList()); + set => _monitoredRegistryUsers = value; + } + + public FunctionRuntimePolicyRegistryAccessMonitoringArgs() + { + } + public static new FunctionRuntimePolicyRegistryAccessMonitoringArgs Empty => new FunctionRuntimePolicyRegistryAccessMonitoringArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyRegistryAccessMonitoringGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyRegistryAccessMonitoringGetArgs.cs new file mode 100644 index 00000000..b6cc8d92 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyRegistryAccessMonitoringGetArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyRegistryAccessMonitoringGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredRegistryPaths")] + private InputList? _exceptionalMonitoredRegistryPaths; + public InputList ExceptionalMonitoredRegistryPaths + { + get => _exceptionalMonitoredRegistryPaths ?? (_exceptionalMonitoredRegistryPaths = new InputList()); + set => _exceptionalMonitoredRegistryPaths = value; + } + + [Input("exceptionalMonitoredRegistryProcesses")] + private InputList? _exceptionalMonitoredRegistryProcesses; + public InputList ExceptionalMonitoredRegistryProcesses + { + get => _exceptionalMonitoredRegistryProcesses ?? (_exceptionalMonitoredRegistryProcesses = new InputList()); + set => _exceptionalMonitoredRegistryProcesses = value; + } + + [Input("exceptionalMonitoredRegistryUsers")] + private InputList? _exceptionalMonitoredRegistryUsers; + public InputList ExceptionalMonitoredRegistryUsers + { + get => _exceptionalMonitoredRegistryUsers ?? (_exceptionalMonitoredRegistryUsers = new InputList()); + set => _exceptionalMonitoredRegistryUsers = value; + } + + [Input("monitoredRegistryAttributes")] + public Input? MonitoredRegistryAttributes { get; set; } + + [Input("monitoredRegistryCreate")] + public Input? MonitoredRegistryCreate { get; set; } + + [Input("monitoredRegistryDelete")] + public Input? MonitoredRegistryDelete { get; set; } + + [Input("monitoredRegistryModify")] + public Input? MonitoredRegistryModify { get; set; } + + [Input("monitoredRegistryPaths")] + private InputList? _monitoredRegistryPaths; + public InputList MonitoredRegistryPaths + { + get => _monitoredRegistryPaths ?? (_monitoredRegistryPaths = new InputList()); + set => _monitoredRegistryPaths = value; + } + + [Input("monitoredRegistryProcesses")] + private InputList? _monitoredRegistryProcesses; + public InputList MonitoredRegistryProcesses + { + get => _monitoredRegistryProcesses ?? (_monitoredRegistryProcesses = new InputList()); + set => _monitoredRegistryProcesses = value; + } + + [Input("monitoredRegistryRead")] + public Input? MonitoredRegistryRead { get; set; } + + [Input("monitoredRegistryUsers")] + private InputList? _monitoredRegistryUsers; + public InputList MonitoredRegistryUsers + { + get => _monitoredRegistryUsers ?? (_monitoredRegistryUsers = new InputList()); + set => _monitoredRegistryUsers = value; + } + + public FunctionRuntimePolicyRegistryAccessMonitoringGetArgs() + { + } + public static new FunctionRuntimePolicyRegistryAccessMonitoringGetArgs Empty => new FunctionRuntimePolicyRegistryAccessMonitoringGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyRestrictedVolumeArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyRestrictedVolumeArgs.cs new file mode 100644 index 00000000..72146327 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyRestrictedVolumeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyRestrictedVolumeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public FunctionRuntimePolicyRestrictedVolumeArgs() + { + } + public static new FunctionRuntimePolicyRestrictedVolumeArgs Empty => new FunctionRuntimePolicyRestrictedVolumeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyRestrictedVolumeGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyRestrictedVolumeGetArgs.cs new file mode 100644 index 00000000..5254dd78 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyRestrictedVolumeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyRestrictedVolumeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public FunctionRuntimePolicyRestrictedVolumeGetArgs() + { + } + public static new FunctionRuntimePolicyRestrictedVolumeGetArgs Empty => new FunctionRuntimePolicyRestrictedVolumeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyReverseShellArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyReverseShellArgs.cs new file mode 100644 index 00000000..2a7f9a45 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyReverseShellArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyReverseShellArgs : global::Pulumi.ResourceArgs + { + [Input("blockReverseShell")] + public Input? BlockReverseShell { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + [Input("reverseShellProcWhiteLists")] + private InputList? _reverseShellProcWhiteLists; + public InputList ReverseShellProcWhiteLists + { + get => _reverseShellProcWhiteLists ?? (_reverseShellProcWhiteLists = new InputList()); + set => _reverseShellProcWhiteLists = value; + } + + public FunctionRuntimePolicyReverseShellArgs() + { + } + public static new FunctionRuntimePolicyReverseShellArgs Empty => new FunctionRuntimePolicyReverseShellArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyReverseShellGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyReverseShellGetArgs.cs new file mode 100644 index 00000000..03915ef1 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyReverseShellGetArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyReverseShellGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockReverseShell")] + public Input? BlockReverseShell { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + [Input("reverseShellProcWhiteLists")] + private InputList? _reverseShellProcWhiteLists; + public InputList ReverseShellProcWhiteLists + { + get => _reverseShellProcWhiteLists ?? (_reverseShellProcWhiteLists = new InputList()); + set => _reverseShellProcWhiteLists = value; + } + + public FunctionRuntimePolicyReverseShellGetArgs() + { + } + public static new FunctionRuntimePolicyReverseShellGetArgs Empty => new FunctionRuntimePolicyReverseShellGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyScopeArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyScopeArgs.cs new file mode 100644 index 00000000..196dc1c6 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("variables", required: true)] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public FunctionRuntimePolicyScopeArgs() + { + } + public static new FunctionRuntimePolicyScopeArgs Empty => new FunctionRuntimePolicyScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyScopeGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyScopeGetArgs.cs new file mode 100644 index 00000000..b19e8474 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("variables", required: true)] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public FunctionRuntimePolicyScopeGetArgs() + { + } + public static new FunctionRuntimePolicyScopeGetArgs Empty => new FunctionRuntimePolicyScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicySystemIntegrityProtectionArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicySystemIntegrityProtectionArgs.cs new file mode 100644 index 00000000..f62f7b38 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicySystemIntegrityProtectionArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicySystemIntegrityProtectionArgs : global::Pulumi.ResourceArgs + { + [Input("auditSystemtimeChange")] + public Input? AuditSystemtimeChange { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("monitorAuditLogIntegrity")] + public Input? MonitorAuditLogIntegrity { get; set; } + + [Input("windowsServicesMonitoring")] + public Input? WindowsServicesMonitoring { get; set; } + + public FunctionRuntimePolicySystemIntegrityProtectionArgs() + { + } + public static new FunctionRuntimePolicySystemIntegrityProtectionArgs Empty => new FunctionRuntimePolicySystemIntegrityProtectionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicySystemIntegrityProtectionGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicySystemIntegrityProtectionGetArgs.cs new file mode 100644 index 00000000..336c1056 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicySystemIntegrityProtectionGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicySystemIntegrityProtectionGetArgs : global::Pulumi.ResourceArgs + { + [Input("auditSystemtimeChange")] + public Input? AuditSystemtimeChange { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("monitorAuditLogIntegrity")] + public Input? MonitorAuditLogIntegrity { get; set; } + + [Input("windowsServicesMonitoring")] + public Input? WindowsServicesMonitoring { get; set; } + + public FunctionRuntimePolicySystemIntegrityProtectionGetArgs() + { + } + public static new FunctionRuntimePolicySystemIntegrityProtectionGetArgs Empty => new FunctionRuntimePolicySystemIntegrityProtectionGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyTripwireArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyTripwireArgs.cs new file mode 100644 index 00000000..4ffe3245 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyTripwireArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyTripwireArgs : global::Pulumi.ResourceArgs + { + [Input("applyOns")] + private InputList? _applyOns; + public InputList ApplyOns + { + get => _applyOns ?? (_applyOns = new InputList()); + set => _applyOns = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("serverlessApp")] + public Input? ServerlessApp { get; set; } + + [Input("userId")] + public Input? UserId { get; set; } + + [Input("userPassword")] + public Input? UserPassword { get; set; } + + public FunctionRuntimePolicyTripwireArgs() + { + } + public static new FunctionRuntimePolicyTripwireArgs Empty => new FunctionRuntimePolicyTripwireArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyTripwireGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyTripwireGetArgs.cs new file mode 100644 index 00000000..a9643156 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyTripwireGetArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyTripwireGetArgs : global::Pulumi.ResourceArgs + { + [Input("applyOns")] + private InputList? _applyOns; + public InputList ApplyOns + { + get => _applyOns ?? (_applyOns = new InputList()); + set => _applyOns = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("serverlessApp")] + public Input? ServerlessApp { get; set; } + + [Input("userId")] + public Input? UserId { get; set; } + + [Input("userPassword")] + public Input? UserPassword { get; set; } + + public FunctionRuntimePolicyTripwireGetArgs() + { + } + public static new FunctionRuntimePolicyTripwireGetArgs Empty => new FunctionRuntimePolicyTripwireGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyWhitelistedOsUsersArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyWhitelistedOsUsersArgs.cs new file mode 100644 index 00000000..5a52ea1c --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyWhitelistedOsUsersArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyWhitelistedOsUsersArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupWhiteLists")] + private InputList? _groupWhiteLists; + public InputList GroupWhiteLists + { + get => _groupWhiteLists ?? (_groupWhiteLists = new InputList()); + set => _groupWhiteLists = value; + } + + [Input("userWhiteLists")] + private InputList? _userWhiteLists; + public InputList UserWhiteLists + { + get => _userWhiteLists ?? (_userWhiteLists = new InputList()); + set => _userWhiteLists = value; + } + + public FunctionRuntimePolicyWhitelistedOsUsersArgs() + { + } + public static new FunctionRuntimePolicyWhitelistedOsUsersArgs Empty => new FunctionRuntimePolicyWhitelistedOsUsersArgs(); + } +} diff --git a/sdk/dotnet/Inputs/FunctionRuntimePolicyWhitelistedOsUsersGetArgs.cs b/sdk/dotnet/Inputs/FunctionRuntimePolicyWhitelistedOsUsersGetArgs.cs new file mode 100644 index 00000000..d37e1ff9 --- /dev/null +++ b/sdk/dotnet/Inputs/FunctionRuntimePolicyWhitelistedOsUsersGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class FunctionRuntimePolicyWhitelistedOsUsersGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupWhiteLists")] + private InputList? _groupWhiteLists; + public InputList GroupWhiteLists + { + get => _groupWhiteLists ?? (_groupWhiteLists = new InputList()); + set => _groupWhiteLists = value; + } + + [Input("userWhiteLists")] + private InputList? _userWhiteLists; + public InputList UserWhiteLists + { + get => _userWhiteLists ?? (_userWhiteLists = new InputList()); + set => _userWhiteLists = value; + } + + public FunctionRuntimePolicyWhitelistedOsUsersGetArgs() + { + } + public static new FunctionRuntimePolicyWhitelistedOsUsersGetArgs Empty => new FunctionRuntimePolicyWhitelistedOsUsersGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedExecutable.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedExecutable.cs new file mode 100644 index 00000000..c45995a9 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedExecutable.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyAllowedExecutableArgs : global::Pulumi.InvokeArgs + { + [Input("allowExecutables")] + private List? _allowExecutables; + + /// + /// List of allowed executables. + /// + public List AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new List()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private List? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public List AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new List()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public bool? SeparateExecutables { get; set; } + + public GetContainerRuntimePolicyAllowedExecutableArgs() + { + } + public static new GetContainerRuntimePolicyAllowedExecutableArgs Empty => new GetContainerRuntimePolicyAllowedExecutableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedExecutableArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedExecutableArgs.cs new file mode 100644 index 00000000..63b9fb1f --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedExecutableArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyAllowedExecutableInputArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public GetContainerRuntimePolicyAllowedExecutableInputArgs() + { + } + public static new GetContainerRuntimePolicyAllowedExecutableInputArgs Empty => new GetContainerRuntimePolicyAllowedExecutableInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedRegistry.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedRegistry.cs new file mode 100644 index 00000000..e6cc8e3d --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedRegistry.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyAllowedRegistryArgs : global::Pulumi.InvokeArgs + { + [Input("allowedRegistries")] + private List? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public List AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new List()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + public GetContainerRuntimePolicyAllowedRegistryArgs() + { + } + public static new GetContainerRuntimePolicyAllowedRegistryArgs Empty => new GetContainerRuntimePolicyAllowedRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedRegistryArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedRegistryArgs.cs new file mode 100644 index 00000000..9e2a728c --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAllowedRegistryArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyAllowedRegistryInputArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public GetContainerRuntimePolicyAllowedRegistryInputArgs() + { + } + public static new GetContainerRuntimePolicyAllowedRegistryInputArgs Empty => new GetContainerRuntimePolicyAllowedRegistryInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyAuditing.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAuditing.cs new file mode 100644 index 00000000..57101fb5 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAuditing.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyAuditingArgs : global::Pulumi.InvokeArgs + { + [Input("auditAllNetwork")] + public bool? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public bool? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public bool? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public bool? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public bool? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public bool? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public bool? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public bool? Enabled { get; set; } + + public GetContainerRuntimePolicyAuditingArgs() + { + } + public static new GetContainerRuntimePolicyAuditingArgs Empty => new GetContainerRuntimePolicyAuditingArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyAuditingArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAuditingArgs.cs new file mode 100644 index 00000000..de8c9fb4 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyAuditingArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyAuditingInputArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public GetContainerRuntimePolicyAuditingInputArgs() + { + } + public static new GetContainerRuntimePolicyAuditingInputArgs Empty => new GetContainerRuntimePolicyAuditingInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyContainerExec.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyContainerExec.cs new file mode 100644 index 00000000..2c843c76 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyContainerExec.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyContainerExecArgs : global::Pulumi.InvokeArgs + { + [Input("blockContainerExec")] + public bool? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private List? _containerExecProcWhiteLists; + public List ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new List()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private List? _reverseShellIpWhiteLists; + public List ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new List()); + set => _reverseShellIpWhiteLists = value; + } + + public GetContainerRuntimePolicyContainerExecArgs() + { + } + public static new GetContainerRuntimePolicyContainerExecArgs Empty => new GetContainerRuntimePolicyContainerExecArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyContainerExecArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyContainerExecArgs.cs new file mode 100644 index 00000000..e79d8e92 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyContainerExecArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyContainerExecInputArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public GetContainerRuntimePolicyContainerExecInputArgs() + { + } + public static new GetContainerRuntimePolicyContainerExecInputArgs Empty => new GetContainerRuntimePolicyContainerExecInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileBlock.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileBlock.cs new file mode 100644 index 00000000..4e24179c --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileBlock.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyFileBlockArgs : global::Pulumi.InvokeArgs + { + [Input("blockFilesProcesses")] + private List? _blockFilesProcesses; + public List BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new List()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private List? _blockFilesUsers; + public List BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new List()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private List? _exceptionalBlockFiles; + public List ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new List()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private List? _exceptionalBlockFilesProcesses; + public List ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new List()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private List? _exceptionalBlockFilesUsers; + public List ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new List()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private List? _filenameBlockLists; + public List FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new List()); + set => _filenameBlockLists = value; + } + + public GetContainerRuntimePolicyFileBlockArgs() + { + } + public static new GetContainerRuntimePolicyFileBlockArgs Empty => new GetContainerRuntimePolicyFileBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileBlockArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileBlockArgs.cs new file mode 100644 index 00000000..650e9591 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyFileBlockInputArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public GetContainerRuntimePolicyFileBlockInputArgs() + { + } + public static new GetContainerRuntimePolicyFileBlockInputArgs Empty => new GetContainerRuntimePolicyFileBlockInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileIntegrityMonitoring.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileIntegrityMonitoring.cs new file mode 100644 index 00000000..6ce1e0d5 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileIntegrityMonitoring.cs @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyFileIntegrityMonitoringArgs : global::Pulumi.InvokeArgs + { + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private List? _exceptionalMonitoredFiles; + + /// + /// List of paths to be excluded from monitoring. + /// + public List ExceptionalMonitoredFiles + { + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new List()); + set => _exceptionalMonitoredFiles = value; + } + + [Input("exceptionalMonitoredFilesProcesses")] + private List? _exceptionalMonitoredFilesProcesses; + + /// + /// List of processes to be excluded from monitoring. + /// + public List ExceptionalMonitoredFilesProcesses + { + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new List()); + set => _exceptionalMonitoredFilesProcesses = value; + } + + [Input("exceptionalMonitoredFilesUsers")] + private List? _exceptionalMonitoredFilesUsers; + + /// + /// List of users to be excluded from monitoring. + /// + public List ExceptionalMonitoredFilesUsers + { + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new List()); + set => _exceptionalMonitoredFilesUsers = value; + } + + [Input("monitoredFiles")] + private List? _monitoredFiles; + + /// + /// List of paths to be monitored. + /// + public List MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new List()); + set => _monitoredFiles = value; + } + + /// + /// Whether to monitor file attribute operations. + /// + [Input("monitoredFilesAttributes")] + public bool? MonitoredFilesAttributes { get; set; } + + /// + /// Whether to monitor file create operations. + /// + [Input("monitoredFilesCreate")] + public bool? MonitoredFilesCreate { get; set; } + + /// + /// Whether to monitor file delete operations. + /// + [Input("monitoredFilesDelete")] + public bool? MonitoredFilesDelete { get; set; } + + /// + /// Whether to monitor file modify operations. + /// + [Input("monitoredFilesModify")] + public bool? MonitoredFilesModify { get; set; } + + [Input("monitoredFilesProcesses")] + private List? _monitoredFilesProcesses; + + /// + /// List of processes associated with monitored files. + /// + public List MonitoredFilesProcesses + { + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new List()); + set => _monitoredFilesProcesses = value; + } + + /// + /// Whether to monitor file read operations. + /// + [Input("monitoredFilesRead")] + public bool? MonitoredFilesRead { get; set; } + + [Input("monitoredFilesUsers")] + private List? _monitoredFilesUsers; + + /// + /// List of users associated with monitored files. + /// + public List MonitoredFilesUsers + { + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new List()); + set => _monitoredFilesUsers = value; + } + + public GetContainerRuntimePolicyFileIntegrityMonitoringArgs() + { + } + public static new GetContainerRuntimePolicyFileIntegrityMonitoringArgs Empty => new GetContainerRuntimePolicyFileIntegrityMonitoringArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileIntegrityMonitoringArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileIntegrityMonitoringArgs.cs new file mode 100644 index 00000000..6df4dc83 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyFileIntegrityMonitoringArgs.cs @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyFileIntegrityMonitoringInputArgs : global::Pulumi.ResourceArgs + { + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; + + /// + /// List of paths to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFiles + { + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; + } + + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; + + /// + /// List of processes to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesProcesses + { + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; + } + + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; + + /// + /// List of users to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesUsers + { + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; + } + + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + + /// + /// List of paths to be monitored. + /// + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } + + /// + /// Whether to monitor file attribute operations. + /// + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } + + /// + /// Whether to monitor file create operations. + /// + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } + + /// + /// Whether to monitor file delete operations. + /// + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } + + /// + /// Whether to monitor file modify operations. + /// + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } + + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; + + /// + /// List of processes associated with monitored files. + /// + public InputList MonitoredFilesProcesses + { + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; + } + + /// + /// Whether to monitor file read operations. + /// + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } + + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; + + /// + /// List of users associated with monitored files. + /// + public InputList MonitoredFilesUsers + { + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; + } + + public GetContainerRuntimePolicyFileIntegrityMonitoringInputArgs() + { + } + public static new GetContainerRuntimePolicyFileIntegrityMonitoringInputArgs Empty => new GetContainerRuntimePolicyFileIntegrityMonitoringInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyLimitContainerPrivilege.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyLimitContainerPrivilege.cs new file mode 100644 index 00000000..3d46299b --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyLimitContainerPrivilege.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyLimitContainerPrivilegeArgs : global::Pulumi.InvokeArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public bool? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public bool? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public bool? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public bool? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public bool? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public bool? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public bool? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public bool? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public bool? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public bool? Utsmode { get; set; } + + public GetContainerRuntimePolicyLimitContainerPrivilegeArgs() + { + } + public static new GetContainerRuntimePolicyLimitContainerPrivilegeArgs Empty => new GetContainerRuntimePolicyLimitContainerPrivilegeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyLimitContainerPrivilegeArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyLimitContainerPrivilegeArgs.cs new file mode 100644 index 00000000..52060961 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyLimitContainerPrivilegeArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyLimitContainerPrivilegeInputArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public GetContainerRuntimePolicyLimitContainerPrivilegeInputArgs() + { + } + public static new GetContainerRuntimePolicyLimitContainerPrivilegeInputArgs Empty => new GetContainerRuntimePolicyLimitContainerPrivilegeInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOption.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOption.cs index 90ffd8c9..dd8bf0dc 100644 --- a/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOption.cs +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOption.cs @@ -16,16 +16,16 @@ public sealed class GetContainerRuntimePolicyMalwareScanOptionArgs : global::Pul /// /// Set Action, Defaults to 'Alert' when empty /// - [Input("action", required: true)] - public string Action { get; set; } = null!; + [Input("action")] + public string? Action { get; set; } /// /// Defines if enabled or not /// - [Input("enabled", required: true)] - public bool Enabled { get; set; } + [Input("enabled")] + public bool? Enabled { get; set; } - [Input("excludeDirectories", required: true)] + [Input("excludeDirectories")] private List? _excludeDirectories; /// @@ -37,7 +37,7 @@ public List ExcludeDirectories set => _excludeDirectories = value; } - [Input("excludeProcesses", required: true)] + [Input("excludeProcesses")] private List? _excludeProcesses; /// @@ -49,6 +49,18 @@ public List ExcludeProcesses set => _excludeProcesses = value; } + [Input("includeDirectories")] + private List? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public List IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new List()); + set => _includeDirectories = value; + } + public GetContainerRuntimePolicyMalwareScanOptionArgs() { } diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOptionArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOptionArgs.cs index 1b9e0640..472d7c99 100644 --- a/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOptionArgs.cs +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyMalwareScanOptionArgs.cs @@ -16,16 +16,16 @@ public sealed class GetContainerRuntimePolicyMalwareScanOptionInputArgs : global /// /// Set Action, Defaults to 'Alert' when empty /// - [Input("action", required: true)] - public Input Action { get; set; } = null!; + [Input("action")] + public Input? Action { get; set; } /// /// Defines if enabled or not /// - [Input("enabled", required: true)] - public Input Enabled { get; set; } = null!; + [Input("enabled")] + public Input? Enabled { get; set; } - [Input("excludeDirectories", required: true)] + [Input("excludeDirectories")] private InputList? _excludeDirectories; /// @@ -37,7 +37,7 @@ public InputList ExcludeDirectories set => _excludeDirectories = value; } - [Input("excludeProcesses", required: true)] + [Input("excludeProcesses")] private InputList? _excludeProcesses; /// @@ -49,6 +49,18 @@ public InputList ExcludeProcesses set => _excludeProcesses = value; } + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + public GetContainerRuntimePolicyMalwareScanOptionInputArgs() { } diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyPortBlock.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyPortBlock.cs new file mode 100644 index 00000000..cba61797 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyPortBlock.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyPortBlockArgs : global::Pulumi.InvokeArgs + { + [Input("blockInboundPorts")] + private List? _blockInboundPorts; + public List BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new List()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private List? _blockOutboundPorts; + public List BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new List()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public bool? Enabled { get; set; } + + public GetContainerRuntimePolicyPortBlockArgs() + { + } + public static new GetContainerRuntimePolicyPortBlockArgs Empty => new GetContainerRuntimePolicyPortBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyPortBlockArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyPortBlockArgs.cs new file mode 100644 index 00000000..2a2d90da --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyPortBlockArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyPortBlockInputArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public GetContainerRuntimePolicyPortBlockInputArgs() + { + } + public static new GetContainerRuntimePolicyPortBlockInputArgs Empty => new GetContainerRuntimePolicyPortBlockInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyReadonlyFiles.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyReadonlyFiles.cs new file mode 100644 index 00000000..a47cd8cc --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyReadonlyFiles.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyReadonlyFilesArgs : global::Pulumi.InvokeArgs + { + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private List? _exceptionalReadonlyFiles; + public List ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new List()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private List? _exceptionalReadonlyFilesProcesses; + public List ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new List()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private List? _exceptionalReadonlyFilesUsers; + public List ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new List()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private List? _readonlyFiles; + public List ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new List()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private List? _readonlyFilesProcesses; + public List ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new List()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private List? _readonlyFilesUsers; + public List ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new List()); + set => _readonlyFilesUsers = value; + } + + public GetContainerRuntimePolicyReadonlyFilesArgs() + { + } + public static new GetContainerRuntimePolicyReadonlyFilesArgs Empty => new GetContainerRuntimePolicyReadonlyFilesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyReadonlyFilesArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyReadonlyFilesArgs.cs new file mode 100644 index 00000000..b56dc34e --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyReadonlyFilesArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyReadonlyFilesInputArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public GetContainerRuntimePolicyReadonlyFilesInputArgs() + { + } + public static new GetContainerRuntimePolicyReadonlyFilesInputArgs Empty => new GetContainerRuntimePolicyReadonlyFilesInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyRestrictedVolume.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyRestrictedVolume.cs new file mode 100644 index 00000000..fbdb64a2 --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyRestrictedVolume.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyRestrictedVolumeArgs : global::Pulumi.InvokeArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("volumes")] + private List? _volumes; + + /// + /// List of restricted volumes. + /// + public List Volumes + { + get => _volumes ?? (_volumes = new List()); + set => _volumes = value; + } + + public GetContainerRuntimePolicyRestrictedVolumeArgs() + { + } + public static new GetContainerRuntimePolicyRestrictedVolumeArgs Empty => new GetContainerRuntimePolicyRestrictedVolumeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetContainerRuntimePolicyRestrictedVolumeArgs.cs b/sdk/dotnet/Inputs/GetContainerRuntimePolicyRestrictedVolumeArgs.cs new file mode 100644 index 00000000..bd1c6f6c --- /dev/null +++ b/sdk/dotnet/Inputs/GetContainerRuntimePolicyRestrictedVolumeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetContainerRuntimePolicyRestrictedVolumeInputArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public GetContainerRuntimePolicyRestrictedVolumeInputArgs() + { + } + public static new GetContainerRuntimePolicyRestrictedVolumeInputArgs Empty => new GetContainerRuntimePolicyRestrictedVolumeInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetFunctionRuntimePolicyDriftPrevention.cs b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyDriftPrevention.cs new file mode 100644 index 00000000..53b23234 --- /dev/null +++ b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyDriftPrevention.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetFunctionRuntimePolicyDriftPreventionArgs : global::Pulumi.InvokeArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public bool? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private List? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public List ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new List()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public bool? ImageLockdown { get; set; } + + public GetFunctionRuntimePolicyDriftPreventionArgs() + { + } + public static new GetFunctionRuntimePolicyDriftPreventionArgs Empty => new GetFunctionRuntimePolicyDriftPreventionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetFunctionRuntimePolicyDriftPreventionArgs.cs b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyDriftPreventionArgs.cs new file mode 100644 index 00000000..61bcdf7c --- /dev/null +++ b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyDriftPreventionArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetFunctionRuntimePolicyDriftPreventionInputArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public GetFunctionRuntimePolicyDriftPreventionInputArgs() + { + } + public static new GetFunctionRuntimePolicyDriftPreventionInputArgs Empty => new GetFunctionRuntimePolicyDriftPreventionInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetFunctionRuntimePolicyExecutableBlacklist.cs b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyExecutableBlacklist.cs new file mode 100644 index 00000000..50f6982a --- /dev/null +++ b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyExecutableBlacklist.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetFunctionRuntimePolicyExecutableBlacklistArgs : global::Pulumi.InvokeArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("executables")] + private List? _executables; + + /// + /// List of blacklisted executables. + /// + public List Executables + { + get => _executables ?? (_executables = new List()); + set => _executables = value; + } + + public GetFunctionRuntimePolicyExecutableBlacklistArgs() + { + } + public static new GetFunctionRuntimePolicyExecutableBlacklistArgs Empty => new GetFunctionRuntimePolicyExecutableBlacklistArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetFunctionRuntimePolicyExecutableBlacklistArgs.cs b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyExecutableBlacklistArgs.cs new file mode 100644 index 00000000..19e45d50 --- /dev/null +++ b/sdk/dotnet/Inputs/GetFunctionRuntimePolicyExecutableBlacklistArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetFunctionRuntimePolicyExecutableBlacklistInputArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public GetFunctionRuntimePolicyExecutableBlacklistInputArgs() + { + } + public static new GetFunctionRuntimePolicyExecutableBlacklistInputArgs Empty => new GetFunctionRuntimePolicyExecutableBlacklistInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyAuditing.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyAuditing.cs new file mode 100644 index 00000000..b5cb3b9a --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyAuditing.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyAuditingArgs : global::Pulumi.InvokeArgs + { + [Input("auditAllNetwork")] + public bool? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public bool? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public bool? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public bool? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public bool? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public bool? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public bool? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public bool? Enabled { get; set; } + + public GetHostRuntimePolicyAuditingArgs() + { + } + public static new GetHostRuntimePolicyAuditingArgs Empty => new GetHostRuntimePolicyAuditingArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyAuditingArgs.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyAuditingArgs.cs new file mode 100644 index 00000000..48b4a3a4 --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyAuditingArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyAuditingInputArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public GetHostRuntimePolicyAuditingInputArgs() + { + } + public static new GetHostRuntimePolicyAuditingInputArgs Empty => new GetHostRuntimePolicyAuditingInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyFileIntegrityMonitoring.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyFileIntegrityMonitoring.cs new file mode 100644 index 00000000..1d13e810 --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyFileIntegrityMonitoring.cs @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyFileIntegrityMonitoringArgs : global::Pulumi.InvokeArgs + { + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private List? _exceptionalMonitoredFiles; + + /// + /// List of paths to be excluded from monitoring. + /// + public List ExceptionalMonitoredFiles + { + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new List()); + set => _exceptionalMonitoredFiles = value; + } + + [Input("exceptionalMonitoredFilesProcesses")] + private List? _exceptionalMonitoredFilesProcesses; + + /// + /// List of processes to be excluded from monitoring. + /// + public List ExceptionalMonitoredFilesProcesses + { + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new List()); + set => _exceptionalMonitoredFilesProcesses = value; + } + + [Input("exceptionalMonitoredFilesUsers")] + private List? _exceptionalMonitoredFilesUsers; + + /// + /// List of users to be excluded from monitoring. + /// + public List ExceptionalMonitoredFilesUsers + { + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new List()); + set => _exceptionalMonitoredFilesUsers = value; + } + + [Input("monitoredFiles")] + private List? _monitoredFiles; + + /// + /// List of paths to be monitored. + /// + public List MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new List()); + set => _monitoredFiles = value; + } + + /// + /// Whether to monitor file attribute operations. + /// + [Input("monitoredFilesAttributes")] + public bool? MonitoredFilesAttributes { get; set; } + + /// + /// Whether to monitor file create operations. + /// + [Input("monitoredFilesCreate")] + public bool? MonitoredFilesCreate { get; set; } + + /// + /// Whether to monitor file delete operations. + /// + [Input("monitoredFilesDelete")] + public bool? MonitoredFilesDelete { get; set; } + + /// + /// Whether to monitor file modify operations. + /// + [Input("monitoredFilesModify")] + public bool? MonitoredFilesModify { get; set; } + + [Input("monitoredFilesProcesses")] + private List? _monitoredFilesProcesses; + + /// + /// List of processes associated with monitored files. + /// + public List MonitoredFilesProcesses + { + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new List()); + set => _monitoredFilesProcesses = value; + } + + /// + /// Whether to monitor file read operations. + /// + [Input("monitoredFilesRead")] + public bool? MonitoredFilesRead { get; set; } + + [Input("monitoredFilesUsers")] + private List? _monitoredFilesUsers; + + /// + /// List of users associated with monitored files. + /// + public List MonitoredFilesUsers + { + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new List()); + set => _monitoredFilesUsers = value; + } + + public GetHostRuntimePolicyFileIntegrityMonitoringArgs() + { + } + public static new GetHostRuntimePolicyFileIntegrityMonitoringArgs Empty => new GetHostRuntimePolicyFileIntegrityMonitoringArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyFileIntegrityMonitoringArgs.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyFileIntegrityMonitoringArgs.cs new file mode 100644 index 00000000..c16ab070 --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyFileIntegrityMonitoringArgs.cs @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyFileIntegrityMonitoringInputArgs : global::Pulumi.ResourceArgs + { + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; + + /// + /// List of paths to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFiles + { + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; + } + + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; + + /// + /// List of processes to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesProcesses + { + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; + } + + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; + + /// + /// List of users to be excluded from monitoring. + /// + public InputList ExceptionalMonitoredFilesUsers + { + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; + } + + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + + /// + /// List of paths to be monitored. + /// + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } + + /// + /// Whether to monitor file attribute operations. + /// + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } + + /// + /// Whether to monitor file create operations. + /// + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } + + /// + /// Whether to monitor file delete operations. + /// + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } + + /// + /// Whether to monitor file modify operations. + /// + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } + + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; + + /// + /// List of processes associated with monitored files. + /// + public InputList MonitoredFilesProcesses + { + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; + } + + /// + /// Whether to monitor file read operations. + /// + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } + + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; + + /// + /// List of users associated with monitored files. + /// + public InputList MonitoredFilesUsers + { + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; + } + + public GetHostRuntimePolicyFileIntegrityMonitoringInputArgs() + { + } + public static new GetHostRuntimePolicyFileIntegrityMonitoringInputArgs Empty => new GetHostRuntimePolicyFileIntegrityMonitoringInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyMalwareScanOption.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyMalwareScanOption.cs new file mode 100644 index 00000000..745ac2d2 --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyMalwareScanOption.cs @@ -0,0 +1,69 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyMalwareScanOptionArgs : global::Pulumi.InvokeArgs + { + /// + /// Set Action, Defaults to 'Alert' when empty + /// + [Input("action")] + public string? Action { get; set; } + + /// + /// Defines if enabled or not + /// + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("excludeDirectories")] + private List? _excludeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public List ExcludeDirectories + { + get => _excludeDirectories ?? (_excludeDirectories = new List()); + set => _excludeDirectories = value; + } + + [Input("excludeProcesses")] + private List? _excludeProcesses; + + /// + /// List of registry processes to be excluded from being protected. + /// + public List ExcludeProcesses + { + get => _excludeProcesses ?? (_excludeProcesses = new List()); + set => _excludeProcesses = value; + } + + [Input("includeDirectories")] + private List? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public List IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new List()); + set => _includeDirectories = value; + } + + public GetHostRuntimePolicyMalwareScanOptionArgs() + { + } + public static new GetHostRuntimePolicyMalwareScanOptionArgs Empty => new GetHostRuntimePolicyMalwareScanOptionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyMalwareScanOptionArgs.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyMalwareScanOptionArgs.cs new file mode 100644 index 00000000..2838b46d --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyMalwareScanOptionArgs.cs @@ -0,0 +1,69 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyMalwareScanOptionInputArgs : global::Pulumi.ResourceArgs + { + /// + /// Set Action, Defaults to 'Alert' when empty + /// + [Input("action")] + public Input? Action { get; set; } + + /// + /// Defines if enabled or not + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("excludeDirectories")] + private InputList? _excludeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList ExcludeDirectories + { + get => _excludeDirectories ?? (_excludeDirectories = new InputList()); + set => _excludeDirectories = value; + } + + [Input("excludeProcesses")] + private InputList? _excludeProcesses; + + /// + /// List of registry processes to be excluded from being protected. + /// + public InputList ExcludeProcesses + { + get => _excludeProcesses ?? (_excludeProcesses = new InputList()); + set => _excludeProcesses = value; + } + + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + + public GetHostRuntimePolicyMalwareScanOptionInputArgs() + { + } + public static new GetHostRuntimePolicyMalwareScanOptionInputArgs Empty => new GetHostRuntimePolicyMalwareScanOptionInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyPackageBlock.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyPackageBlock.cs new file mode 100644 index 00000000..561ee6cc --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyPackageBlock.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyPackageBlockArgs : global::Pulumi.InvokeArgs + { + [Input("blockPackagesProcesses")] + private List? _blockPackagesProcesses; + public List BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new List()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private List? _blockPackagesUsers; + public List BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new List()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private List? _exceptionalBlockPackagesFiles; + public List ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new List()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private List? _exceptionalBlockPackagesProcesses; + public List ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new List()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private List? _exceptionalBlockPackagesUsers; + public List ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new List()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private List? _packagesBlackLists; + public List PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new List()); + set => _packagesBlackLists = value; + } + + public GetHostRuntimePolicyPackageBlockArgs() + { + } + public static new GetHostRuntimePolicyPackageBlockArgs Empty => new GetHostRuntimePolicyPackageBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetHostRuntimePolicyPackageBlockArgs.cs b/sdk/dotnet/Inputs/GetHostRuntimePolicyPackageBlockArgs.cs new file mode 100644 index 00000000..af74a75e --- /dev/null +++ b/sdk/dotnet/Inputs/GetHostRuntimePolicyPackageBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetHostRuntimePolicyPackageBlockInputArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public GetHostRuntimePolicyPackageBlockInputArgs() + { + } + public static new GetHostRuntimePolicyPackageBlockInputArgs Empty => new GetHostRuntimePolicyPackageBlockInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetIntegrationRegistriesOption.cs b/sdk/dotnet/Inputs/GetIntegrationRegistriesOption.cs new file mode 100644 index 00000000..33b903b0 --- /dev/null +++ b/sdk/dotnet/Inputs/GetIntegrationRegistriesOption.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetIntegrationRegistriesOptionArgs : global::Pulumi.InvokeArgs + { + [Input("option")] + public string? Option { get; set; } + + [Input("value")] + public string? Value { get; set; } + + public GetIntegrationRegistriesOptionArgs() + { + } + public static new GetIntegrationRegistriesOptionArgs Empty => new GetIntegrationRegistriesOptionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetIntegrationRegistriesOptionArgs.cs b/sdk/dotnet/Inputs/GetIntegrationRegistriesOptionArgs.cs new file mode 100644 index 00000000..be184968 --- /dev/null +++ b/sdk/dotnet/Inputs/GetIntegrationRegistriesOptionArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetIntegrationRegistriesOptionInputArgs : global::Pulumi.ResourceArgs + { + [Input("option")] + public Input? Option { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public GetIntegrationRegistriesOptionInputArgs() + { + } + public static new GetIntegrationRegistriesOptionInputArgs Empty => new GetIntegrationRegistriesOptionInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetIntegrationRegistriesWebhook.cs b/sdk/dotnet/Inputs/GetIntegrationRegistriesWebhook.cs new file mode 100644 index 00000000..b545feae --- /dev/null +++ b/sdk/dotnet/Inputs/GetIntegrationRegistriesWebhook.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetIntegrationRegistriesWebhookArgs : global::Pulumi.InvokeArgs + { + [Input("authToken")] + public string? AuthToken { get; set; } + + [Input("enabled")] + public bool? Enabled { get; set; } + + [Input("unQuarantine")] + public bool? UnQuarantine { get; set; } + + [Input("url")] + public string? Url { get; set; } + + public GetIntegrationRegistriesWebhookArgs() + { + } + public static new GetIntegrationRegistriesWebhookArgs Empty => new GetIntegrationRegistriesWebhookArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetIntegrationRegistriesWebhookArgs.cs b/sdk/dotnet/Inputs/GetIntegrationRegistriesWebhookArgs.cs new file mode 100644 index 00000000..9a9d6a83 --- /dev/null +++ b/sdk/dotnet/Inputs/GetIntegrationRegistriesWebhookArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class GetIntegrationRegistriesWebhookInputArgs : global::Pulumi.ResourceArgs + { + [Input("authToken")] + public Input? AuthToken { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("unQuarantine")] + public Input? UnQuarantine { get; set; } + + [Input("url")] + public Input? Url { get; set; } + + public GetIntegrationRegistriesWebhookInputArgs() + { + } + public static new GetIntegrationRegistriesWebhookInputArgs Empty => new GetIntegrationRegistriesWebhookInputArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GetIntegrationRegistryWebhook.cs b/sdk/dotnet/Inputs/GetIntegrationRegistryWebhook.cs index f5c0f013..5cdf493b 100644 --- a/sdk/dotnet/Inputs/GetIntegrationRegistryWebhook.cs +++ b/sdk/dotnet/Inputs/GetIntegrationRegistryWebhook.cs @@ -22,9 +22,6 @@ public sealed class GetIntegrationRegistryWebhookArgs : global::Pulumi.InvokeArg [Input("unQuarantine")] public bool? UnQuarantine { get; set; } - /// - /// The URL, address or region of the registry - /// [Input("url")] public string? Url { get; set; } diff --git a/sdk/dotnet/Inputs/GetIntegrationRegistryWebhookArgs.cs b/sdk/dotnet/Inputs/GetIntegrationRegistryWebhookArgs.cs index 8722e182..cf1fac42 100644 --- a/sdk/dotnet/Inputs/GetIntegrationRegistryWebhookArgs.cs +++ b/sdk/dotnet/Inputs/GetIntegrationRegistryWebhookArgs.cs @@ -22,9 +22,6 @@ public sealed class GetIntegrationRegistryWebhookInputArgs : global::Pulumi.Reso [Input("unQuarantine")] public Input? UnQuarantine { get; set; } - /// - /// The URL, address or region of the registry - /// [Input("url")] public Input? Url { get; set; } diff --git a/sdk/dotnet/Inputs/HostAssurancePolicyPolicySettingsArgs.cs b/sdk/dotnet/Inputs/HostAssurancePolicyPolicySettingsArgs.cs new file mode 100644 index 00000000..9bfe65a2 --- /dev/null +++ b/sdk/dotnet/Inputs/HostAssurancePolicyPolicySettingsArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostAssurancePolicyPolicySettingsArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public HostAssurancePolicyPolicySettingsArgs() + { + } + public static new HostAssurancePolicyPolicySettingsArgs Empty => new HostAssurancePolicyPolicySettingsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostAssurancePolicyPolicySettingsGetArgs.cs b/sdk/dotnet/Inputs/HostAssurancePolicyPolicySettingsGetArgs.cs new file mode 100644 index 00000000..48a85b06 --- /dev/null +++ b/sdk/dotnet/Inputs/HostAssurancePolicyPolicySettingsGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostAssurancePolicyPolicySettingsGetArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public HostAssurancePolicyPolicySettingsGetArgs() + { + } + public static new HostAssurancePolicyPolicySettingsGetArgs Empty => new HostAssurancePolicyPolicySettingsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyAllowedExecutableArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedExecutableArgs.cs new file mode 100644 index 00000000..09e2d493 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedExecutableArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyAllowedExecutableArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public HostRuntimePolicyAllowedExecutableArgs() + { + } + public static new HostRuntimePolicyAllowedExecutableArgs Empty => new HostRuntimePolicyAllowedExecutableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyAllowedExecutableGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedExecutableGetArgs.cs new file mode 100644 index 00000000..3090de58 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedExecutableGetArgs.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyAllowedExecutableGetArgs : global::Pulumi.ResourceArgs + { + [Input("allowExecutables")] + private InputList? _allowExecutables; + + /// + /// List of allowed executables. + /// + public InputList AllowExecutables + { + get => _allowExecutables ?? (_allowExecutables = new InputList()); + set => _allowExecutables = value; + } + + [Input("allowRootExecutables")] + private InputList? _allowRootExecutables; + + /// + /// List of allowed root executables. + /// + public InputList AllowRootExecutables + { + get => _allowRootExecutables ?? (_allowRootExecutables = new InputList()); + set => _allowRootExecutables = value; + } + + /// + /// Whether allowed executables configuration is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to treat executables separately. + /// + [Input("separateExecutables")] + public Input? SeparateExecutables { get; set; } + + public HostRuntimePolicyAllowedExecutableGetArgs() + { + } + public static new HostRuntimePolicyAllowedExecutableGetArgs Empty => new HostRuntimePolicyAllowedExecutableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyAllowedRegistryArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedRegistryArgs.cs new file mode 100644 index 00000000..83b3e382 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedRegistryArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyAllowedRegistryArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public HostRuntimePolicyAllowedRegistryArgs() + { + } + public static new HostRuntimePolicyAllowedRegistryArgs Empty => new HostRuntimePolicyAllowedRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyAllowedRegistryGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedRegistryGetArgs.cs new file mode 100644 index 00000000..26d3f82e --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyAllowedRegistryGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyAllowedRegistryGetArgs : global::Pulumi.ResourceArgs + { + [Input("allowedRegistries")] + private InputList? _allowedRegistries; + + /// + /// List of allowed registries. + /// + public InputList AllowedRegistries + { + get => _allowedRegistries ?? (_allowedRegistries = new InputList()); + set => _allowedRegistries = value; + } + + /// + /// Whether allowed registries are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + public HostRuntimePolicyAllowedRegistryGetArgs() + { + } + public static new HostRuntimePolicyAllowedRegistryGetArgs Empty => new HostRuntimePolicyAllowedRegistryGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyAuditingArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyAuditingArgs.cs new file mode 100644 index 00000000..4710591f --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyAuditingArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyAuditingArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public HostRuntimePolicyAuditingArgs() + { + } + public static new HostRuntimePolicyAuditingArgs Empty => new HostRuntimePolicyAuditingArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyAuditingGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyAuditingGetArgs.cs new file mode 100644 index 00000000..bc55547c --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyAuditingGetArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyAuditingGetArgs : global::Pulumi.ResourceArgs + { + [Input("auditAllNetwork")] + public Input? AuditAllNetwork { get; set; } + + [Input("auditAllProcesses")] + public Input? AuditAllProcesses { get; set; } + + [Input("auditFailedLogin")] + public Input? AuditFailedLogin { get; set; } + + [Input("auditOsUserActivity")] + public Input? AuditOsUserActivity { get; set; } + + [Input("auditProcessCmdline")] + public Input? AuditProcessCmdline { get; set; } + + [Input("auditSuccessLogin")] + public Input? AuditSuccessLogin { get; set; } + + [Input("auditUserAccountManagement")] + public Input? AuditUserAccountManagement { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public HostRuntimePolicyAuditingGetArgs() + { + } + public static new HostRuntimePolicyAuditingGetArgs Empty => new HostRuntimePolicyAuditingGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBlacklistedOsUsersArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBlacklistedOsUsersArgs.cs new file mode 100644 index 00000000..c1d52f83 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBlacklistedOsUsersArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBlacklistedOsUsersArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupBlackLists")] + private InputList? _groupBlackLists; + public InputList GroupBlackLists + { + get => _groupBlackLists ?? (_groupBlackLists = new InputList()); + set => _groupBlackLists = value; + } + + [Input("userBlackLists")] + private InputList? _userBlackLists; + public InputList UserBlackLists + { + get => _userBlackLists ?? (_userBlackLists = new InputList()); + set => _userBlackLists = value; + } + + public HostRuntimePolicyBlacklistedOsUsersArgs() + { + } + public static new HostRuntimePolicyBlacklistedOsUsersArgs Empty => new HostRuntimePolicyBlacklistedOsUsersArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBlacklistedOsUsersGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBlacklistedOsUsersGetArgs.cs new file mode 100644 index 00000000..1e1d0a19 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBlacklistedOsUsersGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBlacklistedOsUsersGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupBlackLists")] + private InputList? _groupBlackLists; + public InputList GroupBlackLists + { + get => _groupBlackLists ?? (_groupBlackLists = new InputList()); + set => _groupBlackLists = value; + } + + [Input("userBlackLists")] + private InputList? _userBlackLists; + public InputList UserBlackLists + { + get => _userBlackLists ?? (_userBlackLists = new InputList()); + set => _userBlackLists = value; + } + + public HostRuntimePolicyBlacklistedOsUsersGetArgs() + { + } + public static new HostRuntimePolicyBlacklistedOsUsersGetArgs Empty => new HostRuntimePolicyBlacklistedOsUsersGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeArgs.cs new file mode 100644 index 00000000..d6536477 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBypassScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether bypassing the scope is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + public HostRuntimePolicyBypassScopeArgs() + { + } + public static new HostRuntimePolicyBypassScopeArgs Empty => new HostRuntimePolicyBypassScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeGetArgs.cs new file mode 100644 index 00000000..64209479 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBypassScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether bypassing the scope is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("scopes")] + private InputList? _scopes; + + /// + /// Scope configuration. + /// + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + public HostRuntimePolicyBypassScopeGetArgs() + { + } + public static new HostRuntimePolicyBypassScopeGetArgs Empty => new HostRuntimePolicyBypassScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeArgs.cs new file mode 100644 index 00000000..7fdf3b7b --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBypassScopeScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public HostRuntimePolicyBypassScopeScopeArgs() + { + } + public static new HostRuntimePolicyBypassScopeScopeArgs Empty => new HostRuntimePolicyBypassScopeScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeGetArgs.cs new file mode 100644 index 00000000..c8defe19 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBypassScopeScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public HostRuntimePolicyBypassScopeScopeGetArgs() + { + } + public static new HostRuntimePolicyBypassScopeScopeGetArgs Empty => new HostRuntimePolicyBypassScopeScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeVariableArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeVariableArgs.cs new file mode 100644 index 00000000..4b908f36 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeVariableArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBypassScopeScopeVariableArgs : global::Pulumi.ResourceArgs + { + /// + /// Variable attribute. + /// + [Input("attribute")] + public Input? Attribute { get; set; } + + /// + /// Variable value. + /// + [Input("value")] + public Input? Value { get; set; } + + public HostRuntimePolicyBypassScopeScopeVariableArgs() + { + } + public static new HostRuntimePolicyBypassScopeScopeVariableArgs Empty => new HostRuntimePolicyBypassScopeScopeVariableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeVariableGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeVariableGetArgs.cs new file mode 100644 index 00000000..b72ac252 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyBypassScopeScopeVariableGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyBypassScopeScopeVariableGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Variable attribute. + /// + [Input("attribute")] + public Input? Attribute { get; set; } + + /// + /// Variable value. + /// + [Input("value")] + public Input? Value { get; set; } + + public HostRuntimePolicyBypassScopeScopeVariableGetArgs() + { + } + public static new HostRuntimePolicyBypassScopeScopeVariableGetArgs Empty => new HostRuntimePolicyBypassScopeScopeVariableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyContainerExecArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyContainerExecArgs.cs new file mode 100644 index 00000000..569a12ee --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyContainerExecArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyContainerExecArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public HostRuntimePolicyContainerExecArgs() + { + } + public static new HostRuntimePolicyContainerExecArgs Empty => new HostRuntimePolicyContainerExecArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyContainerExecGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyContainerExecGetArgs.cs new file mode 100644 index 00000000..36f26fc6 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyContainerExecGetArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyContainerExecGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockContainerExec")] + public Input? BlockContainerExec { get; set; } + + [Input("containerExecProcWhiteLists")] + private InputList? _containerExecProcWhiteLists; + public InputList ContainerExecProcWhiteLists + { + get => _containerExecProcWhiteLists ?? (_containerExecProcWhiteLists = new InputList()); + set => _containerExecProcWhiteLists = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + public HostRuntimePolicyContainerExecGetArgs() + { + } + public static new HostRuntimePolicyContainerExecGetArgs Empty => new HostRuntimePolicyContainerExecGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyDriftPreventionArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyDriftPreventionArgs.cs new file mode 100644 index 00000000..027b425d --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyDriftPreventionArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyDriftPreventionArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public HostRuntimePolicyDriftPreventionArgs() + { + } + public static new HostRuntimePolicyDriftPreventionArgs Empty => new HostRuntimePolicyDriftPreventionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyDriftPreventionGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyDriftPreventionGetArgs.cs new file mode 100644 index 00000000..dc0b00a1 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyDriftPreventionGetArgs.cs @@ -0,0 +1,51 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyDriftPreventionGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether drift prevention is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to lockdown execution drift. + /// + [Input("execLockdown")] + public Input? ExecLockdown { get; set; } + + [Input("execLockdownWhiteLists")] + private InputList? _execLockdownWhiteLists; + + /// + /// List of items in the execution lockdown white list. + /// + public InputList ExecLockdownWhiteLists + { + get => _execLockdownWhiteLists ?? (_execLockdownWhiteLists = new InputList()); + set => _execLockdownWhiteLists = value; + } + + /// + /// Whether to lockdown image drift. + /// + [Input("imageLockdown")] + public Input? ImageLockdown { get; set; } + + public HostRuntimePolicyDriftPreventionGetArgs() + { + } + public static new HostRuntimePolicyDriftPreventionGetArgs Empty => new HostRuntimePolicyDriftPreventionGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyExecutableBlacklistArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyExecutableBlacklistArgs.cs new file mode 100644 index 00000000..48325098 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyExecutableBlacklistArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyExecutableBlacklistArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public HostRuntimePolicyExecutableBlacklistArgs() + { + } + public static new HostRuntimePolicyExecutableBlacklistArgs Empty => new HostRuntimePolicyExecutableBlacklistArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyExecutableBlacklistGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyExecutableBlacklistGetArgs.cs new file mode 100644 index 00000000..4e4939c6 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyExecutableBlacklistGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyExecutableBlacklistGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether the executable blacklist is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("executables")] + private InputList? _executables; + + /// + /// List of blacklisted executables. + /// + public InputList Executables + { + get => _executables ?? (_executables = new InputList()); + set => _executables = value; + } + + public HostRuntimePolicyExecutableBlacklistGetArgs() + { + } + public static new HostRuntimePolicyExecutableBlacklistGetArgs Empty => new HostRuntimePolicyExecutableBlacklistGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyFailedKubernetesChecksArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyFailedKubernetesChecksArgs.cs new file mode 100644 index 00000000..15896e3e --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyFailedKubernetesChecksArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyFailedKubernetesChecksArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("failedChecks")] + private InputList? _failedChecks; + public InputList FailedChecks + { + get => _failedChecks ?? (_failedChecks = new InputList()); + set => _failedChecks = value; + } + + public HostRuntimePolicyFailedKubernetesChecksArgs() + { + } + public static new HostRuntimePolicyFailedKubernetesChecksArgs Empty => new HostRuntimePolicyFailedKubernetesChecksArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyFailedKubernetesChecksGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyFailedKubernetesChecksGetArgs.cs new file mode 100644 index 00000000..b103e97f --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyFailedKubernetesChecksGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyFailedKubernetesChecksGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("failedChecks")] + private InputList? _failedChecks; + public InputList FailedChecks + { + get => _failedChecks ?? (_failedChecks = new InputList()); + set => _failedChecks = value; + } + + public HostRuntimePolicyFailedKubernetesChecksGetArgs() + { + } + public static new HostRuntimePolicyFailedKubernetesChecksGetArgs Empty => new HostRuntimePolicyFailedKubernetesChecksGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyFileBlockArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyFileBlockArgs.cs new file mode 100644 index 00000000..7cdef797 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyFileBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyFileBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public HostRuntimePolicyFileBlockArgs() + { + } + public static new HostRuntimePolicyFileBlockArgs Empty => new HostRuntimePolicyFileBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyFileBlockGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyFileBlockGetArgs.cs new file mode 100644 index 00000000..81d15190 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyFileBlockGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyFileBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockFilesProcesses")] + private InputList? _blockFilesProcesses; + public InputList BlockFilesProcesses + { + get => _blockFilesProcesses ?? (_blockFilesProcesses = new InputList()); + set => _blockFilesProcesses = value; + } + + [Input("blockFilesUsers")] + private InputList? _blockFilesUsers; + public InputList BlockFilesUsers + { + get => _blockFilesUsers ?? (_blockFilesUsers = new InputList()); + set => _blockFilesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockFiles")] + private InputList? _exceptionalBlockFiles; + public InputList ExceptionalBlockFiles + { + get => _exceptionalBlockFiles ?? (_exceptionalBlockFiles = new InputList()); + set => _exceptionalBlockFiles = value; + } + + [Input("exceptionalBlockFilesProcesses")] + private InputList? _exceptionalBlockFilesProcesses; + public InputList ExceptionalBlockFilesProcesses + { + get => _exceptionalBlockFilesProcesses ?? (_exceptionalBlockFilesProcesses = new InputList()); + set => _exceptionalBlockFilesProcesses = value; + } + + [Input("exceptionalBlockFilesUsers")] + private InputList? _exceptionalBlockFilesUsers; + public InputList ExceptionalBlockFilesUsers + { + get => _exceptionalBlockFilesUsers ?? (_exceptionalBlockFilesUsers = new InputList()); + set => _exceptionalBlockFilesUsers = value; + } + + [Input("filenameBlockLists")] + private InputList? _filenameBlockLists; + public InputList FilenameBlockLists + { + get => _filenameBlockLists ?? (_filenameBlockLists = new InputList()); + set => _filenameBlockLists = value; + } + + public HostRuntimePolicyFileBlockGetArgs() + { + } + public static new HostRuntimePolicyFileBlockGetArgs Empty => new HostRuntimePolicyFileBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringArgs.cs index e5ecbedf..b075b17a 100644 --- a/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringArgs.cs +++ b/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringArgs.cs @@ -13,106 +13,112 @@ namespace Pulumiverse.Aquasec.Inputs public sealed class HostRuntimePolicyFileIntegrityMonitoringArgs : global::Pulumi.ResourceArgs { - [Input("excludedPaths")] - private InputList? _excludedPaths; + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; /// - /// List of paths to be excluded from being monitored. + /// List of paths to be excluded from monitoring. /// - public InputList ExcludedPaths + public InputList ExceptionalMonitoredFiles { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; } - [Input("excludedProcesses")] - private InputList? _excludedProcesses; + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; /// - /// List of processes to be excluded from being monitored. + /// List of processes to be excluded from monitoring. /// - public InputList ExcludedProcesses + public InputList ExceptionalMonitoredFilesProcesses { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; } - [Input("excludedUsers")] - private InputList? _excludedUsers; + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; /// - /// List of users to be excluded from being monitored. + /// List of users to be excluded from monitoring. /// - public InputList ExcludedUsers + public InputList ExceptionalMonitoredFilesUsers { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; } + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + /// - /// If true, add attributes operations will be monitored. + /// List of paths to be monitored. /// - [Input("monitorAttributes")] - public Input? MonitorAttributes { get; set; } + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } /// - /// If true, create operations will be monitored. + /// Whether to monitor file attribute operations. /// - [Input("monitorCreate")] - public Input? MonitorCreate { get; set; } + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } /// - /// If true, deletion operations will be monitored. + /// Whether to monitor file create operations. /// - [Input("monitorDelete")] - public Input? MonitorDelete { get; set; } + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } /// - /// If true, modification operations will be monitored. + /// Whether to monitor file delete operations. /// - [Input("monitorModify")] - public Input? MonitorModify { get; set; } + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } /// - /// If true, read operations will be monitored. + /// Whether to monitor file modify operations. /// - [Input("monitorRead")] - public Input? MonitorRead { get; set; } + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } - [Input("monitoredPaths")] - private InputList? _monitoredPaths; + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; /// - /// List of paths to be monitored. + /// List of processes associated with monitored files. /// - public InputList MonitoredPaths + public InputList MonitoredFilesProcesses { - get => _monitoredPaths ?? (_monitoredPaths = new InputList()); - set => _monitoredPaths = value; + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; } - [Input("monitoredProcesses")] - private InputList? _monitoredProcesses; - /// - /// List of processes to be monitored. + /// Whether to monitor file read operations. /// - public InputList MonitoredProcesses - { - get => _monitoredProcesses ?? (_monitoredProcesses = new InputList()); - set => _monitoredProcesses = value; - } + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } - [Input("monitoredUsers")] - private InputList? _monitoredUsers; + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; /// - /// List of users to be monitored. + /// List of users associated with monitored files. /// - public InputList MonitoredUsers + public InputList MonitoredFilesUsers { - get => _monitoredUsers ?? (_monitoredUsers = new InputList()); - set => _monitoredUsers = value; + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; } public HostRuntimePolicyFileIntegrityMonitoringArgs() diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringGetArgs.cs index c39a9f1b..86625432 100644 --- a/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringGetArgs.cs +++ b/sdk/dotnet/Inputs/HostRuntimePolicyFileIntegrityMonitoringGetArgs.cs @@ -13,106 +13,112 @@ namespace Pulumiverse.Aquasec.Inputs public sealed class HostRuntimePolicyFileIntegrityMonitoringGetArgs : global::Pulumi.ResourceArgs { - [Input("excludedPaths")] - private InputList? _excludedPaths; + /// + /// If true, file integrity monitoring is enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredFiles")] + private InputList? _exceptionalMonitoredFiles; /// - /// List of paths to be excluded from being monitored. + /// List of paths to be excluded from monitoring. /// - public InputList ExcludedPaths + public InputList ExceptionalMonitoredFiles { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; + get => _exceptionalMonitoredFiles ?? (_exceptionalMonitoredFiles = new InputList()); + set => _exceptionalMonitoredFiles = value; } - [Input("excludedProcesses")] - private InputList? _excludedProcesses; + [Input("exceptionalMonitoredFilesProcesses")] + private InputList? _exceptionalMonitoredFilesProcesses; /// - /// List of processes to be excluded from being monitored. + /// List of processes to be excluded from monitoring. /// - public InputList ExcludedProcesses + public InputList ExceptionalMonitoredFilesProcesses { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; + get => _exceptionalMonitoredFilesProcesses ?? (_exceptionalMonitoredFilesProcesses = new InputList()); + set => _exceptionalMonitoredFilesProcesses = value; } - [Input("excludedUsers")] - private InputList? _excludedUsers; + [Input("exceptionalMonitoredFilesUsers")] + private InputList? _exceptionalMonitoredFilesUsers; /// - /// List of users to be excluded from being monitored. + /// List of users to be excluded from monitoring. /// - public InputList ExcludedUsers + public InputList ExceptionalMonitoredFilesUsers { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; + get => _exceptionalMonitoredFilesUsers ?? (_exceptionalMonitoredFilesUsers = new InputList()); + set => _exceptionalMonitoredFilesUsers = value; } + [Input("monitoredFiles")] + private InputList? _monitoredFiles; + /// - /// If true, add attributes operations will be monitored. + /// List of paths to be monitored. /// - [Input("monitorAttributes")] - public Input? MonitorAttributes { get; set; } + public InputList MonitoredFiles + { + get => _monitoredFiles ?? (_monitoredFiles = new InputList()); + set => _monitoredFiles = value; + } /// - /// If true, create operations will be monitored. + /// Whether to monitor file attribute operations. /// - [Input("monitorCreate")] - public Input? MonitorCreate { get; set; } + [Input("monitoredFilesAttributes")] + public Input? MonitoredFilesAttributes { get; set; } /// - /// If true, deletion operations will be monitored. + /// Whether to monitor file create operations. /// - [Input("monitorDelete")] - public Input? MonitorDelete { get; set; } + [Input("monitoredFilesCreate")] + public Input? MonitoredFilesCreate { get; set; } /// - /// If true, modification operations will be monitored. + /// Whether to monitor file delete operations. /// - [Input("monitorModify")] - public Input? MonitorModify { get; set; } + [Input("monitoredFilesDelete")] + public Input? MonitoredFilesDelete { get; set; } /// - /// If true, read operations will be monitored. + /// Whether to monitor file modify operations. /// - [Input("monitorRead")] - public Input? MonitorRead { get; set; } + [Input("monitoredFilesModify")] + public Input? MonitoredFilesModify { get; set; } - [Input("monitoredPaths")] - private InputList? _monitoredPaths; + [Input("monitoredFilesProcesses")] + private InputList? _monitoredFilesProcesses; /// - /// List of paths to be monitored. + /// List of processes associated with monitored files. /// - public InputList MonitoredPaths + public InputList MonitoredFilesProcesses { - get => _monitoredPaths ?? (_monitoredPaths = new InputList()); - set => _monitoredPaths = value; + get => _monitoredFilesProcesses ?? (_monitoredFilesProcesses = new InputList()); + set => _monitoredFilesProcesses = value; } - [Input("monitoredProcesses")] - private InputList? _monitoredProcesses; - /// - /// List of processes to be monitored. + /// Whether to monitor file read operations. /// - public InputList MonitoredProcesses - { - get => _monitoredProcesses ?? (_monitoredProcesses = new InputList()); - set => _monitoredProcesses = value; - } + [Input("monitoredFilesRead")] + public Input? MonitoredFilesRead { get; set; } - [Input("monitoredUsers")] - private InputList? _monitoredUsers; + [Input("monitoredFilesUsers")] + private InputList? _monitoredFilesUsers; /// - /// List of users to be monitored. + /// List of users associated with monitored files. /// - public InputList MonitoredUsers + public InputList MonitoredFilesUsers { - get => _monitoredUsers ?? (_monitoredUsers = new InputList()); - set => _monitoredUsers = value; + get => _monitoredFilesUsers ?? (_monitoredFilesUsers = new InputList()); + set => _monitoredFilesUsers = value; } public HostRuntimePolicyFileIntegrityMonitoringGetArgs() diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyLimitContainerPrivilegeArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyLimitContainerPrivilegeArgs.cs new file mode 100644 index 00000000..8d687006 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyLimitContainerPrivilegeArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyLimitContainerPrivilegeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public HostRuntimePolicyLimitContainerPrivilegeArgs() + { + } + public static new HostRuntimePolicyLimitContainerPrivilegeArgs Empty => new HostRuntimePolicyLimitContainerPrivilegeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyLimitContainerPrivilegeGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyLimitContainerPrivilegeGetArgs.cs new file mode 100644 index 00000000..348a06a8 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyLimitContainerPrivilegeGetArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyLimitContainerPrivilegeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether to block adding capabilities. + /// + [Input("blockAddCapabilities")] + public Input? BlockAddCapabilities { get; set; } + + /// + /// Whether container privilege limitations are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Whether to limit IPC-related capabilities. + /// + [Input("ipcmode")] + public Input? Ipcmode { get; set; } + + /// + /// Whether to limit network-related capabilities. + /// + [Input("netmode")] + public Input? Netmode { get; set; } + + /// + /// Whether to limit process-related capabilities. + /// + [Input("pidmode")] + public Input? Pidmode { get; set; } + + /// + /// Whether to prevent low port binding. + /// + [Input("preventLowPortBinding")] + public Input? PreventLowPortBinding { get; set; } + + /// + /// Whether to prevent the use of the root user. + /// + [Input("preventRootUser")] + public Input? PreventRootUser { get; set; } + + /// + /// Whether the container is run in privileged mode. + /// + [Input("privileged")] + public Input? Privileged { get; set; } + + /// + /// Whether to use the host user. + /// + [Input("useHostUser")] + public Input? UseHostUser { get; set; } + + /// + /// Whether to limit user-related capabilities. + /// + [Input("usermode")] + public Input? Usermode { get; set; } + + /// + /// Whether to limit UTS-related capabilities. + /// + [Input("utsmode")] + public Input? Utsmode { get; set; } + + public HostRuntimePolicyLimitContainerPrivilegeGetArgs() + { + } + public static new HostRuntimePolicyLimitContainerPrivilegeGetArgs Empty => new HostRuntimePolicyLimitContainerPrivilegeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyLinuxCapabilitiesArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyLinuxCapabilitiesArgs.cs new file mode 100644 index 00000000..abf62d47 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyLinuxCapabilitiesArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyLinuxCapabilitiesArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("removeLinuxCapabilities")] + private InputList? _removeLinuxCapabilities; + public InputList RemoveLinuxCapabilities + { + get => _removeLinuxCapabilities ?? (_removeLinuxCapabilities = new InputList()); + set => _removeLinuxCapabilities = value; + } + + public HostRuntimePolicyLinuxCapabilitiesArgs() + { + } + public static new HostRuntimePolicyLinuxCapabilitiesArgs Empty => new HostRuntimePolicyLinuxCapabilitiesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyLinuxCapabilitiesGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyLinuxCapabilitiesGetArgs.cs new file mode 100644 index 00000000..1f61b030 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyLinuxCapabilitiesGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyLinuxCapabilitiesGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("removeLinuxCapabilities")] + private InputList? _removeLinuxCapabilities; + public InputList RemoveLinuxCapabilities + { + get => _removeLinuxCapabilities ?? (_removeLinuxCapabilities = new InputList()); + set => _removeLinuxCapabilities = value; + } + + public HostRuntimePolicyLinuxCapabilitiesGetArgs() + { + } + public static new HostRuntimePolicyLinuxCapabilitiesGetArgs Empty => new HostRuntimePolicyLinuxCapabilitiesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsArgs.cs index fdbdd6b8..a723b1c0 100644 --- a/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsArgs.cs +++ b/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsArgs.cs @@ -49,6 +49,18 @@ public InputList ExcludeProcesses set => _excludeProcesses = value; } + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + public HostRuntimePolicyMalwareScanOptionsArgs() { } diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsGetArgs.cs index dca5823a..2c3cf84e 100644 --- a/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsGetArgs.cs +++ b/sdk/dotnet/Inputs/HostRuntimePolicyMalwareScanOptionsGetArgs.cs @@ -49,6 +49,18 @@ public InputList ExcludeProcesses set => _excludeProcesses = value; } + [Input("includeDirectories")] + private InputList? _includeDirectories; + + /// + /// List of registry paths to be excluded from being protected. + /// + public InputList IncludeDirectories + { + get => _includeDirectories ?? (_includeDirectories = new InputList()); + set => _includeDirectories = value; + } + public HostRuntimePolicyMalwareScanOptionsGetArgs() { } diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyPackageBlockArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyPackageBlockArgs.cs new file mode 100644 index 00000000..16d96227 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyPackageBlockArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyPackageBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public HostRuntimePolicyPackageBlockArgs() + { + } + public static new HostRuntimePolicyPackageBlockArgs Empty => new HostRuntimePolicyPackageBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyPackageBlockGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyPackageBlockGetArgs.cs new file mode 100644 index 00000000..199ebfbe --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyPackageBlockGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyPackageBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockPackagesProcesses")] + private InputList? _blockPackagesProcesses; + public InputList BlockPackagesProcesses + { + get => _blockPackagesProcesses ?? (_blockPackagesProcesses = new InputList()); + set => _blockPackagesProcesses = value; + } + + [Input("blockPackagesUsers")] + private InputList? _blockPackagesUsers; + public InputList BlockPackagesUsers + { + get => _blockPackagesUsers ?? (_blockPackagesUsers = new InputList()); + set => _blockPackagesUsers = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalBlockPackagesFiles")] + private InputList? _exceptionalBlockPackagesFiles; + public InputList ExceptionalBlockPackagesFiles + { + get => _exceptionalBlockPackagesFiles ?? (_exceptionalBlockPackagesFiles = new InputList()); + set => _exceptionalBlockPackagesFiles = value; + } + + [Input("exceptionalBlockPackagesProcesses")] + private InputList? _exceptionalBlockPackagesProcesses; + public InputList ExceptionalBlockPackagesProcesses + { + get => _exceptionalBlockPackagesProcesses ?? (_exceptionalBlockPackagesProcesses = new InputList()); + set => _exceptionalBlockPackagesProcesses = value; + } + + [Input("exceptionalBlockPackagesUsers")] + private InputList? _exceptionalBlockPackagesUsers; + public InputList ExceptionalBlockPackagesUsers + { + get => _exceptionalBlockPackagesUsers ?? (_exceptionalBlockPackagesUsers = new InputList()); + set => _exceptionalBlockPackagesUsers = value; + } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + public HostRuntimePolicyPackageBlockGetArgs() + { + } + public static new HostRuntimePolicyPackageBlockGetArgs Empty => new HostRuntimePolicyPackageBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyPortBlockArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyPortBlockArgs.cs new file mode 100644 index 00000000..ee448844 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyPortBlockArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyPortBlockArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public HostRuntimePolicyPortBlockArgs() + { + } + public static new HostRuntimePolicyPortBlockArgs Empty => new HostRuntimePolicyPortBlockArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyPortBlockGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyPortBlockGetArgs.cs new file mode 100644 index 00000000..1202fc9b --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyPortBlockGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyPortBlockGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockInboundPorts")] + private InputList? _blockInboundPorts; + public InputList BlockInboundPorts + { + get => _blockInboundPorts ?? (_blockInboundPorts = new InputList()); + set => _blockInboundPorts = value; + } + + [Input("blockOutboundPorts")] + private InputList? _blockOutboundPorts; + public InputList BlockOutboundPorts + { + get => _blockOutboundPorts ?? (_blockOutboundPorts = new InputList()); + set => _blockOutboundPorts = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + public HostRuntimePolicyPortBlockGetArgs() + { + } + public static new HostRuntimePolicyPortBlockGetArgs Empty => new HostRuntimePolicyPortBlockGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyFilesArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyFilesArgs.cs new file mode 100644 index 00000000..a00ad80b --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyFilesArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyReadonlyFilesArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public HostRuntimePolicyReadonlyFilesArgs() + { + } + public static new HostRuntimePolicyReadonlyFilesArgs Empty => new HostRuntimePolicyReadonlyFilesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyFilesGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyFilesGetArgs.cs new file mode 100644 index 00000000..5726c19b --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyFilesGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyReadonlyFilesGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyFiles")] + private InputList? _exceptionalReadonlyFiles; + public InputList ExceptionalReadonlyFiles + { + get => _exceptionalReadonlyFiles ?? (_exceptionalReadonlyFiles = new InputList()); + set => _exceptionalReadonlyFiles = value; + } + + [Input("exceptionalReadonlyFilesProcesses")] + private InputList? _exceptionalReadonlyFilesProcesses; + public InputList ExceptionalReadonlyFilesProcesses + { + get => _exceptionalReadonlyFilesProcesses ?? (_exceptionalReadonlyFilesProcesses = new InputList()); + set => _exceptionalReadonlyFilesProcesses = value; + } + + [Input("exceptionalReadonlyFilesUsers")] + private InputList? _exceptionalReadonlyFilesUsers; + public InputList ExceptionalReadonlyFilesUsers + { + get => _exceptionalReadonlyFilesUsers ?? (_exceptionalReadonlyFilesUsers = new InputList()); + set => _exceptionalReadonlyFilesUsers = value; + } + + [Input("readonlyFiles")] + private InputList? _readonlyFiles; + public InputList ReadonlyFiles + { + get => _readonlyFiles ?? (_readonlyFiles = new InputList()); + set => _readonlyFiles = value; + } + + [Input("readonlyFilesProcesses")] + private InputList? _readonlyFilesProcesses; + public InputList ReadonlyFilesProcesses + { + get => _readonlyFilesProcesses ?? (_readonlyFilesProcesses = new InputList()); + set => _readonlyFilesProcesses = value; + } + + [Input("readonlyFilesUsers")] + private InputList? _readonlyFilesUsers; + public InputList ReadonlyFilesUsers + { + get => _readonlyFilesUsers ?? (_readonlyFilesUsers = new InputList()); + set => _readonlyFilesUsers = value; + } + + public HostRuntimePolicyReadonlyFilesGetArgs() + { + } + public static new HostRuntimePolicyReadonlyFilesGetArgs Empty => new HostRuntimePolicyReadonlyFilesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyRegistryArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyRegistryArgs.cs new file mode 100644 index 00000000..e63e58d2 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyRegistryArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyReadonlyRegistryArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyRegistryPaths")] + private InputList? _exceptionalReadonlyRegistryPaths; + public InputList ExceptionalReadonlyRegistryPaths + { + get => _exceptionalReadonlyRegistryPaths ?? (_exceptionalReadonlyRegistryPaths = new InputList()); + set => _exceptionalReadonlyRegistryPaths = value; + } + + [Input("exceptionalReadonlyRegistryProcesses")] + private InputList? _exceptionalReadonlyRegistryProcesses; + public InputList ExceptionalReadonlyRegistryProcesses + { + get => _exceptionalReadonlyRegistryProcesses ?? (_exceptionalReadonlyRegistryProcesses = new InputList()); + set => _exceptionalReadonlyRegistryProcesses = value; + } + + [Input("exceptionalReadonlyRegistryUsers")] + private InputList? _exceptionalReadonlyRegistryUsers; + public InputList ExceptionalReadonlyRegistryUsers + { + get => _exceptionalReadonlyRegistryUsers ?? (_exceptionalReadonlyRegistryUsers = new InputList()); + set => _exceptionalReadonlyRegistryUsers = value; + } + + [Input("readonlyRegistryPaths")] + private InputList? _readonlyRegistryPaths; + public InputList ReadonlyRegistryPaths + { + get => _readonlyRegistryPaths ?? (_readonlyRegistryPaths = new InputList()); + set => _readonlyRegistryPaths = value; + } + + [Input("readonlyRegistryProcesses")] + private InputList? _readonlyRegistryProcesses; + public InputList ReadonlyRegistryProcesses + { + get => _readonlyRegistryProcesses ?? (_readonlyRegistryProcesses = new InputList()); + set => _readonlyRegistryProcesses = value; + } + + [Input("readonlyRegistryUsers")] + private InputList? _readonlyRegistryUsers; + public InputList ReadonlyRegistryUsers + { + get => _readonlyRegistryUsers ?? (_readonlyRegistryUsers = new InputList()); + set => _readonlyRegistryUsers = value; + } + + public HostRuntimePolicyReadonlyRegistryArgs() + { + } + public static new HostRuntimePolicyReadonlyRegistryArgs Empty => new HostRuntimePolicyReadonlyRegistryArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyRegistryGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyRegistryGetArgs.cs new file mode 100644 index 00000000..9e79f631 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyReadonlyRegistryGetArgs.cs @@ -0,0 +1,72 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyReadonlyRegistryGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalReadonlyRegistryPaths")] + private InputList? _exceptionalReadonlyRegistryPaths; + public InputList ExceptionalReadonlyRegistryPaths + { + get => _exceptionalReadonlyRegistryPaths ?? (_exceptionalReadonlyRegistryPaths = new InputList()); + set => _exceptionalReadonlyRegistryPaths = value; + } + + [Input("exceptionalReadonlyRegistryProcesses")] + private InputList? _exceptionalReadonlyRegistryProcesses; + public InputList ExceptionalReadonlyRegistryProcesses + { + get => _exceptionalReadonlyRegistryProcesses ?? (_exceptionalReadonlyRegistryProcesses = new InputList()); + set => _exceptionalReadonlyRegistryProcesses = value; + } + + [Input("exceptionalReadonlyRegistryUsers")] + private InputList? _exceptionalReadonlyRegistryUsers; + public InputList ExceptionalReadonlyRegistryUsers + { + get => _exceptionalReadonlyRegistryUsers ?? (_exceptionalReadonlyRegistryUsers = new InputList()); + set => _exceptionalReadonlyRegistryUsers = value; + } + + [Input("readonlyRegistryPaths")] + private InputList? _readonlyRegistryPaths; + public InputList ReadonlyRegistryPaths + { + get => _readonlyRegistryPaths ?? (_readonlyRegistryPaths = new InputList()); + set => _readonlyRegistryPaths = value; + } + + [Input("readonlyRegistryProcesses")] + private InputList? _readonlyRegistryProcesses; + public InputList ReadonlyRegistryProcesses + { + get => _readonlyRegistryProcesses ?? (_readonlyRegistryProcesses = new InputList()); + set => _readonlyRegistryProcesses = value; + } + + [Input("readonlyRegistryUsers")] + private InputList? _readonlyRegistryUsers; + public InputList ReadonlyRegistryUsers + { + get => _readonlyRegistryUsers ?? (_readonlyRegistryUsers = new InputList()); + set => _readonlyRegistryUsers = value; + } + + public HostRuntimePolicyReadonlyRegistryGetArgs() + { + } + public static new HostRuntimePolicyReadonlyRegistryGetArgs Empty => new HostRuntimePolicyReadonlyRegistryGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyRegistryAccessMonitoringArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyRegistryAccessMonitoringArgs.cs new file mode 100644 index 00000000..fe0755ea --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyRegistryAccessMonitoringArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyRegistryAccessMonitoringArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredRegistryPaths")] + private InputList? _exceptionalMonitoredRegistryPaths; + public InputList ExceptionalMonitoredRegistryPaths + { + get => _exceptionalMonitoredRegistryPaths ?? (_exceptionalMonitoredRegistryPaths = new InputList()); + set => _exceptionalMonitoredRegistryPaths = value; + } + + [Input("exceptionalMonitoredRegistryProcesses")] + private InputList? _exceptionalMonitoredRegistryProcesses; + public InputList ExceptionalMonitoredRegistryProcesses + { + get => _exceptionalMonitoredRegistryProcesses ?? (_exceptionalMonitoredRegistryProcesses = new InputList()); + set => _exceptionalMonitoredRegistryProcesses = value; + } + + [Input("exceptionalMonitoredRegistryUsers")] + private InputList? _exceptionalMonitoredRegistryUsers; + public InputList ExceptionalMonitoredRegistryUsers + { + get => _exceptionalMonitoredRegistryUsers ?? (_exceptionalMonitoredRegistryUsers = new InputList()); + set => _exceptionalMonitoredRegistryUsers = value; + } + + [Input("monitoredRegistryAttributes")] + public Input? MonitoredRegistryAttributes { get; set; } + + [Input("monitoredRegistryCreate")] + public Input? MonitoredRegistryCreate { get; set; } + + [Input("monitoredRegistryDelete")] + public Input? MonitoredRegistryDelete { get; set; } + + [Input("monitoredRegistryModify")] + public Input? MonitoredRegistryModify { get; set; } + + [Input("monitoredRegistryPaths")] + private InputList? _monitoredRegistryPaths; + public InputList MonitoredRegistryPaths + { + get => _monitoredRegistryPaths ?? (_monitoredRegistryPaths = new InputList()); + set => _monitoredRegistryPaths = value; + } + + [Input("monitoredRegistryProcesses")] + private InputList? _monitoredRegistryProcesses; + public InputList MonitoredRegistryProcesses + { + get => _monitoredRegistryProcesses ?? (_monitoredRegistryProcesses = new InputList()); + set => _monitoredRegistryProcesses = value; + } + + [Input("monitoredRegistryRead")] + public Input? MonitoredRegistryRead { get; set; } + + [Input("monitoredRegistryUsers")] + private InputList? _monitoredRegistryUsers; + public InputList MonitoredRegistryUsers + { + get => _monitoredRegistryUsers ?? (_monitoredRegistryUsers = new InputList()); + set => _monitoredRegistryUsers = value; + } + + public HostRuntimePolicyRegistryAccessMonitoringArgs() + { + } + public static new HostRuntimePolicyRegistryAccessMonitoringArgs Empty => new HostRuntimePolicyRegistryAccessMonitoringArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyRegistryAccessMonitoringGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyRegistryAccessMonitoringGetArgs.cs new file mode 100644 index 00000000..d68bb3c6 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyRegistryAccessMonitoringGetArgs.cs @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyRegistryAccessMonitoringGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("exceptionalMonitoredRegistryPaths")] + private InputList? _exceptionalMonitoredRegistryPaths; + public InputList ExceptionalMonitoredRegistryPaths + { + get => _exceptionalMonitoredRegistryPaths ?? (_exceptionalMonitoredRegistryPaths = new InputList()); + set => _exceptionalMonitoredRegistryPaths = value; + } + + [Input("exceptionalMonitoredRegistryProcesses")] + private InputList? _exceptionalMonitoredRegistryProcesses; + public InputList ExceptionalMonitoredRegistryProcesses + { + get => _exceptionalMonitoredRegistryProcesses ?? (_exceptionalMonitoredRegistryProcesses = new InputList()); + set => _exceptionalMonitoredRegistryProcesses = value; + } + + [Input("exceptionalMonitoredRegistryUsers")] + private InputList? _exceptionalMonitoredRegistryUsers; + public InputList ExceptionalMonitoredRegistryUsers + { + get => _exceptionalMonitoredRegistryUsers ?? (_exceptionalMonitoredRegistryUsers = new InputList()); + set => _exceptionalMonitoredRegistryUsers = value; + } + + [Input("monitoredRegistryAttributes")] + public Input? MonitoredRegistryAttributes { get; set; } + + [Input("monitoredRegistryCreate")] + public Input? MonitoredRegistryCreate { get; set; } + + [Input("monitoredRegistryDelete")] + public Input? MonitoredRegistryDelete { get; set; } + + [Input("monitoredRegistryModify")] + public Input? MonitoredRegistryModify { get; set; } + + [Input("monitoredRegistryPaths")] + private InputList? _monitoredRegistryPaths; + public InputList MonitoredRegistryPaths + { + get => _monitoredRegistryPaths ?? (_monitoredRegistryPaths = new InputList()); + set => _monitoredRegistryPaths = value; + } + + [Input("monitoredRegistryProcesses")] + private InputList? _monitoredRegistryProcesses; + public InputList MonitoredRegistryProcesses + { + get => _monitoredRegistryProcesses ?? (_monitoredRegistryProcesses = new InputList()); + set => _monitoredRegistryProcesses = value; + } + + [Input("monitoredRegistryRead")] + public Input? MonitoredRegistryRead { get; set; } + + [Input("monitoredRegistryUsers")] + private InputList? _monitoredRegistryUsers; + public InputList MonitoredRegistryUsers + { + get => _monitoredRegistryUsers ?? (_monitoredRegistryUsers = new InputList()); + set => _monitoredRegistryUsers = value; + } + + public HostRuntimePolicyRegistryAccessMonitoringGetArgs() + { + } + public static new HostRuntimePolicyRegistryAccessMonitoringGetArgs Empty => new HostRuntimePolicyRegistryAccessMonitoringGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyRestrictedVolumeArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyRestrictedVolumeArgs.cs new file mode 100644 index 00000000..fc0b1b0a --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyRestrictedVolumeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyRestrictedVolumeArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public HostRuntimePolicyRestrictedVolumeArgs() + { + } + public static new HostRuntimePolicyRestrictedVolumeArgs Empty => new HostRuntimePolicyRestrictedVolumeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyRestrictedVolumeGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyRestrictedVolumeGetArgs.cs new file mode 100644 index 00000000..47c9a895 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyRestrictedVolumeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyRestrictedVolumeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether restricted volumes are enabled. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("volumes")] + private InputList? _volumes; + + /// + /// List of restricted volumes. + /// + public InputList Volumes + { + get => _volumes ?? (_volumes = new InputList()); + set => _volumes = value; + } + + public HostRuntimePolicyRestrictedVolumeGetArgs() + { + } + public static new HostRuntimePolicyRestrictedVolumeGetArgs Empty => new HostRuntimePolicyRestrictedVolumeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyReverseShellArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyReverseShellArgs.cs new file mode 100644 index 00000000..160f01cd --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyReverseShellArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyReverseShellArgs : global::Pulumi.ResourceArgs + { + [Input("blockReverseShell")] + public Input? BlockReverseShell { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + [Input("reverseShellProcWhiteLists")] + private InputList? _reverseShellProcWhiteLists; + public InputList ReverseShellProcWhiteLists + { + get => _reverseShellProcWhiteLists ?? (_reverseShellProcWhiteLists = new InputList()); + set => _reverseShellProcWhiteLists = value; + } + + public HostRuntimePolicyReverseShellArgs() + { + } + public static new HostRuntimePolicyReverseShellArgs Empty => new HostRuntimePolicyReverseShellArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyReverseShellGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyReverseShellGetArgs.cs new file mode 100644 index 00000000..6c0b37e9 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyReverseShellGetArgs.cs @@ -0,0 +1,43 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyReverseShellGetArgs : global::Pulumi.ResourceArgs + { + [Input("blockReverseShell")] + public Input? BlockReverseShell { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("reverseShellIpWhiteLists")] + private InputList? _reverseShellIpWhiteLists; + public InputList ReverseShellIpWhiteLists + { + get => _reverseShellIpWhiteLists ?? (_reverseShellIpWhiteLists = new InputList()); + set => _reverseShellIpWhiteLists = value; + } + + [Input("reverseShellProcWhiteLists")] + private InputList? _reverseShellProcWhiteLists; + public InputList ReverseShellProcWhiteLists + { + get => _reverseShellProcWhiteLists ?? (_reverseShellProcWhiteLists = new InputList()); + set => _reverseShellProcWhiteLists = value; + } + + public HostRuntimePolicyReverseShellGetArgs() + { + } + public static new HostRuntimePolicyReverseShellGetArgs Empty => new HostRuntimePolicyReverseShellGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyScopeArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyScopeArgs.cs new file mode 100644 index 00000000..4dd138d0 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyScopeArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyScopeArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("variables", required: true)] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public HostRuntimePolicyScopeArgs() + { + } + public static new HostRuntimePolicyScopeArgs Empty => new HostRuntimePolicyScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyScopeGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyScopeGetArgs.cs new file mode 100644 index 00000000..8333e839 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyScopeGetArgs.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyScopeGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Scope expression. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("variables", required: true)] + private InputList? _variables; + + /// + /// List of variables in the scope. + /// + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public HostRuntimePolicyScopeGetArgs() + { + } + public static new HostRuntimePolicyScopeGetArgs Empty => new HostRuntimePolicyScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicySystemIntegrityProtectionArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicySystemIntegrityProtectionArgs.cs new file mode 100644 index 00000000..3c3bb71b --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicySystemIntegrityProtectionArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicySystemIntegrityProtectionArgs : global::Pulumi.ResourceArgs + { + [Input("auditSystemtimeChange")] + public Input? AuditSystemtimeChange { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("monitorAuditLogIntegrity")] + public Input? MonitorAuditLogIntegrity { get; set; } + + [Input("windowsServicesMonitoring")] + public Input? WindowsServicesMonitoring { get; set; } + + public HostRuntimePolicySystemIntegrityProtectionArgs() + { + } + public static new HostRuntimePolicySystemIntegrityProtectionArgs Empty => new HostRuntimePolicySystemIntegrityProtectionArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicySystemIntegrityProtectionGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicySystemIntegrityProtectionGetArgs.cs new file mode 100644 index 00000000..c29fff11 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicySystemIntegrityProtectionGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicySystemIntegrityProtectionGetArgs : global::Pulumi.ResourceArgs + { + [Input("auditSystemtimeChange")] + public Input? AuditSystemtimeChange { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("monitorAuditLogIntegrity")] + public Input? MonitorAuditLogIntegrity { get; set; } + + [Input("windowsServicesMonitoring")] + public Input? WindowsServicesMonitoring { get; set; } + + public HostRuntimePolicySystemIntegrityProtectionGetArgs() + { + } + public static new HostRuntimePolicySystemIntegrityProtectionGetArgs Empty => new HostRuntimePolicySystemIntegrityProtectionGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyTripwireArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyTripwireArgs.cs new file mode 100644 index 00000000..6cf173e8 --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyTripwireArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyTripwireArgs : global::Pulumi.ResourceArgs + { + [Input("applyOns")] + private InputList? _applyOns; + public InputList ApplyOns + { + get => _applyOns ?? (_applyOns = new InputList()); + set => _applyOns = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("serverlessApp")] + public Input? ServerlessApp { get; set; } + + [Input("userId")] + public Input? UserId { get; set; } + + [Input("userPassword")] + public Input? UserPassword { get; set; } + + public HostRuntimePolicyTripwireArgs() + { + } + public static new HostRuntimePolicyTripwireArgs Empty => new HostRuntimePolicyTripwireArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyTripwireGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyTripwireGetArgs.cs new file mode 100644 index 00000000..7ec0ceac --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyTripwireGetArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyTripwireGetArgs : global::Pulumi.ResourceArgs + { + [Input("applyOns")] + private InputList? _applyOns; + public InputList ApplyOns + { + get => _applyOns ?? (_applyOns = new InputList()); + set => _applyOns = value; + } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("serverlessApp")] + public Input? ServerlessApp { get; set; } + + [Input("userId")] + public Input? UserId { get; set; } + + [Input("userPassword")] + public Input? UserPassword { get; set; } + + public HostRuntimePolicyTripwireGetArgs() + { + } + public static new HostRuntimePolicyTripwireGetArgs Empty => new HostRuntimePolicyTripwireGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyWhitelistedOsUsersArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyWhitelistedOsUsersArgs.cs new file mode 100644 index 00000000..cddb7c9e --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyWhitelistedOsUsersArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyWhitelistedOsUsersArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupWhiteLists")] + private InputList? _groupWhiteLists; + public InputList GroupWhiteLists + { + get => _groupWhiteLists ?? (_groupWhiteLists = new InputList()); + set => _groupWhiteLists = value; + } + + [Input("userWhiteLists")] + private InputList? _userWhiteLists; + public InputList UserWhiteLists + { + get => _userWhiteLists ?? (_userWhiteLists = new InputList()); + set => _userWhiteLists = value; + } + + public HostRuntimePolicyWhitelistedOsUsersArgs() + { + } + public static new HostRuntimePolicyWhitelistedOsUsersArgs Empty => new HostRuntimePolicyWhitelistedOsUsersArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyWhitelistedOsUsersGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyWhitelistedOsUsersGetArgs.cs new file mode 100644 index 00000000..a01563ad --- /dev/null +++ b/sdk/dotnet/Inputs/HostRuntimePolicyWhitelistedOsUsersGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class HostRuntimePolicyWhitelistedOsUsersGetArgs : global::Pulumi.ResourceArgs + { + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("groupWhiteLists")] + private InputList? _groupWhiteLists; + public InputList GroupWhiteLists + { + get => _groupWhiteLists ?? (_groupWhiteLists = new InputList()); + set => _groupWhiteLists = value; + } + + [Input("userWhiteLists")] + private InputList? _userWhiteLists; + public InputList UserWhiteLists + { + get => _userWhiteLists ?? (_userWhiteLists = new InputList()); + set => _userWhiteLists = value; + } + + public HostRuntimePolicyWhitelistedOsUsersGetArgs() + { + } + public static new HostRuntimePolicyWhitelistedOsUsersGetArgs Empty => new HostRuntimePolicyWhitelistedOsUsersGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryMonitoringArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryMonitoringArgs.cs deleted file mode 100644 index 18e23697..00000000 --- a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryMonitoringArgs.cs +++ /dev/null @@ -1,123 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; -using Pulumi; - -namespace Pulumiverse.Aquasec.Inputs -{ - - public sealed class HostRuntimePolicyWindowsRegistryMonitoringArgs : global::Pulumi.ResourceArgs - { - [Input("excludedPaths")] - private InputList? _excludedPaths; - - /// - /// List of paths to be excluded from being monitored. - /// - public InputList ExcludedPaths - { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; - } - - [Input("excludedProcesses")] - private InputList? _excludedProcesses; - - /// - /// List of registry processes to be excluded from being monitored. - /// - public InputList ExcludedProcesses - { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; - } - - [Input("excludedUsers")] - private InputList? _excludedUsers; - - /// - /// List of registry users to be excluded from being monitored. - /// - public InputList ExcludedUsers - { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; - } - - /// - /// If true, add attributes operations will be monitored. - /// - [Input("monitorAttributes")] - public Input? MonitorAttributes { get; set; } - - /// - /// If true, create operations will be monitored. - /// - [Input("monitorCreate")] - public Input? MonitorCreate { get; set; } - - /// - /// If true, deletion operations will be monitored. - /// - [Input("monitorDelete")] - public Input? MonitorDelete { get; set; } - - /// - /// If true, modification operations will be monitored. - /// - [Input("monitorModify")] - public Input? MonitorModify { get; set; } - - /// - /// If true, read operations will be monitored. - /// - [Input("monitorRead")] - public Input? MonitorRead { get; set; } - - [Input("monitoredPaths")] - private InputList? _monitoredPaths; - - /// - /// List of paths to be monitored. - /// - public InputList MonitoredPaths - { - get => _monitoredPaths ?? (_monitoredPaths = new InputList()); - set => _monitoredPaths = value; - } - - [Input("monitoredProcesses")] - private InputList? _monitoredProcesses; - - /// - /// List of registry processes to be monitored. - /// - public InputList MonitoredProcesses - { - get => _monitoredProcesses ?? (_monitoredProcesses = new InputList()); - set => _monitoredProcesses = value; - } - - [Input("monitoredUsers")] - private InputList? _monitoredUsers; - - /// - /// List of registry users to be monitored. - /// - public InputList MonitoredUsers - { - get => _monitoredUsers ?? (_monitoredUsers = new InputList()); - set => _monitoredUsers = value; - } - - public HostRuntimePolicyWindowsRegistryMonitoringArgs() - { - } - public static new HostRuntimePolicyWindowsRegistryMonitoringArgs Empty => new HostRuntimePolicyWindowsRegistryMonitoringArgs(); - } -} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryMonitoringGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryMonitoringGetArgs.cs deleted file mode 100644 index 1200488b..00000000 --- a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryMonitoringGetArgs.cs +++ /dev/null @@ -1,123 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; -using Pulumi; - -namespace Pulumiverse.Aquasec.Inputs -{ - - public sealed class HostRuntimePolicyWindowsRegistryMonitoringGetArgs : global::Pulumi.ResourceArgs - { - [Input("excludedPaths")] - private InputList? _excludedPaths; - - /// - /// List of paths to be excluded from being monitored. - /// - public InputList ExcludedPaths - { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; - } - - [Input("excludedProcesses")] - private InputList? _excludedProcesses; - - /// - /// List of registry processes to be excluded from being monitored. - /// - public InputList ExcludedProcesses - { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; - } - - [Input("excludedUsers")] - private InputList? _excludedUsers; - - /// - /// List of registry users to be excluded from being monitored. - /// - public InputList ExcludedUsers - { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; - } - - /// - /// If true, add attributes operations will be monitored. - /// - [Input("monitorAttributes")] - public Input? MonitorAttributes { get; set; } - - /// - /// If true, create operations will be monitored. - /// - [Input("monitorCreate")] - public Input? MonitorCreate { get; set; } - - /// - /// If true, deletion operations will be monitored. - /// - [Input("monitorDelete")] - public Input? MonitorDelete { get; set; } - - /// - /// If true, modification operations will be monitored. - /// - [Input("monitorModify")] - public Input? MonitorModify { get; set; } - - /// - /// If true, read operations will be monitored. - /// - [Input("monitorRead")] - public Input? MonitorRead { get; set; } - - [Input("monitoredPaths")] - private InputList? _monitoredPaths; - - /// - /// List of paths to be monitored. - /// - public InputList MonitoredPaths - { - get => _monitoredPaths ?? (_monitoredPaths = new InputList()); - set => _monitoredPaths = value; - } - - [Input("monitoredProcesses")] - private InputList? _monitoredProcesses; - - /// - /// List of registry processes to be monitored. - /// - public InputList MonitoredProcesses - { - get => _monitoredProcesses ?? (_monitoredProcesses = new InputList()); - set => _monitoredProcesses = value; - } - - [Input("monitoredUsers")] - private InputList? _monitoredUsers; - - /// - /// List of registry users to be monitored. - /// - public InputList MonitoredUsers - { - get => _monitoredUsers ?? (_monitoredUsers = new InputList()); - set => _monitoredUsers = value; - } - - public HostRuntimePolicyWindowsRegistryMonitoringGetArgs() - { - } - public static new HostRuntimePolicyWindowsRegistryMonitoringGetArgs Empty => new HostRuntimePolicyWindowsRegistryMonitoringGetArgs(); - } -} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryProtectionArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryProtectionArgs.cs deleted file mode 100644 index 4e8ff3ac..00000000 --- a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryProtectionArgs.cs +++ /dev/null @@ -1,93 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; -using Pulumi; - -namespace Pulumiverse.Aquasec.Inputs -{ - - public sealed class HostRuntimePolicyWindowsRegistryProtectionArgs : global::Pulumi.ResourceArgs - { - [Input("excludedPaths")] - private InputList? _excludedPaths; - - /// - /// List of registry paths to be excluded from being protected. - /// - public InputList ExcludedPaths - { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; - } - - [Input("excludedProcesses")] - private InputList? _excludedProcesses; - - /// - /// List of registry processes to be excluded from being protected. - /// - public InputList ExcludedProcesses - { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; - } - - [Input("excludedUsers")] - private InputList? _excludedUsers; - - /// - /// List of registry paths to be users from being protected. - /// - public InputList ExcludedUsers - { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; - } - - [Input("protectedPaths")] - private InputList? _protectedPaths; - - /// - /// List of registry paths to be protected. - /// - public InputList ProtectedPaths - { - get => _protectedPaths ?? (_protectedPaths = new InputList()); - set => _protectedPaths = value; - } - - [Input("protectedProcesses")] - private InputList? _protectedProcesses; - - /// - /// List of registry processes to be protected. - /// - public InputList ProtectedProcesses - { - get => _protectedProcesses ?? (_protectedProcesses = new InputList()); - set => _protectedProcesses = value; - } - - [Input("protectedUsers")] - private InputList? _protectedUsers; - - /// - /// List of registry users to be protected. - /// - public InputList ProtectedUsers - { - get => _protectedUsers ?? (_protectedUsers = new InputList()); - set => _protectedUsers = value; - } - - public HostRuntimePolicyWindowsRegistryProtectionArgs() - { - } - public static new HostRuntimePolicyWindowsRegistryProtectionArgs Empty => new HostRuntimePolicyWindowsRegistryProtectionArgs(); - } -} diff --git a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryProtectionGetArgs.cs b/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryProtectionGetArgs.cs deleted file mode 100644 index c2c7b94a..00000000 --- a/sdk/dotnet/Inputs/HostRuntimePolicyWindowsRegistryProtectionGetArgs.cs +++ /dev/null @@ -1,93 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; -using Pulumi; - -namespace Pulumiverse.Aquasec.Inputs -{ - - public sealed class HostRuntimePolicyWindowsRegistryProtectionGetArgs : global::Pulumi.ResourceArgs - { - [Input("excludedPaths")] - private InputList? _excludedPaths; - - /// - /// List of registry paths to be excluded from being protected. - /// - public InputList ExcludedPaths - { - get => _excludedPaths ?? (_excludedPaths = new InputList()); - set => _excludedPaths = value; - } - - [Input("excludedProcesses")] - private InputList? _excludedProcesses; - - /// - /// List of registry processes to be excluded from being protected. - /// - public InputList ExcludedProcesses - { - get => _excludedProcesses ?? (_excludedProcesses = new InputList()); - set => _excludedProcesses = value; - } - - [Input("excludedUsers")] - private InputList? _excludedUsers; - - /// - /// List of registry paths to be users from being protected. - /// - public InputList ExcludedUsers - { - get => _excludedUsers ?? (_excludedUsers = new InputList()); - set => _excludedUsers = value; - } - - [Input("protectedPaths")] - private InputList? _protectedPaths; - - /// - /// List of registry paths to be protected. - /// - public InputList ProtectedPaths - { - get => _protectedPaths ?? (_protectedPaths = new InputList()); - set => _protectedPaths = value; - } - - [Input("protectedProcesses")] - private InputList? _protectedProcesses; - - /// - /// List of registry processes to be protected. - /// - public InputList ProtectedProcesses - { - get => _protectedProcesses ?? (_protectedProcesses = new InputList()); - set => _protectedProcesses = value; - } - - [Input("protectedUsers")] - private InputList? _protectedUsers; - - /// - /// List of registry users to be protected. - /// - public InputList ProtectedUsers - { - get => _protectedUsers ?? (_protectedUsers = new InputList()); - set => _protectedUsers = value; - } - - public HostRuntimePolicyWindowsRegistryProtectionGetArgs() - { - } - public static new HostRuntimePolicyWindowsRegistryProtectionGetArgs Empty => new HostRuntimePolicyWindowsRegistryProtectionGetArgs(); - } -} diff --git a/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedArgs.cs b/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedArgs.cs index 9e3a0e82..2db2c9cb 100644 --- a/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedArgs.cs +++ b/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedArgs.cs @@ -22,15 +22,9 @@ public sealed class ImageAssuranceChecksPerformedArgs : global::Pulumi.ResourceA [Input("control")] public Input? Control { get; set; } - /// - /// If DTA was skipped. - /// [Input("dtaSkipped")] public Input? DtaSkipped { get; set; } - /// - /// The reason why DTA was skipped. - /// [Input("dtaSkippedReason")] public Input? DtaSkippedReason { get; set; } diff --git a/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedGetArgs.cs b/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedGetArgs.cs index 1a03cfd3..3da2a93f 100644 --- a/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedGetArgs.cs +++ b/sdk/dotnet/Inputs/ImageAssuranceChecksPerformedGetArgs.cs @@ -22,15 +22,9 @@ public sealed class ImageAssuranceChecksPerformedGetArgs : global::Pulumi.Resour [Input("control")] public Input? Control { get; set; } - /// - /// If DTA was skipped. - /// [Input("dtaSkipped")] public Input? DtaSkipped { get; set; } - /// - /// The reason why DTA was skipped. - /// [Input("dtaSkippedReason")] public Input? DtaSkippedReason { get; set; } diff --git a/sdk/dotnet/Inputs/ImageAssurancePolicyKubernetesControlsArgs.cs b/sdk/dotnet/Inputs/ImageAssurancePolicyKubernetesControlsArgs.cs new file mode 100644 index 00000000..56c46a30 --- /dev/null +++ b/sdk/dotnet/Inputs/ImageAssurancePolicyKubernetesControlsArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ImageAssurancePolicyKubernetesControlsArgs : global::Pulumi.ResourceArgs + { + [Input("avdId")] + public Input? AvdId { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("kind")] + public Input? Kind { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("ootb")] + public Input? Ootb { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + public ImageAssurancePolicyKubernetesControlsArgs() + { + } + public static new ImageAssurancePolicyKubernetesControlsArgs Empty => new ImageAssurancePolicyKubernetesControlsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ImageAssurancePolicyKubernetesControlsGetArgs.cs b/sdk/dotnet/Inputs/ImageAssurancePolicyKubernetesControlsGetArgs.cs new file mode 100644 index 00000000..25203a49 --- /dev/null +++ b/sdk/dotnet/Inputs/ImageAssurancePolicyKubernetesControlsGetArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ImageAssurancePolicyKubernetesControlsGetArgs : global::Pulumi.ResourceArgs + { + [Input("avdId")] + public Input? AvdId { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("kind")] + public Input? Kind { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("ootb")] + public Input? Ootb { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + public ImageAssurancePolicyKubernetesControlsGetArgs() + { + } + public static new ImageAssurancePolicyKubernetesControlsGetArgs Empty => new ImageAssurancePolicyKubernetesControlsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ImageAssurancePolicyPolicySettingsArgs.cs b/sdk/dotnet/Inputs/ImageAssurancePolicyPolicySettingsArgs.cs new file mode 100644 index 00000000..ac91b373 --- /dev/null +++ b/sdk/dotnet/Inputs/ImageAssurancePolicyPolicySettingsArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ImageAssurancePolicyPolicySettingsArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public ImageAssurancePolicyPolicySettingsArgs() + { + } + public static new ImageAssurancePolicyPolicySettingsArgs Empty => new ImageAssurancePolicyPolicySettingsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ImageAssurancePolicyPolicySettingsGetArgs.cs b/sdk/dotnet/Inputs/ImageAssurancePolicyPolicySettingsGetArgs.cs new file mode 100644 index 00000000..0512cbbb --- /dev/null +++ b/sdk/dotnet/Inputs/ImageAssurancePolicyPolicySettingsGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class ImageAssurancePolicyPolicySettingsGetArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public ImageAssurancePolicyPolicySettingsGetArgs() + { + } + public static new ImageAssurancePolicyPolicySettingsGetArgs Empty => new ImageAssurancePolicyPolicySettingsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ImageHistoryArgs.cs b/sdk/dotnet/Inputs/ImageHistoryArgs.cs index 6c880ff6..b7b77887 100644 --- a/sdk/dotnet/Inputs/ImageHistoryArgs.cs +++ b/sdk/dotnet/Inputs/ImageHistoryArgs.cs @@ -13,24 +13,15 @@ namespace Pulumiverse.Aquasec.Inputs public sealed class ImageHistoryArgs : global::Pulumi.ResourceArgs { - /// - /// The image creation comment. - /// [Input("comment")] public Input? Comment { get; set; } - /// - /// The date and time when the image was registered. - /// [Input("created")] public Input? Created { get; set; } [Input("createdBy")] public Input? CreatedBy { get; set; } - /// - /// The ID of this resource. - /// [Input("id")] public Input? Id { get; set; } diff --git a/sdk/dotnet/Inputs/ImageHistoryGetArgs.cs b/sdk/dotnet/Inputs/ImageHistoryGetArgs.cs index 62679c36..8fa8d37b 100644 --- a/sdk/dotnet/Inputs/ImageHistoryGetArgs.cs +++ b/sdk/dotnet/Inputs/ImageHistoryGetArgs.cs @@ -13,24 +13,15 @@ namespace Pulumiverse.Aquasec.Inputs public sealed class ImageHistoryGetArgs : global::Pulumi.ResourceArgs { - /// - /// The image creation comment. - /// [Input("comment")] public Input? Comment { get; set; } - /// - /// The date and time when the image was registered. - /// [Input("created")] public Input? Created { get; set; } [Input("createdBy")] public Input? CreatedBy { get; set; } - /// - /// The ID of this resource. - /// [Input("id")] public Input? Id { get; set; } diff --git a/sdk/dotnet/Inputs/ImageVulnerabilityArgs.cs b/sdk/dotnet/Inputs/ImageVulnerabilityArgs.cs index 85e18c34..066bd640 100644 --- a/sdk/dotnet/Inputs/ImageVulnerabilityArgs.cs +++ b/sdk/dotnet/Inputs/ImageVulnerabilityArgs.cs @@ -67,9 +67,6 @@ public sealed class ImageVulnerabilityArgs : global::Pulumi.ResourceArgs [Input("description")] public Input? Description { get; set; } - /// - /// The content digest of the image. - /// [Input("digest")] public Input? Digest { get; set; } @@ -94,9 +91,6 @@ public sealed class ImageVulnerabilityArgs : global::Pulumi.ResourceArgs [Input("modificationDate")] public Input? ModificationDate { get; set; } - /// - /// The name of the image. - /// [Input("name")] public Input? Name { get; set; } @@ -121,36 +115,21 @@ public sealed class ImageVulnerabilityArgs : global::Pulumi.ResourceArgs [Input("nvdUrl")] public Input? NvdUrl { get; set; } - /// - /// The operating system detected in the image - /// [Input("os")] public Input? Os { get; set; } - /// - /// The version of the OS detected in the image. - /// [Input("osVersion")] public Input? OsVersion { get; set; } - /// - /// Permission of the image. - /// [Input("permission")] public Input? Permission { get; set; } [Input("publishDate")] public Input? PublishDate { get; set; } - /// - /// The name of the registry where the image is stored. - /// [Input("registry")] public Input? Registry { get; set; } - /// - /// The name of the image's repository. - /// [Input("repository")] public Input? Repository { get; set; } diff --git a/sdk/dotnet/Inputs/ImageVulnerabilityGetArgs.cs b/sdk/dotnet/Inputs/ImageVulnerabilityGetArgs.cs index 2d404b2e..2e753ddb 100644 --- a/sdk/dotnet/Inputs/ImageVulnerabilityGetArgs.cs +++ b/sdk/dotnet/Inputs/ImageVulnerabilityGetArgs.cs @@ -67,9 +67,6 @@ public sealed class ImageVulnerabilityGetArgs : global::Pulumi.ResourceArgs [Input("description")] public Input? Description { get; set; } - /// - /// The content digest of the image. - /// [Input("digest")] public Input? Digest { get; set; } @@ -94,9 +91,6 @@ public sealed class ImageVulnerabilityGetArgs : global::Pulumi.ResourceArgs [Input("modificationDate")] public Input? ModificationDate { get; set; } - /// - /// The name of the image. - /// [Input("name")] public Input? Name { get; set; } @@ -121,36 +115,21 @@ public sealed class ImageVulnerabilityGetArgs : global::Pulumi.ResourceArgs [Input("nvdUrl")] public Input? NvdUrl { get; set; } - /// - /// The operating system detected in the image - /// [Input("os")] public Input? Os { get; set; } - /// - /// The version of the OS detected in the image. - /// [Input("osVersion")] public Input? OsVersion { get; set; } - /// - /// Permission of the image. - /// [Input("permission")] public Input? Permission { get; set; } [Input("publishDate")] public Input? PublishDate { get; set; } - /// - /// The name of the registry where the image is stored. - /// [Input("registry")] public Input? Registry { get; set; } - /// - /// The name of the image's repository. - /// [Input("repository")] public Input? Repository { get; set; } diff --git a/sdk/dotnet/Inputs/IntegrationRegistryWebhookArgs.cs b/sdk/dotnet/Inputs/IntegrationRegistryWebhookArgs.cs index 4bbdb8e9..f2fde5f3 100644 --- a/sdk/dotnet/Inputs/IntegrationRegistryWebhookArgs.cs +++ b/sdk/dotnet/Inputs/IntegrationRegistryWebhookArgs.cs @@ -22,9 +22,6 @@ public sealed class IntegrationRegistryWebhookArgs : global::Pulumi.ResourceArgs [Input("unQuarantine")] public Input? UnQuarantine { get; set; } - /// - /// The URL, address or region of the registry - /// [Input("url")] public Input? Url { get; set; } diff --git a/sdk/dotnet/Inputs/IntegrationRegistryWebhookGetArgs.cs b/sdk/dotnet/Inputs/IntegrationRegistryWebhookGetArgs.cs index db93e2b9..fc1e4bbc 100644 --- a/sdk/dotnet/Inputs/IntegrationRegistryWebhookGetArgs.cs +++ b/sdk/dotnet/Inputs/IntegrationRegistryWebhookGetArgs.cs @@ -22,9 +22,6 @@ public sealed class IntegrationRegistryWebhookGetArgs : global::Pulumi.ResourceA [Input("unQuarantine")] public Input? UnQuarantine { get; set; } - /// - /// The URL, address or region of the registry - /// [Input("url")] public Input? Url { get; set; } diff --git a/sdk/dotnet/Inputs/KubernetesAssurancePolicyKubernetesControlArgs.cs b/sdk/dotnet/Inputs/KubernetesAssurancePolicyKubernetesControlArgs.cs new file mode 100644 index 00000000..bbb44b52 --- /dev/null +++ b/sdk/dotnet/Inputs/KubernetesAssurancePolicyKubernetesControlArgs.cs @@ -0,0 +1,69 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class KubernetesAssurancePolicyKubernetesControlArgs : global::Pulumi.ResourceArgs + { + /// + /// AVD ID. + /// + [Input("avdId")] + public Input? AvdId { get; set; } + + /// + /// Description of the control. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Is the control enabled? + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Kind of the control. + /// + [Input("kind")] + public Input? Kind { get; set; } + + /// + /// Name of the control. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Out-of-the-box status of the control. + /// + [Input("ootb")] + public Input? Ootb { get; set; } + + /// + /// Script ID. + /// + [Input("scriptId")] + public Input? ScriptId { get; set; } + + /// + /// Severity of the control. + /// + [Input("severity")] + public Input? Severity { get; set; } + + public KubernetesAssurancePolicyKubernetesControlArgs() + { + } + public static new KubernetesAssurancePolicyKubernetesControlArgs Empty => new KubernetesAssurancePolicyKubernetesControlArgs(); + } +} diff --git a/sdk/dotnet/Inputs/KubernetesAssurancePolicyKubernetesControlGetArgs.cs b/sdk/dotnet/Inputs/KubernetesAssurancePolicyKubernetesControlGetArgs.cs new file mode 100644 index 00000000..3e58238d --- /dev/null +++ b/sdk/dotnet/Inputs/KubernetesAssurancePolicyKubernetesControlGetArgs.cs @@ -0,0 +1,69 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class KubernetesAssurancePolicyKubernetesControlGetArgs : global::Pulumi.ResourceArgs + { + /// + /// AVD ID. + /// + [Input("avdId")] + public Input? AvdId { get; set; } + + /// + /// Description of the control. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Is the control enabled? + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Kind of the control. + /// + [Input("kind")] + public Input? Kind { get; set; } + + /// + /// Name of the control. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Out-of-the-box status of the control. + /// + [Input("ootb")] + public Input? Ootb { get; set; } + + /// + /// Script ID. + /// + [Input("scriptId")] + public Input? ScriptId { get; set; } + + /// + /// Severity of the control. + /// + [Input("severity")] + public Input? Severity { get; set; } + + public KubernetesAssurancePolicyKubernetesControlGetArgs() + { + } + public static new KubernetesAssurancePolicyKubernetesControlGetArgs Empty => new KubernetesAssurancePolicyKubernetesControlGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/KubernetesAssurancePolicyPolicySettingsArgs.cs b/sdk/dotnet/Inputs/KubernetesAssurancePolicyPolicySettingsArgs.cs new file mode 100644 index 00000000..de8a749d --- /dev/null +++ b/sdk/dotnet/Inputs/KubernetesAssurancePolicyPolicySettingsArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class KubernetesAssurancePolicyPolicySettingsArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public KubernetesAssurancePolicyPolicySettingsArgs() + { + } + public static new KubernetesAssurancePolicyPolicySettingsArgs Empty => new KubernetesAssurancePolicyPolicySettingsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/KubernetesAssurancePolicyPolicySettingsGetArgs.cs b/sdk/dotnet/Inputs/KubernetesAssurancePolicyPolicySettingsGetArgs.cs new file mode 100644 index 00000000..5d0b38fa --- /dev/null +++ b/sdk/dotnet/Inputs/KubernetesAssurancePolicyPolicySettingsGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class KubernetesAssurancePolicyPolicySettingsGetArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public KubernetesAssurancePolicyPolicySettingsGetArgs() + { + } + public static new KubernetesAssurancePolicyPolicySettingsGetArgs Empty => new KubernetesAssurancePolicyPolicySettingsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/RoleMappingLdapArgs.cs b/sdk/dotnet/Inputs/RoleMappingLdapArgs.cs index ccf3a636..04f83f3f 100644 --- a/sdk/dotnet/Inputs/RoleMappingLdapArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingLdapArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingLdapArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingLdapGetArgs.cs b/sdk/dotnet/Inputs/RoleMappingLdapGetArgs.cs index da7782cc..d6365bfc 100644 --- a/sdk/dotnet/Inputs/RoleMappingLdapGetArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingLdapGetArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingLdapGetArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingOauth2Args.cs b/sdk/dotnet/Inputs/RoleMappingOauth2Args.cs index 038e4c67..d6142405 100644 --- a/sdk/dotnet/Inputs/RoleMappingOauth2Args.cs +++ b/sdk/dotnet/Inputs/RoleMappingOauth2Args.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingOauth2Args : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingOauth2GetArgs.cs b/sdk/dotnet/Inputs/RoleMappingOauth2GetArgs.cs index 663c26af..64255ea5 100644 --- a/sdk/dotnet/Inputs/RoleMappingOauth2GetArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingOauth2GetArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingOauth2GetArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingOpenidArgs.cs b/sdk/dotnet/Inputs/RoleMappingOpenidArgs.cs index d4ee94cf..3b312bcc 100644 --- a/sdk/dotnet/Inputs/RoleMappingOpenidArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingOpenidArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingOpenidArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingOpenidGetArgs.cs b/sdk/dotnet/Inputs/RoleMappingOpenidGetArgs.cs index 64232ff8..b0271751 100644 --- a/sdk/dotnet/Inputs/RoleMappingOpenidGetArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingOpenidGetArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingOpenidGetArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingSamlArgs.cs b/sdk/dotnet/Inputs/RoleMappingSamlArgs.cs index 306e90a3..5d41ecf7 100644 --- a/sdk/dotnet/Inputs/RoleMappingSamlArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingSamlArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingSamlArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/RoleMappingSamlGetArgs.cs b/sdk/dotnet/Inputs/RoleMappingSamlGetArgs.cs index 798581fe..3583ff86 100644 --- a/sdk/dotnet/Inputs/RoleMappingSamlGetArgs.cs +++ b/sdk/dotnet/Inputs/RoleMappingSamlGetArgs.cs @@ -17,7 +17,7 @@ public sealed class RoleMappingSamlGetArgs : global::Pulumi.ResourceArgs private InputMap? _roleMapping; /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public InputMap RoleMapping { diff --git a/sdk/dotnet/Inputs/UserSaasLoginArgs.cs b/sdk/dotnet/Inputs/UserSaasLoginArgs.cs index 492afc28..da67ddea 100644 --- a/sdk/dotnet/Inputs/UserSaasLoginArgs.cs +++ b/sdk/dotnet/Inputs/UserSaasLoginArgs.cs @@ -16,9 +16,6 @@ public sealed class UserSaasLoginArgs : global::Pulumi.ResourceArgs [Input("created")] public Input? Created { get; set; } - /// - /// The ID of this resource. - /// [Input("id")] public Input? Id { get; set; } diff --git a/sdk/dotnet/Inputs/UserSaasLoginGetArgs.cs b/sdk/dotnet/Inputs/UserSaasLoginGetArgs.cs index e07b38a7..f56cb9b7 100644 --- a/sdk/dotnet/Inputs/UserSaasLoginGetArgs.cs +++ b/sdk/dotnet/Inputs/UserSaasLoginGetArgs.cs @@ -16,9 +16,6 @@ public sealed class UserSaasLoginGetArgs : global::Pulumi.ResourceArgs [Input("created")] public Input? Created { get; set; } - /// - /// The ID of this resource. - /// [Input("id")] public Input? Id { get; set; } diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyAutoScanTimeArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyAutoScanTimeArgs.cs new file mode 100644 index 00000000..f667ce7c --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyAutoScanTimeArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyAutoScanTimeArgs : global::Pulumi.ResourceArgs + { + [Input("iteration")] + public Input? Iteration { get; set; } + + [Input("iterationType")] + public Input? IterationType { get; set; } + + [Input("time")] + public Input? Time { get; set; } + + [Input("weekDays")] + private InputList? _weekDays; + public InputList WeekDays + { + get => _weekDays ?? (_weekDays = new InputList()); + set => _weekDays = value; + } + + public VmwareAssurancePolicyAutoScanTimeArgs() + { + } + public static new VmwareAssurancePolicyAutoScanTimeArgs Empty => new VmwareAssurancePolicyAutoScanTimeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyAutoScanTimeGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyAutoScanTimeGetArgs.cs new file mode 100644 index 00000000..bc94d546 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyAutoScanTimeGetArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyAutoScanTimeGetArgs : global::Pulumi.ResourceArgs + { + [Input("iteration")] + public Input? Iteration { get; set; } + + [Input("iterationType")] + public Input? IterationType { get; set; } + + [Input("time")] + public Input? Time { get; set; } + + [Input("weekDays")] + private InputList? _weekDays; + public InputList WeekDays + { + get => _weekDays ?? (_weekDays = new InputList()); + set => _weekDays = value; + } + + public VmwareAssurancePolicyAutoScanTimeGetArgs() + { + } + public static new VmwareAssurancePolicyAutoScanTimeGetArgs Empty => new VmwareAssurancePolicyAutoScanTimeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyCustomCheckArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyCustomCheckArgs.cs new file mode 100644 index 00000000..7bf7a42f --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyCustomCheckArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyCustomCheckArgs : global::Pulumi.ResourceArgs + { + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("engine")] + public Input? Engine { get; set; } + + [Input("lastModified")] + public Input? LastModified { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("path")] + public Input? Path { get; set; } + + [Input("readOnly")] + public Input? ReadOnly { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + [Input("snippet")] + public Input? Snippet { get; set; } + + public VmwareAssurancePolicyCustomCheckArgs() + { + } + public static new VmwareAssurancePolicyCustomCheckArgs Empty => new VmwareAssurancePolicyCustomCheckArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyCustomCheckGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyCustomCheckGetArgs.cs new file mode 100644 index 00000000..bda10c4a --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyCustomCheckGetArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyCustomCheckGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("engine")] + public Input? Engine { get; set; } + + [Input("lastModified")] + public Input? LastModified { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("path")] + public Input? Path { get; set; } + + [Input("readOnly")] + public Input? ReadOnly { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + [Input("snippet")] + public Input? Snippet { get; set; } + + public VmwareAssurancePolicyCustomCheckGetArgs() + { + } + public static new VmwareAssurancePolicyCustomCheckGetArgs Empty => new VmwareAssurancePolicyCustomCheckGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyForbiddenLabelArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyForbiddenLabelArgs.cs new file mode 100644 index 00000000..41b4c296 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyForbiddenLabelArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyForbiddenLabelArgs : global::Pulumi.ResourceArgs + { + [Input("key")] + public Input? Key { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public VmwareAssurancePolicyForbiddenLabelArgs() + { + } + public static new VmwareAssurancePolicyForbiddenLabelArgs Empty => new VmwareAssurancePolicyForbiddenLabelArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyForbiddenLabelGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyForbiddenLabelGetArgs.cs new file mode 100644 index 00000000..17f79e8d --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyForbiddenLabelGetArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyForbiddenLabelGetArgs : global::Pulumi.ResourceArgs + { + [Input("key")] + public Input? Key { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public VmwareAssurancePolicyForbiddenLabelGetArgs() + { + } + public static new VmwareAssurancePolicyForbiddenLabelGetArgs Empty => new VmwareAssurancePolicyForbiddenLabelGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyKubernetesControlArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyKubernetesControlArgs.cs new file mode 100644 index 00000000..abe47ee8 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyKubernetesControlArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyKubernetesControlArgs : global::Pulumi.ResourceArgs + { + [Input("avdId")] + public Input? AvdId { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("kind")] + public Input? Kind { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("ootb")] + public Input? Ootb { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + public VmwareAssurancePolicyKubernetesControlArgs() + { + } + public static new VmwareAssurancePolicyKubernetesControlArgs Empty => new VmwareAssurancePolicyKubernetesControlArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyKubernetesControlGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyKubernetesControlGetArgs.cs new file mode 100644 index 00000000..133acedd --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyKubernetesControlGetArgs.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyKubernetesControlGetArgs : global::Pulumi.ResourceArgs + { + [Input("avdId")] + public Input? AvdId { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("kind")] + public Input? Kind { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("ootb")] + public Input? Ootb { get; set; } + + [Input("scriptId")] + public Input? ScriptId { get; set; } + + [Input("severity")] + public Input? Severity { get; set; } + + public VmwareAssurancePolicyKubernetesControlGetArgs() + { + } + public static new VmwareAssurancePolicyKubernetesControlGetArgs Empty => new VmwareAssurancePolicyKubernetesControlGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesBlackListArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesBlackListArgs.cs new file mode 100644 index 00000000..ae4f3702 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesBlackListArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyPackagesBlackListArgs : global::Pulumi.ResourceArgs + { + [Input("arch")] + public Input? Arch { get; set; } + + [Input("display")] + public Input? Display { get; set; } + + [Input("epoch")] + public Input? Epoch { get; set; } + + [Input("format")] + public Input? Format { get; set; } + + [Input("license")] + public Input? License { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("release")] + public Input? Release { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("versionRange")] + public Input? VersionRange { get; set; } + + public VmwareAssurancePolicyPackagesBlackListArgs() + { + } + public static new VmwareAssurancePolicyPackagesBlackListArgs Empty => new VmwareAssurancePolicyPackagesBlackListArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesBlackListGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesBlackListGetArgs.cs new file mode 100644 index 00000000..8d2d47bb --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesBlackListGetArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyPackagesBlackListGetArgs : global::Pulumi.ResourceArgs + { + [Input("arch")] + public Input? Arch { get; set; } + + [Input("display")] + public Input? Display { get; set; } + + [Input("epoch")] + public Input? Epoch { get; set; } + + [Input("format")] + public Input? Format { get; set; } + + [Input("license")] + public Input? License { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("release")] + public Input? Release { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("versionRange")] + public Input? VersionRange { get; set; } + + public VmwareAssurancePolicyPackagesBlackListGetArgs() + { + } + public static new VmwareAssurancePolicyPackagesBlackListGetArgs Empty => new VmwareAssurancePolicyPackagesBlackListGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesWhiteListArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesWhiteListArgs.cs new file mode 100644 index 00000000..0dd602a7 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesWhiteListArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyPackagesWhiteListArgs : global::Pulumi.ResourceArgs + { + [Input("arch")] + public Input? Arch { get; set; } + + [Input("display")] + public Input? Display { get; set; } + + [Input("epoch")] + public Input? Epoch { get; set; } + + [Input("format")] + public Input? Format { get; set; } + + [Input("license")] + public Input? License { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("release")] + public Input? Release { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("versionRange")] + public Input? VersionRange { get; set; } + + public VmwareAssurancePolicyPackagesWhiteListArgs() + { + } + public static new VmwareAssurancePolicyPackagesWhiteListArgs Empty => new VmwareAssurancePolicyPackagesWhiteListArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesWhiteListGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesWhiteListGetArgs.cs new file mode 100644 index 00000000..1510c02a --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyPackagesWhiteListGetArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyPackagesWhiteListGetArgs : global::Pulumi.ResourceArgs + { + [Input("arch")] + public Input? Arch { get; set; } + + [Input("display")] + public Input? Display { get; set; } + + [Input("epoch")] + public Input? Epoch { get; set; } + + [Input("format")] + public Input? Format { get; set; } + + [Input("license")] + public Input? License { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("release")] + public Input? Release { get; set; } + + [Input("version")] + public Input? Version { get; set; } + + [Input("versionRange")] + public Input? VersionRange { get; set; } + + public VmwareAssurancePolicyPackagesWhiteListGetArgs() + { + } + public static new VmwareAssurancePolicyPackagesWhiteListGetArgs Empty => new VmwareAssurancePolicyPackagesWhiteListGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyPolicySettingsArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyPolicySettingsArgs.cs new file mode 100644 index 00000000..a21f86bd --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyPolicySettingsArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyPolicySettingsArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public VmwareAssurancePolicyPolicySettingsArgs() + { + } + public static new VmwareAssurancePolicyPolicySettingsArgs Empty => new VmwareAssurancePolicyPolicySettingsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyPolicySettingsGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyPolicySettingsGetArgs.cs new file mode 100644 index 00000000..95725219 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyPolicySettingsGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyPolicySettingsGetArgs : global::Pulumi.ResourceArgs + { + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("isAuditChecked")] + public Input? IsAuditChecked { get; set; } + + [Input("warn")] + public Input? Warn { get; set; } + + [Input("warningMessage")] + public Input? WarningMessage { get; set; } + + public VmwareAssurancePolicyPolicySettingsGetArgs() + { + } + public static new VmwareAssurancePolicyPolicySettingsGetArgs Empty => new VmwareAssurancePolicyPolicySettingsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyRequiredLabelArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyRequiredLabelArgs.cs new file mode 100644 index 00000000..447135a7 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyRequiredLabelArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyRequiredLabelArgs : global::Pulumi.ResourceArgs + { + [Input("key")] + public Input? Key { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public VmwareAssurancePolicyRequiredLabelArgs() + { + } + public static new VmwareAssurancePolicyRequiredLabelArgs Empty => new VmwareAssurancePolicyRequiredLabelArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyRequiredLabelGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyRequiredLabelGetArgs.cs new file mode 100644 index 00000000..88f73fa3 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyRequiredLabelGetArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyRequiredLabelGetArgs : global::Pulumi.ResourceArgs + { + [Input("key")] + public Input? Key { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public VmwareAssurancePolicyRequiredLabelGetArgs() + { + } + public static new VmwareAssurancePolicyRequiredLabelGetArgs Empty => new VmwareAssurancePolicyRequiredLabelGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeArgs.cs new file mode 100644 index 00000000..30595417 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyScopeArgs : global::Pulumi.ResourceArgs + { + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public VmwareAssurancePolicyScopeArgs() + { + } + public static new VmwareAssurancePolicyScopeArgs Empty => new VmwareAssurancePolicyScopeArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeGetArgs.cs new file mode 100644 index 00000000..3a1744d6 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyScopeGetArgs : global::Pulumi.ResourceArgs + { + [Input("expression")] + public Input? Expression { get; set; } + + [Input("variables")] + private InputList? _variables; + public InputList Variables + { + get => _variables ?? (_variables = new InputList()); + set => _variables = value; + } + + public VmwareAssurancePolicyScopeGetArgs() + { + } + public static new VmwareAssurancePolicyScopeGetArgs Empty => new VmwareAssurancePolicyScopeGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeVariableArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeVariableArgs.cs new file mode 100644 index 00000000..54b9100a --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeVariableArgs.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyScopeVariableArgs : global::Pulumi.ResourceArgs + { + [Input("attribute")] + public Input? Attribute { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public VmwareAssurancePolicyScopeVariableArgs() + { + } + public static new VmwareAssurancePolicyScopeVariableArgs Empty => new VmwareAssurancePolicyScopeVariableArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeVariableGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeVariableGetArgs.cs new file mode 100644 index 00000000..f610fc44 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyScopeVariableGetArgs.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyScopeVariableGetArgs : global::Pulumi.ResourceArgs + { + [Input("attribute")] + public Input? Attribute { get; set; } + + [Input("name")] + public Input? Name { get; set; } + + [Input("value")] + public Input? Value { get; set; } + + public VmwareAssurancePolicyScopeVariableGetArgs() + { + } + public static new VmwareAssurancePolicyScopeVariableGetArgs Empty => new VmwareAssurancePolicyScopeVariableGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyTrustedBaseImageArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyTrustedBaseImageArgs.cs new file mode 100644 index 00000000..58f5d3d3 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyTrustedBaseImageArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyTrustedBaseImageArgs : global::Pulumi.ResourceArgs + { + [Input("imagename")] + public Input? Imagename { get; set; } + + [Input("registry")] + public Input? Registry { get; set; } + + public VmwareAssurancePolicyTrustedBaseImageArgs() + { + } + public static new VmwareAssurancePolicyTrustedBaseImageArgs Empty => new VmwareAssurancePolicyTrustedBaseImageArgs(); + } +} diff --git a/sdk/dotnet/Inputs/VmwareAssurancePolicyTrustedBaseImageGetArgs.cs b/sdk/dotnet/Inputs/VmwareAssurancePolicyTrustedBaseImageGetArgs.cs new file mode 100644 index 00000000..aa55ff02 --- /dev/null +++ b/sdk/dotnet/Inputs/VmwareAssurancePolicyTrustedBaseImageGetArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Inputs +{ + + public sealed class VmwareAssurancePolicyTrustedBaseImageGetArgs : global::Pulumi.ResourceArgs + { + [Input("imagename")] + public Input? Imagename { get; set; } + + [Input("registry")] + public Input? Registry { get; set; } + + public VmwareAssurancePolicyTrustedBaseImageGetArgs() + { + } + public static new VmwareAssurancePolicyTrustedBaseImageGetArgs Empty => new VmwareAssurancePolicyTrustedBaseImageGetArgs(); + } +} diff --git a/sdk/dotnet/IntegrationRegistry.cs b/sdk/dotnet/IntegrationRegistry.cs index 386a6b97..7e1e6421 100644 --- a/sdk/dotnet/IntegrationRegistry.cs +++ b/sdk/dotnet/IntegrationRegistry.cs @@ -56,6 +56,7 @@ namespace Pulumiverse.Aquasec /// Value = "nginx:latest", /// }, /// }, + /// Password = "", /// Prefixes = new[] /// { /// "111111111111.dkr.ecr.us-east-1.amazonaws.com", @@ -72,12 +73,8 @@ namespace Pulumiverse.Aquasec /// ":xyz", /// ":onlytest", /// }, - /// ScannerNames = new[] - /// { - /// "aqua-scanner-645f867c4f-4sbtj", - /// "aqua-scanner-645f867c4f-8pkdd", - /// }, - /// ScannerType = "specific", + /// ScannerNames = new[] {}, + /// ScannerType = "any", /// Type = "AWS", /// Url = "us-east-1", /// Username = "", @@ -235,7 +232,7 @@ public partial class IntegrationRegistry : global::Pulumi.CustomResource public Output ScannerType { get; private set; } = null!; /// - /// Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + /// Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). /// [Output("type")] public Output Type { get; private set; } = null!; @@ -476,7 +473,7 @@ public InputList ScannerNames public Input? ScannerType { get; set; } /// - /// Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + /// Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). /// [Input("type", required: true)] public Input Type { get; set; } = null!; @@ -684,7 +681,7 @@ public InputList ScannerNames public Input? ScannerType { get; set; } /// - /// Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + /// Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). /// [Input("type")] public Input? Type { get; set; } diff --git a/sdk/dotnet/KubernetesAssurancePolicy.cs b/sdk/dotnet/KubernetesAssurancePolicy.cs index 8c56e792..4d4e7524 100644 --- a/sdk/dotnet/KubernetesAssurancePolicy.cs +++ b/sdk/dotnet/KubernetesAssurancePolicy.cs @@ -10,9 +10,18 @@ namespace Pulumiverse.Aquasec { + /// + /// Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. + /// [AquasecResourceType("aquasec:index/kubernetesAssurancePolicy:KubernetesAssurancePolicy")] public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource { + /// + /// Aggregated vulnerability information. + /// + [Output("aggregatedVulnerability")] + public Output?> AggregatedVulnerability { get; private set; } = null!; + /// /// List of explicitly allowed images. /// @@ -22,6 +31,12 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("applicationScopes")] public Output> ApplicationScopes { get; private set; } = null!; + /// + /// What type of assurance policy is described. + /// + [Output("assuranceType")] + public Output AssuranceType { get; private set; } = null!; + /// /// Indicates if auditing for failures. /// @@ -62,7 +77,7 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource public Output> BlacklistedLicenses { get; private set; } = null!; /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Output("blacklistedLicensesEnabled")] public Output BlacklistedLicensesEnabled { get; private set; } = null!; @@ -88,23 +103,26 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("customChecksEnabled")] public Output CustomChecksEnabled { get; private set; } = null!; + [Output("customSeverity")] + public Output CustomSeverity { get; private set; } = null!; + [Output("customSeverityEnabled")] public Output CustomSeverityEnabled { get; private set; } = null!; /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Output("cvesBlackListEnabled")] public Output CvesBlackListEnabled { get; private set; } = null!; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// [Output("cvesBlackLists")] public Output> CvesBlackLists { get; private set; } = null!; /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Output("cvesWhiteListEnabled")] public Output CvesWhiteListEnabled { get; private set; } = null!; @@ -136,12 +154,18 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; + [Output("disallowExploitTypes")] + public Output> DisallowExploitTypes { get; private set; } = null!; + /// /// Indicates if malware should block the image. /// [Output("disallowMalware")] public Output DisallowMalware { get; private set; } = null!; + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Output("dockerCisEnabled")] public Output DockerCisEnabled { get; private set; } = null!; @@ -160,6 +184,9 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("dtaSeverity")] public Output DtaSeverity { get; private set; } = null!; + /// + /// Is the control enabled? + /// [Output("enabled")] public Output Enabled { get; private set; } = null!; @@ -175,6 +202,15 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("exceptionalMonitoredMalwarePaths")] public Output> ExceptionalMonitoredMalwarePaths { get; private set; } = null!; + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + + /// + /// Indicates if cicd failures will fail the image. + /// + [Output("failCicd")] + public Output FailCicd { get; private set; } = null!; + [Output("forbiddenLabels")] public Output> ForbiddenLabels { get; private set; } = null!; @@ -187,6 +223,9 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("functionIntegrityEnabled")] public Output FunctionIntegrityEnabled { get; private set; } = null!; + [Output("ignoreBaseImageVln")] + public Output IgnoreBaseImageVln { get; private set; } = null!; + [Output("ignoreRecentlyPublishedVln")] public Output IgnoreRecentlyPublishedVln { get; private set; } = null!; @@ -205,15 +244,30 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("ignoredRiskResources")] public Output> IgnoredRiskResources { get; private set; } = null!; + [Output("ignoredSensitiveResources")] + public Output> IgnoredSensitiveResources { get; private set; } = null!; + /// /// List of images. /// [Output("images")] public Output> Images { get; private set; } = null!; + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Output("kubeCisEnabled")] public Output KubeCisEnabled { get; private set; } = null!; + /// + /// List of Kubernetes controls. + /// + [Output("kubernetesControls")] + public Output> KubernetesControls { get; private set; } = null!; + + [Output("kubernetesControlsAvdIds")] + public Output> KubernetesControlsAvdIds { get; private set; } = null!; + /// /// List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' /// @@ -226,6 +280,12 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("labels")] public Output> Labels { get; private set; } = null!; + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + [Output("linuxCisEnabled")] + public Output LinuxCisEnabled { get; private set; } = null!; + [Output("malwareAction")] public Output MalwareAction { get; private set; } = null!; @@ -259,6 +319,9 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("onlyNoneRootUsers")] public Output OnlyNoneRootUsers { get; private set; } = null!; + [Output("openshiftHardeningEnabled")] + public Output OpenshiftHardeningEnabled { get; private set; } = null!; + /// /// Indicates if packages blacklist is relevant. /// @@ -266,7 +329,7 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource public Output PackagesBlackListEnabled { get; private set; } = null!; /// - /// List of backlisted images. + /// List of blacklisted images. /// [Output("packagesBlackLists")] public Output> PackagesBlackLists { get; private set; } = null!; @@ -286,6 +349,12 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("partialResultsImageFail")] public Output PartialResultsImageFail { get; private set; } = null!; + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("policySettings")] + public Output PolicySettings { get; private set; } = null!; + [Output("readOnly")] public Output ReadOnly { get; private set; } = null!; @@ -304,15 +373,24 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("requiredLabelsEnabled")] public Output RequiredLabelsEnabled { get; private set; } = null!; + [Output("scanMalwareInArchives")] + public Output ScanMalwareInArchives { get; private set; } = null!; + [Output("scanNfsMounts")] public Output ScanNfsMounts { get; private set; } = null!; + [Output("scanProcessMemory")] + public Output ScanProcessMemory { get; private set; } = null!; + /// /// Indicates if scan should include sensitive data in the image. /// [Output("scanSensitiveData")] public Output ScanSensitiveData { get; private set; } = null!; + [Output("scanWindowsRegistry")] + public Output ScanWindowsRegistry { get; private set; } = null!; + /// /// Indicates if scanning should include scap. /// @@ -340,6 +418,12 @@ public partial class KubernetesAssurancePolicy : global::Pulumi.CustomResource [Output("trustedBaseImagesEnabled")] public Output TrustedBaseImagesEnabled { get; private set; } = null!; + [Output("vulnerabilityExploitability")] + public Output VulnerabilityExploitability { get; private set; } = null!; + + [Output("vulnerabilityScoreRanges")] + public Output> VulnerabilityScoreRanges { get; private set; } = null!; + /// /// List of whitelisted licenses. /// @@ -399,6 +483,18 @@ public static KubernetesAssurancePolicy Get(string name, Input id, Kuber public sealed class KubernetesAssurancePolicyArgs : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -419,12 +515,24 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// [Input("auditOnFailure")] public Input? AuditOnFailure { get; set; } + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + [Input("autoScanConfigured")] public Input? AutoScanConfigured { get; set; } @@ -470,7 +578,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -502,11 +610,14 @@ public InputList CustomChecks [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -515,7 +626,7 @@ public InputList CustomChecks private InputList? _cvesBlackLists; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public InputList CvesBlackLists { @@ -524,7 +635,7 @@ public InputList CvesBlackLists } /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Input("cvesWhiteListEnabled")] public Input? CvesWhiteListEnabled { get; set; } @@ -562,12 +673,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -586,6 +708,9 @@ public InputList CvesWhiteLists [Input("dtaSeverity")] public Input? DtaSeverity { get; set; } + /// + /// Is the control enabled? + /// [Input("enabled")] public Input? Enabled { get; set; } @@ -606,6 +731,20 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + /// + /// Indicates if cicd failures will fail the image. + /// + [Input("failCicd")] + public Input? FailCicd { get; set; } + [Input("forbiddenLabels")] private InputList? _forbiddenLabels; public InputList ForbiddenLabels @@ -623,9 +762,15 @@ public InputList ForbiddenLa [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } + [Input("ignoreRecentlyPublishedVlnPeriod")] + public Input? IgnoreRecentlyPublishedVlnPeriod { get; set; } + /// /// Indicates if risk resources are ignored. /// @@ -644,6 +789,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -656,9 +809,32 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + + /// + /// List of Kubernetes controls. + /// + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + [Input("kubernetesControlsNames")] private InputList? _kubernetesControlsNames; @@ -683,6 +859,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -721,6 +903,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -731,7 +916,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -760,6 +945,12 @@ public InputList Packages [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -789,15 +980,24 @@ public InputList RequiredLabe [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -842,6 +1042,17 @@ public InputList TrustedBa [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; @@ -868,6 +1079,18 @@ public KubernetesAssurancePolicyArgs() public sealed class KubernetesAssurancePolicyState : global::Pulumi.ResourceArgs { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + [Input("allowedImages")] private InputList? _allowedImages; @@ -888,6 +1111,12 @@ public InputList ApplicationScopes set => _applicationScopes = value; } + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + /// /// Indicates if auditing for failures. /// @@ -945,7 +1174,7 @@ public InputList BlacklistedLicenses } /// - /// Lndicates if license blacklist is relevant. + /// Indicates if license blacklist is relevant. /// [Input("blacklistedLicensesEnabled")] public Input? BlacklistedLicensesEnabled { get; set; } @@ -977,11 +1206,14 @@ public InputList CustomCheck [Input("customChecksEnabled")] public Input? CustomChecksEnabled { get; set; } + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + [Input("customSeverityEnabled")] public Input? CustomSeverityEnabled { get; set; } /// - /// Indicates if cves blacklist is relevant. + /// Indicates if CVEs blacklist is relevant. /// [Input("cvesBlackListEnabled")] public Input? CvesBlackListEnabled { get; set; } @@ -990,7 +1222,7 @@ public InputList CustomCheck private InputList? _cvesBlackLists; /// - /// List of cves blacklisted items. + /// List of CVEs blacklisted items. /// public InputList CvesBlackLists { @@ -999,7 +1231,7 @@ public InputList CvesBlackLists } /// - /// Indicates if cves whitelist is relevant. + /// Indicates if CVEs whitelist is relevant. /// [Input("cvesWhiteListEnabled")] public Input? CvesWhiteListEnabled { get; set; } @@ -1037,12 +1269,23 @@ public InputList CvesWhiteLists [Input("description")] public Input? Description { get; set; } + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + /// /// Indicates if malware should block the image. /// [Input("disallowMalware")] public Input? DisallowMalware { get; set; } + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// [Input("dockerCisEnabled")] public Input? DockerCisEnabled { get; set; } @@ -1061,6 +1304,9 @@ public InputList CvesWhiteLists [Input("dtaSeverity")] public Input? DtaSeverity { get; set; } + /// + /// Is the control enabled? + /// [Input("enabled")] public Input? Enabled { get; set; } @@ -1081,6 +1327,20 @@ public InputList ExceptionalMonitoredMalwarePaths set => _exceptionalMonitoredMalwarePaths = value; } + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + /// + /// Indicates if cicd failures will fail the image. + /// + [Input("failCicd")] + public Input? FailCicd { get; set; } + [Input("forbiddenLabels")] private InputList? _forbiddenLabels; public InputList ForbiddenLabels @@ -1098,6 +1358,9 @@ public InputList Forbidde [Input("functionIntegrityEnabled")] public Input? FunctionIntegrityEnabled { get; set; } + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + [Input("ignoreRecentlyPublishedVln")] public Input? IgnoreRecentlyPublishedVln { get; set; } @@ -1122,6 +1385,14 @@ public InputList IgnoredRiskResources set => _ignoredRiskResources = value; } + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + [Input("images")] private InputList? _images; @@ -1134,9 +1405,32 @@ public InputList Images set => _images = value; } + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// [Input("kubeCisEnabled")] public Input? KubeCisEnabled { get; set; } + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + + /// + /// List of Kubernetes controls. + /// + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + [Input("kubernetesControlsNames")] private InputList? _kubernetesControlsNames; @@ -1161,6 +1455,12 @@ public InputList Labels set => _labels = value; } + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + [Input("malwareAction")] public Input? MalwareAction { get; set; } @@ -1199,6 +1499,9 @@ public InputList MonitoredMalwarePaths [Input("onlyNoneRootUsers")] public Input? OnlyNoneRootUsers { get; set; } + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + /// /// Indicates if packages blacklist is relevant. /// @@ -1209,7 +1512,7 @@ public InputList MonitoredMalwarePaths private InputList? _packagesBlackLists; /// - /// List of backlisted images. + /// List of blacklisted images. /// public InputList PackagesBlackLists { @@ -1238,6 +1541,12 @@ public InputList Packa [Input("partialResultsImageFail")] public Input? PartialResultsImageFail { get; set; } + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + [Input("readOnly")] public Input? ReadOnly { get; set; } @@ -1267,15 +1576,24 @@ public InputList RequiredL [Input("requiredLabelsEnabled")] public Input? RequiredLabelsEnabled { get; set; } + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + [Input("scanNfsMounts")] public Input? ScanNfsMounts { get; set; } + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + /// /// Indicates if scan should include sensitive data in the image. /// [Input("scanSensitiveData")] public Input? ScanSensitiveData { get; set; } + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + /// /// Indicates if scanning should include scap. /// @@ -1320,6 +1638,17 @@ public InputList Truste [Input("trustedBaseImagesEnabled")] public Input? TrustedBaseImagesEnabled { get; set; } + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + [Input("whitelistedLicenses")] private InputList? _whitelistedLicenses; diff --git a/sdk/dotnet/Outputs/ApplicationScopeCategoryArtifact.cs b/sdk/dotnet/Outputs/ApplicationScopeCategoryArtifact.cs index 9a272ed7..3d97925c 100644 --- a/sdk/dotnet/Outputs/ApplicationScopeCategoryArtifact.cs +++ b/sdk/dotnet/Outputs/ApplicationScopeCategoryArtifact.cs @@ -15,7 +15,13 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class ApplicationScopeCategoryArtifact { public readonly ImmutableArray Cfs; + /// + /// Function name + /// public readonly ImmutableArray Functions; + /// + /// Name of a registry as defined in Aqua + /// public readonly ImmutableArray Images; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyAllowedExecutable.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyAllowedExecutable.cs new file mode 100644 index 00000000..2c73cf22 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyAllowedExecutable.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyAllowedExecutable + { + /// + /// List of allowed executables. + /// + public readonly ImmutableArray AllowExecutables; + /// + /// List of allowed root executables. + /// + public readonly ImmutableArray AllowRootExecutables; + /// + /// Whether allowed executables configuration is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to treat executables separately. + /// + public readonly bool? SeparateExecutables; + + [OutputConstructor] + private ContainerRuntimePolicyAllowedExecutable( + ImmutableArray allowExecutables, + + ImmutableArray allowRootExecutables, + + bool? enabled, + + bool? separateExecutables) + { + AllowExecutables = allowExecutables; + AllowRootExecutables = allowRootExecutables; + Enabled = enabled; + SeparateExecutables = separateExecutables; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyAllowedRegistry.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyAllowedRegistry.cs new file mode 100644 index 00000000..51377f0e --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyAllowedRegistry.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyAllowedRegistry + { + /// + /// List of allowed registries. + /// + public readonly ImmutableArray AllowedRegistries; + /// + /// Whether allowed registries are enabled. + /// + public readonly bool? Enabled; + + [OutputConstructor] + private ContainerRuntimePolicyAllowedRegistry( + ImmutableArray allowedRegistries, + + bool? enabled) + { + AllowedRegistries = allowedRegistries; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyAuditing.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyAuditing.cs new file mode 100644 index 00000000..d6720c88 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyAuditing.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyAuditing + { + public readonly bool? AuditAllNetwork; + public readonly bool? AuditAllProcesses; + public readonly bool? AuditFailedLogin; + public readonly bool? AuditOsUserActivity; + public readonly bool? AuditProcessCmdline; + public readonly bool? AuditSuccessLogin; + public readonly bool? AuditUserAccountManagement; + public readonly bool? Enabled; + + [OutputConstructor] + private ContainerRuntimePolicyAuditing( + bool? auditAllNetwork, + + bool? auditAllProcesses, + + bool? auditFailedLogin, + + bool? auditOsUserActivity, + + bool? auditProcessCmdline, + + bool? auditSuccessLogin, + + bool? auditUserAccountManagement, + + bool? enabled) + { + AuditAllNetwork = auditAllNetwork; + AuditAllProcesses = auditAllProcesses; + AuditFailedLogin = auditFailedLogin; + AuditOsUserActivity = auditOsUserActivity; + AuditProcessCmdline = auditProcessCmdline; + AuditSuccessLogin = auditSuccessLogin; + AuditUserAccountManagement = auditUserAccountManagement; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyBlacklistedOsUsers.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyBlacklistedOsUsers.cs new file mode 100644 index 00000000..936c3700 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyBlacklistedOsUsers.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyBlacklistedOsUsers + { + public readonly bool? Enabled; + public readonly ImmutableArray GroupBlackLists; + public readonly ImmutableArray UserBlackLists; + + [OutputConstructor] + private ContainerRuntimePolicyBlacklistedOsUsers( + bool? enabled, + + ImmutableArray groupBlackLists, + + ImmutableArray userBlackLists) + { + Enabled = enabled; + GroupBlackLists = groupBlackLists; + UserBlackLists = userBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScope.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScope.cs new file mode 100644 index 00000000..1ad5afbb --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyBypassScope + { + /// + /// Whether bypassing the scope is enabled. + /// + public readonly bool? Enabled; + /// + /// Scope configuration. + /// + public readonly ImmutableArray Scopes; + + [OutputConstructor] + private ContainerRuntimePolicyBypassScope( + bool? enabled, + + ImmutableArray scopes) + { + Enabled = enabled; + Scopes = scopes; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScopeScope.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScopeScope.cs new file mode 100644 index 00000000..ee3674b1 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScopeScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyBypassScopeScope + { + /// + /// Scope expression. + /// + public readonly string? Expression; + /// + /// List of variables in the scope. + /// + public readonly ImmutableArray Variables; + + [OutputConstructor] + private ContainerRuntimePolicyBypassScopeScope( + string? expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScopeScopeVariable.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScopeScopeVariable.cs new file mode 100644 index 00000000..22b25f10 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyBypassScopeScopeVariable.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyBypassScopeScopeVariable + { + /// + /// Variable attribute. + /// + public readonly string? Attribute; + /// + /// Variable value. + /// + public readonly string? Value; + + [OutputConstructor] + private ContainerRuntimePolicyBypassScopeScopeVariable( + string? attribute, + + string? value) + { + Attribute = attribute; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyContainerExec.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyContainerExec.cs new file mode 100644 index 00000000..6c052475 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyContainerExec.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyContainerExec + { + public readonly bool? BlockContainerExec; + public readonly ImmutableArray ContainerExecProcWhiteLists; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + + [OutputConstructor] + private ContainerRuntimePolicyContainerExec( + bool? blockContainerExec, + + ImmutableArray containerExecProcWhiteLists, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists) + { + BlockContainerExec = blockContainerExec; + ContainerExecProcWhiteLists = containerExecProcWhiteLists; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyDriftPrevention.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyDriftPrevention.cs new file mode 100644 index 00000000..244c3100 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyDriftPrevention.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyDriftPrevention + { + /// + /// Whether drift prevention is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to lockdown execution drift. + /// + public readonly bool? ExecLockdown; + /// + /// List of items in the execution lockdown white list. + /// + public readonly ImmutableArray ExecLockdownWhiteLists; + /// + /// Whether to lockdown image drift. + /// + public readonly bool? ImageLockdown; + + [OutputConstructor] + private ContainerRuntimePolicyDriftPrevention( + bool? enabled, + + bool? execLockdown, + + ImmutableArray execLockdownWhiteLists, + + bool? imageLockdown) + { + Enabled = enabled; + ExecLockdown = execLockdown; + ExecLockdownWhiteLists = execLockdownWhiteLists; + ImageLockdown = imageLockdown; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyExecutableBlacklist.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyExecutableBlacklist.cs new file mode 100644 index 00000000..cae928bd --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyExecutableBlacklist.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyExecutableBlacklist + { + /// + /// Whether the executable blacklist is enabled. + /// + public readonly bool? Enabled; + /// + /// List of blacklisted executables. + /// + public readonly ImmutableArray Executables; + + [OutputConstructor] + private ContainerRuntimePolicyExecutableBlacklist( + bool? enabled, + + ImmutableArray executables) + { + Enabled = enabled; + Executables = executables; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyFailedKubernetesChecks.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyFailedKubernetesChecks.cs new file mode 100644 index 00000000..ef2f5df1 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyFailedKubernetesChecks.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyFailedKubernetesChecks + { + public readonly bool? Enabled; + public readonly ImmutableArray FailedChecks; + + [OutputConstructor] + private ContainerRuntimePolicyFailedKubernetesChecks( + bool? enabled, + + ImmutableArray failedChecks) + { + Enabled = enabled; + FailedChecks = failedChecks; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyFileBlock.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyFileBlock.cs new file mode 100644 index 00000000..3829b66b --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyFileBlock.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyFileBlock + { + public readonly ImmutableArray BlockFilesProcesses; + public readonly ImmutableArray BlockFilesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockFiles; + public readonly ImmutableArray ExceptionalBlockFilesProcesses; + public readonly ImmutableArray ExceptionalBlockFilesUsers; + public readonly ImmutableArray FilenameBlockLists; + + [OutputConstructor] + private ContainerRuntimePolicyFileBlock( + ImmutableArray blockFilesProcesses, + + ImmutableArray blockFilesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockFiles, + + ImmutableArray exceptionalBlockFilesProcesses, + + ImmutableArray exceptionalBlockFilesUsers, + + ImmutableArray filenameBlockLists) + { + BlockFilesProcesses = blockFilesProcesses; + BlockFilesUsers = blockFilesUsers; + Enabled = enabled; + ExceptionalBlockFiles = exceptionalBlockFiles; + ExceptionalBlockFilesProcesses = exceptionalBlockFilesProcesses; + ExceptionalBlockFilesUsers = exceptionalBlockFilesUsers; + FilenameBlockLists = filenameBlockLists; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyFileIntegrityMonitoring.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyFileIntegrityMonitoring.cs index 7964997e..2590af0a 100644 --- a/sdk/dotnet/Outputs/ContainerRuntimePolicyFileIntegrityMonitoring.cs +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyFileIntegrityMonitoring.cs @@ -15,85 +15,92 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class ContainerRuntimePolicyFileIntegrityMonitoring { /// - /// List of paths to be excluded from being monitored. + /// If true, file integrity monitoring is enabled. /// - public readonly ImmutableArray ExcludedPaths; + public readonly bool? Enabled; /// - /// List of processes to be excluded from being monitored. + /// List of paths to be excluded from monitoring. /// - public readonly ImmutableArray ExcludedProcesses; + public readonly ImmutableArray ExceptionalMonitoredFiles; /// - /// List of users to be excluded from being monitored. + /// List of processes to be excluded from monitoring. /// - public readonly ImmutableArray ExcludedUsers; + public readonly ImmutableArray ExceptionalMonitoredFilesProcesses; /// - /// If true, add attributes operations will be monitored. + /// List of users to be excluded from monitoring. /// - public readonly bool? MonitorAttributes; + public readonly ImmutableArray ExceptionalMonitoredFilesUsers; /// - /// If true, create operations will be monitored. + /// List of paths to be monitored. /// - public readonly bool? MonitorCreate; + public readonly ImmutableArray MonitoredFiles; /// - /// If true, deletion operations will be monitored. + /// Whether to monitor file attribute operations. /// - public readonly bool? MonitorDelete; + public readonly bool? MonitoredFilesAttributes; /// - /// If true, modification operations will be monitored. + /// Whether to monitor file create operations. /// - public readonly bool? MonitorModify; + public readonly bool? MonitoredFilesCreate; /// - /// If true, read operations will be monitored. + /// Whether to monitor file delete operations. /// - public readonly bool? MonitorRead; + public readonly bool? MonitoredFilesDelete; /// - /// List of paths to be monitored. + /// Whether to monitor file modify operations. /// - public readonly ImmutableArray MonitoredPaths; + public readonly bool? MonitoredFilesModify; /// - /// List of processes to be monitored. + /// List of processes associated with monitored files. /// - public readonly ImmutableArray MonitoredProcesses; + public readonly ImmutableArray MonitoredFilesProcesses; /// - /// List of users to be monitored. + /// Whether to monitor file read operations. /// - public readonly ImmutableArray MonitoredUsers; + public readonly bool? MonitoredFilesRead; + /// + /// List of users associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesUsers; [OutputConstructor] private ContainerRuntimePolicyFileIntegrityMonitoring( - ImmutableArray excludedPaths, + bool? enabled, + + ImmutableArray exceptionalMonitoredFiles, - ImmutableArray excludedProcesses, + ImmutableArray exceptionalMonitoredFilesProcesses, - ImmutableArray excludedUsers, + ImmutableArray exceptionalMonitoredFilesUsers, - bool? monitorAttributes, + ImmutableArray monitoredFiles, - bool? monitorCreate, + bool? monitoredFilesAttributes, - bool? monitorDelete, + bool? monitoredFilesCreate, - bool? monitorModify, + bool? monitoredFilesDelete, - bool? monitorRead, + bool? monitoredFilesModify, - ImmutableArray monitoredPaths, + ImmutableArray monitoredFilesProcesses, - ImmutableArray monitoredProcesses, + bool? monitoredFilesRead, - ImmutableArray monitoredUsers) + ImmutableArray monitoredFilesUsers) { - ExcludedPaths = excludedPaths; - ExcludedProcesses = excludedProcesses; - ExcludedUsers = excludedUsers; - MonitorAttributes = monitorAttributes; - MonitorCreate = monitorCreate; - MonitorDelete = monitorDelete; - MonitorModify = monitorModify; - MonitorRead = monitorRead; - MonitoredPaths = monitoredPaths; - MonitoredProcesses = monitoredProcesses; - MonitoredUsers = monitoredUsers; + Enabled = enabled; + ExceptionalMonitoredFiles = exceptionalMonitoredFiles; + ExceptionalMonitoredFilesProcesses = exceptionalMonitoredFilesProcesses; + ExceptionalMonitoredFilesUsers = exceptionalMonitoredFilesUsers; + MonitoredFiles = monitoredFiles; + MonitoredFilesAttributes = monitoredFilesAttributes; + MonitoredFilesCreate = monitoredFilesCreate; + MonitoredFilesDelete = monitoredFilesDelete; + MonitoredFilesModify = monitoredFilesModify; + MonitoredFilesProcesses = monitoredFilesProcesses; + MonitoredFilesRead = monitoredFilesRead; + MonitoredFilesUsers = monitoredFilesUsers; } } } diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyLimitContainerPrivilege.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyLimitContainerPrivilege.cs new file mode 100644 index 00000000..ebdf8677 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyLimitContainerPrivilege.cs @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyLimitContainerPrivilege + { + /// + /// Whether to block adding capabilities. + /// + public readonly bool? BlockAddCapabilities; + /// + /// Whether container privilege limitations are enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to limit IPC-related capabilities. + /// + public readonly bool? Ipcmode; + /// + /// Whether to limit network-related capabilities. + /// + public readonly bool? Netmode; + /// + /// Whether to limit process-related capabilities. + /// + public readonly bool? Pidmode; + /// + /// Whether to prevent low port binding. + /// + public readonly bool? PreventLowPortBinding; + /// + /// Whether to prevent the use of the root user. + /// + public readonly bool? PreventRootUser; + /// + /// Whether the container is run in privileged mode. + /// + public readonly bool? Privileged; + /// + /// Whether to use the host user. + /// + public readonly bool? UseHostUser; + /// + /// Whether to limit user-related capabilities. + /// + public readonly bool? Usermode; + /// + /// Whether to limit UTS-related capabilities. + /// + public readonly bool? Utsmode; + + [OutputConstructor] + private ContainerRuntimePolicyLimitContainerPrivilege( + bool? blockAddCapabilities, + + bool? enabled, + + bool? ipcmode, + + bool? netmode, + + bool? pidmode, + + bool? preventLowPortBinding, + + bool? preventRootUser, + + bool? privileged, + + bool? useHostUser, + + bool? usermode, + + bool? utsmode) + { + BlockAddCapabilities = blockAddCapabilities; + Enabled = enabled; + Ipcmode = ipcmode; + Netmode = netmode; + Pidmode = pidmode; + PreventLowPortBinding = preventLowPortBinding; + PreventRootUser = preventRootUser; + Privileged = privileged; + UseHostUser = useHostUser; + Usermode = usermode; + Utsmode = utsmode; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyLinuxCapabilities.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyLinuxCapabilities.cs new file mode 100644 index 00000000..6babe67a --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyLinuxCapabilities.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyLinuxCapabilities + { + public readonly bool? Enabled; + public readonly ImmutableArray RemoveLinuxCapabilities; + + [OutputConstructor] + private ContainerRuntimePolicyLinuxCapabilities( + bool? enabled, + + ImmutableArray removeLinuxCapabilities) + { + Enabled = enabled; + RemoveLinuxCapabilities = removeLinuxCapabilities; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyMalwareScanOptions.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyMalwareScanOptions.cs index 6a3aae71..37be41ba 100644 --- a/sdk/dotnet/Outputs/ContainerRuntimePolicyMalwareScanOptions.cs +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyMalwareScanOptions.cs @@ -30,6 +30,10 @@ public sealed class ContainerRuntimePolicyMalwareScanOptions /// List of registry processes to be excluded from being protected. /// public readonly ImmutableArray ExcludeProcesses; + /// + /// List of registry paths to be excluded from being protected. + /// + public readonly ImmutableArray IncludeDirectories; [OutputConstructor] private ContainerRuntimePolicyMalwareScanOptions( @@ -39,12 +43,15 @@ private ContainerRuntimePolicyMalwareScanOptions( ImmutableArray excludeDirectories, - ImmutableArray excludeProcesses) + ImmutableArray excludeProcesses, + + ImmutableArray includeDirectories) { Action = action; Enabled = enabled; ExcludeDirectories = excludeDirectories; ExcludeProcesses = excludeProcesses; + IncludeDirectories = includeDirectories; } } } diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyPackageBlock.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyPackageBlock.cs new file mode 100644 index 00000000..1b3bd51b --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyPackageBlock.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyPackageBlock + { + public readonly ImmutableArray BlockPackagesProcesses; + public readonly ImmutableArray BlockPackagesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockPackagesFiles; + public readonly ImmutableArray ExceptionalBlockPackagesProcesses; + public readonly ImmutableArray ExceptionalBlockPackagesUsers; + public readonly ImmutableArray PackagesBlackLists; + + [OutputConstructor] + private ContainerRuntimePolicyPackageBlock( + ImmutableArray blockPackagesProcesses, + + ImmutableArray blockPackagesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockPackagesFiles, + + ImmutableArray exceptionalBlockPackagesProcesses, + + ImmutableArray exceptionalBlockPackagesUsers, + + ImmutableArray packagesBlackLists) + { + BlockPackagesProcesses = blockPackagesProcesses; + BlockPackagesUsers = blockPackagesUsers; + Enabled = enabled; + ExceptionalBlockPackagesFiles = exceptionalBlockPackagesFiles; + ExceptionalBlockPackagesProcesses = exceptionalBlockPackagesProcesses; + ExceptionalBlockPackagesUsers = exceptionalBlockPackagesUsers; + PackagesBlackLists = packagesBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyPortBlock.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyPortBlock.cs new file mode 100644 index 00000000..4f6aa3b4 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyPortBlock.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyPortBlock + { + public readonly ImmutableArray BlockInboundPorts; + public readonly ImmutableArray BlockOutboundPorts; + public readonly bool? Enabled; + + [OutputConstructor] + private ContainerRuntimePolicyPortBlock( + ImmutableArray blockInboundPorts, + + ImmutableArray blockOutboundPorts, + + bool? enabled) + { + BlockInboundPorts = blockInboundPorts; + BlockOutboundPorts = blockOutboundPorts; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyReadonlyFiles.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyReadonlyFiles.cs new file mode 100644 index 00000000..9e7064f7 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyReadonlyFiles.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyReadonlyFiles + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyFiles; + public readonly ImmutableArray ExceptionalReadonlyFilesProcesses; + public readonly ImmutableArray ExceptionalReadonlyFilesUsers; + public readonly ImmutableArray ReadonlyFiles; + public readonly ImmutableArray ReadonlyFilesProcesses; + public readonly ImmutableArray ReadonlyFilesUsers; + + [OutputConstructor] + private ContainerRuntimePolicyReadonlyFiles( + bool? enabled, + + ImmutableArray exceptionalReadonlyFiles, + + ImmutableArray exceptionalReadonlyFilesProcesses, + + ImmutableArray exceptionalReadonlyFilesUsers, + + ImmutableArray readonlyFiles, + + ImmutableArray readonlyFilesProcesses, + + ImmutableArray readonlyFilesUsers) + { + Enabled = enabled; + ExceptionalReadonlyFiles = exceptionalReadonlyFiles; + ExceptionalReadonlyFilesProcesses = exceptionalReadonlyFilesProcesses; + ExceptionalReadonlyFilesUsers = exceptionalReadonlyFilesUsers; + ReadonlyFiles = readonlyFiles; + ReadonlyFilesProcesses = readonlyFilesProcesses; + ReadonlyFilesUsers = readonlyFilesUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyReadonlyRegistry.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyReadonlyRegistry.cs new file mode 100644 index 00000000..21a596aa --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyReadonlyRegistry.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyReadonlyRegistry + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyRegistryPaths; + public readonly ImmutableArray ExceptionalReadonlyRegistryProcesses; + public readonly ImmutableArray ExceptionalReadonlyRegistryUsers; + public readonly ImmutableArray ReadonlyRegistryPaths; + public readonly ImmutableArray ReadonlyRegistryProcesses; + public readonly ImmutableArray ReadonlyRegistryUsers; + + [OutputConstructor] + private ContainerRuntimePolicyReadonlyRegistry( + bool? enabled, + + ImmutableArray exceptionalReadonlyRegistryPaths, + + ImmutableArray exceptionalReadonlyRegistryProcesses, + + ImmutableArray exceptionalReadonlyRegistryUsers, + + ImmutableArray readonlyRegistryPaths, + + ImmutableArray readonlyRegistryProcesses, + + ImmutableArray readonlyRegistryUsers) + { + Enabled = enabled; + ExceptionalReadonlyRegistryPaths = exceptionalReadonlyRegistryPaths; + ExceptionalReadonlyRegistryProcesses = exceptionalReadonlyRegistryProcesses; + ExceptionalReadonlyRegistryUsers = exceptionalReadonlyRegistryUsers; + ReadonlyRegistryPaths = readonlyRegistryPaths; + ReadonlyRegistryProcesses = readonlyRegistryProcesses; + ReadonlyRegistryUsers = readonlyRegistryUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyRegistryAccessMonitoring.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyRegistryAccessMonitoring.cs new file mode 100644 index 00000000..23ecdc2e --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyRegistryAccessMonitoring.cs @@ -0,0 +1,70 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyRegistryAccessMonitoring + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalMonitoredRegistryPaths; + public readonly ImmutableArray ExceptionalMonitoredRegistryProcesses; + public readonly ImmutableArray ExceptionalMonitoredRegistryUsers; + public readonly bool? MonitoredRegistryAttributes; + public readonly bool? MonitoredRegistryCreate; + public readonly bool? MonitoredRegistryDelete; + public readonly bool? MonitoredRegistryModify; + public readonly ImmutableArray MonitoredRegistryPaths; + public readonly ImmutableArray MonitoredRegistryProcesses; + public readonly bool? MonitoredRegistryRead; + public readonly ImmutableArray MonitoredRegistryUsers; + + [OutputConstructor] + private ContainerRuntimePolicyRegistryAccessMonitoring( + bool? enabled, + + ImmutableArray exceptionalMonitoredRegistryPaths, + + ImmutableArray exceptionalMonitoredRegistryProcesses, + + ImmutableArray exceptionalMonitoredRegistryUsers, + + bool? monitoredRegistryAttributes, + + bool? monitoredRegistryCreate, + + bool? monitoredRegistryDelete, + + bool? monitoredRegistryModify, + + ImmutableArray monitoredRegistryPaths, + + ImmutableArray monitoredRegistryProcesses, + + bool? monitoredRegistryRead, + + ImmutableArray monitoredRegistryUsers) + { + Enabled = enabled; + ExceptionalMonitoredRegistryPaths = exceptionalMonitoredRegistryPaths; + ExceptionalMonitoredRegistryProcesses = exceptionalMonitoredRegistryProcesses; + ExceptionalMonitoredRegistryUsers = exceptionalMonitoredRegistryUsers; + MonitoredRegistryAttributes = monitoredRegistryAttributes; + MonitoredRegistryCreate = monitoredRegistryCreate; + MonitoredRegistryDelete = monitoredRegistryDelete; + MonitoredRegistryModify = monitoredRegistryModify; + MonitoredRegistryPaths = monitoredRegistryPaths; + MonitoredRegistryProcesses = monitoredRegistryProcesses; + MonitoredRegistryRead = monitoredRegistryRead; + MonitoredRegistryUsers = monitoredRegistryUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyRestrictedVolume.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyRestrictedVolume.cs new file mode 100644 index 00000000..01c24a1f --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyRestrictedVolume.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyRestrictedVolume + { + /// + /// Whether restricted volumes are enabled. + /// + public readonly bool? Enabled; + /// + /// List of restricted volumes. + /// + public readonly ImmutableArray Volumes; + + [OutputConstructor] + private ContainerRuntimePolicyRestrictedVolume( + bool? enabled, + + ImmutableArray volumes) + { + Enabled = enabled; + Volumes = volumes; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyReverseShell.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyReverseShell.cs new file mode 100644 index 00000000..cd1f2025 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyReverseShell.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyReverseShell + { + public readonly bool? BlockReverseShell; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + public readonly ImmutableArray ReverseShellProcWhiteLists; + + [OutputConstructor] + private ContainerRuntimePolicyReverseShell( + bool? blockReverseShell, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists, + + ImmutableArray reverseShellProcWhiteLists) + { + BlockReverseShell = blockReverseShell; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + ReverseShellProcWhiteLists = reverseShellProcWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyScope.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyScope.cs new file mode 100644 index 00000000..d66ba1e0 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyScope + { + /// + /// Scope expression. + /// + public readonly string Expression; + /// + /// List of variables in the scope. + /// + public readonly ImmutableArray Variables; + + [OutputConstructor] + private ContainerRuntimePolicyScope( + string expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicySystemIntegrityProtection.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicySystemIntegrityProtection.cs new file mode 100644 index 00000000..3eef2773 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicySystemIntegrityProtection.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicySystemIntegrityProtection + { + public readonly bool? AuditSystemtimeChange; + public readonly bool? Enabled; + public readonly bool? MonitorAuditLogIntegrity; + public readonly bool? WindowsServicesMonitoring; + + [OutputConstructor] + private ContainerRuntimePolicySystemIntegrityProtection( + bool? auditSystemtimeChange, + + bool? enabled, + + bool? monitorAuditLogIntegrity, + + bool? windowsServicesMonitoring) + { + AuditSystemtimeChange = auditSystemtimeChange; + Enabled = enabled; + MonitorAuditLogIntegrity = monitorAuditLogIntegrity; + WindowsServicesMonitoring = windowsServicesMonitoring; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyTripwire.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyTripwire.cs new file mode 100644 index 00000000..e9410295 --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyTripwire.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyTripwire + { + public readonly ImmutableArray ApplyOns; + public readonly bool? Enabled; + public readonly string? ServerlessApp; + public readonly string? UserId; + public readonly string? UserPassword; + + [OutputConstructor] + private ContainerRuntimePolicyTripwire( + ImmutableArray applyOns, + + bool? enabled, + + string? serverlessApp, + + string? userId, + + string? userPassword) + { + ApplyOns = applyOns; + Enabled = enabled; + ServerlessApp = serverlessApp; + UserId = userId; + UserPassword = userPassword; + } + } +} diff --git a/sdk/dotnet/Outputs/ContainerRuntimePolicyWhitelistedOsUsers.cs b/sdk/dotnet/Outputs/ContainerRuntimePolicyWhitelistedOsUsers.cs new file mode 100644 index 00000000..ffe8696e --- /dev/null +++ b/sdk/dotnet/Outputs/ContainerRuntimePolicyWhitelistedOsUsers.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ContainerRuntimePolicyWhitelistedOsUsers + { + public readonly bool? Enabled; + public readonly ImmutableArray GroupWhiteLists; + public readonly ImmutableArray UserWhiteLists; + + [OutputConstructor] + private ContainerRuntimePolicyWhitelistedOsUsers( + bool? enabled, + + ImmutableArray groupWhiteLists, + + ImmutableArray userWhiteLists) + { + Enabled = enabled; + GroupWhiteLists = groupWhiteLists; + UserWhiteLists = userWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/EnforcerGroupsOrchestrator.cs b/sdk/dotnet/Outputs/EnforcerGroupsOrchestrator.cs index deba386a..4172b28a 100644 --- a/sdk/dotnet/Outputs/EnforcerGroupsOrchestrator.cs +++ b/sdk/dotnet/Outputs/EnforcerGroupsOrchestrator.cs @@ -23,9 +23,6 @@ public sealed class EnforcerGroupsOrchestrator /// May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). /// public readonly string? ServiceAccount; - /// - /// Enforcer Type. - /// public readonly string? Type; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/FunctionAssurancePolicyKubernetesControl.cs b/sdk/dotnet/Outputs/FunctionAssurancePolicyKubernetesControl.cs new file mode 100644 index 00000000..c5cfee98 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionAssurancePolicyKubernetesControl.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionAssurancePolicyKubernetesControl + { + public readonly string? AvdId; + public readonly string? Description; + public readonly bool? Enabled; + public readonly string? Kind; + public readonly string? Name; + public readonly bool? Ootb; + public readonly int? ScriptId; + public readonly string? Severity; + + [OutputConstructor] + private FunctionAssurancePolicyKubernetesControl( + string? avdId, + + string? description, + + bool? enabled, + + string? kind, + + string? name, + + bool? ootb, + + int? scriptId, + + string? severity) + { + AvdId = avdId; + Description = description; + Enabled = enabled; + Kind = kind; + Name = name; + Ootb = ootb; + ScriptId = scriptId; + Severity = severity; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionAssurancePolicyPolicySettings.cs b/sdk/dotnet/Outputs/FunctionAssurancePolicyPolicySettings.cs new file mode 100644 index 00000000..2ef6b9e5 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionAssurancePolicyPolicySettings.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionAssurancePolicyPolicySettings + { + public readonly bool? Enforce; + public readonly bool? IsAuditChecked; + public readonly bool? Warn; + public readonly string? WarningMessage; + + [OutputConstructor] + private FunctionAssurancePolicyPolicySettings( + bool? enforce, + + bool? isAuditChecked, + + bool? warn, + + string? warningMessage) + { + Enforce = enforce; + IsAuditChecked = isAuditChecked; + Warn = warn; + WarningMessage = warningMessage; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyAllowedExecutable.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyAllowedExecutable.cs new file mode 100644 index 00000000..e5176a8a --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyAllowedExecutable.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyAllowedExecutable + { + /// + /// List of allowed executables. + /// + public readonly ImmutableArray AllowExecutables; + /// + /// List of allowed root executables. + /// + public readonly ImmutableArray AllowRootExecutables; + /// + /// Whether allowed executables configuration is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to treat executables separately. + /// + public readonly bool? SeparateExecutables; + + [OutputConstructor] + private FunctionRuntimePolicyAllowedExecutable( + ImmutableArray allowExecutables, + + ImmutableArray allowRootExecutables, + + bool? enabled, + + bool? separateExecutables) + { + AllowExecutables = allowExecutables; + AllowRootExecutables = allowRootExecutables; + Enabled = enabled; + SeparateExecutables = separateExecutables; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyAllowedRegistry.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyAllowedRegistry.cs new file mode 100644 index 00000000..80fbad40 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyAllowedRegistry.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyAllowedRegistry + { + /// + /// List of allowed registries. + /// + public readonly ImmutableArray AllowedRegistries; + /// + /// Whether allowed registries are enabled. + /// + public readonly bool? Enabled; + + [OutputConstructor] + private FunctionRuntimePolicyAllowedRegistry( + ImmutableArray allowedRegistries, + + bool? enabled) + { + AllowedRegistries = allowedRegistries; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyAuditing.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyAuditing.cs new file mode 100644 index 00000000..a438943d --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyAuditing.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyAuditing + { + public readonly bool? AuditAllNetwork; + public readonly bool? AuditAllProcesses; + public readonly bool? AuditFailedLogin; + public readonly bool? AuditOsUserActivity; + public readonly bool? AuditProcessCmdline; + public readonly bool? AuditSuccessLogin; + public readonly bool? AuditUserAccountManagement; + public readonly bool? Enabled; + + [OutputConstructor] + private FunctionRuntimePolicyAuditing( + bool? auditAllNetwork, + + bool? auditAllProcesses, + + bool? auditFailedLogin, + + bool? auditOsUserActivity, + + bool? auditProcessCmdline, + + bool? auditSuccessLogin, + + bool? auditUserAccountManagement, + + bool? enabled) + { + AuditAllNetwork = auditAllNetwork; + AuditAllProcesses = auditAllProcesses; + AuditFailedLogin = auditFailedLogin; + AuditOsUserActivity = auditOsUserActivity; + AuditProcessCmdline = auditProcessCmdline; + AuditSuccessLogin = auditSuccessLogin; + AuditUserAccountManagement = auditUserAccountManagement; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyBlacklistedOsUsers.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyBlacklistedOsUsers.cs new file mode 100644 index 00000000..e07595dd --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyBlacklistedOsUsers.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyBlacklistedOsUsers + { + public readonly bool? Enabled; + public readonly ImmutableArray GroupBlackLists; + public readonly ImmutableArray UserBlackLists; + + [OutputConstructor] + private FunctionRuntimePolicyBlacklistedOsUsers( + bool? enabled, + + ImmutableArray groupBlackLists, + + ImmutableArray userBlackLists) + { + Enabled = enabled; + GroupBlackLists = groupBlackLists; + UserBlackLists = userBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScope.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScope.cs new file mode 100644 index 00000000..818c0364 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyBypassScope + { + /// + /// Whether bypassing the scope is enabled. + /// + public readonly bool? Enabled; + /// + /// Scope configuration. + /// + public readonly ImmutableArray Scopes; + + [OutputConstructor] + private FunctionRuntimePolicyBypassScope( + bool? enabled, + + ImmutableArray scopes) + { + Enabled = enabled; + Scopes = scopes; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScopeScope.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScopeScope.cs new file mode 100644 index 00000000..3a57ad4c --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScopeScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyBypassScopeScope + { + /// + /// Scope expression. + /// + public readonly string? Expression; + /// + /// List of variables in the scope. + /// + public readonly ImmutableArray Variables; + + [OutputConstructor] + private FunctionRuntimePolicyBypassScopeScope( + string? expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScopeScopeVariable.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScopeScopeVariable.cs new file mode 100644 index 00000000..f355cb9c --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyBypassScopeScopeVariable.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyBypassScopeScopeVariable + { + /// + /// Variable attribute. + /// + public readonly string? Attribute; + /// + /// Variable value. + /// + public readonly string? Value; + + [OutputConstructor] + private FunctionRuntimePolicyBypassScopeScopeVariable( + string? attribute, + + string? value) + { + Attribute = attribute; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyContainerExec.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyContainerExec.cs new file mode 100644 index 00000000..8e24eec3 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyContainerExec.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyContainerExec + { + public readonly bool? BlockContainerExec; + public readonly ImmutableArray ContainerExecProcWhiteLists; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + + [OutputConstructor] + private FunctionRuntimePolicyContainerExec( + bool? blockContainerExec, + + ImmutableArray containerExecProcWhiteLists, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists) + { + BlockContainerExec = blockContainerExec; + ContainerExecProcWhiteLists = containerExecProcWhiteLists; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyDriftPrevention.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyDriftPrevention.cs new file mode 100644 index 00000000..9d8b5c31 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyDriftPrevention.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyDriftPrevention + { + /// + /// Whether drift prevention is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to lockdown execution drift. + /// + public readonly bool? ExecLockdown; + /// + /// List of items in the execution lockdown white list. + /// + public readonly ImmutableArray ExecLockdownWhiteLists; + /// + /// Whether to lockdown image drift. + /// + public readonly bool? ImageLockdown; + + [OutputConstructor] + private FunctionRuntimePolicyDriftPrevention( + bool? enabled, + + bool? execLockdown, + + ImmutableArray execLockdownWhiteLists, + + bool? imageLockdown) + { + Enabled = enabled; + ExecLockdown = execLockdown; + ExecLockdownWhiteLists = execLockdownWhiteLists; + ImageLockdown = imageLockdown; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyExecutableBlacklist.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyExecutableBlacklist.cs new file mode 100644 index 00000000..e87a867d --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyExecutableBlacklist.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyExecutableBlacklist + { + /// + /// Whether the executable blacklist is enabled. + /// + public readonly bool? Enabled; + /// + /// List of blacklisted executables. + /// + public readonly ImmutableArray Executables; + + [OutputConstructor] + private FunctionRuntimePolicyExecutableBlacklist( + bool? enabled, + + ImmutableArray executables) + { + Enabled = enabled; + Executables = executables; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyFailedKubernetesChecks.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyFailedKubernetesChecks.cs new file mode 100644 index 00000000..b223b178 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyFailedKubernetesChecks.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyFailedKubernetesChecks + { + public readonly bool? Enabled; + public readonly ImmutableArray FailedChecks; + + [OutputConstructor] + private FunctionRuntimePolicyFailedKubernetesChecks( + bool? enabled, + + ImmutableArray failedChecks) + { + Enabled = enabled; + FailedChecks = failedChecks; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyFileBlock.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyFileBlock.cs new file mode 100644 index 00000000..de6ed203 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyFileBlock.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyFileBlock + { + public readonly ImmutableArray BlockFilesProcesses; + public readonly ImmutableArray BlockFilesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockFiles; + public readonly ImmutableArray ExceptionalBlockFilesProcesses; + public readonly ImmutableArray ExceptionalBlockFilesUsers; + public readonly ImmutableArray FilenameBlockLists; + + [OutputConstructor] + private FunctionRuntimePolicyFileBlock( + ImmutableArray blockFilesProcesses, + + ImmutableArray blockFilesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockFiles, + + ImmutableArray exceptionalBlockFilesProcesses, + + ImmutableArray exceptionalBlockFilesUsers, + + ImmutableArray filenameBlockLists) + { + BlockFilesProcesses = blockFilesProcesses; + BlockFilesUsers = blockFilesUsers; + Enabled = enabled; + ExceptionalBlockFiles = exceptionalBlockFiles; + ExceptionalBlockFilesProcesses = exceptionalBlockFilesProcesses; + ExceptionalBlockFilesUsers = exceptionalBlockFilesUsers; + FilenameBlockLists = filenameBlockLists; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyFileIntegrityMonitoring.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyFileIntegrityMonitoring.cs new file mode 100644 index 00000000..06d2c03b --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyFileIntegrityMonitoring.cs @@ -0,0 +1,106 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyFileIntegrityMonitoring + { + /// + /// If true, file integrity monitoring is enabled. + /// + public readonly bool? Enabled; + /// + /// List of paths to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFiles; + /// + /// List of processes to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFilesProcesses; + /// + /// List of users to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFilesUsers; + /// + /// List of paths to be monitored. + /// + public readonly ImmutableArray MonitoredFiles; + /// + /// Whether to monitor file attribute operations. + /// + public readonly bool? MonitoredFilesAttributes; + /// + /// Whether to monitor file create operations. + /// + public readonly bool? MonitoredFilesCreate; + /// + /// Whether to monitor file delete operations. + /// + public readonly bool? MonitoredFilesDelete; + /// + /// Whether to monitor file modify operations. + /// + public readonly bool? MonitoredFilesModify; + /// + /// List of processes associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesProcesses; + /// + /// Whether to monitor file read operations. + /// + public readonly bool? MonitoredFilesRead; + /// + /// List of users associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesUsers; + + [OutputConstructor] + private FunctionRuntimePolicyFileIntegrityMonitoring( + bool? enabled, + + ImmutableArray exceptionalMonitoredFiles, + + ImmutableArray exceptionalMonitoredFilesProcesses, + + ImmutableArray exceptionalMonitoredFilesUsers, + + ImmutableArray monitoredFiles, + + bool? monitoredFilesAttributes, + + bool? monitoredFilesCreate, + + bool? monitoredFilesDelete, + + bool? monitoredFilesModify, + + ImmutableArray monitoredFilesProcesses, + + bool? monitoredFilesRead, + + ImmutableArray monitoredFilesUsers) + { + Enabled = enabled; + ExceptionalMonitoredFiles = exceptionalMonitoredFiles; + ExceptionalMonitoredFilesProcesses = exceptionalMonitoredFilesProcesses; + ExceptionalMonitoredFilesUsers = exceptionalMonitoredFilesUsers; + MonitoredFiles = monitoredFiles; + MonitoredFilesAttributes = monitoredFilesAttributes; + MonitoredFilesCreate = monitoredFilesCreate; + MonitoredFilesDelete = monitoredFilesDelete; + MonitoredFilesModify = monitoredFilesModify; + MonitoredFilesProcesses = monitoredFilesProcesses; + MonitoredFilesRead = monitoredFilesRead; + MonitoredFilesUsers = monitoredFilesUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyLimitContainerPrivilege.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyLimitContainerPrivilege.cs new file mode 100644 index 00000000..a9a9c229 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyLimitContainerPrivilege.cs @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyLimitContainerPrivilege + { + /// + /// Whether to block adding capabilities. + /// + public readonly bool? BlockAddCapabilities; + /// + /// Whether container privilege limitations are enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to limit IPC-related capabilities. + /// + public readonly bool? Ipcmode; + /// + /// Whether to limit network-related capabilities. + /// + public readonly bool? Netmode; + /// + /// Whether to limit process-related capabilities. + /// + public readonly bool? Pidmode; + /// + /// Whether to prevent low port binding. + /// + public readonly bool? PreventLowPortBinding; + /// + /// Whether to prevent the use of the root user. + /// + public readonly bool? PreventRootUser; + /// + /// Whether the container is run in privileged mode. + /// + public readonly bool? Privileged; + /// + /// Whether to use the host user. + /// + public readonly bool? UseHostUser; + /// + /// Whether to limit user-related capabilities. + /// + public readonly bool? Usermode; + /// + /// Whether to limit UTS-related capabilities. + /// + public readonly bool? Utsmode; + + [OutputConstructor] + private FunctionRuntimePolicyLimitContainerPrivilege( + bool? blockAddCapabilities, + + bool? enabled, + + bool? ipcmode, + + bool? netmode, + + bool? pidmode, + + bool? preventLowPortBinding, + + bool? preventRootUser, + + bool? privileged, + + bool? useHostUser, + + bool? usermode, + + bool? utsmode) + { + BlockAddCapabilities = blockAddCapabilities; + Enabled = enabled; + Ipcmode = ipcmode; + Netmode = netmode; + Pidmode = pidmode; + PreventLowPortBinding = preventLowPortBinding; + PreventRootUser = preventRootUser; + Privileged = privileged; + UseHostUser = useHostUser; + Usermode = usermode; + Utsmode = utsmode; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyLinuxCapabilities.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyLinuxCapabilities.cs new file mode 100644 index 00000000..351cd1d9 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyLinuxCapabilities.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyLinuxCapabilities + { + public readonly bool? Enabled; + public readonly ImmutableArray RemoveLinuxCapabilities; + + [OutputConstructor] + private FunctionRuntimePolicyLinuxCapabilities( + bool? enabled, + + ImmutableArray removeLinuxCapabilities) + { + Enabled = enabled; + RemoveLinuxCapabilities = removeLinuxCapabilities; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyMalwareScanOptions.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyMalwareScanOptions.cs new file mode 100644 index 00000000..1dc31323 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyMalwareScanOptions.cs @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyMalwareScanOptions + { + /// + /// Set Action, Defaults to 'Alert' when empty + /// + public readonly string? Action; + /// + /// Defines if enabled or not + /// + public readonly bool? Enabled; + /// + /// List of registry paths to be excluded from being protected. + /// + public readonly ImmutableArray ExcludeDirectories; + /// + /// List of registry processes to be excluded from being protected. + /// + public readonly ImmutableArray ExcludeProcesses; + /// + /// List of registry paths to be excluded from being protected. + /// + public readonly ImmutableArray IncludeDirectories; + + [OutputConstructor] + private FunctionRuntimePolicyMalwareScanOptions( + string? action, + + bool? enabled, + + ImmutableArray excludeDirectories, + + ImmutableArray excludeProcesses, + + ImmutableArray includeDirectories) + { + Action = action; + Enabled = enabled; + ExcludeDirectories = excludeDirectories; + ExcludeProcesses = excludeProcesses; + IncludeDirectories = includeDirectories; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyPackageBlock.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyPackageBlock.cs new file mode 100644 index 00000000..e8892da7 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyPackageBlock.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyPackageBlock + { + public readonly ImmutableArray BlockPackagesProcesses; + public readonly ImmutableArray BlockPackagesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockPackagesFiles; + public readonly ImmutableArray ExceptionalBlockPackagesProcesses; + public readonly ImmutableArray ExceptionalBlockPackagesUsers; + public readonly ImmutableArray PackagesBlackLists; + + [OutputConstructor] + private FunctionRuntimePolicyPackageBlock( + ImmutableArray blockPackagesProcesses, + + ImmutableArray blockPackagesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockPackagesFiles, + + ImmutableArray exceptionalBlockPackagesProcesses, + + ImmutableArray exceptionalBlockPackagesUsers, + + ImmutableArray packagesBlackLists) + { + BlockPackagesProcesses = blockPackagesProcesses; + BlockPackagesUsers = blockPackagesUsers; + Enabled = enabled; + ExceptionalBlockPackagesFiles = exceptionalBlockPackagesFiles; + ExceptionalBlockPackagesProcesses = exceptionalBlockPackagesProcesses; + ExceptionalBlockPackagesUsers = exceptionalBlockPackagesUsers; + PackagesBlackLists = packagesBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyPortBlock.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyPortBlock.cs new file mode 100644 index 00000000..ef9f7df6 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyPortBlock.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyPortBlock + { + public readonly ImmutableArray BlockInboundPorts; + public readonly ImmutableArray BlockOutboundPorts; + public readonly bool? Enabled; + + [OutputConstructor] + private FunctionRuntimePolicyPortBlock( + ImmutableArray blockInboundPorts, + + ImmutableArray blockOutboundPorts, + + bool? enabled) + { + BlockInboundPorts = blockInboundPorts; + BlockOutboundPorts = blockOutboundPorts; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyReadonlyFiles.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyReadonlyFiles.cs new file mode 100644 index 00000000..fabd4b2a --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyReadonlyFiles.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyReadonlyFiles + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyFiles; + public readonly ImmutableArray ExceptionalReadonlyFilesProcesses; + public readonly ImmutableArray ExceptionalReadonlyFilesUsers; + public readonly ImmutableArray ReadonlyFiles; + public readonly ImmutableArray ReadonlyFilesProcesses; + public readonly ImmutableArray ReadonlyFilesUsers; + + [OutputConstructor] + private FunctionRuntimePolicyReadonlyFiles( + bool? enabled, + + ImmutableArray exceptionalReadonlyFiles, + + ImmutableArray exceptionalReadonlyFilesProcesses, + + ImmutableArray exceptionalReadonlyFilesUsers, + + ImmutableArray readonlyFiles, + + ImmutableArray readonlyFilesProcesses, + + ImmutableArray readonlyFilesUsers) + { + Enabled = enabled; + ExceptionalReadonlyFiles = exceptionalReadonlyFiles; + ExceptionalReadonlyFilesProcesses = exceptionalReadonlyFilesProcesses; + ExceptionalReadonlyFilesUsers = exceptionalReadonlyFilesUsers; + ReadonlyFiles = readonlyFiles; + ReadonlyFilesProcesses = readonlyFilesProcesses; + ReadonlyFilesUsers = readonlyFilesUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyReadonlyRegistry.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyReadonlyRegistry.cs new file mode 100644 index 00000000..2f135bbf --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyReadonlyRegistry.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyReadonlyRegistry + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyRegistryPaths; + public readonly ImmutableArray ExceptionalReadonlyRegistryProcesses; + public readonly ImmutableArray ExceptionalReadonlyRegistryUsers; + public readonly ImmutableArray ReadonlyRegistryPaths; + public readonly ImmutableArray ReadonlyRegistryProcesses; + public readonly ImmutableArray ReadonlyRegistryUsers; + + [OutputConstructor] + private FunctionRuntimePolicyReadonlyRegistry( + bool? enabled, + + ImmutableArray exceptionalReadonlyRegistryPaths, + + ImmutableArray exceptionalReadonlyRegistryProcesses, + + ImmutableArray exceptionalReadonlyRegistryUsers, + + ImmutableArray readonlyRegistryPaths, + + ImmutableArray readonlyRegistryProcesses, + + ImmutableArray readonlyRegistryUsers) + { + Enabled = enabled; + ExceptionalReadonlyRegistryPaths = exceptionalReadonlyRegistryPaths; + ExceptionalReadonlyRegistryProcesses = exceptionalReadonlyRegistryProcesses; + ExceptionalReadonlyRegistryUsers = exceptionalReadonlyRegistryUsers; + ReadonlyRegistryPaths = readonlyRegistryPaths; + ReadonlyRegistryProcesses = readonlyRegistryProcesses; + ReadonlyRegistryUsers = readonlyRegistryUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyRegistryAccessMonitoring.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyRegistryAccessMonitoring.cs new file mode 100644 index 00000000..35027a19 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyRegistryAccessMonitoring.cs @@ -0,0 +1,70 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyRegistryAccessMonitoring + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalMonitoredRegistryPaths; + public readonly ImmutableArray ExceptionalMonitoredRegistryProcesses; + public readonly ImmutableArray ExceptionalMonitoredRegistryUsers; + public readonly bool? MonitoredRegistryAttributes; + public readonly bool? MonitoredRegistryCreate; + public readonly bool? MonitoredRegistryDelete; + public readonly bool? MonitoredRegistryModify; + public readonly ImmutableArray MonitoredRegistryPaths; + public readonly ImmutableArray MonitoredRegistryProcesses; + public readonly bool? MonitoredRegistryRead; + public readonly ImmutableArray MonitoredRegistryUsers; + + [OutputConstructor] + private FunctionRuntimePolicyRegistryAccessMonitoring( + bool? enabled, + + ImmutableArray exceptionalMonitoredRegistryPaths, + + ImmutableArray exceptionalMonitoredRegistryProcesses, + + ImmutableArray exceptionalMonitoredRegistryUsers, + + bool? monitoredRegistryAttributes, + + bool? monitoredRegistryCreate, + + bool? monitoredRegistryDelete, + + bool? monitoredRegistryModify, + + ImmutableArray monitoredRegistryPaths, + + ImmutableArray monitoredRegistryProcesses, + + bool? monitoredRegistryRead, + + ImmutableArray monitoredRegistryUsers) + { + Enabled = enabled; + ExceptionalMonitoredRegistryPaths = exceptionalMonitoredRegistryPaths; + ExceptionalMonitoredRegistryProcesses = exceptionalMonitoredRegistryProcesses; + ExceptionalMonitoredRegistryUsers = exceptionalMonitoredRegistryUsers; + MonitoredRegistryAttributes = monitoredRegistryAttributes; + MonitoredRegistryCreate = monitoredRegistryCreate; + MonitoredRegistryDelete = monitoredRegistryDelete; + MonitoredRegistryModify = monitoredRegistryModify; + MonitoredRegistryPaths = monitoredRegistryPaths; + MonitoredRegistryProcesses = monitoredRegistryProcesses; + MonitoredRegistryRead = monitoredRegistryRead; + MonitoredRegistryUsers = monitoredRegistryUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyRestrictedVolume.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyRestrictedVolume.cs new file mode 100644 index 00000000..49f834ee --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyRestrictedVolume.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyRestrictedVolume + { + /// + /// Whether restricted volumes are enabled. + /// + public readonly bool? Enabled; + /// + /// List of restricted volumes. + /// + public readonly ImmutableArray Volumes; + + [OutputConstructor] + private FunctionRuntimePolicyRestrictedVolume( + bool? enabled, + + ImmutableArray volumes) + { + Enabled = enabled; + Volumes = volumes; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyReverseShell.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyReverseShell.cs new file mode 100644 index 00000000..57d1582b --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyReverseShell.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyReverseShell + { + public readonly bool? BlockReverseShell; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + public readonly ImmutableArray ReverseShellProcWhiteLists; + + [OutputConstructor] + private FunctionRuntimePolicyReverseShell( + bool? blockReverseShell, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists, + + ImmutableArray reverseShellProcWhiteLists) + { + BlockReverseShell = blockReverseShell; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + ReverseShellProcWhiteLists = reverseShellProcWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyScope.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyScope.cs new file mode 100644 index 00000000..479554d6 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyScope + { + /// + /// Scope expression. + /// + public readonly string Expression; + /// + /// List of variables in the scope. + /// + public readonly ImmutableArray Variables; + + [OutputConstructor] + private FunctionRuntimePolicyScope( + string expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicySystemIntegrityProtection.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicySystemIntegrityProtection.cs new file mode 100644 index 00000000..0bdc7da9 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicySystemIntegrityProtection.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicySystemIntegrityProtection + { + public readonly bool? AuditSystemtimeChange; + public readonly bool? Enabled; + public readonly bool? MonitorAuditLogIntegrity; + public readonly bool? WindowsServicesMonitoring; + + [OutputConstructor] + private FunctionRuntimePolicySystemIntegrityProtection( + bool? auditSystemtimeChange, + + bool? enabled, + + bool? monitorAuditLogIntegrity, + + bool? windowsServicesMonitoring) + { + AuditSystemtimeChange = auditSystemtimeChange; + Enabled = enabled; + MonitorAuditLogIntegrity = monitorAuditLogIntegrity; + WindowsServicesMonitoring = windowsServicesMonitoring; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyTripwire.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyTripwire.cs new file mode 100644 index 00000000..7c7d28df --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyTripwire.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyTripwire + { + public readonly ImmutableArray ApplyOns; + public readonly bool? Enabled; + public readonly string? ServerlessApp; + public readonly string? UserId; + public readonly string? UserPassword; + + [OutputConstructor] + private FunctionRuntimePolicyTripwire( + ImmutableArray applyOns, + + bool? enabled, + + string? serverlessApp, + + string? userId, + + string? userPassword) + { + ApplyOns = applyOns; + Enabled = enabled; + ServerlessApp = serverlessApp; + UserId = userId; + UserPassword = userPassword; + } + } +} diff --git a/sdk/dotnet/Outputs/FunctionRuntimePolicyWhitelistedOsUsers.cs b/sdk/dotnet/Outputs/FunctionRuntimePolicyWhitelistedOsUsers.cs new file mode 100644 index 00000000..ddb24028 --- /dev/null +++ b/sdk/dotnet/Outputs/FunctionRuntimePolicyWhitelistedOsUsers.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class FunctionRuntimePolicyWhitelistedOsUsers + { + public readonly bool? Enabled; + public readonly ImmutableArray GroupWhiteLists; + public readonly ImmutableArray UserWhiteLists; + + [OutputConstructor] + private FunctionRuntimePolicyWhitelistedOsUsers( + bool? enabled, + + ImmutableArray groupWhiteLists, + + ImmutableArray userWhiteLists) + { + Enabled = enabled; + GroupWhiteLists = groupWhiteLists; + UserWhiteLists = userWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyAllowedExecutableResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyAllowedExecutableResult.cs new file mode 100644 index 00000000..897b82d5 --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyAllowedExecutableResult.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyAllowedExecutableResult + { + /// + /// List of allowed executables. + /// + public readonly ImmutableArray AllowExecutables; + /// + /// List of allowed root executables. + /// + public readonly ImmutableArray AllowRootExecutables; + /// + /// Whether allowed executables configuration is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to treat executables separately. + /// + public readonly bool? SeparateExecutables; + + [OutputConstructor] + private GetContainerRuntimePolicyAllowedExecutableResult( + ImmutableArray allowExecutables, + + ImmutableArray allowRootExecutables, + + bool? enabled, + + bool? separateExecutables) + { + AllowExecutables = allowExecutables; + AllowRootExecutables = allowRootExecutables; + Enabled = enabled; + SeparateExecutables = separateExecutables; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyAllowedRegistryResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyAllowedRegistryResult.cs new file mode 100644 index 00000000..6821987f --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyAllowedRegistryResult.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyAllowedRegistryResult + { + /// + /// List of allowed registries. + /// + public readonly ImmutableArray AllowedRegistries; + /// + /// Whether allowed registries are enabled. + /// + public readonly bool? Enabled; + + [OutputConstructor] + private GetContainerRuntimePolicyAllowedRegistryResult( + ImmutableArray allowedRegistries, + + bool? enabled) + { + AllowedRegistries = allowedRegistries; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyAuditingResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyAuditingResult.cs new file mode 100644 index 00000000..07913211 --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyAuditingResult.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyAuditingResult + { + public readonly bool? AuditAllNetwork; + public readonly bool? AuditAllProcesses; + public readonly bool? AuditFailedLogin; + public readonly bool? AuditOsUserActivity; + public readonly bool? AuditProcessCmdline; + public readonly bool? AuditSuccessLogin; + public readonly bool? AuditUserAccountManagement; + public readonly bool? Enabled; + + [OutputConstructor] + private GetContainerRuntimePolicyAuditingResult( + bool? auditAllNetwork, + + bool? auditAllProcesses, + + bool? auditFailedLogin, + + bool? auditOsUserActivity, + + bool? auditProcessCmdline, + + bool? auditSuccessLogin, + + bool? auditUserAccountManagement, + + bool? enabled) + { + AuditAllNetwork = auditAllNetwork; + AuditAllProcesses = auditAllProcesses; + AuditFailedLogin = auditFailedLogin; + AuditOsUserActivity = auditOsUserActivity; + AuditProcessCmdline = auditProcessCmdline; + AuditSuccessLogin = auditSuccessLogin; + AuditUserAccountManagement = auditUserAccountManagement; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyContainerExecResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyContainerExecResult.cs new file mode 100644 index 00000000..45be9d84 --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyContainerExecResult.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyContainerExecResult + { + public readonly bool? BlockContainerExec; + public readonly ImmutableArray ContainerExecProcWhiteLists; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + + [OutputConstructor] + private GetContainerRuntimePolicyContainerExecResult( + bool? blockContainerExec, + + ImmutableArray containerExecProcWhiteLists, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists) + { + BlockContainerExec = blockContainerExec; + ContainerExecProcWhiteLists = containerExecProcWhiteLists; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileBlockResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileBlockResult.cs new file mode 100644 index 00000000..b83944c3 --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileBlockResult.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyFileBlockResult + { + public readonly ImmutableArray BlockFilesProcesses; + public readonly ImmutableArray BlockFilesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockFiles; + public readonly ImmutableArray ExceptionalBlockFilesProcesses; + public readonly ImmutableArray ExceptionalBlockFilesUsers; + public readonly ImmutableArray FilenameBlockLists; + + [OutputConstructor] + private GetContainerRuntimePolicyFileBlockResult( + ImmutableArray blockFilesProcesses, + + ImmutableArray blockFilesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockFiles, + + ImmutableArray exceptionalBlockFilesProcesses, + + ImmutableArray exceptionalBlockFilesUsers, + + ImmutableArray filenameBlockLists) + { + BlockFilesProcesses = blockFilesProcesses; + BlockFilesUsers = blockFilesUsers; + Enabled = enabled; + ExceptionalBlockFiles = exceptionalBlockFiles; + ExceptionalBlockFilesProcesses = exceptionalBlockFilesProcesses; + ExceptionalBlockFilesUsers = exceptionalBlockFilesUsers; + FilenameBlockLists = filenameBlockLists; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileIntegrityMonitoringResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileIntegrityMonitoringResult.cs index c7fed020..82b58848 100644 --- a/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileIntegrityMonitoringResult.cs +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyFileIntegrityMonitoringResult.cs @@ -14,53 +14,93 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetContainerRuntimePolicyFileIntegrityMonitoringResult { - public readonly ImmutableArray ExcludedPaths; - public readonly ImmutableArray ExcludedProcesses; - public readonly ImmutableArray ExcludedUsers; - public readonly bool MonitorAttributes; - public readonly bool MonitorCreate; - public readonly bool MonitorDelete; - public readonly bool MonitorModify; - public readonly bool MonitorRead; - public readonly ImmutableArray MonitoredPaths; - public readonly ImmutableArray MonitoredProcesses; - public readonly ImmutableArray MonitoredUsers; + /// + /// If true, file integrity monitoring is enabled. + /// + public readonly bool? Enabled; + /// + /// List of paths to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFiles; + /// + /// List of processes to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFilesProcesses; + /// + /// List of users to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFilesUsers; + /// + /// List of paths to be monitored. + /// + public readonly ImmutableArray MonitoredFiles; + /// + /// Whether to monitor file attribute operations. + /// + public readonly bool? MonitoredFilesAttributes; + /// + /// Whether to monitor file create operations. + /// + public readonly bool? MonitoredFilesCreate; + /// + /// Whether to monitor file delete operations. + /// + public readonly bool? MonitoredFilesDelete; + /// + /// Whether to monitor file modify operations. + /// + public readonly bool? MonitoredFilesModify; + /// + /// List of processes associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesProcesses; + /// + /// Whether to monitor file read operations. + /// + public readonly bool? MonitoredFilesRead; + /// + /// List of users associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesUsers; [OutputConstructor] private GetContainerRuntimePolicyFileIntegrityMonitoringResult( - ImmutableArray excludedPaths, + bool? enabled, - ImmutableArray excludedProcesses, + ImmutableArray exceptionalMonitoredFiles, - ImmutableArray excludedUsers, + ImmutableArray exceptionalMonitoredFilesProcesses, - bool monitorAttributes, + ImmutableArray exceptionalMonitoredFilesUsers, - bool monitorCreate, + ImmutableArray monitoredFiles, - bool monitorDelete, + bool? monitoredFilesAttributes, - bool monitorModify, + bool? monitoredFilesCreate, - bool monitorRead, + bool? monitoredFilesDelete, - ImmutableArray monitoredPaths, + bool? monitoredFilesModify, - ImmutableArray monitoredProcesses, + ImmutableArray monitoredFilesProcesses, - ImmutableArray monitoredUsers) + bool? monitoredFilesRead, + + ImmutableArray monitoredFilesUsers) { - ExcludedPaths = excludedPaths; - ExcludedProcesses = excludedProcesses; - ExcludedUsers = excludedUsers; - MonitorAttributes = monitorAttributes; - MonitorCreate = monitorCreate; - MonitorDelete = monitorDelete; - MonitorModify = monitorModify; - MonitorRead = monitorRead; - MonitoredPaths = monitoredPaths; - MonitoredProcesses = monitoredProcesses; - MonitoredUsers = monitoredUsers; + Enabled = enabled; + ExceptionalMonitoredFiles = exceptionalMonitoredFiles; + ExceptionalMonitoredFilesProcesses = exceptionalMonitoredFilesProcesses; + ExceptionalMonitoredFilesUsers = exceptionalMonitoredFilesUsers; + MonitoredFiles = monitoredFiles; + MonitoredFilesAttributes = monitoredFilesAttributes; + MonitoredFilesCreate = monitoredFilesCreate; + MonitoredFilesDelete = monitoredFilesDelete; + MonitoredFilesModify = monitoredFilesModify; + MonitoredFilesProcesses = monitoredFilesProcesses; + MonitoredFilesRead = monitoredFilesRead; + MonitoredFilesUsers = monitoredFilesUsers; } } } diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyLimitContainerPrivilegeResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyLimitContainerPrivilegeResult.cs new file mode 100644 index 00000000..efb79e12 --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyLimitContainerPrivilegeResult.cs @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyLimitContainerPrivilegeResult + { + /// + /// Whether to block adding capabilities. + /// + public readonly bool? BlockAddCapabilities; + /// + /// Whether container privilege limitations are enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to limit IPC-related capabilities. + /// + public readonly bool? Ipcmode; + /// + /// Whether to limit network-related capabilities. + /// + public readonly bool? Netmode; + /// + /// Whether to limit process-related capabilities. + /// + public readonly bool? Pidmode; + /// + /// Whether to prevent low port binding. + /// + public readonly bool? PreventLowPortBinding; + /// + /// Whether to prevent the use of the root user. + /// + public readonly bool? PreventRootUser; + /// + /// Whether the container is run in privileged mode. + /// + public readonly bool? Privileged; + /// + /// Whether to use the host user. + /// + public readonly bool? UseHostUser; + /// + /// Whether to limit user-related capabilities. + /// + public readonly bool? Usermode; + /// + /// Whether to limit UTS-related capabilities. + /// + public readonly bool? Utsmode; + + [OutputConstructor] + private GetContainerRuntimePolicyLimitContainerPrivilegeResult( + bool? blockAddCapabilities, + + bool? enabled, + + bool? ipcmode, + + bool? netmode, + + bool? pidmode, + + bool? preventLowPortBinding, + + bool? preventRootUser, + + bool? privileged, + + bool? useHostUser, + + bool? usermode, + + bool? utsmode) + { + BlockAddCapabilities = blockAddCapabilities; + Enabled = enabled; + Ipcmode = ipcmode; + Netmode = netmode; + Pidmode = pidmode; + PreventLowPortBinding = preventLowPortBinding; + PreventRootUser = preventRootUser; + Privileged = privileged; + UseHostUser = useHostUser; + Usermode = usermode; + Utsmode = utsmode; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyMalwareScanOptionResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyMalwareScanOptionResult.cs index 137607e1..423791fb 100644 --- a/sdk/dotnet/Outputs/GetContainerRuntimePolicyMalwareScanOptionResult.cs +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyMalwareScanOptionResult.cs @@ -17,11 +17,11 @@ public sealed class GetContainerRuntimePolicyMalwareScanOptionResult /// /// Set Action, Defaults to 'Alert' when empty /// - public readonly string Action; + public readonly string? Action; /// /// Defines if enabled or not /// - public readonly bool Enabled; + public readonly bool? Enabled; /// /// List of registry paths to be excluded from being protected. /// @@ -30,21 +30,28 @@ public sealed class GetContainerRuntimePolicyMalwareScanOptionResult /// List of registry processes to be excluded from being protected. /// public readonly ImmutableArray ExcludeProcesses; + /// + /// List of registry paths to be excluded from being protected. + /// + public readonly ImmutableArray IncludeDirectories; [OutputConstructor] private GetContainerRuntimePolicyMalwareScanOptionResult( - string action, + string? action, - bool enabled, + bool? enabled, ImmutableArray excludeDirectories, - ImmutableArray excludeProcesses) + ImmutableArray excludeProcesses, + + ImmutableArray includeDirectories) { Action = action; Enabled = enabled; ExcludeDirectories = excludeDirectories; ExcludeProcesses = excludeProcesses; + IncludeDirectories = includeDirectories; } } } diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyPortBlockResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyPortBlockResult.cs new file mode 100644 index 00000000..13c392af --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyPortBlockResult.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyPortBlockResult + { + public readonly ImmutableArray BlockInboundPorts; + public readonly ImmutableArray BlockOutboundPorts; + public readonly bool? Enabled; + + [OutputConstructor] + private GetContainerRuntimePolicyPortBlockResult( + ImmutableArray blockInboundPorts, + + ImmutableArray blockOutboundPorts, + + bool? enabled) + { + BlockInboundPorts = blockInboundPorts; + BlockOutboundPorts = blockOutboundPorts; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyReadonlyFilesResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyReadonlyFilesResult.cs new file mode 100644 index 00000000..457a0f7f --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyReadonlyFilesResult.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyReadonlyFilesResult + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyFiles; + public readonly ImmutableArray ExceptionalReadonlyFilesProcesses; + public readonly ImmutableArray ExceptionalReadonlyFilesUsers; + public readonly ImmutableArray ReadonlyFiles; + public readonly ImmutableArray ReadonlyFilesProcesses; + public readonly ImmutableArray ReadonlyFilesUsers; + + [OutputConstructor] + private GetContainerRuntimePolicyReadonlyFilesResult( + bool? enabled, + + ImmutableArray exceptionalReadonlyFiles, + + ImmutableArray exceptionalReadonlyFilesProcesses, + + ImmutableArray exceptionalReadonlyFilesUsers, + + ImmutableArray readonlyFiles, + + ImmutableArray readonlyFilesProcesses, + + ImmutableArray readonlyFilesUsers) + { + Enabled = enabled; + ExceptionalReadonlyFiles = exceptionalReadonlyFiles; + ExceptionalReadonlyFilesProcesses = exceptionalReadonlyFilesProcesses; + ExceptionalReadonlyFilesUsers = exceptionalReadonlyFilesUsers; + ReadonlyFiles = readonlyFiles; + ReadonlyFilesProcesses = readonlyFilesProcesses; + ReadonlyFilesUsers = readonlyFilesUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyRestrictedVolumeResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyRestrictedVolumeResult.cs new file mode 100644 index 00000000..54fea64c --- /dev/null +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyRestrictedVolumeResult.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetContainerRuntimePolicyRestrictedVolumeResult + { + /// + /// Whether restricted volumes are enabled. + /// + public readonly bool? Enabled; + /// + /// List of restricted volumes. + /// + public readonly ImmutableArray Volumes; + + [OutputConstructor] + private GetContainerRuntimePolicyRestrictedVolumeResult( + bool? enabled, + + ImmutableArray volumes) + { + Enabled = enabled; + Volumes = volumes; + } + } +} diff --git a/sdk/dotnet/Outputs/GetContainerRuntimePolicyScopeVariableResult.cs b/sdk/dotnet/Outputs/GetContainerRuntimePolicyScopeVariableResult.cs index 9f32ea03..7cf194dc 100644 --- a/sdk/dotnet/Outputs/GetContainerRuntimePolicyScopeVariableResult.cs +++ b/sdk/dotnet/Outputs/GetContainerRuntimePolicyScopeVariableResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetContainerRuntimePolicyScopeVariableResult { public readonly string Attribute; - /// - /// Name of the container runtime policy - /// public readonly string Name; public readonly string Value; diff --git a/sdk/dotnet/Outputs/GetEnforcerGroupsOrchestratorResult.cs b/sdk/dotnet/Outputs/GetEnforcerGroupsOrchestratorResult.cs index e4bd407d..22ccda58 100644 --- a/sdk/dotnet/Outputs/GetEnforcerGroupsOrchestratorResult.cs +++ b/sdk/dotnet/Outputs/GetEnforcerGroupsOrchestratorResult.cs @@ -17,9 +17,6 @@ public sealed class GetEnforcerGroupsOrchestratorResult public readonly bool Master; public readonly string Namespace; public readonly string ServiceAccount; - /// - /// Enforcer Type. - /// public readonly string Type; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/GetFunctionAssurancePolicyCustomCheckResult.cs b/sdk/dotnet/Outputs/GetFunctionAssurancePolicyCustomCheckResult.cs index 8830127b..daeee2ec 100644 --- a/sdk/dotnet/Outputs/GetFunctionAssurancePolicyCustomCheckResult.cs +++ b/sdk/dotnet/Outputs/GetFunctionAssurancePolicyCustomCheckResult.cs @@ -14,9 +14,6 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetFunctionAssurancePolicyCustomCheckResult { - /// - /// Name of user account that created the policy. - /// public readonly string Author; public readonly string Description; public readonly string Engine; diff --git a/sdk/dotnet/Outputs/GetFunctionRuntimePolicyDriftPreventionResult.cs b/sdk/dotnet/Outputs/GetFunctionRuntimePolicyDriftPreventionResult.cs new file mode 100644 index 00000000..899bc44f --- /dev/null +++ b/sdk/dotnet/Outputs/GetFunctionRuntimePolicyDriftPreventionResult.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetFunctionRuntimePolicyDriftPreventionResult + { + /// + /// Whether drift prevention is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to lockdown execution drift. + /// + public readonly bool? ExecLockdown; + /// + /// List of items in the execution lockdown white list. + /// + public readonly ImmutableArray ExecLockdownWhiteLists; + /// + /// Whether to lockdown image drift. + /// + public readonly bool? ImageLockdown; + + [OutputConstructor] + private GetFunctionRuntimePolicyDriftPreventionResult( + bool? enabled, + + bool? execLockdown, + + ImmutableArray execLockdownWhiteLists, + + bool? imageLockdown) + { + Enabled = enabled; + ExecLockdown = execLockdown; + ExecLockdownWhiteLists = execLockdownWhiteLists; + ImageLockdown = imageLockdown; + } + } +} diff --git a/sdk/dotnet/Outputs/GetFunctionRuntimePolicyExecutableBlacklistResult.cs b/sdk/dotnet/Outputs/GetFunctionRuntimePolicyExecutableBlacklistResult.cs new file mode 100644 index 00000000..e64b74a2 --- /dev/null +++ b/sdk/dotnet/Outputs/GetFunctionRuntimePolicyExecutableBlacklistResult.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetFunctionRuntimePolicyExecutableBlacklistResult + { + /// + /// Whether the executable blacklist is enabled. + /// + public readonly bool? Enabled; + /// + /// List of blacklisted executables. + /// + public readonly ImmutableArray Executables; + + [OutputConstructor] + private GetFunctionRuntimePolicyExecutableBlacklistResult( + bool? enabled, + + ImmutableArray executables) + { + Enabled = enabled; + Executables = executables; + } + } +} diff --git a/sdk/dotnet/Outputs/GetFunctionRuntimePolicyScopeVariableResult.cs b/sdk/dotnet/Outputs/GetFunctionRuntimePolicyScopeVariableResult.cs index 9b9cb1fd..3ffccadc 100644 --- a/sdk/dotnet/Outputs/GetFunctionRuntimePolicyScopeVariableResult.cs +++ b/sdk/dotnet/Outputs/GetFunctionRuntimePolicyScopeVariableResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetFunctionRuntimePolicyScopeVariableResult { public readonly string Attribute; - /// - /// Name of the function runtime policy - /// public readonly string Name; public readonly string Value; diff --git a/sdk/dotnet/Outputs/GetGatewaysGatewayResult.cs b/sdk/dotnet/Outputs/GetGatewaysGatewayResult.cs index 1a545ece..b574adb1 100644 --- a/sdk/dotnet/Outputs/GetGatewaysGatewayResult.cs +++ b/sdk/dotnet/Outputs/GetGatewaysGatewayResult.cs @@ -17,9 +17,6 @@ public sealed class GetGatewaysGatewayResult public readonly string Description; public readonly string GrpcAddress; public readonly string Hostname; - /// - /// The ID of this resource. - /// public readonly string Id; public readonly string Logicalname; public readonly string PublicAddress; diff --git a/sdk/dotnet/Outputs/GetHostAssurancePolicyCustomCheckResult.cs b/sdk/dotnet/Outputs/GetHostAssurancePolicyCustomCheckResult.cs index 7aed0afb..20ccb722 100644 --- a/sdk/dotnet/Outputs/GetHostAssurancePolicyCustomCheckResult.cs +++ b/sdk/dotnet/Outputs/GetHostAssurancePolicyCustomCheckResult.cs @@ -14,9 +14,6 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetHostAssurancePolicyCustomCheckResult { - /// - /// Name of user account that created the policy. - /// public readonly string Author; public readonly string Description; public readonly string Engine; diff --git a/sdk/dotnet/Outputs/GetHostRuntimePolicyAuditingResult.cs b/sdk/dotnet/Outputs/GetHostRuntimePolicyAuditingResult.cs new file mode 100644 index 00000000..33d1d405 --- /dev/null +++ b/sdk/dotnet/Outputs/GetHostRuntimePolicyAuditingResult.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetHostRuntimePolicyAuditingResult + { + public readonly bool? AuditAllNetwork; + public readonly bool? AuditAllProcesses; + public readonly bool? AuditFailedLogin; + public readonly bool? AuditOsUserActivity; + public readonly bool? AuditProcessCmdline; + public readonly bool? AuditSuccessLogin; + public readonly bool? AuditUserAccountManagement; + public readonly bool? Enabled; + + [OutputConstructor] + private GetHostRuntimePolicyAuditingResult( + bool? auditAllNetwork, + + bool? auditAllProcesses, + + bool? auditFailedLogin, + + bool? auditOsUserActivity, + + bool? auditProcessCmdline, + + bool? auditSuccessLogin, + + bool? auditUserAccountManagement, + + bool? enabled) + { + AuditAllNetwork = auditAllNetwork; + AuditAllProcesses = auditAllProcesses; + AuditFailedLogin = auditFailedLogin; + AuditOsUserActivity = auditOsUserActivity; + AuditProcessCmdline = auditProcessCmdline; + AuditSuccessLogin = auditSuccessLogin; + AuditUserAccountManagement = auditUserAccountManagement; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/GetHostRuntimePolicyFileIntegrityMonitoringResult.cs b/sdk/dotnet/Outputs/GetHostRuntimePolicyFileIntegrityMonitoringResult.cs index df9f17d8..ad85aeb2 100644 --- a/sdk/dotnet/Outputs/GetHostRuntimePolicyFileIntegrityMonitoringResult.cs +++ b/sdk/dotnet/Outputs/GetHostRuntimePolicyFileIntegrityMonitoringResult.cs @@ -14,53 +14,93 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetHostRuntimePolicyFileIntegrityMonitoringResult { - public readonly ImmutableArray ExcludedPaths; - public readonly ImmutableArray ExcludedProcesses; - public readonly ImmutableArray ExcludedUsers; - public readonly bool MonitorAttributes; - public readonly bool MonitorCreate; - public readonly bool MonitorDelete; - public readonly bool MonitorModify; - public readonly bool MonitorRead; - public readonly ImmutableArray MonitoredPaths; - public readonly ImmutableArray MonitoredProcesses; - public readonly ImmutableArray MonitoredUsers; + /// + /// If true, file integrity monitoring is enabled. + /// + public readonly bool? Enabled; + /// + /// List of paths to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFiles; + /// + /// List of processes to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFilesProcesses; + /// + /// List of users to be excluded from monitoring. + /// + public readonly ImmutableArray ExceptionalMonitoredFilesUsers; + /// + /// List of paths to be monitored. + /// + public readonly ImmutableArray MonitoredFiles; + /// + /// Whether to monitor file attribute operations. + /// + public readonly bool? MonitoredFilesAttributes; + /// + /// Whether to monitor file create operations. + /// + public readonly bool? MonitoredFilesCreate; + /// + /// Whether to monitor file delete operations. + /// + public readonly bool? MonitoredFilesDelete; + /// + /// Whether to monitor file modify operations. + /// + public readonly bool? MonitoredFilesModify; + /// + /// List of processes associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesProcesses; + /// + /// Whether to monitor file read operations. + /// + public readonly bool? MonitoredFilesRead; + /// + /// List of users associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesUsers; [OutputConstructor] private GetHostRuntimePolicyFileIntegrityMonitoringResult( - ImmutableArray excludedPaths, + bool? enabled, - ImmutableArray excludedProcesses, + ImmutableArray exceptionalMonitoredFiles, - ImmutableArray excludedUsers, + ImmutableArray exceptionalMonitoredFilesProcesses, - bool monitorAttributes, + ImmutableArray exceptionalMonitoredFilesUsers, - bool monitorCreate, + ImmutableArray monitoredFiles, - bool monitorDelete, + bool? monitoredFilesAttributes, - bool monitorModify, + bool? monitoredFilesCreate, - bool monitorRead, + bool? monitoredFilesDelete, - ImmutableArray monitoredPaths, + bool? monitoredFilesModify, - ImmutableArray monitoredProcesses, + ImmutableArray monitoredFilesProcesses, - ImmutableArray monitoredUsers) + bool? monitoredFilesRead, + + ImmutableArray monitoredFilesUsers) { - ExcludedPaths = excludedPaths; - ExcludedProcesses = excludedProcesses; - ExcludedUsers = excludedUsers; - MonitorAttributes = monitorAttributes; - MonitorCreate = monitorCreate; - MonitorDelete = monitorDelete; - MonitorModify = monitorModify; - MonitorRead = monitorRead; - MonitoredPaths = monitoredPaths; - MonitoredProcesses = monitoredProcesses; - MonitoredUsers = monitoredUsers; + Enabled = enabled; + ExceptionalMonitoredFiles = exceptionalMonitoredFiles; + ExceptionalMonitoredFilesProcesses = exceptionalMonitoredFilesProcesses; + ExceptionalMonitoredFilesUsers = exceptionalMonitoredFilesUsers; + MonitoredFiles = monitoredFiles; + MonitoredFilesAttributes = monitoredFilesAttributes; + MonitoredFilesCreate = monitoredFilesCreate; + MonitoredFilesDelete = monitoredFilesDelete; + MonitoredFilesModify = monitoredFilesModify; + MonitoredFilesProcesses = monitoredFilesProcesses; + MonitoredFilesRead = monitoredFilesRead; + MonitoredFilesUsers = monitoredFilesUsers; } } } diff --git a/sdk/dotnet/Outputs/GetHostRuntimePolicyMalwareScanOptionResult.cs b/sdk/dotnet/Outputs/GetHostRuntimePolicyMalwareScanOptionResult.cs index b02d7652..88df812d 100644 --- a/sdk/dotnet/Outputs/GetHostRuntimePolicyMalwareScanOptionResult.cs +++ b/sdk/dotnet/Outputs/GetHostRuntimePolicyMalwareScanOptionResult.cs @@ -14,19 +14,34 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetHostRuntimePolicyMalwareScanOptionResult { - public readonly string Action; /// - /// Indicates if the runtime policy is enabled or not. + /// Set Action, Defaults to 'Alert' when empty + /// + public readonly string? Action; + /// + /// Defines if enabled or not + /// + public readonly bool? Enabled; + /// + /// List of registry paths to be excluded from being protected. + /// + public readonly ImmutableArray ExcludeDirectories; + /// + /// List of registry processes to be excluded from being protected. /// - public readonly bool Enabled; public readonly ImmutableArray ExcludeProcesses; + /// + /// List of registry paths to be excluded from being protected. + /// public readonly ImmutableArray IncludeDirectories; [OutputConstructor] private GetHostRuntimePolicyMalwareScanOptionResult( - string action, + string? action, + + bool? enabled, - bool enabled, + ImmutableArray excludeDirectories, ImmutableArray excludeProcesses, @@ -34,6 +49,7 @@ private GetHostRuntimePolicyMalwareScanOptionResult( { Action = action; Enabled = enabled; + ExcludeDirectories = excludeDirectories; ExcludeProcesses = excludeProcesses; IncludeDirectories = includeDirectories; } diff --git a/sdk/dotnet/Outputs/GetHostRuntimePolicyPackageBlockResult.cs b/sdk/dotnet/Outputs/GetHostRuntimePolicyPackageBlockResult.cs new file mode 100644 index 00000000..da0b8f3b --- /dev/null +++ b/sdk/dotnet/Outputs/GetHostRuntimePolicyPackageBlockResult.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetHostRuntimePolicyPackageBlockResult + { + public readonly ImmutableArray BlockPackagesProcesses; + public readonly ImmutableArray BlockPackagesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockPackagesFiles; + public readonly ImmutableArray ExceptionalBlockPackagesProcesses; + public readonly ImmutableArray ExceptionalBlockPackagesUsers; + public readonly ImmutableArray PackagesBlackLists; + + [OutputConstructor] + private GetHostRuntimePolicyPackageBlockResult( + ImmutableArray blockPackagesProcesses, + + ImmutableArray blockPackagesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockPackagesFiles, + + ImmutableArray exceptionalBlockPackagesProcesses, + + ImmutableArray exceptionalBlockPackagesUsers, + + ImmutableArray packagesBlackLists) + { + BlockPackagesProcesses = blockPackagesProcesses; + BlockPackagesUsers = blockPackagesUsers; + Enabled = enabled; + ExceptionalBlockPackagesFiles = exceptionalBlockPackagesFiles; + ExceptionalBlockPackagesProcesses = exceptionalBlockPackagesProcesses; + ExceptionalBlockPackagesUsers = exceptionalBlockPackagesUsers; + PackagesBlackLists = packagesBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/GetHostRuntimePolicyScopeVariableResult.cs b/sdk/dotnet/Outputs/GetHostRuntimePolicyScopeVariableResult.cs index 4ce83b1e..cefe341f 100644 --- a/sdk/dotnet/Outputs/GetHostRuntimePolicyScopeVariableResult.cs +++ b/sdk/dotnet/Outputs/GetHostRuntimePolicyScopeVariableResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetHostRuntimePolicyScopeVariableResult { public readonly string Attribute; - /// - /// Name of the host runtime policy - /// public readonly string Name; public readonly string Value; diff --git a/sdk/dotnet/Outputs/GetImageAssuranceChecksPerformedResult.cs b/sdk/dotnet/Outputs/GetImageAssuranceChecksPerformedResult.cs index 53bd9e95..435e9e3c 100644 --- a/sdk/dotnet/Outputs/GetImageAssuranceChecksPerformedResult.cs +++ b/sdk/dotnet/Outputs/GetImageAssuranceChecksPerformedResult.cs @@ -17,13 +17,7 @@ public sealed class GetImageAssuranceChecksPerformedResult public readonly string AssuranceType; public readonly bool Blocking; public readonly string Control; - /// - /// If DTA was skipped. - /// public readonly bool DtaSkipped; - /// - /// The reason why DTA was skipped. - /// public readonly string DtaSkippedReason; public readonly bool Failed; public readonly string PolicyName; diff --git a/sdk/dotnet/Outputs/GetImageAssurancePolicyCustomCheckResult.cs b/sdk/dotnet/Outputs/GetImageAssurancePolicyCustomCheckResult.cs index f5975604..853c9456 100644 --- a/sdk/dotnet/Outputs/GetImageAssurancePolicyCustomCheckResult.cs +++ b/sdk/dotnet/Outputs/GetImageAssurancePolicyCustomCheckResult.cs @@ -14,9 +14,6 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetImageAssurancePolicyCustomCheckResult { - /// - /// Name of user account that created the policy. - /// public readonly string Author; public readonly string Description; public readonly string Engine; diff --git a/sdk/dotnet/Outputs/GetImageHistoryResult.cs b/sdk/dotnet/Outputs/GetImageHistoryResult.cs index 6dbb8b89..2727b9cc 100644 --- a/sdk/dotnet/Outputs/GetImageHistoryResult.cs +++ b/sdk/dotnet/Outputs/GetImageHistoryResult.cs @@ -14,18 +14,9 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetImageHistoryResult { - /// - /// The image creation comment. - /// public readonly string Comment; - /// - /// The date and time when the image was registered. - /// public readonly string Created; public readonly string CreatedBy; - /// - /// The ID of this resource. - /// public readonly string Id; public readonly int Size; diff --git a/sdk/dotnet/Outputs/GetImageVulnerabilityResult.cs b/sdk/dotnet/Outputs/GetImageVulnerabilityResult.cs index ad802635..278280e4 100644 --- a/sdk/dotnet/Outputs/GetImageVulnerabilityResult.cs +++ b/sdk/dotnet/Outputs/GetImageVulnerabilityResult.cs @@ -32,9 +32,6 @@ public sealed class GetImageVulnerabilityResult public readonly int BlockEventsCount; public readonly string Classification; public readonly string Description; - /// - /// The content digest of the image. - /// public readonly string Digest; public readonly string ExploitReference; public readonly string ExploitType; @@ -43,9 +40,6 @@ public sealed class GetImageVulnerabilityResult public readonly string ImageName; public readonly string LastFoundDate; public readonly string ModificationDate; - /// - /// The name of the image. - /// public readonly string Name; public readonly double NvdCvss2Score; public readonly string NvdCvss2Vectors; @@ -54,26 +48,11 @@ public sealed class GetImageVulnerabilityResult public readonly string NvdCvss3Vectors; public readonly string NvdSeverity; public readonly string NvdUrl; - /// - /// The operating system detected in the image - /// public readonly string Os; - /// - /// The version of the OS detected in the image. - /// public readonly string OsVersion; - /// - /// Permission of the image. - /// public readonly string Permission; public readonly string PublishDate; - /// - /// The name of the registry where the image is stored. - /// public readonly string Registry; - /// - /// The name of the image's repository. - /// public readonly string Repository; public readonly string ResourceArchitecture; public readonly string ResourceCpe; diff --git a/sdk/dotnet/Outputs/GetIntegrationRegistriesOptionResult.cs b/sdk/dotnet/Outputs/GetIntegrationRegistriesOptionResult.cs new file mode 100644 index 00000000..978f1e53 --- /dev/null +++ b/sdk/dotnet/Outputs/GetIntegrationRegistriesOptionResult.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetIntegrationRegistriesOptionResult + { + public readonly string? Option; + public readonly string? Value; + + [OutputConstructor] + private GetIntegrationRegistriesOptionResult( + string? option, + + string? value) + { + Option = option; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/GetIntegrationRegistriesWebhookResult.cs b/sdk/dotnet/Outputs/GetIntegrationRegistriesWebhookResult.cs new file mode 100644 index 00000000..40c16262 --- /dev/null +++ b/sdk/dotnet/Outputs/GetIntegrationRegistriesWebhookResult.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class GetIntegrationRegistriesWebhookResult + { + public readonly string? AuthToken; + public readonly bool? Enabled; + public readonly bool? UnQuarantine; + public readonly string? Url; + + [OutputConstructor] + private GetIntegrationRegistriesWebhookResult( + string? authToken, + + bool? enabled, + + bool? unQuarantine, + + string? url) + { + AuthToken = authToken; + Enabled = enabled; + UnQuarantine = unQuarantine; + Url = url; + } + } +} diff --git a/sdk/dotnet/Outputs/GetIntegrationRegistryWebhookResult.cs b/sdk/dotnet/Outputs/GetIntegrationRegistryWebhookResult.cs index 62fc219c..296a4f51 100644 --- a/sdk/dotnet/Outputs/GetIntegrationRegistryWebhookResult.cs +++ b/sdk/dotnet/Outputs/GetIntegrationRegistryWebhookResult.cs @@ -17,9 +17,6 @@ public sealed class GetIntegrationRegistryWebhookResult public readonly string? AuthToken; public readonly bool? Enabled; public readonly bool? UnQuarantine; - /// - /// The URL, address or region of the registry - /// public readonly string? Url; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/GetKubernetesAssurancePolicyCustomCheckResult.cs b/sdk/dotnet/Outputs/GetKubernetesAssurancePolicyCustomCheckResult.cs index dd433fd4..97368c22 100644 --- a/sdk/dotnet/Outputs/GetKubernetesAssurancePolicyCustomCheckResult.cs +++ b/sdk/dotnet/Outputs/GetKubernetesAssurancePolicyCustomCheckResult.cs @@ -14,9 +14,6 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class GetKubernetesAssurancePolicyCustomCheckResult { - /// - /// Name of user account that created the policy. - /// public readonly string Author; public readonly string Description; public readonly string Engine; diff --git a/sdk/dotnet/Outputs/GetNotificationsEmailResult.cs b/sdk/dotnet/Outputs/GetNotificationsEmailResult.cs index 7d55f37b..a4ea9d20 100644 --- a/sdk/dotnet/Outputs/GetNotificationsEmailResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsEmailResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsEmailResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetNotificationsJiraResult.cs b/sdk/dotnet/Outputs/GetNotificationsJiraResult.cs index 7a8e1cb4..1da6a7c3 100644 --- a/sdk/dotnet/Outputs/GetNotificationsJiraResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsJiraResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsJiraResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetNotificationsServicenowResult.cs b/sdk/dotnet/Outputs/GetNotificationsServicenowResult.cs index 88c87062..eb9ad01a 100644 --- a/sdk/dotnet/Outputs/GetNotificationsServicenowResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsServicenowResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsServicenowResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetNotificationsSlackResult.cs b/sdk/dotnet/Outputs/GetNotificationsSlackResult.cs index bef787ed..deff0380 100644 --- a/sdk/dotnet/Outputs/GetNotificationsSlackResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsSlackResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsSlackResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetNotificationsSplunkResult.cs b/sdk/dotnet/Outputs/GetNotificationsSplunkResult.cs index d5c568ea..aceb43a3 100644 --- a/sdk/dotnet/Outputs/GetNotificationsSplunkResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsSplunkResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsSplunkResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetNotificationsTeamResult.cs b/sdk/dotnet/Outputs/GetNotificationsTeamResult.cs index 4ee2a63d..76f4f6cb 100644 --- a/sdk/dotnet/Outputs/GetNotificationsTeamResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsTeamResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsTeamResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetNotificationsWebhookResult.cs b/sdk/dotnet/Outputs/GetNotificationsWebhookResult.cs index 4a6ccbe7..374fb105 100644 --- a/sdk/dotnet/Outputs/GetNotificationsWebhookResult.cs +++ b/sdk/dotnet/Outputs/GetNotificationsWebhookResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetNotificationsWebhookResult { public readonly string Author; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string LastUpdated; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetRolesMappingSaasRolesMappingResult.cs b/sdk/dotnet/Outputs/GetRolesMappingSaasRolesMappingResult.cs index 1dc38479..6ec9eb8c 100644 --- a/sdk/dotnet/Outputs/GetRolesMappingSaasRolesMappingResult.cs +++ b/sdk/dotnet/Outputs/GetRolesMappingSaasRolesMappingResult.cs @@ -17,9 +17,6 @@ public sealed class GetRolesMappingSaasRolesMappingResult public readonly int AccountId; public readonly string Created; public readonly string CspRole; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly ImmutableArray SamlGroups; diff --git a/sdk/dotnet/Outputs/GetServiceScopeVariableResult.cs b/sdk/dotnet/Outputs/GetServiceScopeVariableResult.cs index cca08960..0c0e2cc5 100644 --- a/sdk/dotnet/Outputs/GetServiceScopeVariableResult.cs +++ b/sdk/dotnet/Outputs/GetServiceScopeVariableResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetServiceScopeVariableResult { public readonly string Attribute; - /// - /// The name of the service. It is recommended not to use whitespace characters in the name. - /// public readonly string Name; public readonly string Value; diff --git a/sdk/dotnet/Outputs/GetUsersSaasUserGroupResult.cs b/sdk/dotnet/Outputs/GetUsersSaasUserGroupResult.cs index 96f9574e..07641c76 100644 --- a/sdk/dotnet/Outputs/GetUsersSaasUserGroupResult.cs +++ b/sdk/dotnet/Outputs/GetUsersSaasUserGroupResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetUsersSaasUserGroupResult { public readonly string Created; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string Name; diff --git a/sdk/dotnet/Outputs/GetUsersSaasUserLoginResult.cs b/sdk/dotnet/Outputs/GetUsersSaasUserLoginResult.cs index 7431f609..29edf88d 100644 --- a/sdk/dotnet/Outputs/GetUsersSaasUserLoginResult.cs +++ b/sdk/dotnet/Outputs/GetUsersSaasUserLoginResult.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class GetUsersSaasUserLoginResult { public readonly string Created; - /// - /// The ID of this resource. - /// public readonly int Id; public readonly string IpAddress; public readonly int UserId; diff --git a/sdk/dotnet/Outputs/HostAssurancePolicyPolicySettings.cs b/sdk/dotnet/Outputs/HostAssurancePolicyPolicySettings.cs new file mode 100644 index 00000000..53587705 --- /dev/null +++ b/sdk/dotnet/Outputs/HostAssurancePolicyPolicySettings.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostAssurancePolicyPolicySettings + { + public readonly bool? Enforce; + public readonly bool? IsAuditChecked; + public readonly bool? Warn; + public readonly string? WarningMessage; + + [OutputConstructor] + private HostAssurancePolicyPolicySettings( + bool? enforce, + + bool? isAuditChecked, + + bool? warn, + + string? warningMessage) + { + Enforce = enforce; + IsAuditChecked = isAuditChecked; + Warn = warn; + WarningMessage = warningMessage; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyAllowedExecutable.cs b/sdk/dotnet/Outputs/HostRuntimePolicyAllowedExecutable.cs new file mode 100644 index 00000000..b2b736e5 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyAllowedExecutable.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyAllowedExecutable + { + /// + /// List of allowed executables. + /// + public readonly ImmutableArray AllowExecutables; + /// + /// List of allowed root executables. + /// + public readonly ImmutableArray AllowRootExecutables; + /// + /// Whether allowed executables configuration is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to treat executables separately. + /// + public readonly bool? SeparateExecutables; + + [OutputConstructor] + private HostRuntimePolicyAllowedExecutable( + ImmutableArray allowExecutables, + + ImmutableArray allowRootExecutables, + + bool? enabled, + + bool? separateExecutables) + { + AllowExecutables = allowExecutables; + AllowRootExecutables = allowRootExecutables; + Enabled = enabled; + SeparateExecutables = separateExecutables; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyAllowedRegistry.cs b/sdk/dotnet/Outputs/HostRuntimePolicyAllowedRegistry.cs new file mode 100644 index 00000000..71cdde1a --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyAllowedRegistry.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyAllowedRegistry + { + /// + /// List of allowed registries. + /// + public readonly ImmutableArray AllowedRegistries; + /// + /// Whether allowed registries are enabled. + /// + public readonly bool? Enabled; + + [OutputConstructor] + private HostRuntimePolicyAllowedRegistry( + ImmutableArray allowedRegistries, + + bool? enabled) + { + AllowedRegistries = allowedRegistries; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyAuditing.cs b/sdk/dotnet/Outputs/HostRuntimePolicyAuditing.cs new file mode 100644 index 00000000..16704910 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyAuditing.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyAuditing + { + public readonly bool? AuditAllNetwork; + public readonly bool? AuditAllProcesses; + public readonly bool? AuditFailedLogin; + public readonly bool? AuditOsUserActivity; + public readonly bool? AuditProcessCmdline; + public readonly bool? AuditSuccessLogin; + public readonly bool? AuditUserAccountManagement; + public readonly bool? Enabled; + + [OutputConstructor] + private HostRuntimePolicyAuditing( + bool? auditAllNetwork, + + bool? auditAllProcesses, + + bool? auditFailedLogin, + + bool? auditOsUserActivity, + + bool? auditProcessCmdline, + + bool? auditSuccessLogin, + + bool? auditUserAccountManagement, + + bool? enabled) + { + AuditAllNetwork = auditAllNetwork; + AuditAllProcesses = auditAllProcesses; + AuditFailedLogin = auditFailedLogin; + AuditOsUserActivity = auditOsUserActivity; + AuditProcessCmdline = auditProcessCmdline; + AuditSuccessLogin = auditSuccessLogin; + AuditUserAccountManagement = auditUserAccountManagement; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyBlacklistedOsUsers.cs b/sdk/dotnet/Outputs/HostRuntimePolicyBlacklistedOsUsers.cs new file mode 100644 index 00000000..fe0eb118 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyBlacklistedOsUsers.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyBlacklistedOsUsers + { + public readonly bool? Enabled; + public readonly ImmutableArray GroupBlackLists; + public readonly ImmutableArray UserBlackLists; + + [OutputConstructor] + private HostRuntimePolicyBlacklistedOsUsers( + bool? enabled, + + ImmutableArray groupBlackLists, + + ImmutableArray userBlackLists) + { + Enabled = enabled; + GroupBlackLists = groupBlackLists; + UserBlackLists = userBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyBypassScope.cs b/sdk/dotnet/Outputs/HostRuntimePolicyBypassScope.cs new file mode 100644 index 00000000..9a64435f --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyBypassScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyBypassScope + { + /// + /// Whether bypassing the scope is enabled. + /// + public readonly bool? Enabled; + /// + /// Scope configuration. + /// + public readonly ImmutableArray Scopes; + + [OutputConstructor] + private HostRuntimePolicyBypassScope( + bool? enabled, + + ImmutableArray scopes) + { + Enabled = enabled; + Scopes = scopes; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyBypassScopeScope.cs b/sdk/dotnet/Outputs/HostRuntimePolicyBypassScopeScope.cs new file mode 100644 index 00000000..bc5967c1 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyBypassScopeScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyBypassScopeScope + { + /// + /// Scope expression. + /// + public readonly string? Expression; + /// + /// List of variables in the scope. + /// + public readonly ImmutableArray Variables; + + [OutputConstructor] + private HostRuntimePolicyBypassScopeScope( + string? expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyBypassScopeScopeVariable.cs b/sdk/dotnet/Outputs/HostRuntimePolicyBypassScopeScopeVariable.cs new file mode 100644 index 00000000..8eabf8be --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyBypassScopeScopeVariable.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyBypassScopeScopeVariable + { + /// + /// Variable attribute. + /// + public readonly string? Attribute; + /// + /// Variable value. + /// + public readonly string? Value; + + [OutputConstructor] + private HostRuntimePolicyBypassScopeScopeVariable( + string? attribute, + + string? value) + { + Attribute = attribute; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyContainerExec.cs b/sdk/dotnet/Outputs/HostRuntimePolicyContainerExec.cs new file mode 100644 index 00000000..59d38959 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyContainerExec.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyContainerExec + { + public readonly bool? BlockContainerExec; + public readonly ImmutableArray ContainerExecProcWhiteLists; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + + [OutputConstructor] + private HostRuntimePolicyContainerExec( + bool? blockContainerExec, + + ImmutableArray containerExecProcWhiteLists, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists) + { + BlockContainerExec = blockContainerExec; + ContainerExecProcWhiteLists = containerExecProcWhiteLists; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyDriftPrevention.cs b/sdk/dotnet/Outputs/HostRuntimePolicyDriftPrevention.cs new file mode 100644 index 00000000..7797c084 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyDriftPrevention.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyDriftPrevention + { + /// + /// Whether drift prevention is enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to lockdown execution drift. + /// + public readonly bool? ExecLockdown; + /// + /// List of items in the execution lockdown white list. + /// + public readonly ImmutableArray ExecLockdownWhiteLists; + /// + /// Whether to lockdown image drift. + /// + public readonly bool? ImageLockdown; + + [OutputConstructor] + private HostRuntimePolicyDriftPrevention( + bool? enabled, + + bool? execLockdown, + + ImmutableArray execLockdownWhiteLists, + + bool? imageLockdown) + { + Enabled = enabled; + ExecLockdown = execLockdown; + ExecLockdownWhiteLists = execLockdownWhiteLists; + ImageLockdown = imageLockdown; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyExecutableBlacklist.cs b/sdk/dotnet/Outputs/HostRuntimePolicyExecutableBlacklist.cs new file mode 100644 index 00000000..63052101 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyExecutableBlacklist.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyExecutableBlacklist + { + /// + /// Whether the executable blacklist is enabled. + /// + public readonly bool? Enabled; + /// + /// List of blacklisted executables. + /// + public readonly ImmutableArray Executables; + + [OutputConstructor] + private HostRuntimePolicyExecutableBlacklist( + bool? enabled, + + ImmutableArray executables) + { + Enabled = enabled; + Executables = executables; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyFailedKubernetesChecks.cs b/sdk/dotnet/Outputs/HostRuntimePolicyFailedKubernetesChecks.cs new file mode 100644 index 00000000..580d5471 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyFailedKubernetesChecks.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyFailedKubernetesChecks + { + public readonly bool? Enabled; + public readonly ImmutableArray FailedChecks; + + [OutputConstructor] + private HostRuntimePolicyFailedKubernetesChecks( + bool? enabled, + + ImmutableArray failedChecks) + { + Enabled = enabled; + FailedChecks = failedChecks; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyFileBlock.cs b/sdk/dotnet/Outputs/HostRuntimePolicyFileBlock.cs new file mode 100644 index 00000000..454ed074 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyFileBlock.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyFileBlock + { + public readonly ImmutableArray BlockFilesProcesses; + public readonly ImmutableArray BlockFilesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockFiles; + public readonly ImmutableArray ExceptionalBlockFilesProcesses; + public readonly ImmutableArray ExceptionalBlockFilesUsers; + public readonly ImmutableArray FilenameBlockLists; + + [OutputConstructor] + private HostRuntimePolicyFileBlock( + ImmutableArray blockFilesProcesses, + + ImmutableArray blockFilesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockFiles, + + ImmutableArray exceptionalBlockFilesProcesses, + + ImmutableArray exceptionalBlockFilesUsers, + + ImmutableArray filenameBlockLists) + { + BlockFilesProcesses = blockFilesProcesses; + BlockFilesUsers = blockFilesUsers; + Enabled = enabled; + ExceptionalBlockFiles = exceptionalBlockFiles; + ExceptionalBlockFilesProcesses = exceptionalBlockFilesProcesses; + ExceptionalBlockFilesUsers = exceptionalBlockFilesUsers; + FilenameBlockLists = filenameBlockLists; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyFileIntegrityMonitoring.cs b/sdk/dotnet/Outputs/HostRuntimePolicyFileIntegrityMonitoring.cs index c071602c..c1735d6e 100644 --- a/sdk/dotnet/Outputs/HostRuntimePolicyFileIntegrityMonitoring.cs +++ b/sdk/dotnet/Outputs/HostRuntimePolicyFileIntegrityMonitoring.cs @@ -15,85 +15,92 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class HostRuntimePolicyFileIntegrityMonitoring { /// - /// List of paths to be excluded from being monitored. + /// If true, file integrity monitoring is enabled. /// - public readonly ImmutableArray ExcludedPaths; + public readonly bool? Enabled; /// - /// List of processes to be excluded from being monitored. + /// List of paths to be excluded from monitoring. /// - public readonly ImmutableArray ExcludedProcesses; + public readonly ImmutableArray ExceptionalMonitoredFiles; /// - /// List of users to be excluded from being monitored. + /// List of processes to be excluded from monitoring. /// - public readonly ImmutableArray ExcludedUsers; + public readonly ImmutableArray ExceptionalMonitoredFilesProcesses; /// - /// If true, add attributes operations will be monitored. + /// List of users to be excluded from monitoring. /// - public readonly bool? MonitorAttributes; + public readonly ImmutableArray ExceptionalMonitoredFilesUsers; /// - /// If true, create operations will be monitored. + /// List of paths to be monitored. /// - public readonly bool? MonitorCreate; + public readonly ImmutableArray MonitoredFiles; /// - /// If true, deletion operations will be monitored. + /// Whether to monitor file attribute operations. /// - public readonly bool? MonitorDelete; + public readonly bool? MonitoredFilesAttributes; /// - /// If true, modification operations will be monitored. + /// Whether to monitor file create operations. /// - public readonly bool? MonitorModify; + public readonly bool? MonitoredFilesCreate; /// - /// If true, read operations will be monitored. + /// Whether to monitor file delete operations. /// - public readonly bool? MonitorRead; + public readonly bool? MonitoredFilesDelete; /// - /// List of paths to be monitored. + /// Whether to monitor file modify operations. /// - public readonly ImmutableArray MonitoredPaths; + public readonly bool? MonitoredFilesModify; /// - /// List of processes to be monitored. + /// List of processes associated with monitored files. /// - public readonly ImmutableArray MonitoredProcesses; + public readonly ImmutableArray MonitoredFilesProcesses; /// - /// List of users to be monitored. + /// Whether to monitor file read operations. /// - public readonly ImmutableArray MonitoredUsers; + public readonly bool? MonitoredFilesRead; + /// + /// List of users associated with monitored files. + /// + public readonly ImmutableArray MonitoredFilesUsers; [OutputConstructor] private HostRuntimePolicyFileIntegrityMonitoring( - ImmutableArray excludedPaths, + bool? enabled, + + ImmutableArray exceptionalMonitoredFiles, - ImmutableArray excludedProcesses, + ImmutableArray exceptionalMonitoredFilesProcesses, - ImmutableArray excludedUsers, + ImmutableArray exceptionalMonitoredFilesUsers, - bool? monitorAttributes, + ImmutableArray monitoredFiles, - bool? monitorCreate, + bool? monitoredFilesAttributes, - bool? monitorDelete, + bool? monitoredFilesCreate, - bool? monitorModify, + bool? monitoredFilesDelete, - bool? monitorRead, + bool? monitoredFilesModify, - ImmutableArray monitoredPaths, + ImmutableArray monitoredFilesProcesses, - ImmutableArray monitoredProcesses, + bool? monitoredFilesRead, - ImmutableArray monitoredUsers) + ImmutableArray monitoredFilesUsers) { - ExcludedPaths = excludedPaths; - ExcludedProcesses = excludedProcesses; - ExcludedUsers = excludedUsers; - MonitorAttributes = monitorAttributes; - MonitorCreate = monitorCreate; - MonitorDelete = monitorDelete; - MonitorModify = monitorModify; - MonitorRead = monitorRead; - MonitoredPaths = monitoredPaths; - MonitoredProcesses = monitoredProcesses; - MonitoredUsers = monitoredUsers; + Enabled = enabled; + ExceptionalMonitoredFiles = exceptionalMonitoredFiles; + ExceptionalMonitoredFilesProcesses = exceptionalMonitoredFilesProcesses; + ExceptionalMonitoredFilesUsers = exceptionalMonitoredFilesUsers; + MonitoredFiles = monitoredFiles; + MonitoredFilesAttributes = monitoredFilesAttributes; + MonitoredFilesCreate = monitoredFilesCreate; + MonitoredFilesDelete = monitoredFilesDelete; + MonitoredFilesModify = monitoredFilesModify; + MonitoredFilesProcesses = monitoredFilesProcesses; + MonitoredFilesRead = monitoredFilesRead; + MonitoredFilesUsers = monitoredFilesUsers; } } } diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyLimitContainerPrivilege.cs b/sdk/dotnet/Outputs/HostRuntimePolicyLimitContainerPrivilege.cs new file mode 100644 index 00000000..a6e846af --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyLimitContainerPrivilege.cs @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyLimitContainerPrivilege + { + /// + /// Whether to block adding capabilities. + /// + public readonly bool? BlockAddCapabilities; + /// + /// Whether container privilege limitations are enabled. + /// + public readonly bool? Enabled; + /// + /// Whether to limit IPC-related capabilities. + /// + public readonly bool? Ipcmode; + /// + /// Whether to limit network-related capabilities. + /// + public readonly bool? Netmode; + /// + /// Whether to limit process-related capabilities. + /// + public readonly bool? Pidmode; + /// + /// Whether to prevent low port binding. + /// + public readonly bool? PreventLowPortBinding; + /// + /// Whether to prevent the use of the root user. + /// + public readonly bool? PreventRootUser; + /// + /// Whether the container is run in privileged mode. + /// + public readonly bool? Privileged; + /// + /// Whether to use the host user. + /// + public readonly bool? UseHostUser; + /// + /// Whether to limit user-related capabilities. + /// + public readonly bool? Usermode; + /// + /// Whether to limit UTS-related capabilities. + /// + public readonly bool? Utsmode; + + [OutputConstructor] + private HostRuntimePolicyLimitContainerPrivilege( + bool? blockAddCapabilities, + + bool? enabled, + + bool? ipcmode, + + bool? netmode, + + bool? pidmode, + + bool? preventLowPortBinding, + + bool? preventRootUser, + + bool? privileged, + + bool? useHostUser, + + bool? usermode, + + bool? utsmode) + { + BlockAddCapabilities = blockAddCapabilities; + Enabled = enabled; + Ipcmode = ipcmode; + Netmode = netmode; + Pidmode = pidmode; + PreventLowPortBinding = preventLowPortBinding; + PreventRootUser = preventRootUser; + Privileged = privileged; + UseHostUser = useHostUser; + Usermode = usermode; + Utsmode = utsmode; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyLinuxCapabilities.cs b/sdk/dotnet/Outputs/HostRuntimePolicyLinuxCapabilities.cs new file mode 100644 index 00000000..78506a61 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyLinuxCapabilities.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyLinuxCapabilities + { + public readonly bool? Enabled; + public readonly ImmutableArray RemoveLinuxCapabilities; + + [OutputConstructor] + private HostRuntimePolicyLinuxCapabilities( + bool? enabled, + + ImmutableArray removeLinuxCapabilities) + { + Enabled = enabled; + RemoveLinuxCapabilities = removeLinuxCapabilities; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyMalwareScanOptions.cs b/sdk/dotnet/Outputs/HostRuntimePolicyMalwareScanOptions.cs index ad612c19..0a517ebb 100644 --- a/sdk/dotnet/Outputs/HostRuntimePolicyMalwareScanOptions.cs +++ b/sdk/dotnet/Outputs/HostRuntimePolicyMalwareScanOptions.cs @@ -30,6 +30,10 @@ public sealed class HostRuntimePolicyMalwareScanOptions /// List of registry processes to be excluded from being protected. /// public readonly ImmutableArray ExcludeProcesses; + /// + /// List of registry paths to be excluded from being protected. + /// + public readonly ImmutableArray IncludeDirectories; [OutputConstructor] private HostRuntimePolicyMalwareScanOptions( @@ -39,12 +43,15 @@ private HostRuntimePolicyMalwareScanOptions( ImmutableArray excludeDirectories, - ImmutableArray excludeProcesses) + ImmutableArray excludeProcesses, + + ImmutableArray includeDirectories) { Action = action; Enabled = enabled; ExcludeDirectories = excludeDirectories; ExcludeProcesses = excludeProcesses; + IncludeDirectories = includeDirectories; } } } diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyPackageBlock.cs b/sdk/dotnet/Outputs/HostRuntimePolicyPackageBlock.cs new file mode 100644 index 00000000..73fd4213 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyPackageBlock.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyPackageBlock + { + public readonly ImmutableArray BlockPackagesProcesses; + public readonly ImmutableArray BlockPackagesUsers; + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalBlockPackagesFiles; + public readonly ImmutableArray ExceptionalBlockPackagesProcesses; + public readonly ImmutableArray ExceptionalBlockPackagesUsers; + public readonly ImmutableArray PackagesBlackLists; + + [OutputConstructor] + private HostRuntimePolicyPackageBlock( + ImmutableArray blockPackagesProcesses, + + ImmutableArray blockPackagesUsers, + + bool? enabled, + + ImmutableArray exceptionalBlockPackagesFiles, + + ImmutableArray exceptionalBlockPackagesProcesses, + + ImmutableArray exceptionalBlockPackagesUsers, + + ImmutableArray packagesBlackLists) + { + BlockPackagesProcesses = blockPackagesProcesses; + BlockPackagesUsers = blockPackagesUsers; + Enabled = enabled; + ExceptionalBlockPackagesFiles = exceptionalBlockPackagesFiles; + ExceptionalBlockPackagesProcesses = exceptionalBlockPackagesProcesses; + ExceptionalBlockPackagesUsers = exceptionalBlockPackagesUsers; + PackagesBlackLists = packagesBlackLists; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyPortBlock.cs b/sdk/dotnet/Outputs/HostRuntimePolicyPortBlock.cs new file mode 100644 index 00000000..9b22e858 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyPortBlock.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyPortBlock + { + public readonly ImmutableArray BlockInboundPorts; + public readonly ImmutableArray BlockOutboundPorts; + public readonly bool? Enabled; + + [OutputConstructor] + private HostRuntimePolicyPortBlock( + ImmutableArray blockInboundPorts, + + ImmutableArray blockOutboundPorts, + + bool? enabled) + { + BlockInboundPorts = blockInboundPorts; + BlockOutboundPorts = blockOutboundPorts; + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyReadonlyFiles.cs b/sdk/dotnet/Outputs/HostRuntimePolicyReadonlyFiles.cs new file mode 100644 index 00000000..ea73c403 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyReadonlyFiles.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyReadonlyFiles + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyFiles; + public readonly ImmutableArray ExceptionalReadonlyFilesProcesses; + public readonly ImmutableArray ExceptionalReadonlyFilesUsers; + public readonly ImmutableArray ReadonlyFiles; + public readonly ImmutableArray ReadonlyFilesProcesses; + public readonly ImmutableArray ReadonlyFilesUsers; + + [OutputConstructor] + private HostRuntimePolicyReadonlyFiles( + bool? enabled, + + ImmutableArray exceptionalReadonlyFiles, + + ImmutableArray exceptionalReadonlyFilesProcesses, + + ImmutableArray exceptionalReadonlyFilesUsers, + + ImmutableArray readonlyFiles, + + ImmutableArray readonlyFilesProcesses, + + ImmutableArray readonlyFilesUsers) + { + Enabled = enabled; + ExceptionalReadonlyFiles = exceptionalReadonlyFiles; + ExceptionalReadonlyFilesProcesses = exceptionalReadonlyFilesProcesses; + ExceptionalReadonlyFilesUsers = exceptionalReadonlyFilesUsers; + ReadonlyFiles = readonlyFiles; + ReadonlyFilesProcesses = readonlyFilesProcesses; + ReadonlyFilesUsers = readonlyFilesUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyReadonlyRegistry.cs b/sdk/dotnet/Outputs/HostRuntimePolicyReadonlyRegistry.cs new file mode 100644 index 00000000..0d656256 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyReadonlyRegistry.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyReadonlyRegistry + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalReadonlyRegistryPaths; + public readonly ImmutableArray ExceptionalReadonlyRegistryProcesses; + public readonly ImmutableArray ExceptionalReadonlyRegistryUsers; + public readonly ImmutableArray ReadonlyRegistryPaths; + public readonly ImmutableArray ReadonlyRegistryProcesses; + public readonly ImmutableArray ReadonlyRegistryUsers; + + [OutputConstructor] + private HostRuntimePolicyReadonlyRegistry( + bool? enabled, + + ImmutableArray exceptionalReadonlyRegistryPaths, + + ImmutableArray exceptionalReadonlyRegistryProcesses, + + ImmutableArray exceptionalReadonlyRegistryUsers, + + ImmutableArray readonlyRegistryPaths, + + ImmutableArray readonlyRegistryProcesses, + + ImmutableArray readonlyRegistryUsers) + { + Enabled = enabled; + ExceptionalReadonlyRegistryPaths = exceptionalReadonlyRegistryPaths; + ExceptionalReadonlyRegistryProcesses = exceptionalReadonlyRegistryProcesses; + ExceptionalReadonlyRegistryUsers = exceptionalReadonlyRegistryUsers; + ReadonlyRegistryPaths = readonlyRegistryPaths; + ReadonlyRegistryProcesses = readonlyRegistryProcesses; + ReadonlyRegistryUsers = readonlyRegistryUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyRegistryAccessMonitoring.cs b/sdk/dotnet/Outputs/HostRuntimePolicyRegistryAccessMonitoring.cs new file mode 100644 index 00000000..d4c9411d --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyRegistryAccessMonitoring.cs @@ -0,0 +1,70 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyRegistryAccessMonitoring + { + public readonly bool? Enabled; + public readonly ImmutableArray ExceptionalMonitoredRegistryPaths; + public readonly ImmutableArray ExceptionalMonitoredRegistryProcesses; + public readonly ImmutableArray ExceptionalMonitoredRegistryUsers; + public readonly bool? MonitoredRegistryAttributes; + public readonly bool? MonitoredRegistryCreate; + public readonly bool? MonitoredRegistryDelete; + public readonly bool? MonitoredRegistryModify; + public readonly ImmutableArray MonitoredRegistryPaths; + public readonly ImmutableArray MonitoredRegistryProcesses; + public readonly bool? MonitoredRegistryRead; + public readonly ImmutableArray MonitoredRegistryUsers; + + [OutputConstructor] + private HostRuntimePolicyRegistryAccessMonitoring( + bool? enabled, + + ImmutableArray exceptionalMonitoredRegistryPaths, + + ImmutableArray exceptionalMonitoredRegistryProcesses, + + ImmutableArray exceptionalMonitoredRegistryUsers, + + bool? monitoredRegistryAttributes, + + bool? monitoredRegistryCreate, + + bool? monitoredRegistryDelete, + + bool? monitoredRegistryModify, + + ImmutableArray monitoredRegistryPaths, + + ImmutableArray monitoredRegistryProcesses, + + bool? monitoredRegistryRead, + + ImmutableArray monitoredRegistryUsers) + { + Enabled = enabled; + ExceptionalMonitoredRegistryPaths = exceptionalMonitoredRegistryPaths; + ExceptionalMonitoredRegistryProcesses = exceptionalMonitoredRegistryProcesses; + ExceptionalMonitoredRegistryUsers = exceptionalMonitoredRegistryUsers; + MonitoredRegistryAttributes = monitoredRegistryAttributes; + MonitoredRegistryCreate = monitoredRegistryCreate; + MonitoredRegistryDelete = monitoredRegistryDelete; + MonitoredRegistryModify = monitoredRegistryModify; + MonitoredRegistryPaths = monitoredRegistryPaths; + MonitoredRegistryProcesses = monitoredRegistryProcesses; + MonitoredRegistryRead = monitoredRegistryRead; + MonitoredRegistryUsers = monitoredRegistryUsers; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyRestrictedVolume.cs b/sdk/dotnet/Outputs/HostRuntimePolicyRestrictedVolume.cs new file mode 100644 index 00000000..ef7520c2 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyRestrictedVolume.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyRestrictedVolume + { + /// + /// Whether restricted volumes are enabled. + /// + public readonly bool? Enabled; + /// + /// List of restricted volumes. + /// + public readonly ImmutableArray Volumes; + + [OutputConstructor] + private HostRuntimePolicyRestrictedVolume( + bool? enabled, + + ImmutableArray volumes) + { + Enabled = enabled; + Volumes = volumes; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyReverseShell.cs b/sdk/dotnet/Outputs/HostRuntimePolicyReverseShell.cs new file mode 100644 index 00000000..ceae3998 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyReverseShell.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyReverseShell + { + public readonly bool? BlockReverseShell; + public readonly bool? Enabled; + public readonly ImmutableArray ReverseShellIpWhiteLists; + public readonly ImmutableArray ReverseShellProcWhiteLists; + + [OutputConstructor] + private HostRuntimePolicyReverseShell( + bool? blockReverseShell, + + bool? enabled, + + ImmutableArray reverseShellIpWhiteLists, + + ImmutableArray reverseShellProcWhiteLists) + { + BlockReverseShell = blockReverseShell; + Enabled = enabled; + ReverseShellIpWhiteLists = reverseShellIpWhiteLists; + ReverseShellProcWhiteLists = reverseShellProcWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyScope.cs b/sdk/dotnet/Outputs/HostRuntimePolicyScope.cs new file mode 100644 index 00000000..7bb8fbb1 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyScope.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyScope + { + /// + /// Scope expression. + /// + public readonly string Expression; + /// + /// List of variables in the scope. + /// + public readonly ImmutableArray Variables; + + [OutputConstructor] + private HostRuntimePolicyScope( + string expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicySystemIntegrityProtection.cs b/sdk/dotnet/Outputs/HostRuntimePolicySystemIntegrityProtection.cs new file mode 100644 index 00000000..e9f25de8 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicySystemIntegrityProtection.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicySystemIntegrityProtection + { + public readonly bool? AuditSystemtimeChange; + public readonly bool? Enabled; + public readonly bool? MonitorAuditLogIntegrity; + public readonly bool? WindowsServicesMonitoring; + + [OutputConstructor] + private HostRuntimePolicySystemIntegrityProtection( + bool? auditSystemtimeChange, + + bool? enabled, + + bool? monitorAuditLogIntegrity, + + bool? windowsServicesMonitoring) + { + AuditSystemtimeChange = auditSystemtimeChange; + Enabled = enabled; + MonitorAuditLogIntegrity = monitorAuditLogIntegrity; + WindowsServicesMonitoring = windowsServicesMonitoring; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyTripwire.cs b/sdk/dotnet/Outputs/HostRuntimePolicyTripwire.cs new file mode 100644 index 00000000..fb085f31 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyTripwire.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyTripwire + { + public readonly ImmutableArray ApplyOns; + public readonly bool? Enabled; + public readonly string? ServerlessApp; + public readonly string? UserId; + public readonly string? UserPassword; + + [OutputConstructor] + private HostRuntimePolicyTripwire( + ImmutableArray applyOns, + + bool? enabled, + + string? serverlessApp, + + string? userId, + + string? userPassword) + { + ApplyOns = applyOns; + Enabled = enabled; + ServerlessApp = serverlessApp; + UserId = userId; + UserPassword = userPassword; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyWhitelistedOsUsers.cs b/sdk/dotnet/Outputs/HostRuntimePolicyWhitelistedOsUsers.cs new file mode 100644 index 00000000..54a30062 --- /dev/null +++ b/sdk/dotnet/Outputs/HostRuntimePolicyWhitelistedOsUsers.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class HostRuntimePolicyWhitelistedOsUsers + { + public readonly bool? Enabled; + public readonly ImmutableArray GroupWhiteLists; + public readonly ImmutableArray UserWhiteLists; + + [OutputConstructor] + private HostRuntimePolicyWhitelistedOsUsers( + bool? enabled, + + ImmutableArray groupWhiteLists, + + ImmutableArray userWhiteLists) + { + Enabled = enabled; + GroupWhiteLists = groupWhiteLists; + UserWhiteLists = userWhiteLists; + } + } +} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyWindowsRegistryMonitoring.cs b/sdk/dotnet/Outputs/HostRuntimePolicyWindowsRegistryMonitoring.cs deleted file mode 100644 index be7e2317..00000000 --- a/sdk/dotnet/Outputs/HostRuntimePolicyWindowsRegistryMonitoring.cs +++ /dev/null @@ -1,99 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; -using Pulumi; - -namespace Pulumiverse.Aquasec.Outputs -{ - - [OutputType] - public sealed class HostRuntimePolicyWindowsRegistryMonitoring - { - /// - /// List of paths to be excluded from being monitored. - /// - public readonly ImmutableArray ExcludedPaths; - /// - /// List of registry processes to be excluded from being monitored. - /// - public readonly ImmutableArray ExcludedProcesses; - /// - /// List of registry users to be excluded from being monitored. - /// - public readonly ImmutableArray ExcludedUsers; - /// - /// If true, add attributes operations will be monitored. - /// - public readonly bool? MonitorAttributes; - /// - /// If true, create operations will be monitored. - /// - public readonly bool? MonitorCreate; - /// - /// If true, deletion operations will be monitored. - /// - public readonly bool? MonitorDelete; - /// - /// If true, modification operations will be monitored. - /// - public readonly bool? MonitorModify; - /// - /// If true, read operations will be monitored. - /// - public readonly bool? MonitorRead; - /// - /// List of paths to be monitored. - /// - public readonly ImmutableArray MonitoredPaths; - /// - /// List of registry processes to be monitored. - /// - public readonly ImmutableArray MonitoredProcesses; - /// - /// List of registry users to be monitored. - /// - public readonly ImmutableArray MonitoredUsers; - - [OutputConstructor] - private HostRuntimePolicyWindowsRegistryMonitoring( - ImmutableArray excludedPaths, - - ImmutableArray excludedProcesses, - - ImmutableArray excludedUsers, - - bool? monitorAttributes, - - bool? monitorCreate, - - bool? monitorDelete, - - bool? monitorModify, - - bool? monitorRead, - - ImmutableArray monitoredPaths, - - ImmutableArray monitoredProcesses, - - ImmutableArray monitoredUsers) - { - ExcludedPaths = excludedPaths; - ExcludedProcesses = excludedProcesses; - ExcludedUsers = excludedUsers; - MonitorAttributes = monitorAttributes; - MonitorCreate = monitorCreate; - MonitorDelete = monitorDelete; - MonitorModify = monitorModify; - MonitorRead = monitorRead; - MonitoredPaths = monitoredPaths; - MonitoredProcesses = monitoredProcesses; - MonitoredUsers = monitoredUsers; - } - } -} diff --git a/sdk/dotnet/Outputs/HostRuntimePolicyWindowsRegistryProtection.cs b/sdk/dotnet/Outputs/HostRuntimePolicyWindowsRegistryProtection.cs deleted file mode 100644 index 54965b2d..00000000 --- a/sdk/dotnet/Outputs/HostRuntimePolicyWindowsRegistryProtection.cs +++ /dev/null @@ -1,64 +0,0 @@ -// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** -// *** Do not edit by hand unless you're certain you know what you are doing! *** - -using System; -using System.Collections.Generic; -using System.Collections.Immutable; -using System.Threading.Tasks; -using Pulumi.Serialization; -using Pulumi; - -namespace Pulumiverse.Aquasec.Outputs -{ - - [OutputType] - public sealed class HostRuntimePolicyWindowsRegistryProtection - { - /// - /// List of registry paths to be excluded from being protected. - /// - public readonly ImmutableArray ExcludedPaths; - /// - /// List of registry processes to be excluded from being protected. - /// - public readonly ImmutableArray ExcludedProcesses; - /// - /// List of registry paths to be users from being protected. - /// - public readonly ImmutableArray ExcludedUsers; - /// - /// List of registry paths to be protected. - /// - public readonly ImmutableArray ProtectedPaths; - /// - /// List of registry processes to be protected. - /// - public readonly ImmutableArray ProtectedProcesses; - /// - /// List of registry users to be protected. - /// - public readonly ImmutableArray ProtectedUsers; - - [OutputConstructor] - private HostRuntimePolicyWindowsRegistryProtection( - ImmutableArray excludedPaths, - - ImmutableArray excludedProcesses, - - ImmutableArray excludedUsers, - - ImmutableArray protectedPaths, - - ImmutableArray protectedProcesses, - - ImmutableArray protectedUsers) - { - ExcludedPaths = excludedPaths; - ExcludedProcesses = excludedProcesses; - ExcludedUsers = excludedUsers; - ProtectedPaths = protectedPaths; - ProtectedProcesses = protectedProcesses; - ProtectedUsers = protectedUsers; - } - } -} diff --git a/sdk/dotnet/Outputs/ImageAssuranceChecksPerformed.cs b/sdk/dotnet/Outputs/ImageAssuranceChecksPerformed.cs index c83c2ccb..eafccc92 100644 --- a/sdk/dotnet/Outputs/ImageAssuranceChecksPerformed.cs +++ b/sdk/dotnet/Outputs/ImageAssuranceChecksPerformed.cs @@ -17,13 +17,7 @@ public sealed class ImageAssuranceChecksPerformed public readonly string? AssuranceType; public readonly bool? Blocking; public readonly string? Control; - /// - /// If DTA was skipped. - /// public readonly bool? DtaSkipped; - /// - /// The reason why DTA was skipped. - /// public readonly string? DtaSkippedReason; public readonly bool? Failed; public readonly string? PolicyName; diff --git a/sdk/dotnet/Outputs/ImageAssurancePolicyKubernetesControls.cs b/sdk/dotnet/Outputs/ImageAssurancePolicyKubernetesControls.cs new file mode 100644 index 00000000..e36a78c9 --- /dev/null +++ b/sdk/dotnet/Outputs/ImageAssurancePolicyKubernetesControls.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ImageAssurancePolicyKubernetesControls + { + public readonly string? AvdId; + public readonly string? Description; + public readonly bool? Enabled; + public readonly string? Kind; + public readonly string? Name; + public readonly bool? Ootb; + public readonly int? ScriptId; + public readonly string? Severity; + + [OutputConstructor] + private ImageAssurancePolicyKubernetesControls( + string? avdId, + + string? description, + + bool? enabled, + + string? kind, + + string? name, + + bool? ootb, + + int? scriptId, + + string? severity) + { + AvdId = avdId; + Description = description; + Enabled = enabled; + Kind = kind; + Name = name; + Ootb = ootb; + ScriptId = scriptId; + Severity = severity; + } + } +} diff --git a/sdk/dotnet/Outputs/ImageAssurancePolicyPolicySettings.cs b/sdk/dotnet/Outputs/ImageAssurancePolicyPolicySettings.cs new file mode 100644 index 00000000..89a114c2 --- /dev/null +++ b/sdk/dotnet/Outputs/ImageAssurancePolicyPolicySettings.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class ImageAssurancePolicyPolicySettings + { + public readonly bool? Enforce; + public readonly bool? IsAuditChecked; + public readonly bool? Warn; + public readonly string? WarningMessage; + + [OutputConstructor] + private ImageAssurancePolicyPolicySettings( + bool? enforce, + + bool? isAuditChecked, + + bool? warn, + + string? warningMessage) + { + Enforce = enforce; + IsAuditChecked = isAuditChecked; + Warn = warn; + WarningMessage = warningMessage; + } + } +} diff --git a/sdk/dotnet/Outputs/ImageHistory.cs b/sdk/dotnet/Outputs/ImageHistory.cs index cf0cd48f..d69f0a4b 100644 --- a/sdk/dotnet/Outputs/ImageHistory.cs +++ b/sdk/dotnet/Outputs/ImageHistory.cs @@ -14,18 +14,9 @@ namespace Pulumiverse.Aquasec.Outputs [OutputType] public sealed class ImageHistory { - /// - /// The image creation comment. - /// public readonly string? Comment; - /// - /// The date and time when the image was registered. - /// public readonly string? Created; public readonly string? CreatedBy; - /// - /// The ID of this resource. - /// public readonly string? Id; public readonly int? Size; diff --git a/sdk/dotnet/Outputs/ImageVulnerability.cs b/sdk/dotnet/Outputs/ImageVulnerability.cs index e6ff8e82..b2b415b4 100644 --- a/sdk/dotnet/Outputs/ImageVulnerability.cs +++ b/sdk/dotnet/Outputs/ImageVulnerability.cs @@ -32,9 +32,6 @@ public sealed class ImageVulnerability public readonly int? BlockEventsCount; public readonly string? Classification; public readonly string? Description; - /// - /// The content digest of the image. - /// public readonly string? Digest; public readonly string? ExploitReference; public readonly string? ExploitType; @@ -43,9 +40,6 @@ public sealed class ImageVulnerability public readonly string? ImageName; public readonly string? LastFoundDate; public readonly string? ModificationDate; - /// - /// The name of the image. - /// public readonly string? Name; public readonly double? NvdCvss2Score; public readonly string? NvdCvss2Vectors; @@ -54,26 +48,11 @@ public sealed class ImageVulnerability public readonly string? NvdCvss3Vectors; public readonly string? NvdSeverity; public readonly string? NvdUrl; - /// - /// The operating system detected in the image - /// public readonly string? Os; - /// - /// The version of the OS detected in the image. - /// public readonly string? OsVersion; - /// - /// Permission of the image. - /// public readonly string? Permission; public readonly string? PublishDate; - /// - /// The name of the registry where the image is stored. - /// public readonly string? Registry; - /// - /// The name of the image's repository. - /// public readonly string? Repository; public readonly string? ResourceArchitecture; public readonly string? ResourceCpe; diff --git a/sdk/dotnet/Outputs/IntegrationRegistryWebhook.cs b/sdk/dotnet/Outputs/IntegrationRegistryWebhook.cs index 37fb2d63..1778b9fa 100644 --- a/sdk/dotnet/Outputs/IntegrationRegistryWebhook.cs +++ b/sdk/dotnet/Outputs/IntegrationRegistryWebhook.cs @@ -17,9 +17,6 @@ public sealed class IntegrationRegistryWebhook public readonly string? AuthToken; public readonly bool? Enabled; public readonly bool? UnQuarantine; - /// - /// The URL, address or region of the registry - /// public readonly string? Url; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/KubernetesAssurancePolicyKubernetesControl.cs b/sdk/dotnet/Outputs/KubernetesAssurancePolicyKubernetesControl.cs new file mode 100644 index 00000000..8ec330d6 --- /dev/null +++ b/sdk/dotnet/Outputs/KubernetesAssurancePolicyKubernetesControl.cs @@ -0,0 +1,78 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class KubernetesAssurancePolicyKubernetesControl + { + /// + /// AVD ID. + /// + public readonly string? AvdId; + /// + /// Description of the control. + /// + public readonly string? Description; + /// + /// Is the control enabled? + /// + public readonly bool? Enabled; + /// + /// Kind of the control. + /// + public readonly string? Kind; + /// + /// Name of the control. + /// + public readonly string? Name; + /// + /// Out-of-the-box status of the control. + /// + public readonly bool? Ootb; + /// + /// Script ID. + /// + public readonly int? ScriptId; + /// + /// Severity of the control. + /// + public readonly string? Severity; + + [OutputConstructor] + private KubernetesAssurancePolicyKubernetesControl( + string? avdId, + + string? description, + + bool? enabled, + + string? kind, + + string? name, + + bool? ootb, + + int? scriptId, + + string? severity) + { + AvdId = avdId; + Description = description; + Enabled = enabled; + Kind = kind; + Name = name; + Ootb = ootb; + ScriptId = scriptId; + Severity = severity; + } + } +} diff --git a/sdk/dotnet/Outputs/KubernetesAssurancePolicyPolicySettings.cs b/sdk/dotnet/Outputs/KubernetesAssurancePolicyPolicySettings.cs new file mode 100644 index 00000000..ababcbea --- /dev/null +++ b/sdk/dotnet/Outputs/KubernetesAssurancePolicyPolicySettings.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class KubernetesAssurancePolicyPolicySettings + { + public readonly bool? Enforce; + public readonly bool? IsAuditChecked; + public readonly bool? Warn; + public readonly string? WarningMessage; + + [OutputConstructor] + private KubernetesAssurancePolicyPolicySettings( + bool? enforce, + + bool? isAuditChecked, + + bool? warn, + + string? warningMessage) + { + Enforce = enforce; + IsAuditChecked = isAuditChecked; + Warn = warn; + WarningMessage = warningMessage; + } + } +} diff --git a/sdk/dotnet/Outputs/RoleMappingLdap.cs b/sdk/dotnet/Outputs/RoleMappingLdap.cs index b5e1b4ce..1fc52a27 100644 --- a/sdk/dotnet/Outputs/RoleMappingLdap.cs +++ b/sdk/dotnet/Outputs/RoleMappingLdap.cs @@ -15,7 +15,7 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class RoleMappingLdap { /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public readonly ImmutableDictionary RoleMapping; diff --git a/sdk/dotnet/Outputs/RoleMappingOauth2.cs b/sdk/dotnet/Outputs/RoleMappingOauth2.cs index f7871bc4..3b73d719 100644 --- a/sdk/dotnet/Outputs/RoleMappingOauth2.cs +++ b/sdk/dotnet/Outputs/RoleMappingOauth2.cs @@ -15,7 +15,7 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class RoleMappingOauth2 { /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public readonly ImmutableDictionary RoleMapping; diff --git a/sdk/dotnet/Outputs/RoleMappingOpenid.cs b/sdk/dotnet/Outputs/RoleMappingOpenid.cs index e3e27311..bb42401b 100644 --- a/sdk/dotnet/Outputs/RoleMappingOpenid.cs +++ b/sdk/dotnet/Outputs/RoleMappingOpenid.cs @@ -15,7 +15,7 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class RoleMappingOpenid { /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public readonly ImmutableDictionary RoleMapping; diff --git a/sdk/dotnet/Outputs/RoleMappingSaml.cs b/sdk/dotnet/Outputs/RoleMappingSaml.cs index fe0e24e0..4aa0c132 100644 --- a/sdk/dotnet/Outputs/RoleMappingSaml.cs +++ b/sdk/dotnet/Outputs/RoleMappingSaml.cs @@ -15,7 +15,7 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class RoleMappingSaml { /// - /// Role Mapping is used to define the IdP role that the user will assume in Aqua + /// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. /// public readonly ImmutableDictionary RoleMapping; diff --git a/sdk/dotnet/Outputs/UserSaasLogin.cs b/sdk/dotnet/Outputs/UserSaasLogin.cs index 53fe5e56..04821175 100644 --- a/sdk/dotnet/Outputs/UserSaasLogin.cs +++ b/sdk/dotnet/Outputs/UserSaasLogin.cs @@ -15,9 +15,6 @@ namespace Pulumiverse.Aquasec.Outputs public sealed class UserSaasLogin { public readonly string? Created; - /// - /// The ID of this resource. - /// public readonly int? Id; public readonly string? IpAddress; public readonly int? UserId; diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyAutoScanTime.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyAutoScanTime.cs new file mode 100644 index 00000000..1d39e58b --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyAutoScanTime.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyAutoScanTime + { + public readonly int? Iteration; + public readonly string? IterationType; + public readonly string? Time; + public readonly ImmutableArray WeekDays; + + [OutputConstructor] + private VmwareAssurancePolicyAutoScanTime( + int? iteration, + + string? iterationType, + + string? time, + + ImmutableArray weekDays) + { + Iteration = iteration; + IterationType = iterationType; + Time = time; + WeekDays = weekDays; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyCustomCheck.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyCustomCheck.cs new file mode 100644 index 00000000..3c1f54ca --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyCustomCheck.cs @@ -0,0 +1,65 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyCustomCheck + { + /// + /// Name of user account that created the policy. + /// + public readonly string? Author; + public readonly string? Description; + public readonly string? Engine; + public readonly int? LastModified; + public readonly string? Name; + public readonly string? Path; + public readonly bool? ReadOnly; + public readonly string? ScriptId; + public readonly string? Severity; + public readonly string? Snippet; + + [OutputConstructor] + private VmwareAssurancePolicyCustomCheck( + string? author, + + string? description, + + string? engine, + + int? lastModified, + + string? name, + + string? path, + + bool? readOnly, + + string? scriptId, + + string? severity, + + string? snippet) + { + Author = author; + Description = description; + Engine = engine; + LastModified = lastModified; + Name = name; + Path = path; + ReadOnly = readOnly; + ScriptId = scriptId; + Severity = severity; + Snippet = snippet; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyForbiddenLabel.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyForbiddenLabel.cs new file mode 100644 index 00000000..35de24bd --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyForbiddenLabel.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyForbiddenLabel + { + public readonly string? Key; + public readonly string? Value; + + [OutputConstructor] + private VmwareAssurancePolicyForbiddenLabel( + string? key, + + string? value) + { + Key = key; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyKubernetesControl.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyKubernetesControl.cs new file mode 100644 index 00000000..579e7640 --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyKubernetesControl.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyKubernetesControl + { + public readonly string? AvdId; + public readonly string? Description; + public readonly bool? Enabled; + public readonly string? Kind; + public readonly string? Name; + public readonly bool? Ootb; + public readonly int? ScriptId; + public readonly string? Severity; + + [OutputConstructor] + private VmwareAssurancePolicyKubernetesControl( + string? avdId, + + string? description, + + bool? enabled, + + string? kind, + + string? name, + + bool? ootb, + + int? scriptId, + + string? severity) + { + AvdId = avdId; + Description = description; + Enabled = enabled; + Kind = kind; + Name = name; + Ootb = ootb; + ScriptId = scriptId; + Severity = severity; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyPackagesBlackList.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyPackagesBlackList.cs new file mode 100644 index 00000000..a7cab332 --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyPackagesBlackList.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyPackagesBlackList + { + public readonly string? Arch; + public readonly string? Display; + public readonly string? Epoch; + public readonly string? Format; + public readonly string? License; + public readonly string? Name; + public readonly string? Release; + public readonly string? Version; + public readonly string? VersionRange; + + [OutputConstructor] + private VmwareAssurancePolicyPackagesBlackList( + string? arch, + + string? display, + + string? epoch, + + string? format, + + string? license, + + string? name, + + string? release, + + string? version, + + string? versionRange) + { + Arch = arch; + Display = display; + Epoch = epoch; + Format = format; + License = license; + Name = name; + Release = release; + Version = version; + VersionRange = versionRange; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyPackagesWhiteList.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyPackagesWhiteList.cs new file mode 100644 index 00000000..7cb644b9 --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyPackagesWhiteList.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyPackagesWhiteList + { + public readonly string? Arch; + public readonly string? Display; + public readonly string? Epoch; + public readonly string? Format; + public readonly string? License; + public readonly string? Name; + public readonly string? Release; + public readonly string? Version; + public readonly string? VersionRange; + + [OutputConstructor] + private VmwareAssurancePolicyPackagesWhiteList( + string? arch, + + string? display, + + string? epoch, + + string? format, + + string? license, + + string? name, + + string? release, + + string? version, + + string? versionRange) + { + Arch = arch; + Display = display; + Epoch = epoch; + Format = format; + License = license; + Name = name; + Release = release; + Version = version; + VersionRange = versionRange; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyPolicySettings.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyPolicySettings.cs new file mode 100644 index 00000000..b0762d97 --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyPolicySettings.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyPolicySettings + { + public readonly bool? Enforce; + public readonly bool? IsAuditChecked; + public readonly bool? Warn; + public readonly string? WarningMessage; + + [OutputConstructor] + private VmwareAssurancePolicyPolicySettings( + bool? enforce, + + bool? isAuditChecked, + + bool? warn, + + string? warningMessage) + { + Enforce = enforce; + IsAuditChecked = isAuditChecked; + Warn = warn; + WarningMessage = warningMessage; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyRequiredLabel.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyRequiredLabel.cs new file mode 100644 index 00000000..1f442e1d --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyRequiredLabel.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyRequiredLabel + { + public readonly string? Key; + public readonly string? Value; + + [OutputConstructor] + private VmwareAssurancePolicyRequiredLabel( + string? key, + + string? value) + { + Key = key; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyScope.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyScope.cs new file mode 100644 index 00000000..51dbf52a --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyScope.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyScope + { + public readonly string? Expression; + public readonly ImmutableArray Variables; + + [OutputConstructor] + private VmwareAssurancePolicyScope( + string? expression, + + ImmutableArray variables) + { + Expression = expression; + Variables = variables; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyScopeVariable.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyScopeVariable.cs new file mode 100644 index 00000000..5d77552b --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyScopeVariable.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyScopeVariable + { + public readonly string? Attribute; + public readonly string? Name; + public readonly string? Value; + + [OutputConstructor] + private VmwareAssurancePolicyScopeVariable( + string? attribute, + + string? name, + + string? value) + { + Attribute = attribute; + Name = name; + Value = value; + } + } +} diff --git a/sdk/dotnet/Outputs/VmwareAssurancePolicyTrustedBaseImage.cs b/sdk/dotnet/Outputs/VmwareAssurancePolicyTrustedBaseImage.cs new file mode 100644 index 00000000..131e6f91 --- /dev/null +++ b/sdk/dotnet/Outputs/VmwareAssurancePolicyTrustedBaseImage.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec.Outputs +{ + + [OutputType] + public sealed class VmwareAssurancePolicyTrustedBaseImage + { + public readonly string? Imagename; + public readonly string? Registry; + + [OutputConstructor] + private VmwareAssurancePolicyTrustedBaseImage( + string? imagename, + + string? registry) + { + Imagename = imagename; + Registry = registry; + } + } +} diff --git a/sdk/dotnet/Provider.cs b/sdk/dotnet/Provider.cs index 524f2c29..4c6ed9a9 100644 --- a/sdk/dotnet/Provider.cs +++ b/sdk/dotnet/Provider.cs @@ -150,6 +150,12 @@ public Input? Username public ProviderArgs() { + AquaUrl = Utilities.GetEnv("AQUA_URL"); + CaCertificatePath = Utilities.GetEnv("AQUA_CA_CERT_PATH"); + ConfigPath = Utilities.GetEnv("AQUA_CONFIG"); + Password = Utilities.GetEnv("AQUA_PASSWORD"); + Username = Utilities.GetEnv("AQUA_USER"); + VerifyTls = Utilities.GetEnvBoolean("AQUA_TLS_VERIFY") ?? true; } public static new ProviderArgs Empty => new ProviderArgs(); } diff --git a/sdk/dotnet/RoleMapping.cs b/sdk/dotnet/RoleMapping.cs index ccbb81c8..ab5bf0d6 100644 --- a/sdk/dotnet/RoleMapping.cs +++ b/sdk/dotnet/RoleMapping.cs @@ -28,6 +28,7 @@ namespace Pulumiverse.Aquasec /// RoleMapping = /// { /// { "Administrator", "group1" }, + /// { "Scanner", "group2|group3" }, /// }, /// }, /// }); diff --git a/sdk/dotnet/Service.cs b/sdk/dotnet/Service.cs index 04cbf1d6..e992b7cc 100644 --- a/sdk/dotnet/Service.cs +++ b/sdk/dotnet/Service.cs @@ -68,7 +68,7 @@ public partial class Service : global::Pulumi.CustomResource public Output Monitoring { get; private set; } = null!; /// - /// The name of the service. It is recommended not to use whitespace characters in the name. + /// Name assigned to the attribute. /// [Output("name")] public Output Name { get; private set; } = null!; @@ -241,7 +241,7 @@ public InputList ApplicationScopes public Input? Monitoring { get; set; } /// - /// The name of the service. It is recommended not to use whitespace characters in the name. + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } @@ -357,7 +357,7 @@ public InputList ApplicationScopes public Input? Monitoring { get; set; } /// - /// The name of the service. It is recommended not to use whitespace characters in the name. + /// Name assigned to the attribute. /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/VmwareAssurancePolicy.cs b/sdk/dotnet/VmwareAssurancePolicy.cs new file mode 100644 index 00000000..eed4facf --- /dev/null +++ b/sdk/dotnet/VmwareAssurancePolicy.cs @@ -0,0 +1,1643 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; +using Pulumi; + +namespace Pulumiverse.Aquasec +{ + [AquasecResourceType("aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy")] + public partial class VmwareAssurancePolicy : global::Pulumi.CustomResource + { + /// + /// Aggregated vulnerability information. + /// + [Output("aggregatedVulnerability")] + public Output?> AggregatedVulnerability { get; private set; } = null!; + + /// + /// List of explicitly allowed images. + /// + [Output("allowedImages")] + public Output> AllowedImages { get; private set; } = null!; + + [Output("applicationScopes")] + public Output> ApplicationScopes { get; private set; } = null!; + + /// + /// What type of assurance policy is described. + /// + [Output("assuranceType")] + public Output AssuranceType { get; private set; } = null!; + + /// + /// Indicates if auditing for failures. + /// + [Output("auditOnFailure")] + public Output AuditOnFailure { get; private set; } = null!; + + /// + /// Name of user account that created the policy. + /// + [Output("author")] + public Output Author { get; private set; } = null!; + + [Output("autoScanConfigured")] + public Output AutoScanConfigured { get; private set; } = null!; + + [Output("autoScanEnabled")] + public Output AutoScanEnabled { get; private set; } = null!; + + [Output("autoScanTimes")] + public Output> AutoScanTimes { get; private set; } = null!; + + /// + /// List of function's forbidden permissions. + /// + [Output("blacklistPermissions")] + public Output> BlacklistPermissions { get; private set; } = null!; + + /// + /// Indicates if blacklist permissions is relevant. + /// + [Output("blacklistPermissionsEnabled")] + public Output BlacklistPermissionsEnabled { get; private set; } = null!; + + /// + /// List of blacklisted licenses. + /// + [Output("blacklistedLicenses")] + public Output> BlacklistedLicenses { get; private set; } = null!; + + /// + /// Indicates if license blacklist is relevant. + /// + [Output("blacklistedLicensesEnabled")] + public Output BlacklistedLicensesEnabled { get; private set; } = null!; + + /// + /// Indicates if failed images are blocked. + /// + [Output("blockFailed")] + public Output BlockFailed { get; private set; } = null!; + + [Output("controlExcludeNoFix")] + public Output ControlExcludeNoFix { get; private set; } = null!; + + /// + /// List of Custom user scripts for checks. + /// + [Output("customChecks")] + public Output> CustomChecks { get; private set; } = null!; + + /// + /// Indicates if scanning should include custom checks. + /// + [Output("customChecksEnabled")] + public Output CustomChecksEnabled { get; private set; } = null!; + + [Output("customSeverity")] + public Output CustomSeverity { get; private set; } = null!; + + [Output("customSeverityEnabled")] + public Output CustomSeverityEnabled { get; private set; } = null!; + + /// + /// Indicates if CVEs blacklist is relevant. + /// + [Output("cvesBlackListEnabled")] + public Output CvesBlackListEnabled { get; private set; } = null!; + + /// + /// List of cves blacklisted items. + /// + [Output("cvesBlackLists")] + public Output> CvesBlackLists { get; private set; } = null!; + + /// + /// Indicates if cves whitelist is relevant. + /// + [Output("cvesWhiteListEnabled")] + public Output CvesWhiteListEnabled { get; private set; } = null!; + + /// + /// List of cves whitelisted licenses + /// + [Output("cvesWhiteLists")] + public Output> CvesWhiteLists { get; private set; } = null!; + + /// + /// Identifier of the cvss severity. + /// + [Output("cvssSeverity")] + public Output CvssSeverity { get; private set; } = null!; + + /// + /// Indicates if the cvss severity is scanned. + /// + [Output("cvssSeverityEnabled")] + public Output CvssSeverityEnabled { get; private set; } = null!; + + /// + /// Indicates that policy should ignore cvss cases that do not have a known fix. + /// + [Output("cvssSeverityExcludeNoFix")] + public Output CvssSeverityExcludeNoFix { get; private set; } = null!; + + [Output("description")] + public Output Description { get; private set; } = null!; + + [Output("disallowExploitTypes")] + public Output> DisallowExploitTypes { get; private set; } = null!; + + /// + /// Indicates if malware should block the image. + /// + [Output("disallowMalware")] + public Output DisallowMalware { get; private set; } = null!; + + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// + [Output("dockerCisEnabled")] + public Output DockerCisEnabled { get; private set; } = null!; + + /// + /// Name of the container image. + /// + [Output("domain")] + public Output Domain { get; private set; } = null!; + + [Output("domainName")] + public Output DomainName { get; private set; } = null!; + + [Output("dtaEnabled")] + public Output DtaEnabled { get; private set; } = null!; + + [Output("dtaSeverity")] + public Output DtaSeverity { get; private set; } = null!; + + [Output("enabled")] + public Output Enabled { get; private set; } = null!; + + [Output("enforce")] + public Output Enforce { get; private set; } = null!; + + [Output("enforceAfterDays")] + public Output EnforceAfterDays { get; private set; } = null!; + + [Output("enforceExcessivePermissions")] + public Output EnforceExcessivePermissions { get; private set; } = null!; + + [Output("exceptionalMonitoredMalwarePaths")] + public Output> ExceptionalMonitoredMalwarePaths { get; private set; } = null!; + + [Output("excludeApplicationScopes")] + public Output> ExcludeApplicationScopes { get; private set; } = null!; + + /// + /// Indicates if cicd failures will fail the image. + /// + [Output("failCicd")] + public Output FailCicd { get; private set; } = null!; + + [Output("forbiddenLabels")] + public Output> ForbiddenLabels { get; private set; } = null!; + + [Output("forbiddenLabelsEnabled")] + public Output ForbiddenLabelsEnabled { get; private set; } = null!; + + [Output("forceMicroenforcer")] + public Output ForceMicroenforcer { get; private set; } = null!; + + [Output("functionIntegrityEnabled")] + public Output FunctionIntegrityEnabled { get; private set; } = null!; + + [Output("ignoreBaseImageVln")] + public Output IgnoreBaseImageVln { get; private set; } = null!; + + [Output("ignoreRecentlyPublishedVln")] + public Output IgnoreRecentlyPublishedVln { get; private set; } = null!; + + [Output("ignoreRecentlyPublishedVlnPeriod")] + public Output IgnoreRecentlyPublishedVlnPeriod { get; private set; } = null!; + + /// + /// Indicates if risk resources are ignored. + /// + [Output("ignoreRiskResourcesEnabled")] + public Output IgnoreRiskResourcesEnabled { get; private set; } = null!; + + /// + /// List of ignored risk resources. + /// + [Output("ignoredRiskResources")] + public Output> IgnoredRiskResources { get; private set; } = null!; + + [Output("ignoredSensitiveResources")] + public Output> IgnoredSensitiveResources { get; private set; } = null!; + + /// + /// List of images. + /// + [Output("images")] + public Output> Images { get; private set; } = null!; + + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// + [Output("kubeCisEnabled")] + public Output KubeCisEnabled { get; private set; } = null!; + + /// + /// List of Kubernetes controls. + /// + [Output("kubernetesControls")] + public Output> KubernetesControls { get; private set; } = null!; + + [Output("kubernetesControlsAvdIds")] + public Output> KubernetesControlsAvdIds { get; private set; } = null!; + + [Output("kubernetesControlsNames")] + public Output> KubernetesControlsNames { get; private set; } = null!; + + /// + /// List of labels. + /// + [Output("labels")] + public Output> Labels { get; private set; } = null!; + + [Output("lastupdate")] + public Output Lastupdate { get; private set; } = null!; + + [Output("linuxCisEnabled")] + public Output LinuxCisEnabled { get; private set; } = null!; + + [Output("malwareAction")] + public Output MalwareAction { get; private set; } = null!; + + /// + /// Value of allowed maximum score. + /// + [Output("maximumScore")] + public Output MaximumScore { get; private set; } = null!; + + /// + /// Indicates if exceeding the maximum score is scanned. + /// + [Output("maximumScoreEnabled")] + public Output MaximumScoreEnabled { get; private set; } = null!; + + [Output("maximumScoreExcludeNoFix")] + public Output MaximumScoreExcludeNoFix { get; private set; } = null!; + + [Output("monitoredMalwarePaths")] + public Output> MonitoredMalwarePaths { get; private set; } = null!; + + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Indicates if raise a warning for images that should only be run as root. + /// + [Output("onlyNoneRootUsers")] + public Output OnlyNoneRootUsers { get; private set; } = null!; + + [Output("openshiftHardeningEnabled")] + public Output OpenshiftHardeningEnabled { get; private set; } = null!; + + /// + /// Indicates if packages blacklist is relevant. + /// + [Output("packagesBlackListEnabled")] + public Output PackagesBlackListEnabled { get; private set; } = null!; + + /// + /// List of blacklisted images. + /// + [Output("packagesBlackLists")] + public Output> PackagesBlackLists { get; private set; } = null!; + + /// + /// Indicates if packages whitelist is relevant. + /// + [Output("packagesWhiteListEnabled")] + public Output PackagesWhiteListEnabled { get; private set; } = null!; + + /// + /// List of whitelisted images. + /// + [Output("packagesWhiteLists")] + public Output> PackagesWhiteLists { get; private set; } = null!; + + [Output("partialResultsImageFail")] + public Output PartialResultsImageFail { get; private set; } = null!; + + [Output("permission")] + public Output Permission { get; private set; } = null!; + + [Output("policySettings")] + public Output PolicySettings { get; private set; } = null!; + + [Output("readOnly")] + public Output ReadOnly { get; private set; } = null!; + + /// + /// List of registries. + /// + [Output("registries")] + public Output> Registries { get; private set; } = null!; + + [Output("registry")] + public Output Registry { get; private set; } = null!; + + [Output("requiredLabels")] + public Output> RequiredLabels { get; private set; } = null!; + + [Output("requiredLabelsEnabled")] + public Output RequiredLabelsEnabled { get; private set; } = null!; + + [Output("scanMalwareInArchives")] + public Output ScanMalwareInArchives { get; private set; } = null!; + + [Output("scanNfsMounts")] + public Output ScanNfsMounts { get; private set; } = null!; + + [Output("scanProcessMemory")] + public Output ScanProcessMemory { get; private set; } = null!; + + /// + /// Indicates if scan should include sensitive data in the image. + /// + [Output("scanSensitiveData")] + public Output ScanSensitiveData { get; private set; } = null!; + + [Output("scanWindowsRegistry")] + public Output ScanWindowsRegistry { get; private set; } = null!; + + /// + /// Indicates if scanning should include scap. + /// + [Output("scapEnabled")] + public Output ScapEnabled { get; private set; } = null!; + + /// + /// List of SCAP user scripts for checks. + /// + [Output("scapFiles")] + public Output> ScapFiles { get; private set; } = null!; + + [Output("scopes")] + public Output> Scopes { get; private set; } = null!; + + /// + /// List of trusted images. + /// + [Output("trustedBaseImages")] + public Output> TrustedBaseImages { get; private set; } = null!; + + /// + /// Indicates if list of trusted base images is relevant. + /// + [Output("trustedBaseImagesEnabled")] + public Output TrustedBaseImagesEnabled { get; private set; } = null!; + + [Output("vulnerabilityExploitability")] + public Output VulnerabilityExploitability { get; private set; } = null!; + + [Output("vulnerabilityScoreRanges")] + public Output> VulnerabilityScoreRanges { get; private set; } = null!; + + /// + /// List of whitelisted licenses. + /// + [Output("whitelistedLicenses")] + public Output> WhitelistedLicenses { get; private set; } = null!; + + /// + /// Indicates if license blacklist is relevant. + /// + [Output("whitelistedLicensesEnabled")] + public Output WhitelistedLicensesEnabled { get; private set; } = null!; + + + /// + /// Create a VmwareAssurancePolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public VmwareAssurancePolicy(string name, VmwareAssurancePolicyArgs args, CustomResourceOptions? options = null) + : base("aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy", name, args ?? new VmwareAssurancePolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private VmwareAssurancePolicy(string name, Input id, VmwareAssurancePolicyState? state = null, CustomResourceOptions? options = null) + : base("aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + PluginDownloadURL = "github://api.github.com/pulumiverse/pulumi-aquasec", + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing VmwareAssurancePolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static VmwareAssurancePolicy Get(string name, Input id, VmwareAssurancePolicyState? state = null, CustomResourceOptions? options = null) + { + return new VmwareAssurancePolicy(name, id, state, options); + } + } + + public sealed class VmwareAssurancePolicyArgs : global::Pulumi.ResourceArgs + { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + + [Input("allowedImages")] + private InputList? _allowedImages; + + /// + /// List of explicitly allowed images. + /// + public InputList AllowedImages + { + get => _allowedImages ?? (_allowedImages = new InputList()); + set => _allowedImages = value; + } + + [Input("applicationScopes", required: true)] + private InputList? _applicationScopes; + public InputList ApplicationScopes + { + get => _applicationScopes ?? (_applicationScopes = new InputList()); + set => _applicationScopes = value; + } + + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + + /// + /// Indicates if auditing for failures. + /// + [Input("auditOnFailure")] + public Input? AuditOnFailure { get; set; } + + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + + [Input("autoScanConfigured")] + public Input? AutoScanConfigured { get; set; } + + [Input("autoScanEnabled")] + public Input? AutoScanEnabled { get; set; } + + [Input("autoScanTimes")] + private InputList? _autoScanTimes; + public InputList AutoScanTimes + { + get => _autoScanTimes ?? (_autoScanTimes = new InputList()); + set => _autoScanTimes = value; + } + + [Input("blacklistPermissions")] + private InputList? _blacklistPermissions; + + /// + /// List of function's forbidden permissions. + /// + public InputList BlacklistPermissions + { + get => _blacklistPermissions ?? (_blacklistPermissions = new InputList()); + set => _blacklistPermissions = value; + } + + /// + /// Indicates if blacklist permissions is relevant. + /// + [Input("blacklistPermissionsEnabled")] + public Input? BlacklistPermissionsEnabled { get; set; } + + [Input("blacklistedLicenses")] + private InputList? _blacklistedLicenses; + + /// + /// List of blacklisted licenses. + /// + public InputList BlacklistedLicenses + { + get => _blacklistedLicenses ?? (_blacklistedLicenses = new InputList()); + set => _blacklistedLicenses = value; + } + + /// + /// Indicates if license blacklist is relevant. + /// + [Input("blacklistedLicensesEnabled")] + public Input? BlacklistedLicensesEnabled { get; set; } + + /// + /// Indicates if failed images are blocked. + /// + [Input("blockFailed")] + public Input? BlockFailed { get; set; } + + [Input("controlExcludeNoFix")] + public Input? ControlExcludeNoFix { get; set; } + + [Input("customChecks")] + private InputList? _customChecks; + + /// + /// List of Custom user scripts for checks. + /// + public InputList CustomChecks + { + get => _customChecks ?? (_customChecks = new InputList()); + set => _customChecks = value; + } + + /// + /// Indicates if scanning should include custom checks. + /// + [Input("customChecksEnabled")] + public Input? CustomChecksEnabled { get; set; } + + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + + [Input("customSeverityEnabled")] + public Input? CustomSeverityEnabled { get; set; } + + /// + /// Indicates if CVEs blacklist is relevant. + /// + [Input("cvesBlackListEnabled")] + public Input? CvesBlackListEnabled { get; set; } + + [Input("cvesBlackLists")] + private InputList? _cvesBlackLists; + + /// + /// List of cves blacklisted items. + /// + public InputList CvesBlackLists + { + get => _cvesBlackLists ?? (_cvesBlackLists = new InputList()); + set => _cvesBlackLists = value; + } + + /// + /// Indicates if cves whitelist is relevant. + /// + [Input("cvesWhiteListEnabled")] + public Input? CvesWhiteListEnabled { get; set; } + + [Input("cvesWhiteLists")] + private InputList? _cvesWhiteLists; + + /// + /// List of cves whitelisted licenses + /// + public InputList CvesWhiteLists + { + get => _cvesWhiteLists ?? (_cvesWhiteLists = new InputList()); + set => _cvesWhiteLists = value; + } + + /// + /// Identifier of the cvss severity. + /// + [Input("cvssSeverity")] + public Input? CvssSeverity { get; set; } + + /// + /// Indicates if the cvss severity is scanned. + /// + [Input("cvssSeverityEnabled")] + public Input? CvssSeverityEnabled { get; set; } + + /// + /// Indicates that policy should ignore cvss cases that do not have a known fix. + /// + [Input("cvssSeverityExcludeNoFix")] + public Input? CvssSeverityExcludeNoFix { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + + /// + /// Indicates if malware should block the image. + /// + [Input("disallowMalware")] + public Input? DisallowMalware { get; set; } + + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// + [Input("dockerCisEnabled")] + public Input? DockerCisEnabled { get; set; } + + /// + /// Name of the container image. + /// + [Input("domain")] + public Input? Domain { get; set; } + + [Input("domainName")] + public Input? DomainName { get; set; } + + [Input("dtaEnabled")] + public Input? DtaEnabled { get; set; } + + [Input("dtaSeverity")] + public Input? DtaSeverity { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("enforceAfterDays")] + public Input? EnforceAfterDays { get; set; } + + [Input("enforceExcessivePermissions")] + public Input? EnforceExcessivePermissions { get; set; } + + [Input("exceptionalMonitoredMalwarePaths")] + private InputList? _exceptionalMonitoredMalwarePaths; + public InputList ExceptionalMonitoredMalwarePaths + { + get => _exceptionalMonitoredMalwarePaths ?? (_exceptionalMonitoredMalwarePaths = new InputList()); + set => _exceptionalMonitoredMalwarePaths = value; + } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + /// + /// Indicates if cicd failures will fail the image. + /// + [Input("failCicd")] + public Input? FailCicd { get; set; } + + [Input("forbiddenLabels")] + private InputList? _forbiddenLabels; + public InputList ForbiddenLabels + { + get => _forbiddenLabels ?? (_forbiddenLabels = new InputList()); + set => _forbiddenLabels = value; + } + + [Input("forbiddenLabelsEnabled")] + public Input? ForbiddenLabelsEnabled { get; set; } + + [Input("forceMicroenforcer")] + public Input? ForceMicroenforcer { get; set; } + + [Input("functionIntegrityEnabled")] + public Input? FunctionIntegrityEnabled { get; set; } + + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + + [Input("ignoreRecentlyPublishedVln")] + public Input? IgnoreRecentlyPublishedVln { get; set; } + + [Input("ignoreRecentlyPublishedVlnPeriod")] + public Input? IgnoreRecentlyPublishedVlnPeriod { get; set; } + + /// + /// Indicates if risk resources are ignored. + /// + [Input("ignoreRiskResourcesEnabled")] + public Input? IgnoreRiskResourcesEnabled { get; set; } + + [Input("ignoredRiskResources")] + private InputList? _ignoredRiskResources; + + /// + /// List of ignored risk resources. + /// + public InputList IgnoredRiskResources + { + get => _ignoredRiskResources ?? (_ignoredRiskResources = new InputList()); + set => _ignoredRiskResources = value; + } + + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + + [Input("images")] + private InputList? _images; + + /// + /// List of images. + /// + public InputList Images + { + get => _images ?? (_images = new InputList()); + set => _images = value; + } + + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// + [Input("kubeCisEnabled")] + public Input? KubeCisEnabled { get; set; } + + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + + /// + /// List of Kubernetes controls. + /// + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + + [Input("labels")] + private InputList? _labels; + + /// + /// List of labels. + /// + public InputList Labels + { + get => _labels ?? (_labels = new InputList()); + set => _labels = value; + } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + + [Input("malwareAction")] + public Input? MalwareAction { get; set; } + + /// + /// Value of allowed maximum score. + /// + [Input("maximumScore")] + public Input? MaximumScore { get; set; } + + /// + /// Indicates if exceeding the maximum score is scanned. + /// + [Input("maximumScoreEnabled")] + public Input? MaximumScoreEnabled { get; set; } + + [Input("maximumScoreExcludeNoFix")] + public Input? MaximumScoreExcludeNoFix { get; set; } + + [Input("monitoredMalwarePaths")] + private InputList? _monitoredMalwarePaths; + public InputList MonitoredMalwarePaths + { + get => _monitoredMalwarePaths ?? (_monitoredMalwarePaths = new InputList()); + set => _monitoredMalwarePaths = value; + } + + [Input("name")] + public Input? Name { get; set; } + + /// + /// Indicates if raise a warning for images that should only be run as root. + /// + [Input("onlyNoneRootUsers")] + public Input? OnlyNoneRootUsers { get; set; } + + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + + /// + /// Indicates if packages blacklist is relevant. + /// + [Input("packagesBlackListEnabled")] + public Input? PackagesBlackListEnabled { get; set; } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + + /// + /// List of blacklisted images. + /// + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + /// + /// Indicates if packages whitelist is relevant. + /// + [Input("packagesWhiteListEnabled")] + public Input? PackagesWhiteListEnabled { get; set; } + + [Input("packagesWhiteLists")] + private InputList? _packagesWhiteLists; + + /// + /// List of whitelisted images. + /// + public InputList PackagesWhiteLists + { + get => _packagesWhiteLists ?? (_packagesWhiteLists = new InputList()); + set => _packagesWhiteLists = value; + } + + [Input("partialResultsImageFail")] + public Input? PartialResultsImageFail { get; set; } + + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + + [Input("readOnly")] + public Input? ReadOnly { get; set; } + + [Input("registries")] + private InputList? _registries; + + /// + /// List of registries. + /// + public InputList Registries + { + get => _registries ?? (_registries = new InputList()); + set => _registries = value; + } + + [Input("registry")] + public Input? Registry { get; set; } + + [Input("requiredLabels")] + private InputList? _requiredLabels; + public InputList RequiredLabels + { + get => _requiredLabels ?? (_requiredLabels = new InputList()); + set => _requiredLabels = value; + } + + [Input("requiredLabelsEnabled")] + public Input? RequiredLabelsEnabled { get; set; } + + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + + [Input("scanNfsMounts")] + public Input? ScanNfsMounts { get; set; } + + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + + /// + /// Indicates if scan should include sensitive data in the image. + /// + [Input("scanSensitiveData")] + public Input? ScanSensitiveData { get; set; } + + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + + /// + /// Indicates if scanning should include scap. + /// + [Input("scapEnabled")] + public Input? ScapEnabled { get; set; } + + [Input("scapFiles")] + private InputList? _scapFiles; + + /// + /// List of SCAP user scripts for checks. + /// + public InputList ScapFiles + { + get => _scapFiles ?? (_scapFiles = new InputList()); + set => _scapFiles = value; + } + + [Input("scopes")] + private InputList? _scopes; + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("trustedBaseImages")] + private InputList? _trustedBaseImages; + + /// + /// List of trusted images. + /// + public InputList TrustedBaseImages + { + get => _trustedBaseImages ?? (_trustedBaseImages = new InputList()); + set => _trustedBaseImages = value; + } + + /// + /// Indicates if list of trusted base images is relevant. + /// + [Input("trustedBaseImagesEnabled")] + public Input? TrustedBaseImagesEnabled { get; set; } + + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + + [Input("whitelistedLicenses")] + private InputList? _whitelistedLicenses; + + /// + /// List of whitelisted licenses. + /// + public InputList WhitelistedLicenses + { + get => _whitelistedLicenses ?? (_whitelistedLicenses = new InputList()); + set => _whitelistedLicenses = value; + } + + /// + /// Indicates if license blacklist is relevant. + /// + [Input("whitelistedLicensesEnabled")] + public Input? WhitelistedLicensesEnabled { get; set; } + + public VmwareAssurancePolicyArgs() + { + } + public static new VmwareAssurancePolicyArgs Empty => new VmwareAssurancePolicyArgs(); + } + + public sealed class VmwareAssurancePolicyState : global::Pulumi.ResourceArgs + { + [Input("aggregatedVulnerability")] + private InputMap? _aggregatedVulnerability; + + /// + /// Aggregated vulnerability information. + /// + public InputMap AggregatedVulnerability + { + get => _aggregatedVulnerability ?? (_aggregatedVulnerability = new InputMap()); + set => _aggregatedVulnerability = value; + } + + [Input("allowedImages")] + private InputList? _allowedImages; + + /// + /// List of explicitly allowed images. + /// + public InputList AllowedImages + { + get => _allowedImages ?? (_allowedImages = new InputList()); + set => _allowedImages = value; + } + + [Input("applicationScopes")] + private InputList? _applicationScopes; + public InputList ApplicationScopes + { + get => _applicationScopes ?? (_applicationScopes = new InputList()); + set => _applicationScopes = value; + } + + /// + /// What type of assurance policy is described. + /// + [Input("assuranceType")] + public Input? AssuranceType { get; set; } + + /// + /// Indicates if auditing for failures. + /// + [Input("auditOnFailure")] + public Input? AuditOnFailure { get; set; } + + /// + /// Name of user account that created the policy. + /// + [Input("author")] + public Input? Author { get; set; } + + [Input("autoScanConfigured")] + public Input? AutoScanConfigured { get; set; } + + [Input("autoScanEnabled")] + public Input? AutoScanEnabled { get; set; } + + [Input("autoScanTimes")] + private InputList? _autoScanTimes; + public InputList AutoScanTimes + { + get => _autoScanTimes ?? (_autoScanTimes = new InputList()); + set => _autoScanTimes = value; + } + + [Input("blacklistPermissions")] + private InputList? _blacklistPermissions; + + /// + /// List of function's forbidden permissions. + /// + public InputList BlacklistPermissions + { + get => _blacklistPermissions ?? (_blacklistPermissions = new InputList()); + set => _blacklistPermissions = value; + } + + /// + /// Indicates if blacklist permissions is relevant. + /// + [Input("blacklistPermissionsEnabled")] + public Input? BlacklistPermissionsEnabled { get; set; } + + [Input("blacklistedLicenses")] + private InputList? _blacklistedLicenses; + + /// + /// List of blacklisted licenses. + /// + public InputList BlacklistedLicenses + { + get => _blacklistedLicenses ?? (_blacklistedLicenses = new InputList()); + set => _blacklistedLicenses = value; + } + + /// + /// Indicates if license blacklist is relevant. + /// + [Input("blacklistedLicensesEnabled")] + public Input? BlacklistedLicensesEnabled { get; set; } + + /// + /// Indicates if failed images are blocked. + /// + [Input("blockFailed")] + public Input? BlockFailed { get; set; } + + [Input("controlExcludeNoFix")] + public Input? ControlExcludeNoFix { get; set; } + + [Input("customChecks")] + private InputList? _customChecks; + + /// + /// List of Custom user scripts for checks. + /// + public InputList CustomChecks + { + get => _customChecks ?? (_customChecks = new InputList()); + set => _customChecks = value; + } + + /// + /// Indicates if scanning should include custom checks. + /// + [Input("customChecksEnabled")] + public Input? CustomChecksEnabled { get; set; } + + [Input("customSeverity")] + public Input? CustomSeverity { get; set; } + + [Input("customSeverityEnabled")] + public Input? CustomSeverityEnabled { get; set; } + + /// + /// Indicates if CVEs blacklist is relevant. + /// + [Input("cvesBlackListEnabled")] + public Input? CvesBlackListEnabled { get; set; } + + [Input("cvesBlackLists")] + private InputList? _cvesBlackLists; + + /// + /// List of cves blacklisted items. + /// + public InputList CvesBlackLists + { + get => _cvesBlackLists ?? (_cvesBlackLists = new InputList()); + set => _cvesBlackLists = value; + } + + /// + /// Indicates if cves whitelist is relevant. + /// + [Input("cvesWhiteListEnabled")] + public Input? CvesWhiteListEnabled { get; set; } + + [Input("cvesWhiteLists")] + private InputList? _cvesWhiteLists; + + /// + /// List of cves whitelisted licenses + /// + public InputList CvesWhiteLists + { + get => _cvesWhiteLists ?? (_cvesWhiteLists = new InputList()); + set => _cvesWhiteLists = value; + } + + /// + /// Identifier of the cvss severity. + /// + [Input("cvssSeverity")] + public Input? CvssSeverity { get; set; } + + /// + /// Indicates if the cvss severity is scanned. + /// + [Input("cvssSeverityEnabled")] + public Input? CvssSeverityEnabled { get; set; } + + /// + /// Indicates that policy should ignore cvss cases that do not have a known fix. + /// + [Input("cvssSeverityExcludeNoFix")] + public Input? CvssSeverityExcludeNoFix { get; set; } + + [Input("description")] + public Input? Description { get; set; } + + [Input("disallowExploitTypes")] + private InputList? _disallowExploitTypes; + public InputList DisallowExploitTypes + { + get => _disallowExploitTypes ?? (_disallowExploitTypes = new InputList()); + set => _disallowExploitTypes = value; + } + + /// + /// Indicates if malware should block the image. + /// + [Input("disallowMalware")] + public Input? DisallowMalware { get; set; } + + /// + /// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + /// + [Input("dockerCisEnabled")] + public Input? DockerCisEnabled { get; set; } + + /// + /// Name of the container image. + /// + [Input("domain")] + public Input? Domain { get; set; } + + [Input("domainName")] + public Input? DomainName { get; set; } + + [Input("dtaEnabled")] + public Input? DtaEnabled { get; set; } + + [Input("dtaSeverity")] + public Input? DtaSeverity { get; set; } + + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("enforce")] + public Input? Enforce { get; set; } + + [Input("enforceAfterDays")] + public Input? EnforceAfterDays { get; set; } + + [Input("enforceExcessivePermissions")] + public Input? EnforceExcessivePermissions { get; set; } + + [Input("exceptionalMonitoredMalwarePaths")] + private InputList? _exceptionalMonitoredMalwarePaths; + public InputList ExceptionalMonitoredMalwarePaths + { + get => _exceptionalMonitoredMalwarePaths ?? (_exceptionalMonitoredMalwarePaths = new InputList()); + set => _exceptionalMonitoredMalwarePaths = value; + } + + [Input("excludeApplicationScopes")] + private InputList? _excludeApplicationScopes; + public InputList ExcludeApplicationScopes + { + get => _excludeApplicationScopes ?? (_excludeApplicationScopes = new InputList()); + set => _excludeApplicationScopes = value; + } + + /// + /// Indicates if cicd failures will fail the image. + /// + [Input("failCicd")] + public Input? FailCicd { get; set; } + + [Input("forbiddenLabels")] + private InputList? _forbiddenLabels; + public InputList ForbiddenLabels + { + get => _forbiddenLabels ?? (_forbiddenLabels = new InputList()); + set => _forbiddenLabels = value; + } + + [Input("forbiddenLabelsEnabled")] + public Input? ForbiddenLabelsEnabled { get; set; } + + [Input("forceMicroenforcer")] + public Input? ForceMicroenforcer { get; set; } + + [Input("functionIntegrityEnabled")] + public Input? FunctionIntegrityEnabled { get; set; } + + [Input("ignoreBaseImageVln")] + public Input? IgnoreBaseImageVln { get; set; } + + [Input("ignoreRecentlyPublishedVln")] + public Input? IgnoreRecentlyPublishedVln { get; set; } + + [Input("ignoreRecentlyPublishedVlnPeriod")] + public Input? IgnoreRecentlyPublishedVlnPeriod { get; set; } + + /// + /// Indicates if risk resources are ignored. + /// + [Input("ignoreRiskResourcesEnabled")] + public Input? IgnoreRiskResourcesEnabled { get; set; } + + [Input("ignoredRiskResources")] + private InputList? _ignoredRiskResources; + + /// + /// List of ignored risk resources. + /// + public InputList IgnoredRiskResources + { + get => _ignoredRiskResources ?? (_ignoredRiskResources = new InputList()); + set => _ignoredRiskResources = value; + } + + [Input("ignoredSensitiveResources")] + private InputList? _ignoredSensitiveResources; + public InputList IgnoredSensitiveResources + { + get => _ignoredSensitiveResources ?? (_ignoredSensitiveResources = new InputList()); + set => _ignoredSensitiveResources = value; + } + + [Input("images")] + private InputList? _images; + + /// + /// List of images. + /// + public InputList Images + { + get => _images ?? (_images = new InputList()); + set => _images = value; + } + + /// + /// Performs a Kubernetes CIS benchmark check for the host. + /// + [Input("kubeCisEnabled")] + public Input? KubeCisEnabled { get; set; } + + [Input("kubernetesControls")] + private InputList? _kubernetesControls; + + /// + /// List of Kubernetes controls. + /// + public InputList KubernetesControls + { + get => _kubernetesControls ?? (_kubernetesControls = new InputList()); + set => _kubernetesControls = value; + } + + [Input("kubernetesControlsAvdIds")] + private InputList? _kubernetesControlsAvdIds; + public InputList KubernetesControlsAvdIds + { + get => _kubernetesControlsAvdIds ?? (_kubernetesControlsAvdIds = new InputList()); + set => _kubernetesControlsAvdIds = value; + } + + [Input("kubernetesControlsNames")] + private InputList? _kubernetesControlsNames; + public InputList KubernetesControlsNames + { + get => _kubernetesControlsNames ?? (_kubernetesControlsNames = new InputList()); + set => _kubernetesControlsNames = value; + } + + [Input("labels")] + private InputList? _labels; + + /// + /// List of labels. + /// + public InputList Labels + { + get => _labels ?? (_labels = new InputList()); + set => _labels = value; + } + + [Input("lastupdate")] + public Input? Lastupdate { get; set; } + + [Input("linuxCisEnabled")] + public Input? LinuxCisEnabled { get; set; } + + [Input("malwareAction")] + public Input? MalwareAction { get; set; } + + /// + /// Value of allowed maximum score. + /// + [Input("maximumScore")] + public Input? MaximumScore { get; set; } + + /// + /// Indicates if exceeding the maximum score is scanned. + /// + [Input("maximumScoreEnabled")] + public Input? MaximumScoreEnabled { get; set; } + + [Input("maximumScoreExcludeNoFix")] + public Input? MaximumScoreExcludeNoFix { get; set; } + + [Input("monitoredMalwarePaths")] + private InputList? _monitoredMalwarePaths; + public InputList MonitoredMalwarePaths + { + get => _monitoredMalwarePaths ?? (_monitoredMalwarePaths = new InputList()); + set => _monitoredMalwarePaths = value; + } + + [Input("name")] + public Input? Name { get; set; } + + /// + /// Indicates if raise a warning for images that should only be run as root. + /// + [Input("onlyNoneRootUsers")] + public Input? OnlyNoneRootUsers { get; set; } + + [Input("openshiftHardeningEnabled")] + public Input? OpenshiftHardeningEnabled { get; set; } + + /// + /// Indicates if packages blacklist is relevant. + /// + [Input("packagesBlackListEnabled")] + public Input? PackagesBlackListEnabled { get; set; } + + [Input("packagesBlackLists")] + private InputList? _packagesBlackLists; + + /// + /// List of blacklisted images. + /// + public InputList PackagesBlackLists + { + get => _packagesBlackLists ?? (_packagesBlackLists = new InputList()); + set => _packagesBlackLists = value; + } + + /// + /// Indicates if packages whitelist is relevant. + /// + [Input("packagesWhiteListEnabled")] + public Input? PackagesWhiteListEnabled { get; set; } + + [Input("packagesWhiteLists")] + private InputList? _packagesWhiteLists; + + /// + /// List of whitelisted images. + /// + public InputList PackagesWhiteLists + { + get => _packagesWhiteLists ?? (_packagesWhiteLists = new InputList()); + set => _packagesWhiteLists = value; + } + + [Input("partialResultsImageFail")] + public Input? PartialResultsImageFail { get; set; } + + [Input("permission")] + public Input? Permission { get; set; } + + [Input("policySettings")] + public Input? PolicySettings { get; set; } + + [Input("readOnly")] + public Input? ReadOnly { get; set; } + + [Input("registries")] + private InputList? _registries; + + /// + /// List of registries. + /// + public InputList Registries + { + get => _registries ?? (_registries = new InputList()); + set => _registries = value; + } + + [Input("registry")] + public Input? Registry { get; set; } + + [Input("requiredLabels")] + private InputList? _requiredLabels; + public InputList RequiredLabels + { + get => _requiredLabels ?? (_requiredLabels = new InputList()); + set => _requiredLabels = value; + } + + [Input("requiredLabelsEnabled")] + public Input? RequiredLabelsEnabled { get; set; } + + [Input("scanMalwareInArchives")] + public Input? ScanMalwareInArchives { get; set; } + + [Input("scanNfsMounts")] + public Input? ScanNfsMounts { get; set; } + + [Input("scanProcessMemory")] + public Input? ScanProcessMemory { get; set; } + + /// + /// Indicates if scan should include sensitive data in the image. + /// + [Input("scanSensitiveData")] + public Input? ScanSensitiveData { get; set; } + + [Input("scanWindowsRegistry")] + public Input? ScanWindowsRegistry { get; set; } + + /// + /// Indicates if scanning should include scap. + /// + [Input("scapEnabled")] + public Input? ScapEnabled { get; set; } + + [Input("scapFiles")] + private InputList? _scapFiles; + + /// + /// List of SCAP user scripts for checks. + /// + public InputList ScapFiles + { + get => _scapFiles ?? (_scapFiles = new InputList()); + set => _scapFiles = value; + } + + [Input("scopes")] + private InputList? _scopes; + public InputList Scopes + { + get => _scopes ?? (_scopes = new InputList()); + set => _scopes = value; + } + + [Input("trustedBaseImages")] + private InputList? _trustedBaseImages; + + /// + /// List of trusted images. + /// + public InputList TrustedBaseImages + { + get => _trustedBaseImages ?? (_trustedBaseImages = new InputList()); + set => _trustedBaseImages = value; + } + + /// + /// Indicates if list of trusted base images is relevant. + /// + [Input("trustedBaseImagesEnabled")] + public Input? TrustedBaseImagesEnabled { get; set; } + + [Input("vulnerabilityExploitability")] + public Input? VulnerabilityExploitability { get; set; } + + [Input("vulnerabilityScoreRanges")] + private InputList? _vulnerabilityScoreRanges; + public InputList VulnerabilityScoreRanges + { + get => _vulnerabilityScoreRanges ?? (_vulnerabilityScoreRanges = new InputList()); + set => _vulnerabilityScoreRanges = value; + } + + [Input("whitelistedLicenses")] + private InputList? _whitelistedLicenses; + + /// + /// List of whitelisted licenses. + /// + public InputList WhitelistedLicenses + { + get => _whitelistedLicenses ?? (_whitelistedLicenses = new InputList()); + set => _whitelistedLicenses = value; + } + + /// + /// Indicates if license blacklist is relevant. + /// + [Input("whitelistedLicensesEnabled")] + public Input? WhitelistedLicensesEnabled { get; set; } + + public VmwareAssurancePolicyState() + { + } + public static new VmwareAssurancePolicyState Empty => new VmwareAssurancePolicyState(); + } +} diff --git a/sdk/go.mod b/sdk/go.mod index 413e461f..56e3b0c4 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/blang/semver v3.5.1+incompatible - github.com/pulumi/pulumi/sdk/v3 v3.101.1 + github.com/pulumi/pulumi/sdk/v3 v3.103.1 ) require ( @@ -20,7 +20,7 @@ require ( github.com/charmbracelet/bubbletea v0.24.2 // indirect github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect - github.com/cloudflare/circl v1.3.3 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/djherbis/times v1.5.0 // indirect diff --git a/sdk/go.sum b/sdk/go.sum index 6d553886..4cbe2279 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -29,8 +29,9 @@ github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZ github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY= github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -135,8 +136,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/sdk/v3 v3.101.1 h1:jBUGbLZjfeQkpheacnqXbuw/zSJEq11Gmond2EENkwQ= -github.com/pulumi/pulumi/sdk/v3 v3.101.1/go.mod h1:SB8P0BEGBRaONBxwoTjUFhGPLU5P3+MHF6/tGitlHOM= +github.com/pulumi/pulumi/sdk/v3 v3.103.1 h1:6o0zt5srgIjDsOI5JWNSwMqoB8vGiI3xow0RDZ3JX2c= +github.com/pulumi/pulumi/sdk/v3 v3.103.1/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= diff --git a/sdk/go/aquasec/acknowledge.go b/sdk/go/aquasec/acknowledge.go index b50b489a..f9ce4ee5 100644 --- a/sdk/go/aquasec/acknowledge.go +++ b/sdk/go/aquasec/acknowledge.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -164,12 +163,6 @@ func (i *Acknowledge) ToAcknowledgeOutputWithContext(ctx context.Context) Acknow return pulumi.ToOutputWithContext(ctx, i).(AcknowledgeOutput) } -func (i *Acknowledge) ToOutput(ctx context.Context) pulumix.Output[*Acknowledge] { - return pulumix.Output[*Acknowledge]{ - OutputState: i.ToAcknowledgeOutputWithContext(ctx).OutputState, - } -} - // AcknowledgeArrayInput is an input type that accepts AcknowledgeArray and AcknowledgeArrayOutput values. // You can construct a concrete instance of `AcknowledgeArrayInput` via: // @@ -195,12 +188,6 @@ func (i AcknowledgeArray) ToAcknowledgeArrayOutputWithContext(ctx context.Contex return pulumi.ToOutputWithContext(ctx, i).(AcknowledgeArrayOutput) } -func (i AcknowledgeArray) ToOutput(ctx context.Context) pulumix.Output[[]*Acknowledge] { - return pulumix.Output[[]*Acknowledge]{ - OutputState: i.ToAcknowledgeArrayOutputWithContext(ctx).OutputState, - } -} - // AcknowledgeMapInput is an input type that accepts AcknowledgeMap and AcknowledgeMapOutput values. // You can construct a concrete instance of `AcknowledgeMapInput` via: // @@ -226,12 +213,6 @@ func (i AcknowledgeMap) ToAcknowledgeMapOutputWithContext(ctx context.Context) A return pulumi.ToOutputWithContext(ctx, i).(AcknowledgeMapOutput) } -func (i AcknowledgeMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Acknowledge] { - return pulumix.Output[map[string]*Acknowledge]{ - OutputState: i.ToAcknowledgeMapOutputWithContext(ctx).OutputState, - } -} - type AcknowledgeOutput struct{ *pulumi.OutputState } func (AcknowledgeOutput) ElementType() reflect.Type { @@ -246,12 +227,6 @@ func (o AcknowledgeOutput) ToAcknowledgeOutputWithContext(ctx context.Context) A return o } -func (o AcknowledgeOutput) ToOutput(ctx context.Context) pulumix.Output[*Acknowledge] { - return pulumix.Output[*Acknowledge]{ - OutputState: o.OutputState, - } -} - // A comment describing the reason for the acknowledgment func (o AcknowledgeOutput) Comment() pulumi.StringOutput { return o.ApplyT(func(v *Acknowledge) pulumi.StringOutput { return v.Comment }).(pulumi.StringOutput) @@ -276,12 +251,6 @@ func (o AcknowledgeArrayOutput) ToAcknowledgeArrayOutputWithContext(ctx context. return o } -func (o AcknowledgeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Acknowledge] { - return pulumix.Output[[]*Acknowledge]{ - OutputState: o.OutputState, - } -} - func (o AcknowledgeArrayOutput) Index(i pulumi.IntInput) AcknowledgeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Acknowledge { return vs[0].([]*Acknowledge)[vs[1].(int)] @@ -302,12 +271,6 @@ func (o AcknowledgeMapOutput) ToAcknowledgeMapOutputWithContext(ctx context.Cont return o } -func (o AcknowledgeMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Acknowledge] { - return pulumix.Output[map[string]*Acknowledge]{ - OutputState: o.OutputState, - } -} - func (o AcknowledgeMapOutput) MapIndex(k pulumi.StringInput) AcknowledgeOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Acknowledge { return vs[0].(map[string]*Acknowledge)[vs[1].(string)] diff --git a/sdk/go/aquasec/applicationScope.go b/sdk/go/aquasec/applicationScope.go index 456c6b98..4e2ea3b7 100644 --- a/sdk/go/aquasec/applicationScope.go +++ b/sdk/go/aquasec/applicationScope.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -132,12 +131,6 @@ func (i *ApplicationScope) ToApplicationScopeOutputWithContext(ctx context.Conte return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeOutput) } -func (i *ApplicationScope) ToOutput(ctx context.Context) pulumix.Output[*ApplicationScope] { - return pulumix.Output[*ApplicationScope]{ - OutputState: i.ToApplicationScopeOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeArrayInput is an input type that accepts ApplicationScopeArray and ApplicationScopeArrayOutput values. // You can construct a concrete instance of `ApplicationScopeArrayInput` via: // @@ -163,12 +156,6 @@ func (i ApplicationScopeArray) ToApplicationScopeArrayOutputWithContext(ctx cont return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeArrayOutput) } -func (i ApplicationScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]*ApplicationScope] { - return pulumix.Output[[]*ApplicationScope]{ - OutputState: i.ToApplicationScopeArrayOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeMapInput is an input type that accepts ApplicationScopeMap and ApplicationScopeMapOutput values. // You can construct a concrete instance of `ApplicationScopeMapInput` via: // @@ -194,12 +181,6 @@ func (i ApplicationScopeMap) ToApplicationScopeMapOutputWithContext(ctx context. return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeMapOutput) } -func (i ApplicationScopeMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*ApplicationScope] { - return pulumix.Output[map[string]*ApplicationScope]{ - OutputState: i.ToApplicationScopeMapOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeOutput struct{ *pulumi.OutputState } func (ApplicationScopeOutput) ElementType() reflect.Type { @@ -214,12 +195,6 @@ func (o ApplicationScopeOutput) ToApplicationScopeOutputWithContext(ctx context. return o } -func (o ApplicationScopeOutput) ToOutput(ctx context.Context) pulumix.Output[*ApplicationScope] { - return pulumix.Output[*ApplicationScope]{ - OutputState: o.OutputState, - } -} - // Username of the account that created the service. func (o ApplicationScopeOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *ApplicationScope) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) @@ -259,12 +234,6 @@ func (o ApplicationScopeArrayOutput) ToApplicationScopeArrayOutputWithContext(ct return o } -func (o ApplicationScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*ApplicationScope] { - return pulumix.Output[[]*ApplicationScope]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeArrayOutput) Index(i pulumi.IntInput) ApplicationScopeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *ApplicationScope { return vs[0].([]*ApplicationScope)[vs[1].(int)] @@ -285,12 +254,6 @@ func (o ApplicationScopeMapOutput) ToApplicationScopeMapOutputWithContext(ctx co return o } -func (o ApplicationScopeMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*ApplicationScope] { - return pulumix.Output[map[string]*ApplicationScope]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeMapOutput) MapIndex(k pulumi.StringInput) ApplicationScopeOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *ApplicationScope { return vs[0].(map[string]*ApplicationScope)[vs[1].(string)] diff --git a/sdk/go/aquasec/aquaLabel.go b/sdk/go/aquasec/aquaLabel.go index a28d454f..ac67e2c0 100644 --- a/sdk/go/aquasec/aquaLabel.go +++ b/sdk/go/aquasec/aquaLabel.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -118,12 +117,6 @@ func (i *AquaLabel) ToAquaLabelOutputWithContext(ctx context.Context) AquaLabelO return pulumi.ToOutputWithContext(ctx, i).(AquaLabelOutput) } -func (i *AquaLabel) ToOutput(ctx context.Context) pulumix.Output[*AquaLabel] { - return pulumix.Output[*AquaLabel]{ - OutputState: i.ToAquaLabelOutputWithContext(ctx).OutputState, - } -} - // AquaLabelArrayInput is an input type that accepts AquaLabelArray and AquaLabelArrayOutput values. // You can construct a concrete instance of `AquaLabelArrayInput` via: // @@ -149,12 +142,6 @@ func (i AquaLabelArray) ToAquaLabelArrayOutputWithContext(ctx context.Context) A return pulumi.ToOutputWithContext(ctx, i).(AquaLabelArrayOutput) } -func (i AquaLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]*AquaLabel] { - return pulumix.Output[[]*AquaLabel]{ - OutputState: i.ToAquaLabelArrayOutputWithContext(ctx).OutputState, - } -} - // AquaLabelMapInput is an input type that accepts AquaLabelMap and AquaLabelMapOutput values. // You can construct a concrete instance of `AquaLabelMapInput` via: // @@ -180,12 +167,6 @@ func (i AquaLabelMap) ToAquaLabelMapOutputWithContext(ctx context.Context) AquaL return pulumi.ToOutputWithContext(ctx, i).(AquaLabelMapOutput) } -func (i AquaLabelMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*AquaLabel] { - return pulumix.Output[map[string]*AquaLabel]{ - OutputState: i.ToAquaLabelMapOutputWithContext(ctx).OutputState, - } -} - type AquaLabelOutput struct{ *pulumi.OutputState } func (AquaLabelOutput) ElementType() reflect.Type { @@ -200,12 +181,6 @@ func (o AquaLabelOutput) ToAquaLabelOutputWithContext(ctx context.Context) AquaL return o } -func (o AquaLabelOutput) ToOutput(ctx context.Context) pulumix.Output[*AquaLabel] { - return pulumix.Output[*AquaLabel]{ - OutputState: o.OutputState, - } -} - // The name of the user who created the Aqua label. func (o AquaLabelOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *AquaLabel) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) @@ -240,12 +215,6 @@ func (o AquaLabelArrayOutput) ToAquaLabelArrayOutputWithContext(ctx context.Cont return o } -func (o AquaLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*AquaLabel] { - return pulumix.Output[[]*AquaLabel]{ - OutputState: o.OutputState, - } -} - func (o AquaLabelArrayOutput) Index(i pulumi.IntInput) AquaLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *AquaLabel { return vs[0].([]*AquaLabel)[vs[1].(int)] @@ -266,12 +235,6 @@ func (o AquaLabelMapOutput) ToAquaLabelMapOutputWithContext(ctx context.Context) return o } -func (o AquaLabelMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*AquaLabel] { - return pulumix.Output[map[string]*AquaLabel]{ - OutputState: o.OutputState, - } -} - func (o AquaLabelMapOutput) MapIndex(k pulumi.StringInput) AquaLabelOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *AquaLabel { return vs[0].(map[string]*AquaLabel)[vs[1].(string)] diff --git a/sdk/go/aquasec/config/config.go b/sdk/go/aquasec/config/config.go index 950b1aba..de811bf1 100644 --- a/sdk/go/aquasec/config/config.go +++ b/sdk/go/aquasec/config/config.go @@ -13,35 +13,83 @@ var _ = internal.GetEnvOrDefault // This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable. func GetAquaUrl(ctx *pulumi.Context) string { - return config.Get(ctx, "aquasec:aquaUrl") + v, err := config.Try(ctx, "aquasec:aquaUrl") + if err == nil { + return v + } + var value string + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_URL"); d != nil { + value = d.(string) + } + return value } // This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced // from the `AQUA_CA_CERT_PATH` environment variable. func GetCaCertificatePath(ctx *pulumi.Context) string { - return config.Get(ctx, "aquasec:caCertificatePath") + v, err := config.Try(ctx, "aquasec:caCertificatePath") + if err == nil { + return v + } + var value string + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_CA_CERT_PATH"); d != nil { + value = d.(string) + } + return value } // This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can // alternatively be sourced from the `AQUA_CONFIG` environment variable. func GetConfigPath(ctx *pulumi.Context) string { - return config.Get(ctx, "aquasec:configPath") + v, err := config.Try(ctx, "aquasec:configPath") + if err == nil { + return v + } + var value string + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_CONFIG"); d != nil { + value = d.(string) + } + return value } // This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD` // environment variable. func GetPassword(ctx *pulumi.Context) string { - return config.Get(ctx, "aquasec:password") + v, err := config.Try(ctx, "aquasec:password") + if err == nil { + return v + } + var value string + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_PASSWORD"); d != nil { + value = d.(string) + } + return value } // This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER` // environment variable. func GetUsername(ctx *pulumi.Context) string { - return config.Get(ctx, "aquasec:username") + v, err := config.Try(ctx, "aquasec:username") + if err == nil { + return v + } + var value string + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_USER"); d != nil { + value = d.(string) + } + return value } // If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can // alternatively be sourced from the `AQUA_TLS_VERIFY` environment variable. func GetVerifyTls(ctx *pulumi.Context) bool { - return config.GetBool(ctx, "aquasec:verifyTls") + v, err := config.TryBool(ctx, "aquasec:verifyTls") + if err == nil { + return v + } + var value bool + if d := internal.GetEnvOrDefault(true, internal.ParseEnvBool, "AQUA_TLS_VERIFY"); d != nil { + value = d.(bool) + } + return value } diff --git a/sdk/go/aquasec/containerRuntimePolicy.go b/sdk/go/aquasec/containerRuntimePolicy.go index d054f076..d6db50cc 100644 --- a/sdk/go/aquasec/containerRuntimePolicy.go +++ b/sdk/go/aquasec/containerRuntimePolicy.go @@ -8,181 +8,30 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// _, err := aquasec.NewContainerRuntimePolicy(ctx, "containerRuntimePolicy", &aquasec.ContainerRuntimePolicyArgs{ -// AllowedExecutables: pulumi.StringArray{ -// pulumi.String("exe"), -// pulumi.String("bin"), -// }, -// AllowedRegistries: pulumi.StringArray{ -// pulumi.String("registry1"), -// pulumi.String("registry2"), -// }, -// ApplicationScopes: pulumi.StringArray{ -// pulumi.String("Global"), -// }, -// AuditAllNetworkActivity: pulumi.Bool(true), -// AuditAllProcessesActivity: pulumi.Bool(true), -// AuditFullCommandArguments: pulumi.Bool(true), -// BlockAccessHostNetwork: pulumi.Bool(true), -// BlockAddingCapabilities: pulumi.Bool(true), -// BlockContainerExec: pulumi.Bool(true), -// BlockCryptocurrencyMining: pulumi.Bool(true), -// BlockFilelessExec: pulumi.Bool(true), -// BlockLowPortBinding: pulumi.Bool(true), -// BlockNonCompliantImages: pulumi.Bool(true), -// BlockNonCompliantWorkloads: pulumi.Bool(true), -// BlockNonK8sContainers: pulumi.Bool(true), -// BlockPrivilegedContainers: pulumi.Bool(true), -// BlockReverseShell: pulumi.Bool(true), -// BlockRootUser: pulumi.Bool(true), -// BlockUnregisteredImages: pulumi.Bool(true), -// BlockUseIpcNamespace: pulumi.Bool(true), -// BlockUsePidNamespace: pulumi.Bool(true), -// BlockUseUserNamespace: pulumi.Bool(true), -// BlockUseUtsNamespace: pulumi.Bool(true), -// BlockedCapabilities: pulumi.StringArray{ -// pulumi.String("AUDIT_CONTROL"), -// pulumi.String("AUDIT_WRITE"), -// }, -// BlockedExecutables: pulumi.StringArray{ -// pulumi.String("exe1"), -// pulumi.String("exe2"), -// }, -// BlockedFiles: pulumi.StringArray{ -// pulumi.String("test1"), -// pulumi.String("test2"), -// }, -// BlockedInboundPorts: pulumi.StringArray{ -// pulumi.String("80"), -// pulumi.String("8080"), -// }, -// BlockedOutboundPorts: pulumi.StringArray{ -// pulumi.String("90"), -// pulumi.String("9090"), -// }, -// BlockedPackages: pulumi.StringArray{ -// pulumi.String("pkg"), -// pulumi.String("pkg2"), -// }, -// BlockedVolumes: pulumi.StringArray{ -// pulumi.String("blocked"), -// pulumi.String("vol"), -// }, -// ContainerExecAllowedProcesses: pulumi.StringArray{ -// pulumi.String("proc1"), -// pulumi.String("proc2"), -// }, -// Description: pulumi.String("container_runtime_policy"), -// EnableDriftPrevention: pulumi.Bool(true), -// EnableForkGuard: pulumi.Bool(true), -// EnableIpReputationSecurity: pulumi.Bool(true), -// EnablePortScanDetection: pulumi.Bool(true), -// Enabled: pulumi.Bool(true), -// Enforce: pulumi.Bool(false), -// ExceptionalReadonlyFilesAndDirectories: pulumi.StringArray{ -// pulumi.String("readonly2"), -// pulumi.String("/dir2/"), -// }, -// FileIntegrityMonitoring: &aquasec.ContainerRuntimePolicyFileIntegrityMonitoringArgs{ -// ExcludedPaths: pulumi.StringArray{ -// pulumi.String("expaths"), -// }, -// ExcludedProcesses: pulumi.StringArray{ -// pulumi.String("exprocess"), -// }, -// ExcludedUsers: pulumi.StringArray{ -// pulumi.String("expuser"), -// }, -// MonitorAttributes: pulumi.Bool(true), -// MonitorCreate: pulumi.Bool(true), -// MonitorDelete: pulumi.Bool(true), -// MonitorModify: pulumi.Bool(true), -// MonitorRead: pulumi.Bool(true), -// MonitoredPaths: pulumi.StringArray{ -// pulumi.String("paths"), -// }, -// MonitoredProcesses: pulumi.StringArray{ -// pulumi.String("process"), -// }, -// MonitoredUsers: pulumi.StringArray{ -// pulumi.String("user"), -// }, -// }, -// ForkGuardProcessLimit: pulumi.Int(13), -// LimitNewPrivileges: pulumi.Bool(true), -// MalwareScanOptions: &aquasec.ContainerRuntimePolicyMalwareScanOptionsArgs{ -// Action: pulumi.String("alert"), -// Enabled: pulumi.Bool(true), -// }, -// MonitorSystemTimeChanges: pulumi.Bool(true), -// ReadonlyFilesAndDirectories: pulumi.StringArray{ -// pulumi.String("readonly"), -// pulumi.String("/dir/"), -// }, -// ReverseShellAllowedIps: pulumi.StringArray{ -// pulumi.String("ip1"), -// pulumi.String("ip2"), -// }, -// ReverseShellAllowedProcesses: pulumi.StringArray{ -// pulumi.String("proc1"), -// pulumi.String("proc2"), -// }, -// ScopeExpression: pulumi.String("v1 || v2"), -// ScopeVariables: aquasec.ContainerRuntimePolicyScopeVariableArray{ -// &aquasec.ContainerRuntimePolicyScopeVariableArgs{ -// Attribute: pulumi.String("kubernetes.cluster"), -// Value: pulumi.String("default"), -// }, -// &aquasec.ContainerRuntimePolicyScopeVariableArgs{ -// Attribute: pulumi.String("kubernetes.label"), -// Name: pulumi.String("app"), -// Value: pulumi.String("aqua"), -// }, -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` type ContainerRuntimePolicy struct { pulumi.CustomResourceState - // List of executables that are allowed for the user. - AllowedExecutables pulumi.StringArrayOutput `pulumi:"allowedExecutables"` - // List of registries that allowed for running containers. - AllowedRegistries pulumi.StringArrayOutput `pulumi:"allowedRegistries"` + // Allowed executables configuration. + AllowedExecutables ContainerRuntimePolicyAllowedExecutableArrayOutput `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries ContainerRuntimePolicyAllowedRegistryArrayOutput `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` // If true, all network activity will be audited. AuditAllNetworkActivity pulumi.BoolPtrOutput `pulumi:"auditAllNetworkActivity"` // If true, all process activity will be audited. AuditAllProcessesActivity pulumi.BoolPtrOutput `pulumi:"auditAllProcessesActivity"` + // Detects brute force login attempts + AuditBruteForceLogin pulumi.BoolPtrOutput `pulumi:"auditBruteForceLogin"` // If true, full command arguments will be audited. - AuditFullCommandArguments pulumi.BoolPtrOutput `pulumi:"auditFullCommandArguments"` + AuditFullCommandArguments pulumi.BoolPtrOutput `pulumi:"auditFullCommandArguments"` + Auditing ContainerRuntimePolicyAuditingOutput `pulumi:"auditing"` // Username of the account that created the service. - Author pulumi.StringOutput `pulumi:"author"` + Author pulumi.StringOutput `pulumi:"author"` + BlacklistedOsUsers ContainerRuntimePolicyBlacklistedOsUsersOutput `pulumi:"blacklistedOsUsers"` // If true, prevent containers from running with access to host network. BlockAccessHostNetwork pulumi.BoolPtrOutput `pulumi:"blockAccessHostNetwork"` // If true, prevent containers from running with adding capabilities with `--cap-add` privilege. @@ -191,24 +40,19 @@ type ContainerRuntimePolicy struct { BlockContainerExec pulumi.BoolPtrOutput `pulumi:"blockContainerExec"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining BlockCryptocurrencyMining pulumi.BoolPtrOutput `pulumi:"blockCryptocurrencyMining"` + BlockDisallowedImages pulumi.BoolPtrOutput `pulumi:"blockDisallowedImages"` // Detect and prevent running in-memory execution BlockFilelessExec pulumi.BoolPtrOutput `pulumi:"blockFilelessExec"` // If true, prevent containers from running with the capability to bind in port lower than 1024. BlockLowPortBinding pulumi.BoolPtrOutput `pulumi:"blockLowPortBinding"` - // If true, running non-compliant image in the container is prevented. - BlockNonCompliantImages pulumi.BoolPtrOutput `pulumi:"blockNonCompliantImages"` // If true, running containers in non-compliant pods is prevented. BlockNonCompliantWorkloads pulumi.BoolPtrOutput `pulumi:"blockNonCompliantWorkloads"` // If true, running non-kubernetes containers is prevented. BlockNonK8sContainers pulumi.BoolPtrOutput `pulumi:"blockNonK8sContainers"` // If true, prevent containers from running with privileged container capability. BlockPrivilegedContainers pulumi.BoolPtrOutput `pulumi:"blockPrivilegedContainers"` - // If true, reverse shell is prevented. - BlockReverseShell pulumi.BoolPtrOutput `pulumi:"blockReverseShell"` // If true, prevent containers from running with root user. BlockRootUser pulumi.BoolPtrOutput `pulumi:"blockRootUser"` - // If true, running images in the container that are not registered in Aqua is prevented. - BlockUnregisteredImages pulumi.BoolPtrOutput `pulumi:"blockUnregisteredImages"` // If true, prevent containers from running with the privilege to use the IPC namespace. BlockUseIpcNamespace pulumi.BoolPtrOutput `pulumi:"blockUseIpcNamespace"` // If true, prevent containers from running with the privilege to use the PID namespace. @@ -231,50 +75,87 @@ type ContainerRuntimePolicy struct { BlockedPackages pulumi.StringArrayOutput `pulumi:"blockedPackages"` // List of volumes that are prevented from being mounted in the containers. BlockedVolumes pulumi.StringArrayOutput `pulumi:"blockedVolumes"` + // Bypass scope configuration. + BypassScopes ContainerRuntimePolicyBypassScopeArrayOutput `pulumi:"bypassScopes"` + ContainerExec ContainerRuntimePolicyContainerExecOutput `pulumi:"containerExec"` // List of processes that will be allowed. ContainerExecAllowedProcesses pulumi.StringArrayOutput `pulumi:"containerExecAllowedProcesses"` + Created pulumi.StringOutput `pulumi:"created"` + Cve pulumi.StringPtrOutput `pulumi:"cve"` + DefaultSecurityProfile pulumi.StringPtrOutput `pulumi:"defaultSecurityProfile"` // The description of the container runtime policy Description pulumi.StringPtrOutput `pulumi:"description"` - // If true, executables that are not in the original image is prevented from running. - EnableDriftPrevention pulumi.BoolPtrOutput `pulumi:"enableDriftPrevention"` + Digest pulumi.StringPtrOutput `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions ContainerRuntimePolicyDriftPreventionArrayOutput `pulumi:"driftPreventions"` + EnableCryptoMiningDns pulumi.BoolPtrOutput `pulumi:"enableCryptoMiningDns"` // If true, fork bombs are prevented in the containers. - EnableForkGuard pulumi.BoolPtrOutput `pulumi:"enableForkGuard"` - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity pulumi.BoolPtrOutput `pulumi:"enableIpReputationSecurity"` - // If true, detects port scanning behavior in the container. - EnablePortScanDetection pulumi.BoolPtrOutput `pulumi:"enablePortScanDetection"` - // Indicates if the runtime policy is enabled or not. + EnableForkGuard pulumi.BoolPtrOutput `pulumi:"enableForkGuard"` + EnableIpReputation pulumi.BoolPtrOutput `pulumi:"enableIpReputation"` + EnablePortScanProtection pulumi.BoolPtrOutput `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrOutput `pulumi:"enforce"` // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` - // List of files and directories to be excluded from the read-only list. - ExceptionalReadonlyFilesAndDirectories pulumi.StringArrayOutput `pulumi:"exceptionalReadonlyFilesAndDirectories"` - // Specify processes that will be allowed - ExecLockdownWhiteLists pulumi.StringArrayOutput `pulumi:"execLockdownWhiteLists"` + EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn pulumi.IntOutput `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists ContainerRuntimePolicyExecutableBlacklistArrayOutput `pulumi:"executableBlacklists"` + FailedKubernetesChecks ContainerRuntimePolicyFailedKubernetesChecksOutput `pulumi:"failedKubernetesChecks"` + FileBlock ContainerRuntimePolicyFileBlockOutput `pulumi:"fileBlock"` // Configuration for file integrity monitoring. - FileIntegrityMonitoring ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput `pulumi:"fileIntegrityMonitoring"` + FileIntegrityMonitoring ContainerRuntimePolicyFileIntegrityMonitoringOutput `pulumi:"fileIntegrityMonitoring"` // Process limit for the fork guard. - ForkGuardProcessLimit pulumi.IntPtrOutput `pulumi:"forkGuardProcessLimit"` + ForkGuardProcessLimit pulumi.IntPtrOutput `pulumi:"forkGuardProcessLimit"` + ImageName pulumi.StringPtrOutput `pulumi:"imageName"` + IsAuditChecked pulumi.BoolPtrOutput `pulumi:"isAuditChecked"` + IsAutoGenerated pulumi.BoolPtrOutput `pulumi:"isAutoGenerated"` + IsOotbPolicy pulumi.BoolPtrOutput `pulumi:"isOotbPolicy"` + Lastupdate pulumi.IntOutput `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput `pulumi:"limitContainerPrivileges"` // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) - LimitNewPrivileges pulumi.BoolPtrOutput `pulumi:"limitNewPrivileges"` + LimitNewPrivileges pulumi.BoolPtrOutput `pulumi:"limitNewPrivileges"` + LinuxCapabilities ContainerRuntimePolicyLinuxCapabilitiesOutput `pulumi:"linuxCapabilities"` // Configuration for Real-Time Malware Protection. - MalwareScanOptions ContainerRuntimePolicyMalwareScanOptionsPtrOutput `pulumi:"malwareScanOptions"` + MalwareScanOptions ContainerRuntimePolicyMalwareScanOptionsOutput `pulumi:"malwareScanOptions"` // If true, system time changes will be monitored. MonitorSystemTimeChanges pulumi.BoolPtrOutput `pulumi:"monitorSystemTimeChanges"` - // Name of the container runtime policy - Name pulumi.StringOutput `pulumi:"name"` - // List of files and directories to be restricted as read-only - ReadonlyFilesAndDirectories pulumi.StringArrayOutput `pulumi:"readonlyFilesAndDirectories"` - // List of IPs/ CIDRs that will be allowed - ReverseShellAllowedIps pulumi.StringArrayOutput `pulumi:"reverseShellAllowedIps"` - // List of processes that will be allowed - ReverseShellAllowedProcesses pulumi.StringArrayOutput `pulumi:"reverseShellAllowedProcesses"` + // Name assigned to the attribute. + Name pulumi.StringOutput `pulumi:"name"` + NoNewPrivileges pulumi.BoolPtrOutput `pulumi:"noNewPrivileges"` + OnlyRegisteredImages pulumi.BoolPtrOutput `pulumi:"onlyRegisteredImages"` + PackageBlock ContainerRuntimePolicyPackageBlockOutput `pulumi:"packageBlock"` + Permission pulumi.StringPtrOutput `pulumi:"permission"` + PortBlock ContainerRuntimePolicyPortBlockOutput `pulumi:"portBlock"` + ReadonlyFiles ContainerRuntimePolicyReadonlyFilesOutput `pulumi:"readonlyFiles"` + ReadonlyRegistry ContainerRuntimePolicyReadonlyRegistryOutput `pulumi:"readonlyRegistry"` + Registry pulumi.StringPtrOutput `pulumi:"registry"` + RegistryAccessMonitoring ContainerRuntimePolicyRegistryAccessMonitoringOutput `pulumi:"registryAccessMonitoring"` + RepoName pulumi.StringPtrOutput `pulumi:"repoName"` + ResourceName pulumi.StringPtrOutput `pulumi:"resourceName"` + ResourceType pulumi.StringPtrOutput `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes ContainerRuntimePolicyRestrictedVolumeArrayOutput `pulumi:"restrictedVolumes"` + ReverseShell ContainerRuntimePolicyReverseShellOutput `pulumi:"reverseShell"` + RuntimeMode pulumi.IntPtrOutput `pulumi:"runtimeMode"` + RuntimeType pulumi.StringPtrOutput `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringOutput `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables ContainerRuntimePolicyScopeVariableArrayOutput `pulumi:"scopeVariables"` + // Scope configuration. + Scopes ContainerRuntimePolicyScopeArrayOutput `pulumi:"scopes"` + SystemIntegrityProtection ContainerRuntimePolicySystemIntegrityProtectionOutput `pulumi:"systemIntegrityProtection"` + Tripwire ContainerRuntimePolicyTripwireOutput `pulumi:"tripwire"` + Type pulumi.StringPtrOutput `pulumi:"type"` + Updated pulumi.StringOutput `pulumi:"updated"` + Version pulumi.StringPtrOutput `pulumi:"version"` + VpatchVersion pulumi.StringPtrOutput `pulumi:"vpatchVersion"` + WhitelistedOsUsers ContainerRuntimePolicyWhitelistedOsUsersOutput `pulumi:"whitelistedOsUsers"` } // NewContainerRuntimePolicy registers a new resource with the given unique name, arguments, and options. @@ -307,20 +188,24 @@ func GetContainerRuntimePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering ContainerRuntimePolicy resources. type containerRuntimePolicyState struct { - // List of executables that are allowed for the user. - AllowedExecutables []string `pulumi:"allowedExecutables"` - // List of registries that allowed for running containers. - AllowedRegistries []string `pulumi:"allowedRegistries"` + // Allowed executables configuration. + AllowedExecutables []ContainerRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []ContainerRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` // If true, all network activity will be audited. AuditAllNetworkActivity *bool `pulumi:"auditAllNetworkActivity"` // If true, all process activity will be audited. AuditAllProcessesActivity *bool `pulumi:"auditAllProcessesActivity"` + // Detects brute force login attempts + AuditBruteForceLogin *bool `pulumi:"auditBruteForceLogin"` // If true, full command arguments will be audited. - AuditFullCommandArguments *bool `pulumi:"auditFullCommandArguments"` + AuditFullCommandArguments *bool `pulumi:"auditFullCommandArguments"` + Auditing *ContainerRuntimePolicyAuditing `pulumi:"auditing"` // Username of the account that created the service. - Author *string `pulumi:"author"` + Author *string `pulumi:"author"` + BlacklistedOsUsers *ContainerRuntimePolicyBlacklistedOsUsers `pulumi:"blacklistedOsUsers"` // If true, prevent containers from running with access to host network. BlockAccessHostNetwork *bool `pulumi:"blockAccessHostNetwork"` // If true, prevent containers from running with adding capabilities with `--cap-add` privilege. @@ -329,24 +214,19 @@ type containerRuntimePolicyState struct { BlockContainerExec *bool `pulumi:"blockContainerExec"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining BlockCryptocurrencyMining *bool `pulumi:"blockCryptocurrencyMining"` + BlockDisallowedImages *bool `pulumi:"blockDisallowedImages"` // Detect and prevent running in-memory execution BlockFilelessExec *bool `pulumi:"blockFilelessExec"` // If true, prevent containers from running with the capability to bind in port lower than 1024. BlockLowPortBinding *bool `pulumi:"blockLowPortBinding"` - // If true, running non-compliant image in the container is prevented. - BlockNonCompliantImages *bool `pulumi:"blockNonCompliantImages"` // If true, running containers in non-compliant pods is prevented. BlockNonCompliantWorkloads *bool `pulumi:"blockNonCompliantWorkloads"` // If true, running non-kubernetes containers is prevented. BlockNonK8sContainers *bool `pulumi:"blockNonK8sContainers"` // If true, prevent containers from running with privileged container capability. BlockPrivilegedContainers *bool `pulumi:"blockPrivilegedContainers"` - // If true, reverse shell is prevented. - BlockReverseShell *bool `pulumi:"blockReverseShell"` // If true, prevent containers from running with root user. BlockRootUser *bool `pulumi:"blockRootUser"` - // If true, running images in the container that are not registered in Aqua is prevented. - BlockUnregisteredImages *bool `pulumi:"blockUnregisteredImages"` // If true, prevent containers from running with the privilege to use the IPC namespace. BlockUseIpcNamespace *bool `pulumi:"blockUseIpcNamespace"` // If true, prevent containers from running with the privilege to use the PID namespace. @@ -369,67 +249,108 @@ type containerRuntimePolicyState struct { BlockedPackages []string `pulumi:"blockedPackages"` // List of volumes that are prevented from being mounted in the containers. BlockedVolumes []string `pulumi:"blockedVolumes"` + // Bypass scope configuration. + BypassScopes []ContainerRuntimePolicyBypassScope `pulumi:"bypassScopes"` + ContainerExec *ContainerRuntimePolicyContainerExec `pulumi:"containerExec"` // List of processes that will be allowed. ContainerExecAllowedProcesses []string `pulumi:"containerExecAllowedProcesses"` + Created *string `pulumi:"created"` + Cve *string `pulumi:"cve"` + DefaultSecurityProfile *string `pulumi:"defaultSecurityProfile"` // The description of the container runtime policy Description *string `pulumi:"description"` - // If true, executables that are not in the original image is prevented from running. - EnableDriftPrevention *bool `pulumi:"enableDriftPrevention"` + Digest *string `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions []ContainerRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + EnableCryptoMiningDns *bool `pulumi:"enableCryptoMiningDns"` // If true, fork bombs are prevented in the containers. - EnableForkGuard *bool `pulumi:"enableForkGuard"` - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity *bool `pulumi:"enableIpReputationSecurity"` - // If true, detects port scanning behavior in the container. - EnablePortScanDetection *bool `pulumi:"enablePortScanDetection"` - // Indicates if the runtime policy is enabled or not. + EnableForkGuard *bool `pulumi:"enableForkGuard"` + EnableIpReputation *bool `pulumi:"enableIpReputation"` + EnablePortScanProtection *bool `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled *bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce *bool `pulumi:"enforce"` // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays *int `pulumi:"enforceAfterDays"` - // List of files and directories to be excluded from the read-only list. - ExceptionalReadonlyFilesAndDirectories []string `pulumi:"exceptionalReadonlyFilesAndDirectories"` - // Specify processes that will be allowed - ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn *int `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists []ContainerRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + FailedKubernetesChecks *ContainerRuntimePolicyFailedKubernetesChecks `pulumi:"failedKubernetesChecks"` + FileBlock *ContainerRuntimePolicyFileBlock `pulumi:"fileBlock"` // Configuration for file integrity monitoring. FileIntegrityMonitoring *ContainerRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitoring"` // Process limit for the fork guard. - ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` + ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` + ImageName *string `pulumi:"imageName"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + IsAutoGenerated *bool `pulumi:"isAutoGenerated"` + IsOotbPolicy *bool `pulumi:"isOotbPolicy"` + Lastupdate *int `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges []ContainerRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) - LimitNewPrivileges *bool `pulumi:"limitNewPrivileges"` + LimitNewPrivileges *bool `pulumi:"limitNewPrivileges"` + LinuxCapabilities *ContainerRuntimePolicyLinuxCapabilities `pulumi:"linuxCapabilities"` // Configuration for Real-Time Malware Protection. MalwareScanOptions *ContainerRuntimePolicyMalwareScanOptions `pulumi:"malwareScanOptions"` // If true, system time changes will be monitored. MonitorSystemTimeChanges *bool `pulumi:"monitorSystemTimeChanges"` - // Name of the container runtime policy - Name *string `pulumi:"name"` - // List of files and directories to be restricted as read-only - ReadonlyFilesAndDirectories []string `pulumi:"readonlyFilesAndDirectories"` - // List of IPs/ CIDRs that will be allowed - ReverseShellAllowedIps []string `pulumi:"reverseShellAllowedIps"` - // List of processes that will be allowed - ReverseShellAllowedProcesses []string `pulumi:"reverseShellAllowedProcesses"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + NoNewPrivileges *bool `pulumi:"noNewPrivileges"` + OnlyRegisteredImages *bool `pulumi:"onlyRegisteredImages"` + PackageBlock *ContainerRuntimePolicyPackageBlock `pulumi:"packageBlock"` + Permission *string `pulumi:"permission"` + PortBlock *ContainerRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *ContainerRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + ReadonlyRegistry *ContainerRuntimePolicyReadonlyRegistry `pulumi:"readonlyRegistry"` + Registry *string `pulumi:"registry"` + RegistryAccessMonitoring *ContainerRuntimePolicyRegistryAccessMonitoring `pulumi:"registryAccessMonitoring"` + RepoName *string `pulumi:"repoName"` + ResourceName *string `pulumi:"resourceName"` + ResourceType *string `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes []ContainerRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` + ReverseShell *ContainerRuntimePolicyReverseShell `pulumi:"reverseShell"` + RuntimeMode *int `pulumi:"runtimeMode"` + RuntimeType *string `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression *string `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables []ContainerRuntimePolicyScopeVariable `pulumi:"scopeVariables"` + // Scope configuration. + Scopes []ContainerRuntimePolicyScope `pulumi:"scopes"` + SystemIntegrityProtection *ContainerRuntimePolicySystemIntegrityProtection `pulumi:"systemIntegrityProtection"` + Tripwire *ContainerRuntimePolicyTripwire `pulumi:"tripwire"` + Type *string `pulumi:"type"` + Updated *string `pulumi:"updated"` + Version *string `pulumi:"version"` + VpatchVersion *string `pulumi:"vpatchVersion"` + WhitelistedOsUsers *ContainerRuntimePolicyWhitelistedOsUsers `pulumi:"whitelistedOsUsers"` } type ContainerRuntimePolicyState struct { - // List of executables that are allowed for the user. - AllowedExecutables pulumi.StringArrayInput - // List of registries that allowed for running containers. - AllowedRegistries pulumi.StringArrayInput + // Allowed executables configuration. + AllowedExecutables ContainerRuntimePolicyAllowedExecutableArrayInput + // List of allowed registries. + AllowedRegistries ContainerRuntimePolicyAllowedRegistryArrayInput // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayInput // If true, all network activity will be audited. AuditAllNetworkActivity pulumi.BoolPtrInput // If true, all process activity will be audited. AuditAllProcessesActivity pulumi.BoolPtrInput + // Detects brute force login attempts + AuditBruteForceLogin pulumi.BoolPtrInput // If true, full command arguments will be audited. AuditFullCommandArguments pulumi.BoolPtrInput + Auditing ContainerRuntimePolicyAuditingPtrInput // Username of the account that created the service. - Author pulumi.StringPtrInput + Author pulumi.StringPtrInput + BlacklistedOsUsers ContainerRuntimePolicyBlacklistedOsUsersPtrInput // If true, prevent containers from running with access to host network. BlockAccessHostNetwork pulumi.BoolPtrInput // If true, prevent containers from running with adding capabilities with `--cap-add` privilege. @@ -438,24 +359,19 @@ type ContainerRuntimePolicyState struct { BlockContainerExec pulumi.BoolPtrInput // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining BlockCryptocurrencyMining pulumi.BoolPtrInput + BlockDisallowedImages pulumi.BoolPtrInput // Detect and prevent running in-memory execution BlockFilelessExec pulumi.BoolPtrInput // If true, prevent containers from running with the capability to bind in port lower than 1024. BlockLowPortBinding pulumi.BoolPtrInput - // If true, running non-compliant image in the container is prevented. - BlockNonCompliantImages pulumi.BoolPtrInput // If true, running containers in non-compliant pods is prevented. BlockNonCompliantWorkloads pulumi.BoolPtrInput // If true, running non-kubernetes containers is prevented. BlockNonK8sContainers pulumi.BoolPtrInput // If true, prevent containers from running with privileged container capability. BlockPrivilegedContainers pulumi.BoolPtrInput - // If true, reverse shell is prevented. - BlockReverseShell pulumi.BoolPtrInput // If true, prevent containers from running with root user. BlockRootUser pulumi.BoolPtrInput - // If true, running images in the container that are not registered in Aqua is prevented. - BlockUnregisteredImages pulumi.BoolPtrInput // If true, prevent containers from running with the privilege to use the IPC namespace. BlockUseIpcNamespace pulumi.BoolPtrInput // If true, prevent containers from running with the privilege to use the PID namespace. @@ -478,50 +394,87 @@ type ContainerRuntimePolicyState struct { BlockedPackages pulumi.StringArrayInput // List of volumes that are prevented from being mounted in the containers. BlockedVolumes pulumi.StringArrayInput + // Bypass scope configuration. + BypassScopes ContainerRuntimePolicyBypassScopeArrayInput + ContainerExec ContainerRuntimePolicyContainerExecPtrInput // List of processes that will be allowed. ContainerExecAllowedProcesses pulumi.StringArrayInput + Created pulumi.StringPtrInput + Cve pulumi.StringPtrInput + DefaultSecurityProfile pulumi.StringPtrInput // The description of the container runtime policy Description pulumi.StringPtrInput - // If true, executables that are not in the original image is prevented from running. - EnableDriftPrevention pulumi.BoolPtrInput + Digest pulumi.StringPtrInput + // Drift prevention configuration. + DriftPreventions ContainerRuntimePolicyDriftPreventionArrayInput + EnableCryptoMiningDns pulumi.BoolPtrInput // If true, fork bombs are prevented in the containers. - EnableForkGuard pulumi.BoolPtrInput - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity pulumi.BoolPtrInput - // If true, detects port scanning behavior in the container. - EnablePortScanDetection pulumi.BoolPtrInput - // Indicates if the runtime policy is enabled or not. + EnableForkGuard pulumi.BoolPtrInput + EnableIpReputation pulumi.BoolPtrInput + EnablePortScanProtection pulumi.BoolPtrInput + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrInput // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrInput // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays pulumi.IntPtrInput - // List of files and directories to be excluded from the read-only list. - ExceptionalReadonlyFilesAndDirectories pulumi.StringArrayInput - // Specify processes that will be allowed - ExecLockdownWhiteLists pulumi.StringArrayInput + EnforceAfterDays pulumi.IntPtrInput + EnforceSchedulerAddedOn pulumi.IntPtrInput + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayInput + // Executable blacklist configuration. + ExecutableBlacklists ContainerRuntimePolicyExecutableBlacklistArrayInput + FailedKubernetesChecks ContainerRuntimePolicyFailedKubernetesChecksPtrInput + FileBlock ContainerRuntimePolicyFileBlockPtrInput // Configuration for file integrity monitoring. FileIntegrityMonitoring ContainerRuntimePolicyFileIntegrityMonitoringPtrInput // Process limit for the fork guard. ForkGuardProcessLimit pulumi.IntPtrInput + ImageName pulumi.StringPtrInput + IsAuditChecked pulumi.BoolPtrInput + IsAutoGenerated pulumi.BoolPtrInput + IsOotbPolicy pulumi.BoolPtrInput + Lastupdate pulumi.IntPtrInput + // Container privileges configuration. + LimitContainerPrivileges ContainerRuntimePolicyLimitContainerPrivilegeArrayInput // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) LimitNewPrivileges pulumi.BoolPtrInput + LinuxCapabilities ContainerRuntimePolicyLinuxCapabilitiesPtrInput // Configuration for Real-Time Malware Protection. MalwareScanOptions ContainerRuntimePolicyMalwareScanOptionsPtrInput // If true, system time changes will be monitored. MonitorSystemTimeChanges pulumi.BoolPtrInput - // Name of the container runtime policy - Name pulumi.StringPtrInput - // List of files and directories to be restricted as read-only - ReadonlyFilesAndDirectories pulumi.StringArrayInput - // List of IPs/ CIDRs that will be allowed - ReverseShellAllowedIps pulumi.StringArrayInput - // List of processes that will be allowed - ReverseShellAllowedProcesses pulumi.StringArrayInput + // Name assigned to the attribute. + Name pulumi.StringPtrInput + NoNewPrivileges pulumi.BoolPtrInput + OnlyRegisteredImages pulumi.BoolPtrInput + PackageBlock ContainerRuntimePolicyPackageBlockPtrInput + Permission pulumi.StringPtrInput + PortBlock ContainerRuntimePolicyPortBlockPtrInput + ReadonlyFiles ContainerRuntimePolicyReadonlyFilesPtrInput + ReadonlyRegistry ContainerRuntimePolicyReadonlyRegistryPtrInput + Registry pulumi.StringPtrInput + RegistryAccessMonitoring ContainerRuntimePolicyRegistryAccessMonitoringPtrInput + RepoName pulumi.StringPtrInput + ResourceName pulumi.StringPtrInput + ResourceType pulumi.StringPtrInput + // Restricted volumes configuration. + RestrictedVolumes ContainerRuntimePolicyRestrictedVolumeArrayInput + ReverseShell ContainerRuntimePolicyReverseShellPtrInput + RuntimeMode pulumi.IntPtrInput + RuntimeType pulumi.StringPtrInput // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringPtrInput // List of scope attributes. ScopeVariables ContainerRuntimePolicyScopeVariableArrayInput + // Scope configuration. + Scopes ContainerRuntimePolicyScopeArrayInput + SystemIntegrityProtection ContainerRuntimePolicySystemIntegrityProtectionPtrInput + Tripwire ContainerRuntimePolicyTripwirePtrInput + Type pulumi.StringPtrInput + Updated pulumi.StringPtrInput + Version pulumi.StringPtrInput + VpatchVersion pulumi.StringPtrInput + WhitelistedOsUsers ContainerRuntimePolicyWhitelistedOsUsersPtrInput } func (ContainerRuntimePolicyState) ElementType() reflect.Type { @@ -529,18 +482,24 @@ func (ContainerRuntimePolicyState) ElementType() reflect.Type { } type containerRuntimePolicyArgs struct { - // List of executables that are allowed for the user. - AllowedExecutables []string `pulumi:"allowedExecutables"` - // List of registries that allowed for running containers. - AllowedRegistries []string `pulumi:"allowedRegistries"` + // Allowed executables configuration. + AllowedExecutables []ContainerRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []ContainerRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` // If true, all network activity will be audited. AuditAllNetworkActivity *bool `pulumi:"auditAllNetworkActivity"` // If true, all process activity will be audited. AuditAllProcessesActivity *bool `pulumi:"auditAllProcessesActivity"` + // Detects brute force login attempts + AuditBruteForceLogin *bool `pulumi:"auditBruteForceLogin"` // If true, full command arguments will be audited. - AuditFullCommandArguments *bool `pulumi:"auditFullCommandArguments"` + AuditFullCommandArguments *bool `pulumi:"auditFullCommandArguments"` + Auditing *ContainerRuntimePolicyAuditing `pulumi:"auditing"` + // Username of the account that created the service. + Author *string `pulumi:"author"` + BlacklistedOsUsers *ContainerRuntimePolicyBlacklistedOsUsers `pulumi:"blacklistedOsUsers"` // If true, prevent containers from running with access to host network. BlockAccessHostNetwork *bool `pulumi:"blockAccessHostNetwork"` // If true, prevent containers from running with adding capabilities with `--cap-add` privilege. @@ -549,24 +508,19 @@ type containerRuntimePolicyArgs struct { BlockContainerExec *bool `pulumi:"blockContainerExec"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining BlockCryptocurrencyMining *bool `pulumi:"blockCryptocurrencyMining"` + BlockDisallowedImages *bool `pulumi:"blockDisallowedImages"` // Detect and prevent running in-memory execution BlockFilelessExec *bool `pulumi:"blockFilelessExec"` // If true, prevent containers from running with the capability to bind in port lower than 1024. BlockLowPortBinding *bool `pulumi:"blockLowPortBinding"` - // If true, running non-compliant image in the container is prevented. - BlockNonCompliantImages *bool `pulumi:"blockNonCompliantImages"` // If true, running containers in non-compliant pods is prevented. BlockNonCompliantWorkloads *bool `pulumi:"blockNonCompliantWorkloads"` // If true, running non-kubernetes containers is prevented. BlockNonK8sContainers *bool `pulumi:"blockNonK8sContainers"` // If true, prevent containers from running with privileged container capability. BlockPrivilegedContainers *bool `pulumi:"blockPrivilegedContainers"` - // If true, reverse shell is prevented. - BlockReverseShell *bool `pulumi:"blockReverseShell"` // If true, prevent containers from running with root user. BlockRootUser *bool `pulumi:"blockRootUser"` - // If true, running images in the container that are not registered in Aqua is prevented. - BlockUnregisteredImages *bool `pulumi:"blockUnregisteredImages"` // If true, prevent containers from running with the privilege to use the IPC namespace. BlockUseIpcNamespace *bool `pulumi:"blockUseIpcNamespace"` // If true, prevent containers from running with the privilege to use the PID namespace. @@ -589,66 +543,109 @@ type containerRuntimePolicyArgs struct { BlockedPackages []string `pulumi:"blockedPackages"` // List of volumes that are prevented from being mounted in the containers. BlockedVolumes []string `pulumi:"blockedVolumes"` + // Bypass scope configuration. + BypassScopes []ContainerRuntimePolicyBypassScope `pulumi:"bypassScopes"` + ContainerExec *ContainerRuntimePolicyContainerExec `pulumi:"containerExec"` // List of processes that will be allowed. ContainerExecAllowedProcesses []string `pulumi:"containerExecAllowedProcesses"` + Created *string `pulumi:"created"` + Cve *string `pulumi:"cve"` + DefaultSecurityProfile *string `pulumi:"defaultSecurityProfile"` // The description of the container runtime policy Description *string `pulumi:"description"` - // If true, executables that are not in the original image is prevented from running. - EnableDriftPrevention *bool `pulumi:"enableDriftPrevention"` + Digest *string `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions []ContainerRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + EnableCryptoMiningDns *bool `pulumi:"enableCryptoMiningDns"` // If true, fork bombs are prevented in the containers. - EnableForkGuard *bool `pulumi:"enableForkGuard"` - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity *bool `pulumi:"enableIpReputationSecurity"` - // If true, detects port scanning behavior in the container. - EnablePortScanDetection *bool `pulumi:"enablePortScanDetection"` - // Indicates if the runtime policy is enabled or not. + EnableForkGuard *bool `pulumi:"enableForkGuard"` + EnableIpReputation *bool `pulumi:"enableIpReputation"` + EnablePortScanProtection *bool `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled *bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce *bool `pulumi:"enforce"` // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays *int `pulumi:"enforceAfterDays"` - // List of files and directories to be excluded from the read-only list. - ExceptionalReadonlyFilesAndDirectories []string `pulumi:"exceptionalReadonlyFilesAndDirectories"` - // Specify processes that will be allowed - ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn *int `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists []ContainerRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + FailedKubernetesChecks *ContainerRuntimePolicyFailedKubernetesChecks `pulumi:"failedKubernetesChecks"` + FileBlock *ContainerRuntimePolicyFileBlock `pulumi:"fileBlock"` // Configuration for file integrity monitoring. FileIntegrityMonitoring *ContainerRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitoring"` // Process limit for the fork guard. - ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` + ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` + ImageName *string `pulumi:"imageName"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + IsAutoGenerated *bool `pulumi:"isAutoGenerated"` + IsOotbPolicy *bool `pulumi:"isOotbPolicy"` + Lastupdate *int `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges []ContainerRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) - LimitNewPrivileges *bool `pulumi:"limitNewPrivileges"` + LimitNewPrivileges *bool `pulumi:"limitNewPrivileges"` + LinuxCapabilities *ContainerRuntimePolicyLinuxCapabilities `pulumi:"linuxCapabilities"` // Configuration for Real-Time Malware Protection. MalwareScanOptions *ContainerRuntimePolicyMalwareScanOptions `pulumi:"malwareScanOptions"` // If true, system time changes will be monitored. MonitorSystemTimeChanges *bool `pulumi:"monitorSystemTimeChanges"` - // Name of the container runtime policy - Name *string `pulumi:"name"` - // List of files and directories to be restricted as read-only - ReadonlyFilesAndDirectories []string `pulumi:"readonlyFilesAndDirectories"` - // List of IPs/ CIDRs that will be allowed - ReverseShellAllowedIps []string `pulumi:"reverseShellAllowedIps"` - // List of processes that will be allowed - ReverseShellAllowedProcesses []string `pulumi:"reverseShellAllowedProcesses"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + NoNewPrivileges *bool `pulumi:"noNewPrivileges"` + OnlyRegisteredImages *bool `pulumi:"onlyRegisteredImages"` + PackageBlock *ContainerRuntimePolicyPackageBlock `pulumi:"packageBlock"` + Permission *string `pulumi:"permission"` + PortBlock *ContainerRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *ContainerRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + ReadonlyRegistry *ContainerRuntimePolicyReadonlyRegistry `pulumi:"readonlyRegistry"` + Registry *string `pulumi:"registry"` + RegistryAccessMonitoring *ContainerRuntimePolicyRegistryAccessMonitoring `pulumi:"registryAccessMonitoring"` + RepoName *string `pulumi:"repoName"` + ResourceName *string `pulumi:"resourceName"` + ResourceType *string `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes []ContainerRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` + ReverseShell *ContainerRuntimePolicyReverseShell `pulumi:"reverseShell"` + RuntimeMode *int `pulumi:"runtimeMode"` + RuntimeType *string `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression *string `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables []ContainerRuntimePolicyScopeVariable `pulumi:"scopeVariables"` + // Scope configuration. + Scopes []ContainerRuntimePolicyScope `pulumi:"scopes"` + SystemIntegrityProtection *ContainerRuntimePolicySystemIntegrityProtection `pulumi:"systemIntegrityProtection"` + Tripwire *ContainerRuntimePolicyTripwire `pulumi:"tripwire"` + Type *string `pulumi:"type"` + Updated *string `pulumi:"updated"` + Version *string `pulumi:"version"` + VpatchVersion *string `pulumi:"vpatchVersion"` + WhitelistedOsUsers *ContainerRuntimePolicyWhitelistedOsUsers `pulumi:"whitelistedOsUsers"` } // The set of arguments for constructing a ContainerRuntimePolicy resource. type ContainerRuntimePolicyArgs struct { - // List of executables that are allowed for the user. - AllowedExecutables pulumi.StringArrayInput - // List of registries that allowed for running containers. - AllowedRegistries pulumi.StringArrayInput + // Allowed executables configuration. + AllowedExecutables ContainerRuntimePolicyAllowedExecutableArrayInput + // List of allowed registries. + AllowedRegistries ContainerRuntimePolicyAllowedRegistryArrayInput // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayInput // If true, all network activity will be audited. AuditAllNetworkActivity pulumi.BoolPtrInput // If true, all process activity will be audited. AuditAllProcessesActivity pulumi.BoolPtrInput + // Detects brute force login attempts + AuditBruteForceLogin pulumi.BoolPtrInput // If true, full command arguments will be audited. AuditFullCommandArguments pulumi.BoolPtrInput + Auditing ContainerRuntimePolicyAuditingPtrInput + // Username of the account that created the service. + Author pulumi.StringPtrInput + BlacklistedOsUsers ContainerRuntimePolicyBlacklistedOsUsersPtrInput // If true, prevent containers from running with access to host network. BlockAccessHostNetwork pulumi.BoolPtrInput // If true, prevent containers from running with adding capabilities with `--cap-add` privilege. @@ -657,24 +654,19 @@ type ContainerRuntimePolicyArgs struct { BlockContainerExec pulumi.BoolPtrInput // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining BlockCryptocurrencyMining pulumi.BoolPtrInput + BlockDisallowedImages pulumi.BoolPtrInput // Detect and prevent running in-memory execution BlockFilelessExec pulumi.BoolPtrInput // If true, prevent containers from running with the capability to bind in port lower than 1024. BlockLowPortBinding pulumi.BoolPtrInput - // If true, running non-compliant image in the container is prevented. - BlockNonCompliantImages pulumi.BoolPtrInput // If true, running containers in non-compliant pods is prevented. BlockNonCompliantWorkloads pulumi.BoolPtrInput // If true, running non-kubernetes containers is prevented. BlockNonK8sContainers pulumi.BoolPtrInput // If true, prevent containers from running with privileged container capability. BlockPrivilegedContainers pulumi.BoolPtrInput - // If true, reverse shell is prevented. - BlockReverseShell pulumi.BoolPtrInput // If true, prevent containers from running with root user. BlockRootUser pulumi.BoolPtrInput - // If true, running images in the container that are not registered in Aqua is prevented. - BlockUnregisteredImages pulumi.BoolPtrInput // If true, prevent containers from running with the privilege to use the IPC namespace. BlockUseIpcNamespace pulumi.BoolPtrInput // If true, prevent containers from running with the privilege to use the PID namespace. @@ -697,50 +689,87 @@ type ContainerRuntimePolicyArgs struct { BlockedPackages pulumi.StringArrayInput // List of volumes that are prevented from being mounted in the containers. BlockedVolumes pulumi.StringArrayInput + // Bypass scope configuration. + BypassScopes ContainerRuntimePolicyBypassScopeArrayInput + ContainerExec ContainerRuntimePolicyContainerExecPtrInput // List of processes that will be allowed. ContainerExecAllowedProcesses pulumi.StringArrayInput + Created pulumi.StringPtrInput + Cve pulumi.StringPtrInput + DefaultSecurityProfile pulumi.StringPtrInput // The description of the container runtime policy Description pulumi.StringPtrInput - // If true, executables that are not in the original image is prevented from running. - EnableDriftPrevention pulumi.BoolPtrInput + Digest pulumi.StringPtrInput + // Drift prevention configuration. + DriftPreventions ContainerRuntimePolicyDriftPreventionArrayInput + EnableCryptoMiningDns pulumi.BoolPtrInput // If true, fork bombs are prevented in the containers. - EnableForkGuard pulumi.BoolPtrInput - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity pulumi.BoolPtrInput - // If true, detects port scanning behavior in the container. - EnablePortScanDetection pulumi.BoolPtrInput - // Indicates if the runtime policy is enabled or not. + EnableForkGuard pulumi.BoolPtrInput + EnableIpReputation pulumi.BoolPtrInput + EnablePortScanProtection pulumi.BoolPtrInput + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrInput // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrInput // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays pulumi.IntPtrInput - // List of files and directories to be excluded from the read-only list. - ExceptionalReadonlyFilesAndDirectories pulumi.StringArrayInput - // Specify processes that will be allowed - ExecLockdownWhiteLists pulumi.StringArrayInput + EnforceAfterDays pulumi.IntPtrInput + EnforceSchedulerAddedOn pulumi.IntPtrInput + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayInput + // Executable blacklist configuration. + ExecutableBlacklists ContainerRuntimePolicyExecutableBlacklistArrayInput + FailedKubernetesChecks ContainerRuntimePolicyFailedKubernetesChecksPtrInput + FileBlock ContainerRuntimePolicyFileBlockPtrInput // Configuration for file integrity monitoring. FileIntegrityMonitoring ContainerRuntimePolicyFileIntegrityMonitoringPtrInput // Process limit for the fork guard. ForkGuardProcessLimit pulumi.IntPtrInput + ImageName pulumi.StringPtrInput + IsAuditChecked pulumi.BoolPtrInput + IsAutoGenerated pulumi.BoolPtrInput + IsOotbPolicy pulumi.BoolPtrInput + Lastupdate pulumi.IntPtrInput + // Container privileges configuration. + LimitContainerPrivileges ContainerRuntimePolicyLimitContainerPrivilegeArrayInput // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) LimitNewPrivileges pulumi.BoolPtrInput + LinuxCapabilities ContainerRuntimePolicyLinuxCapabilitiesPtrInput // Configuration for Real-Time Malware Protection. MalwareScanOptions ContainerRuntimePolicyMalwareScanOptionsPtrInput // If true, system time changes will be monitored. MonitorSystemTimeChanges pulumi.BoolPtrInput - // Name of the container runtime policy - Name pulumi.StringPtrInput - // List of files and directories to be restricted as read-only - ReadonlyFilesAndDirectories pulumi.StringArrayInput - // List of IPs/ CIDRs that will be allowed - ReverseShellAllowedIps pulumi.StringArrayInput - // List of processes that will be allowed - ReverseShellAllowedProcesses pulumi.StringArrayInput + // Name assigned to the attribute. + Name pulumi.StringPtrInput + NoNewPrivileges pulumi.BoolPtrInput + OnlyRegisteredImages pulumi.BoolPtrInput + PackageBlock ContainerRuntimePolicyPackageBlockPtrInput + Permission pulumi.StringPtrInput + PortBlock ContainerRuntimePolicyPortBlockPtrInput + ReadonlyFiles ContainerRuntimePolicyReadonlyFilesPtrInput + ReadonlyRegistry ContainerRuntimePolicyReadonlyRegistryPtrInput + Registry pulumi.StringPtrInput + RegistryAccessMonitoring ContainerRuntimePolicyRegistryAccessMonitoringPtrInput + RepoName pulumi.StringPtrInput + ResourceName pulumi.StringPtrInput + ResourceType pulumi.StringPtrInput + // Restricted volumes configuration. + RestrictedVolumes ContainerRuntimePolicyRestrictedVolumeArrayInput + ReverseShell ContainerRuntimePolicyReverseShellPtrInput + RuntimeMode pulumi.IntPtrInput + RuntimeType pulumi.StringPtrInput // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringPtrInput // List of scope attributes. ScopeVariables ContainerRuntimePolicyScopeVariableArrayInput + // Scope configuration. + Scopes ContainerRuntimePolicyScopeArrayInput + SystemIntegrityProtection ContainerRuntimePolicySystemIntegrityProtectionPtrInput + Tripwire ContainerRuntimePolicyTripwirePtrInput + Type pulumi.StringPtrInput + Updated pulumi.StringPtrInput + Version pulumi.StringPtrInput + VpatchVersion pulumi.StringPtrInput + WhitelistedOsUsers ContainerRuntimePolicyWhitelistedOsUsersPtrInput } func (ContainerRuntimePolicyArgs) ElementType() reflect.Type { @@ -766,12 +795,6 @@ func (i *ContainerRuntimePolicy) ToContainerRuntimePolicyOutputWithContext(ctx c return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyOutput) } -func (i *ContainerRuntimePolicy) ToOutput(ctx context.Context) pulumix.Output[*ContainerRuntimePolicy] { - return pulumix.Output[*ContainerRuntimePolicy]{ - OutputState: i.ToContainerRuntimePolicyOutputWithContext(ctx).OutputState, - } -} - // ContainerRuntimePolicyArrayInput is an input type that accepts ContainerRuntimePolicyArray and ContainerRuntimePolicyArrayOutput values. // You can construct a concrete instance of `ContainerRuntimePolicyArrayInput` via: // @@ -797,12 +820,6 @@ func (i ContainerRuntimePolicyArray) ToContainerRuntimePolicyArrayOutputWithCont return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyArrayOutput) } -func (i ContainerRuntimePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*ContainerRuntimePolicy] { - return pulumix.Output[[]*ContainerRuntimePolicy]{ - OutputState: i.ToContainerRuntimePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // ContainerRuntimePolicyMapInput is an input type that accepts ContainerRuntimePolicyMap and ContainerRuntimePolicyMapOutput values. // You can construct a concrete instance of `ContainerRuntimePolicyMapInput` via: // @@ -828,12 +845,6 @@ func (i ContainerRuntimePolicyMap) ToContainerRuntimePolicyMapOutputWithContext( return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMapOutput) } -func (i ContainerRuntimePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*ContainerRuntimePolicy] { - return pulumix.Output[map[string]*ContainerRuntimePolicy]{ - OutputState: i.ToContainerRuntimePolicyMapOutputWithContext(ctx).OutputState, - } -} - type ContainerRuntimePolicyOutput struct{ *pulumi.OutputState } func (ContainerRuntimePolicyOutput) ElementType() reflect.Type { @@ -848,20 +859,18 @@ func (o ContainerRuntimePolicyOutput) ToContainerRuntimePolicyOutputWithContext( return o } -func (o ContainerRuntimePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*ContainerRuntimePolicy] { - return pulumix.Output[*ContainerRuntimePolicy]{ - OutputState: o.OutputState, - } +// Allowed executables configuration. +func (o ContainerRuntimePolicyOutput) AllowedExecutables() ContainerRuntimePolicyAllowedExecutableArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyAllowedExecutableArrayOutput { + return v.AllowedExecutables + }).(ContainerRuntimePolicyAllowedExecutableArrayOutput) } -// List of executables that are allowed for the user. -func (o ContainerRuntimePolicyOutput) AllowedExecutables() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.AllowedExecutables }).(pulumi.StringArrayOutput) -} - -// List of registries that allowed for running containers. -func (o ContainerRuntimePolicyOutput) AllowedRegistries() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.AllowedRegistries }).(pulumi.StringArrayOutput) +// List of allowed registries. +func (o ContainerRuntimePolicyOutput) AllowedRegistries() ContainerRuntimePolicyAllowedRegistryArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyAllowedRegistryArrayOutput { + return v.AllowedRegistries + }).(ContainerRuntimePolicyAllowedRegistryArrayOutput) } // Indicates the application scope of the service. @@ -879,16 +888,31 @@ func (o ContainerRuntimePolicyOutput) AuditAllProcessesActivity() pulumi.BoolPtr return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditAllProcessesActivity }).(pulumi.BoolPtrOutput) } +// Detects brute force login attempts +func (o ContainerRuntimePolicyOutput) AuditBruteForceLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditBruteForceLogin }).(pulumi.BoolPtrOutput) +} + // If true, full command arguments will be audited. func (o ContainerRuntimePolicyOutput) AuditFullCommandArguments() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditFullCommandArguments }).(pulumi.BoolPtrOutput) } +func (o ContainerRuntimePolicyOutput) Auditing() ContainerRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyAuditingOutput { return v.Auditing }).(ContainerRuntimePolicyAuditingOutput) +} + // Username of the account that created the service. func (o ContainerRuntimePolicyOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) } +func (o ContainerRuntimePolicyOutput) BlacklistedOsUsers() ContainerRuntimePolicyBlacklistedOsUsersOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyBlacklistedOsUsersOutput { + return v.BlacklistedOsUsers + }).(ContainerRuntimePolicyBlacklistedOsUsersOutput) +} + // If true, prevent containers from running with access to host network. func (o ContainerRuntimePolicyOutput) BlockAccessHostNetwork() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockAccessHostNetwork }).(pulumi.BoolPtrOutput) @@ -909,6 +933,10 @@ func (o ContainerRuntimePolicyOutput) BlockCryptocurrencyMining() pulumi.BoolPtr return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockCryptocurrencyMining }).(pulumi.BoolPtrOutput) } +func (o ContainerRuntimePolicyOutput) BlockDisallowedImages() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockDisallowedImages }).(pulumi.BoolPtrOutput) +} + // Detect and prevent running in-memory execution func (o ContainerRuntimePolicyOutput) BlockFilelessExec() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockFilelessExec }).(pulumi.BoolPtrOutput) @@ -919,11 +947,6 @@ func (o ContainerRuntimePolicyOutput) BlockLowPortBinding() pulumi.BoolPtrOutput return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockLowPortBinding }).(pulumi.BoolPtrOutput) } -// If true, running non-compliant image in the container is prevented. -func (o ContainerRuntimePolicyOutput) BlockNonCompliantImages() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockNonCompliantImages }).(pulumi.BoolPtrOutput) -} - // If true, running containers in non-compliant pods is prevented. func (o ContainerRuntimePolicyOutput) BlockNonCompliantWorkloads() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockNonCompliantWorkloads }).(pulumi.BoolPtrOutput) @@ -939,21 +962,11 @@ func (o ContainerRuntimePolicyOutput) BlockPrivilegedContainers() pulumi.BoolPtr return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockPrivilegedContainers }).(pulumi.BoolPtrOutput) } -// If true, reverse shell is prevented. -func (o ContainerRuntimePolicyOutput) BlockReverseShell() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockReverseShell }).(pulumi.BoolPtrOutput) -} - // If true, prevent containers from running with root user. func (o ContainerRuntimePolicyOutput) BlockRootUser() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockRootUser }).(pulumi.BoolPtrOutput) } -// If true, running images in the container that are not registered in Aqua is prevented. -func (o ContainerRuntimePolicyOutput) BlockUnregisteredImages() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockUnregisteredImages }).(pulumi.BoolPtrOutput) -} - // If true, prevent containers from running with the privilege to use the IPC namespace. func (o ContainerRuntimePolicyOutput) BlockUseIpcNamespace() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockUseIpcNamespace }).(pulumi.BoolPtrOutput) @@ -1009,19 +1022,50 @@ func (o ContainerRuntimePolicyOutput) BlockedVolumes() pulumi.StringArrayOutput return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.BlockedVolumes }).(pulumi.StringArrayOutput) } +// Bypass scope configuration. +func (o ContainerRuntimePolicyOutput) BypassScopes() ContainerRuntimePolicyBypassScopeArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyBypassScopeArrayOutput { return v.BypassScopes }).(ContainerRuntimePolicyBypassScopeArrayOutput) +} + +func (o ContainerRuntimePolicyOutput) ContainerExec() ContainerRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyContainerExecOutput { return v.ContainerExec }).(ContainerRuntimePolicyContainerExecOutput) +} + // List of processes that will be allowed. func (o ContainerRuntimePolicyOutput) ContainerExecAllowedProcesses() pulumi.StringArrayOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.ContainerExecAllowedProcesses }).(pulumi.StringArrayOutput) } +func (o ContainerRuntimePolicyOutput) Created() pulumi.StringOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringOutput { return v.Created }).(pulumi.StringOutput) +} + +func (o ContainerRuntimePolicyOutput) Cve() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Cve }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) DefaultSecurityProfile() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.DefaultSecurityProfile }).(pulumi.StringPtrOutput) +} + // The description of the container runtime policy func (o ContainerRuntimePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// If true, executables that are not in the original image is prevented from running. -func (o ContainerRuntimePolicyOutput) EnableDriftPrevention() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableDriftPrevention }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyOutput) Digest() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Digest }).(pulumi.StringPtrOutput) +} + +// Drift prevention configuration. +func (o ContainerRuntimePolicyOutput) DriftPreventions() ContainerRuntimePolicyDriftPreventionArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyDriftPreventionArrayOutput { + return v.DriftPreventions + }).(ContainerRuntimePolicyDriftPreventionArrayOutput) +} + +func (o ContainerRuntimePolicyOutput) EnableCryptoMiningDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableCryptoMiningDns }).(pulumi.BoolPtrOutput) } // If true, fork bombs are prevented in the containers. @@ -1029,17 +1073,15 @@ func (o ContainerRuntimePolicyOutput) EnableForkGuard() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableForkGuard }).(pulumi.BoolPtrOutput) } -// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. -func (o ContainerRuntimePolicyOutput) EnableIpReputationSecurity() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableIpReputationSecurity }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyOutput) EnableIpReputation() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableIpReputation }).(pulumi.BoolPtrOutput) } -// If true, detects port scanning behavior in the container. -func (o ContainerRuntimePolicyOutput) EnablePortScanDetection() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnablePortScanDetection }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyOutput) EnablePortScanProtection() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.EnablePortScanProtection }).(pulumi.BoolPtrOutput) } -// Indicates if the runtime policy is enabled or not. +// Whether allowed executables configuration is enabled. func (o ContainerRuntimePolicyOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -1054,23 +1096,37 @@ func (o ContainerRuntimePolicyOutput) EnforceAfterDays() pulumi.IntPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.IntPtrOutput { return v.EnforceAfterDays }).(pulumi.IntPtrOutput) } -// List of files and directories to be excluded from the read-only list. -func (o ContainerRuntimePolicyOutput) ExceptionalReadonlyFilesAndDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { - return v.ExceptionalReadonlyFilesAndDirectories - }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyOutput) EnforceSchedulerAddedOn() pulumi.IntOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.IntOutput { return v.EnforceSchedulerAddedOn }).(pulumi.IntOutput) +} + +// List of excluded application scopes. +func (o ContainerRuntimePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + +// Executable blacklist configuration. +func (o ContainerRuntimePolicyOutput) ExecutableBlacklists() ContainerRuntimePolicyExecutableBlacklistArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyExecutableBlacklistArrayOutput { + return v.ExecutableBlacklists + }).(ContainerRuntimePolicyExecutableBlacklistArrayOutput) +} + +func (o ContainerRuntimePolicyOutput) FailedKubernetesChecks() ContainerRuntimePolicyFailedKubernetesChecksOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyFailedKubernetesChecksOutput { + return v.FailedKubernetesChecks + }).(ContainerRuntimePolicyFailedKubernetesChecksOutput) } -// Specify processes that will be allowed -func (o ContainerRuntimePolicyOutput) ExecLockdownWhiteLists() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.ExecLockdownWhiteLists }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyOutput) FileBlock() ContainerRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyFileBlockOutput { return v.FileBlock }).(ContainerRuntimePolicyFileBlockOutput) } // Configuration for file integrity monitoring. -func (o ContainerRuntimePolicyOutput) FileIntegrityMonitoring() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { +func (o ContainerRuntimePolicyOutput) FileIntegrityMonitoring() ContainerRuntimePolicyFileIntegrityMonitoringOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyFileIntegrityMonitoringOutput { return v.FileIntegrityMonitoring - }).(ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) + }).(ContainerRuntimePolicyFileIntegrityMonitoringOutput) } // Process limit for the fork guard. @@ -1078,16 +1134,49 @@ func (o ContainerRuntimePolicyOutput) ForkGuardProcessLimit() pulumi.IntPtrOutpu return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.IntPtrOutput { return v.ForkGuardProcessLimit }).(pulumi.IntPtrOutput) } +func (o ContainerRuntimePolicyOutput) ImageName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.ImageName }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) IsAutoGenerated() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.IsAutoGenerated }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) IsOotbPolicy() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.IsOotbPolicy }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) Lastupdate() pulumi.IntOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.IntOutput { return v.Lastupdate }).(pulumi.IntOutput) +} + +// Container privileges configuration. +func (o ContainerRuntimePolicyOutput) LimitContainerPrivileges() ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return v.LimitContainerPrivileges + }).(ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) +} + // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) func (o ContainerRuntimePolicyOutput) LimitNewPrivileges() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.LimitNewPrivileges }).(pulumi.BoolPtrOutput) } +func (o ContainerRuntimePolicyOutput) LinuxCapabilities() ContainerRuntimePolicyLinuxCapabilitiesOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyLinuxCapabilitiesOutput { + return v.LinuxCapabilities + }).(ContainerRuntimePolicyLinuxCapabilitiesOutput) +} + // Configuration for Real-Time Malware Protection. -func (o ContainerRuntimePolicyOutput) MalwareScanOptions() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { +func (o ContainerRuntimePolicyOutput) MalwareScanOptions() ContainerRuntimePolicyMalwareScanOptionsOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyMalwareScanOptionsOutput { return v.MalwareScanOptions - }).(ContainerRuntimePolicyMalwareScanOptionsPtrOutput) + }).(ContainerRuntimePolicyMalwareScanOptionsOutput) } // If true, system time changes will be monitored. @@ -1095,24 +1184,80 @@ func (o ContainerRuntimePolicyOutput) MonitorSystemTimeChanges() pulumi.BoolPtrO return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.MonitorSystemTimeChanges }).(pulumi.BoolPtrOutput) } -// Name of the container runtime policy +// Name assigned to the attribute. func (o ContainerRuntimePolicyOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } -// List of files and directories to be restricted as read-only -func (o ContainerRuntimePolicyOutput) ReadonlyFilesAndDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.ReadonlyFilesAndDirectories }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyOutput) NoNewPrivileges() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.NoNewPrivileges }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) OnlyRegisteredImages() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.BoolPtrOutput { return v.OnlyRegisteredImages }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) PackageBlock() ContainerRuntimePolicyPackageBlockOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyPackageBlockOutput { return v.PackageBlock }).(ContainerRuntimePolicyPackageBlockOutput) +} + +func (o ContainerRuntimePolicyOutput) Permission() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Permission }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) PortBlock() ContainerRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyPortBlockOutput { return v.PortBlock }).(ContainerRuntimePolicyPortBlockOutput) +} + +func (o ContainerRuntimePolicyOutput) ReadonlyFiles() ContainerRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyReadonlyFilesOutput { return v.ReadonlyFiles }).(ContainerRuntimePolicyReadonlyFilesOutput) +} + +func (o ContainerRuntimePolicyOutput) ReadonlyRegistry() ContainerRuntimePolicyReadonlyRegistryOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyReadonlyRegistryOutput { + return v.ReadonlyRegistry + }).(ContainerRuntimePolicyReadonlyRegistryOutput) +} + +func (o ContainerRuntimePolicyOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Registry }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) RegistryAccessMonitoring() ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return v.RegistryAccessMonitoring + }).(ContainerRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (o ContainerRuntimePolicyOutput) RepoName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.RepoName }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) ResourceName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.ResourceName }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) ResourceType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.ResourceType }).(pulumi.StringPtrOutput) +} + +// Restricted volumes configuration. +func (o ContainerRuntimePolicyOutput) RestrictedVolumes() ContainerRuntimePolicyRestrictedVolumeArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyRestrictedVolumeArrayOutput { + return v.RestrictedVolumes + }).(ContainerRuntimePolicyRestrictedVolumeArrayOutput) +} + +func (o ContainerRuntimePolicyOutput) ReverseShell() ContainerRuntimePolicyReverseShellOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyReverseShellOutput { return v.ReverseShell }).(ContainerRuntimePolicyReverseShellOutput) } -// List of IPs/ CIDRs that will be allowed -func (o ContainerRuntimePolicyOutput) ReverseShellAllowedIps() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.ReverseShellAllowedIps }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyOutput) RuntimeMode() pulumi.IntPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.IntPtrOutput { return v.RuntimeMode }).(pulumi.IntPtrOutput) } -// List of processes that will be allowed -func (o ContainerRuntimePolicyOutput) ReverseShellAllowedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringArrayOutput { return v.ReverseShellAllowedProcesses }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyOutput) RuntimeType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.RuntimeType }).(pulumi.StringPtrOutput) } // Logical expression of how to compute the dependency of the scope variables. @@ -1127,6 +1272,43 @@ func (o ContainerRuntimePolicyOutput) ScopeVariables() ContainerRuntimePolicySco }).(ContainerRuntimePolicyScopeVariableArrayOutput) } +// Scope configuration. +func (o ContainerRuntimePolicyOutput) Scopes() ContainerRuntimePolicyScopeArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyScopeArrayOutput { return v.Scopes }).(ContainerRuntimePolicyScopeArrayOutput) +} + +func (o ContainerRuntimePolicyOutput) SystemIntegrityProtection() ContainerRuntimePolicySystemIntegrityProtectionOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicySystemIntegrityProtectionOutput { + return v.SystemIntegrityProtection + }).(ContainerRuntimePolicySystemIntegrityProtectionOutput) +} + +func (o ContainerRuntimePolicyOutput) Tripwire() ContainerRuntimePolicyTripwireOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyTripwireOutput { return v.Tripwire }).(ContainerRuntimePolicyTripwireOutput) +} + +func (o ContainerRuntimePolicyOutput) Type() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Type }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) Updated() pulumi.StringOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringOutput { return v.Updated }).(pulumi.StringOutput) +} + +func (o ContainerRuntimePolicyOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) VpatchVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) pulumi.StringPtrOutput { return v.VpatchVersion }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyOutput) WhitelistedOsUsers() ContainerRuntimePolicyWhitelistedOsUsersOutput { + return o.ApplyT(func(v *ContainerRuntimePolicy) ContainerRuntimePolicyWhitelistedOsUsersOutput { + return v.WhitelistedOsUsers + }).(ContainerRuntimePolicyWhitelistedOsUsersOutput) +} + type ContainerRuntimePolicyArrayOutput struct{ *pulumi.OutputState } func (ContainerRuntimePolicyArrayOutput) ElementType() reflect.Type { @@ -1141,12 +1323,6 @@ func (o ContainerRuntimePolicyArrayOutput) ToContainerRuntimePolicyArrayOutputWi return o } -func (o ContainerRuntimePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*ContainerRuntimePolicy] { - return pulumix.Output[[]*ContainerRuntimePolicy]{ - OutputState: o.OutputState, - } -} - func (o ContainerRuntimePolicyArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *ContainerRuntimePolicy { return vs[0].([]*ContainerRuntimePolicy)[vs[1].(int)] @@ -1167,12 +1343,6 @@ func (o ContainerRuntimePolicyMapOutput) ToContainerRuntimePolicyMapOutputWithCo return o } -func (o ContainerRuntimePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*ContainerRuntimePolicy] { - return pulumix.Output[map[string]*ContainerRuntimePolicy]{ - OutputState: o.OutputState, - } -} - func (o ContainerRuntimePolicyMapOutput) MapIndex(k pulumi.StringInput) ContainerRuntimePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *ContainerRuntimePolicy { return vs[0].(map[string]*ContainerRuntimePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/enforcerGroups.go b/sdk/go/aquasec/enforcerGroups.go index 2dbf9d81..aa059fe8 100644 --- a/sdk/go/aquasec/enforcerGroups.go +++ b/sdk/go/aquasec/enforcerGroups.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -723,12 +722,6 @@ func (i *EnforcerGroups) ToEnforcerGroupsOutputWithContext(ctx context.Context) return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsOutput) } -func (i *EnforcerGroups) ToOutput(ctx context.Context) pulumix.Output[*EnforcerGroups] { - return pulumix.Output[*EnforcerGroups]{ - OutputState: i.ToEnforcerGroupsOutputWithContext(ctx).OutputState, - } -} - // EnforcerGroupsArrayInput is an input type that accepts EnforcerGroupsArray and EnforcerGroupsArrayOutput values. // You can construct a concrete instance of `EnforcerGroupsArrayInput` via: // @@ -754,12 +747,6 @@ func (i EnforcerGroupsArray) ToEnforcerGroupsArrayOutputWithContext(ctx context. return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsArrayOutput) } -func (i EnforcerGroupsArray) ToOutput(ctx context.Context) pulumix.Output[[]*EnforcerGroups] { - return pulumix.Output[[]*EnforcerGroups]{ - OutputState: i.ToEnforcerGroupsArrayOutputWithContext(ctx).OutputState, - } -} - // EnforcerGroupsMapInput is an input type that accepts EnforcerGroupsMap and EnforcerGroupsMapOutput values. // You can construct a concrete instance of `EnforcerGroupsMapInput` via: // @@ -785,12 +772,6 @@ func (i EnforcerGroupsMap) ToEnforcerGroupsMapOutputWithContext(ctx context.Cont return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsMapOutput) } -func (i EnforcerGroupsMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*EnforcerGroups] { - return pulumix.Output[map[string]*EnforcerGroups]{ - OutputState: i.ToEnforcerGroupsMapOutputWithContext(ctx).OutputState, - } -} - type EnforcerGroupsOutput struct{ *pulumi.OutputState } func (EnforcerGroupsOutput) ElementType() reflect.Type { @@ -805,12 +786,6 @@ func (o EnforcerGroupsOutput) ToEnforcerGroupsOutputWithContext(ctx context.Cont return o } -func (o EnforcerGroupsOutput) ToOutput(ctx context.Context) pulumix.Output[*EnforcerGroups] { - return pulumix.Output[*EnforcerGroups]{ - OutputState: o.OutputState, - } -} - // Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\ // - Block Non-Compliant Images\ // - Block Non-Compliant Workloads\ @@ -1136,12 +1111,6 @@ func (o EnforcerGroupsArrayOutput) ToEnforcerGroupsArrayOutputWithContext(ctx co return o } -func (o EnforcerGroupsArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*EnforcerGroups] { - return pulumix.Output[[]*EnforcerGroups]{ - OutputState: o.OutputState, - } -} - func (o EnforcerGroupsArrayOutput) Index(i pulumi.IntInput) EnforcerGroupsOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *EnforcerGroups { return vs[0].([]*EnforcerGroups)[vs[1].(int)] @@ -1162,12 +1131,6 @@ func (o EnforcerGroupsMapOutput) ToEnforcerGroupsMapOutputWithContext(ctx contex return o } -func (o EnforcerGroupsMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*EnforcerGroups] { - return pulumix.Output[map[string]*EnforcerGroups]{ - OutputState: o.OutputState, - } -} - func (o EnforcerGroupsMapOutput) MapIndex(k pulumi.StringInput) EnforcerGroupsOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *EnforcerGroups { return vs[0].(map[string]*EnforcerGroups)[vs[1].(string)] diff --git a/sdk/go/aquasec/firewallPolicy.go b/sdk/go/aquasec/firewallPolicy.go index 3b412aa5..6a97755d 100644 --- a/sdk/go/aquasec/firewallPolicy.go +++ b/sdk/go/aquasec/firewallPolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -178,12 +177,6 @@ func (i *FirewallPolicy) ToFirewallPolicyOutputWithContext(ctx context.Context) return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyOutput) } -func (i *FirewallPolicy) ToOutput(ctx context.Context) pulumix.Output[*FirewallPolicy] { - return pulumix.Output[*FirewallPolicy]{ - OutputState: i.ToFirewallPolicyOutputWithContext(ctx).OutputState, - } -} - // FirewallPolicyArrayInput is an input type that accepts FirewallPolicyArray and FirewallPolicyArrayOutput values. // You can construct a concrete instance of `FirewallPolicyArrayInput` via: // @@ -209,12 +202,6 @@ func (i FirewallPolicyArray) ToFirewallPolicyArrayOutputWithContext(ctx context. return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyArrayOutput) } -func (i FirewallPolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*FirewallPolicy] { - return pulumix.Output[[]*FirewallPolicy]{ - OutputState: i.ToFirewallPolicyArrayOutputWithContext(ctx).OutputState, - } -} - // FirewallPolicyMapInput is an input type that accepts FirewallPolicyMap and FirewallPolicyMapOutput values. // You can construct a concrete instance of `FirewallPolicyMapInput` via: // @@ -240,12 +227,6 @@ func (i FirewallPolicyMap) ToFirewallPolicyMapOutputWithContext(ctx context.Cont return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyMapOutput) } -func (i FirewallPolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*FirewallPolicy] { - return pulumix.Output[map[string]*FirewallPolicy]{ - OutputState: i.ToFirewallPolicyMapOutputWithContext(ctx).OutputState, - } -} - type FirewallPolicyOutput struct{ *pulumi.OutputState } func (FirewallPolicyOutput) ElementType() reflect.Type { @@ -260,12 +241,6 @@ func (o FirewallPolicyOutput) ToFirewallPolicyOutputWithContext(ctx context.Cont return o } -func (o FirewallPolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*FirewallPolicy] { - return pulumix.Output[*FirewallPolicy]{ - OutputState: o.OutputState, - } -} - // Username of the account that created the policy. func (o FirewallPolicyOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *FirewallPolicy) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) @@ -330,12 +305,6 @@ func (o FirewallPolicyArrayOutput) ToFirewallPolicyArrayOutputWithContext(ctx co return o } -func (o FirewallPolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*FirewallPolicy] { - return pulumix.Output[[]*FirewallPolicy]{ - OutputState: o.OutputState, - } -} - func (o FirewallPolicyArrayOutput) Index(i pulumi.IntInput) FirewallPolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *FirewallPolicy { return vs[0].([]*FirewallPolicy)[vs[1].(int)] @@ -356,12 +325,6 @@ func (o FirewallPolicyMapOutput) ToFirewallPolicyMapOutputWithContext(ctx contex return o } -func (o FirewallPolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*FirewallPolicy] { - return pulumix.Output[map[string]*FirewallPolicy]{ - OutputState: o.OutputState, - } -} - func (o FirewallPolicyMapOutput) MapIndex(k pulumi.StringInput) FirewallPolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *FirewallPolicy { return vs[0].(map[string]*FirewallPolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/functionAssurancePolicy.go b/sdk/go/aquasec/functionAssurancePolicy.go index f1d69f4d..5a71f6de 100644 --- a/sdk/go/aquasec/functionAssurancePolicy.go +++ b/sdk/go/aquasec/functionAssurancePolicy.go @@ -9,16 +9,25 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) +// Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: +// Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. +// Evaluating function risks based on scan results, according to Function Assurance Policies. +// Checking function compliance with these policies. +// For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. +// Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. type FunctionAssurancePolicy struct { pulumi.CustomResourceState + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapOutput `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages pulumi.StringArrayOutput `pulumi:"allowedImages"` ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType pulumi.StringOutput `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrOutput `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -32,7 +41,7 @@ type FunctionAssurancePolicy struct { BlacklistPermissionsEnabled pulumi.BoolPtrOutput `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayOutput `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrOutput `pulumi:"blockFailed"` @@ -41,12 +50,13 @@ type FunctionAssurancePolicy struct { CustomChecks FunctionAssurancePolicyCustomCheckArrayOutput `pulumi:"customChecks"` // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrOutput `pulumi:"customChecksEnabled"` + CustomSeverity pulumi.StringOutput `pulumi:"customSeverity"` CustomSeverityEnabled pulumi.BoolPtrOutput `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayOutput `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayOutput `pulumi:"cvesWhiteLists"` @@ -55,10 +65,12 @@ type FunctionAssurancePolicy struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled pulumi.BoolPtrOutput `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` - Description pulumi.StringPtrOutput `pulumi:"description"` + CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` + Description pulumi.StringPtrOutput `pulumi:"description"` + DisallowExploitTypes pulumi.StringArrayOutput `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrOutput `pulumi:"dockerCisEnabled"` // Name of the container image. Domain pulumi.StringPtrOutput `pulumi:"domain"` @@ -70,52 +82,67 @@ type FunctionAssurancePolicy struct { EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` EnforceExcessivePermissions pulumi.BoolPtrOutput `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. FailCicd pulumi.BoolPtrOutput `pulumi:"failCicd"` ForbiddenLabels FunctionAssurancePolicyForbiddenLabelArrayOutput `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled pulumi.BoolPtrOutput `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer pulumi.BoolPtrOutput `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled pulumi.BoolPtrOutput `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln pulumi.BoolPtrOutput `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln pulumi.BoolPtrOutput `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod pulumi.IntOutput `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrOutput `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources pulumi.StringArrayOutput `pulumi:"ignoredSensitiveResources"` // List of images. - Images pulumi.StringArrayOutput `pulumi:"images"` - KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + Images pulumi.StringArrayOutput `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls FunctionAssurancePolicyKubernetesControlArrayOutput `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds pulumi.StringArrayOutput `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames pulumi.StringArrayOutput `pulumi:"kubernetesControlsNames"` // List of labels. - Labels pulumi.StringArrayOutput `pulumi:"labels"` - MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` + Labels pulumi.StringArrayOutput `pulumi:"labels"` + Lastupdate pulumi.StringOutput `pulumi:"lastupdate"` + LinuxCisEnabled pulumi.BoolPtrOutput `pulumi:"linuxCisEnabled"` + MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore pulumi.Float64PtrOutput `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled pulumi.BoolPtrOutput `pulumi:"maximumScoreEnabled"` - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled pulumi.BoolPtrOutput `pulumi:"maximumScoreEnabled"` MaximumScoreExcludeNoFix pulumi.BoolPtrOutput `pulumi:"maximumScoreExcludeNoFix"` MonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"monitoredMalwarePaths"` Name pulumi.StringOutput `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled pulumi.BoolPtrOutput `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists FunctionAssurancePolicyPackagesBlackListArrayOutput `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists FunctionAssurancePolicyPackagesWhiteListArrayOutput `pulumi:"packagesWhiteLists"` PartialResultsImageFail pulumi.BoolPtrOutput `pulumi:"partialResultsImageFail"` + Permission pulumi.StringOutput `pulumi:"permission"` + PolicySettings FunctionAssurancePolicyPolicySettingsOutput `pulumi:"policySettings"` ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` // List of registries. Registries pulumi.StringArrayOutput `pulumi:"registries"` Registry pulumi.StringPtrOutput `pulumi:"registry"` RequiredLabels FunctionAssurancePolicyRequiredLabelArrayOutput `pulumi:"requiredLabels"` RequiredLabelsEnabled pulumi.BoolPtrOutput `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives pulumi.BoolPtrOutput `pulumi:"scanMalwareInArchives"` ScanNfsMounts pulumi.BoolPtrOutput `pulumi:"scanNfsMounts"` + ScanProcessMemory pulumi.BoolPtrOutput `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanWindowsRegistry pulumi.BoolPtrOutput `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrOutput `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -124,7 +151,9 @@ type FunctionAssurancePolicy struct { // List of trusted images. TrustedBaseImages FunctionAssurancePolicyTrustedBaseImageArrayOutput `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability pulumi.BoolPtrOutput `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges pulumi.IntArrayOutput `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayOutput `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -164,9 +193,13 @@ func GetFunctionAssurancePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering FunctionAssurancePolicy resources. type functionAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure *bool `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -180,7 +213,7 @@ type functionAssurancePolicyState struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -188,13 +221,14 @@ type functionAssurancePolicyState struct { // List of Custom user scripts for checks. CustomChecks []FunctionAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -203,10 +237,12 @@ type functionAssurancePolicyState struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain *string `pulumi:"domain"` @@ -218,52 +254,67 @@ type functionAssurancePolicyState struct { EnforceAfterDays *int `pulumi:"enforceAfterDays"` EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. FailCicd *bool `pulumi:"failCicd"` ForbiddenLabels []FunctionAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls []FunctionAssurancePolicyKubernetesControl `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` MaximumScoreExcludeNoFix *bool `pulumi:"maximumScoreExcludeNoFix"` MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []FunctionAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *FunctionAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []FunctionAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -272,7 +323,9 @@ type functionAssurancePolicyState struct { // List of trusted images. TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -280,9 +333,13 @@ type functionAssurancePolicyState struct { } type FunctionAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrInput // Name of user account that created the policy. @@ -296,7 +353,7 @@ type FunctionAssurancePolicyState struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -305,12 +362,13 @@ type FunctionAssurancePolicyState struct { CustomChecks FunctionAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayInput - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrInput // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayInput @@ -321,8 +379,10 @@ type FunctionAssurancePolicyState struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. Domain pulumi.StringPtrInput @@ -334,52 +394,67 @@ type FunctionAssurancePolicyState struct { EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput // Indicates if cicd failures will fail the image. FailCicd pulumi.BoolPtrInput ForbiddenLabels FunctionAssurancePolicyForbiddenLabelArrayInput ForbiddenLabelsEnabled pulumi.BoolPtrInput ForceMicroenforcer pulumi.BoolPtrInput FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls FunctionAssurancePolicyKubernetesControlArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled pulumi.BoolPtrInput - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled pulumi.BoolPtrInput MaximumScoreExcludeNoFix pulumi.BoolPtrInput MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists FunctionAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists FunctionAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings FunctionAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels FunctionAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -388,7 +463,9 @@ type FunctionAssurancePolicyState struct { // List of trusted images. TrustedBaseImages FunctionAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. @@ -400,11 +477,17 @@ func (FunctionAssurancePolicyState) ElementType() reflect.Type { } type functionAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. - AuditOnFailure *bool `pulumi:"auditOnFailure"` + AuditOnFailure *bool `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author *string `pulumi:"author"` AutoScanConfigured *bool `pulumi:"autoScanConfigured"` AutoScanEnabled *bool `pulumi:"autoScanEnabled"` AutoScanTimes []FunctionAssurancePolicyAutoScanTime `pulumi:"autoScanTimes"` @@ -414,7 +497,7 @@ type functionAssurancePolicyArgs struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -422,13 +505,14 @@ type functionAssurancePolicyArgs struct { // List of Custom user scripts for checks. CustomChecks []FunctionAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -437,10 +521,12 @@ type functionAssurancePolicyArgs struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain *string `pulumi:"domain"` @@ -452,51 +538,67 @@ type functionAssurancePolicyArgs struct { EnforceAfterDays *int `pulumi:"enforceAfterDays"` EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. - FailCicd *bool `pulumi:"failCicd"` - ForbiddenLabels []FunctionAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` - ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` - ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` - FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` - IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + FailCicd *bool `pulumi:"failCicd"` + ForbiddenLabels []FunctionAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` + ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` + ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` + FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` + IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls []FunctionAssurancePolicyKubernetesControl `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` MaximumScoreExcludeNoFix *bool `pulumi:"maximumScoreExcludeNoFix"` MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []FunctionAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []FunctionAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *FunctionAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []FunctionAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -505,7 +607,9 @@ type functionAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages []FunctionAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -514,11 +618,17 @@ type functionAssurancePolicyArgs struct { // The set of arguments for constructing a FunctionAssurancePolicy resource. type FunctionAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. - AuditOnFailure pulumi.BoolPtrInput + AuditOnFailure pulumi.BoolPtrInput + // Name of user account that created the policy. + Author pulumi.StringPtrInput AutoScanConfigured pulumi.BoolPtrInput AutoScanEnabled pulumi.BoolPtrInput AutoScanTimes FunctionAssurancePolicyAutoScanTimeArrayInput @@ -528,7 +638,7 @@ type FunctionAssurancePolicyArgs struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -537,12 +647,13 @@ type FunctionAssurancePolicyArgs struct { CustomChecks FunctionAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayInput - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrInput // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayInput @@ -553,8 +664,10 @@ type FunctionAssurancePolicyArgs struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. Domain pulumi.StringPtrInput @@ -566,51 +679,67 @@ type FunctionAssurancePolicyArgs struct { EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput // Indicates if cicd failures will fail the image. - FailCicd pulumi.BoolPtrInput - ForbiddenLabels FunctionAssurancePolicyForbiddenLabelArrayInput - ForbiddenLabelsEnabled pulumi.BoolPtrInput - ForceMicroenforcer pulumi.BoolPtrInput - FunctionIntegrityEnabled pulumi.BoolPtrInput - IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + FailCicd pulumi.BoolPtrInput + ForbiddenLabels FunctionAssurancePolicyForbiddenLabelArrayInput + ForbiddenLabelsEnabled pulumi.BoolPtrInput + ForceMicroenforcer pulumi.BoolPtrInput + FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls FunctionAssurancePolicyKubernetesControlArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled pulumi.BoolPtrInput - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled pulumi.BoolPtrInput MaximumScoreExcludeNoFix pulumi.BoolPtrInput MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists FunctionAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists FunctionAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings FunctionAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels FunctionAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -619,7 +748,9 @@ type FunctionAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages FunctionAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. @@ -649,12 +780,6 @@ func (i *FunctionAssurancePolicy) ToFunctionAssurancePolicyOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyOutput) } -func (i *FunctionAssurancePolicy) ToOutput(ctx context.Context) pulumix.Output[*FunctionAssurancePolicy] { - return pulumix.Output[*FunctionAssurancePolicy]{ - OutputState: i.ToFunctionAssurancePolicyOutputWithContext(ctx).OutputState, - } -} - // FunctionAssurancePolicyArrayInput is an input type that accepts FunctionAssurancePolicyArray and FunctionAssurancePolicyArrayOutput values. // You can construct a concrete instance of `FunctionAssurancePolicyArrayInput` via: // @@ -680,12 +805,6 @@ func (i FunctionAssurancePolicyArray) ToFunctionAssurancePolicyArrayOutputWithCo return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyArrayOutput) } -func (i FunctionAssurancePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*FunctionAssurancePolicy] { - return pulumix.Output[[]*FunctionAssurancePolicy]{ - OutputState: i.ToFunctionAssurancePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // FunctionAssurancePolicyMapInput is an input type that accepts FunctionAssurancePolicyMap and FunctionAssurancePolicyMapOutput values. // You can construct a concrete instance of `FunctionAssurancePolicyMapInput` via: // @@ -711,12 +830,6 @@ func (i FunctionAssurancePolicyMap) ToFunctionAssurancePolicyMapOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyMapOutput) } -func (i FunctionAssurancePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*FunctionAssurancePolicy] { - return pulumix.Output[map[string]*FunctionAssurancePolicy]{ - OutputState: i.ToFunctionAssurancePolicyMapOutputWithContext(ctx).OutputState, - } -} - type FunctionAssurancePolicyOutput struct{ *pulumi.OutputState } func (FunctionAssurancePolicyOutput) ElementType() reflect.Type { @@ -731,10 +844,9 @@ func (o FunctionAssurancePolicyOutput) ToFunctionAssurancePolicyOutputWithContex return o } -func (o FunctionAssurancePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*FunctionAssurancePolicy] { - return pulumix.Output[*FunctionAssurancePolicy]{ - OutputState: o.OutputState, - } +// Aggregated vulnerability information. +func (o FunctionAssurancePolicyOutput) AggregatedVulnerability() pulumi.StringMapOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringMapOutput { return v.AggregatedVulnerability }).(pulumi.StringMapOutput) } // List of explicitly allowed images. @@ -746,6 +858,11 @@ func (o FunctionAssurancePolicyOutput) ApplicationScopes() pulumi.StringArrayOut return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) } +// What type of assurance policy is described. +func (o FunctionAssurancePolicyOutput) AssuranceType() pulumi.StringOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringOutput { return v.AssuranceType }).(pulumi.StringOutput) +} + // Indicates if auditing for failures. func (o FunctionAssurancePolicyOutput) AuditOnFailure() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.AuditOnFailure }).(pulumi.BoolPtrOutput) @@ -785,7 +902,7 @@ func (o FunctionAssurancePolicyOutput) BlacklistedLicenses() pulumi.StringArrayO return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o FunctionAssurancePolicyOutput) BlacklistedLicensesEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.BlacklistedLicensesEnabled }).(pulumi.BoolPtrOutput) } @@ -809,21 +926,25 @@ func (o FunctionAssurancePolicyOutput) CustomChecksEnabled() pulumi.BoolPtrOutpu return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomChecksEnabled }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) CustomSeverity() pulumi.StringOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringOutput { return v.CustomSeverity }).(pulumi.StringOutput) +} + func (o FunctionAssurancePolicyOutput) CustomSeverityEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomSeverityEnabled }).(pulumi.BoolPtrOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o FunctionAssurancePolicyOutput) CvesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o FunctionAssurancePolicyOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o FunctionAssurancePolicyOutput) CvesWhiteListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesWhiteListEnabled }).(pulumi.BoolPtrOutput) } @@ -852,11 +973,16 @@ func (o FunctionAssurancePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } +func (o FunctionAssurancePolicyOutput) DisallowExploitTypes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.DisallowExploitTypes }).(pulumi.StringArrayOutput) +} + // Indicates if malware should block the image. func (o FunctionAssurancePolicyOutput) DisallowMalware() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.DisallowMalware }).(pulumi.BoolPtrOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o FunctionAssurancePolicyOutput) DockerCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.DockerCisEnabled }).(pulumi.BoolPtrOutput) } @@ -898,6 +1024,10 @@ func (o FunctionAssurancePolicyOutput) ExceptionalMonitoredMalwarePaths() pulumi return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.ExceptionalMonitoredMalwarePaths }).(pulumi.StringArrayOutput) } +func (o FunctionAssurancePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + // Indicates if cicd failures will fail the image. func (o FunctionAssurancePolicyOutput) FailCicd() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.FailCicd }).(pulumi.BoolPtrOutput) @@ -921,6 +1051,10 @@ func (o FunctionAssurancePolicyOutput) FunctionIntegrityEnabled() pulumi.BoolPtr return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.FunctionIntegrityEnabled }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) IgnoreBaseImageVln() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreBaseImageVln }).(pulumi.BoolPtrOutput) +} + func (o FunctionAssurancePolicyOutput) IgnoreRecentlyPublishedVln() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreRecentlyPublishedVln }).(pulumi.BoolPtrOutput) } @@ -939,20 +1073,48 @@ func (o FunctionAssurancePolicyOutput) IgnoredRiskResources() pulumi.StringArray return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredRiskResources }).(pulumi.StringArrayOutput) } +func (o FunctionAssurancePolicyOutput) IgnoredSensitiveResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredSensitiveResources }).(pulumi.StringArrayOutput) +} + // List of images. func (o FunctionAssurancePolicyOutput) Images() pulumi.StringArrayOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o FunctionAssurancePolicyOutput) KubeCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.KubeCisEnabled }).(pulumi.BoolPtrOutput) } +// List of Kubernetes controls. +func (o FunctionAssurancePolicyOutput) KubernetesControls() FunctionAssurancePolicyKubernetesControlArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) FunctionAssurancePolicyKubernetesControlArrayOutput { + return v.KubernetesControls + }).(FunctionAssurancePolicyKubernetesControlArrayOutput) +} + +func (o FunctionAssurancePolicyOutput) KubernetesControlsAvdIds() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsAvdIds }).(pulumi.StringArrayOutput) +} + +func (o FunctionAssurancePolicyOutput) KubernetesControlsNames() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsNames }).(pulumi.StringArrayOutput) +} + // List of labels. func (o FunctionAssurancePolicyOutput) Labels() pulumi.StringArrayOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.Labels }).(pulumi.StringArrayOutput) } +func (o FunctionAssurancePolicyOutput) Lastupdate() pulumi.StringOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringOutput { return v.Lastupdate }).(pulumi.StringOutput) +} + +func (o FunctionAssurancePolicyOutput) LinuxCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.LinuxCisEnabled }).(pulumi.BoolPtrOutput) +} + func (o FunctionAssurancePolicyOutput) MalwareAction() pulumi.StringPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringPtrOutput { return v.MalwareAction }).(pulumi.StringPtrOutput) } @@ -967,7 +1129,6 @@ func (o FunctionAssurancePolicyOutput) MaximumScoreEnabled() pulumi.BoolPtrOutpu return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.MaximumScoreEnabled }).(pulumi.BoolPtrOutput) } -// Indicates that policy should ignore cases that do not have a known fix. func (o FunctionAssurancePolicyOutput) MaximumScoreExcludeNoFix() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.MaximumScoreExcludeNoFix }).(pulumi.BoolPtrOutput) } @@ -985,12 +1146,16 @@ func (o FunctionAssurancePolicyOutput) OnlyNoneRootUsers() pulumi.BoolPtrOutput return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.OnlyNoneRootUsers }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) OpenshiftHardeningEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.OpenshiftHardeningEnabled }).(pulumi.BoolPtrOutput) +} + // Indicates if packages blacklist is relevant. func (o FunctionAssurancePolicyOutput) PackagesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.PackagesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of backlisted images. +// List of blacklisted images. func (o FunctionAssurancePolicyOutput) PackagesBlackLists() FunctionAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) FunctionAssurancePolicyPackagesBlackListArrayOutput { return v.PackagesBlackLists @@ -1013,6 +1178,14 @@ func (o FunctionAssurancePolicyOutput) PartialResultsImageFail() pulumi.BoolPtrO return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.PartialResultsImageFail }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) Permission() pulumi.StringOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringOutput { return v.Permission }).(pulumi.StringOutput) +} + +func (o FunctionAssurancePolicyOutput) PolicySettings() FunctionAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) FunctionAssurancePolicyPolicySettingsOutput { return v.PolicySettings }).(FunctionAssurancePolicyPolicySettingsOutput) +} + func (o FunctionAssurancePolicyOutput) ReadOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) } @@ -1036,15 +1209,27 @@ func (o FunctionAssurancePolicyOutput) RequiredLabelsEnabled() pulumi.BoolPtrOut return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.RequiredLabelsEnabled }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) ScanMalwareInArchives() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanMalwareInArchives }).(pulumi.BoolPtrOutput) +} + func (o FunctionAssurancePolicyOutput) ScanNfsMounts() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanNfsMounts }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) ScanProcessMemory() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanProcessMemory }).(pulumi.BoolPtrOutput) +} + // Indicates if scan should include sensitive data in the image. func (o FunctionAssurancePolicyOutput) ScanSensitiveData() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanSensitiveData }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) ScanWindowsRegistry() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanWindowsRegistry }).(pulumi.BoolPtrOutput) +} + // Indicates if scanning should include scap. func (o FunctionAssurancePolicyOutput) ScapEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.ScapEnabled }).(pulumi.BoolPtrOutput) @@ -1071,6 +1256,14 @@ func (o FunctionAssurancePolicyOutput) TrustedBaseImagesEnabled() pulumi.BoolPtr return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.TrustedBaseImagesEnabled }).(pulumi.BoolPtrOutput) } +func (o FunctionAssurancePolicyOutput) VulnerabilityExploitability() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.BoolPtrOutput { return v.VulnerabilityExploitability }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyOutput) VulnerabilityScoreRanges() pulumi.IntArrayOutput { + return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.IntArrayOutput { return v.VulnerabilityScoreRanges }).(pulumi.IntArrayOutput) +} + // List of whitelisted licenses. func (o FunctionAssurancePolicyOutput) WhitelistedLicenses() pulumi.StringArrayOutput { return o.ApplyT(func(v *FunctionAssurancePolicy) pulumi.StringArrayOutput { return v.WhitelistedLicenses }).(pulumi.StringArrayOutput) @@ -1095,12 +1288,6 @@ func (o FunctionAssurancePolicyArrayOutput) ToFunctionAssurancePolicyArrayOutput return o } -func (o FunctionAssurancePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*FunctionAssurancePolicy] { - return pulumix.Output[[]*FunctionAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o FunctionAssurancePolicyArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *FunctionAssurancePolicy { return vs[0].([]*FunctionAssurancePolicy)[vs[1].(int)] @@ -1121,12 +1308,6 @@ func (o FunctionAssurancePolicyMapOutput) ToFunctionAssurancePolicyMapOutputWith return o } -func (o FunctionAssurancePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*FunctionAssurancePolicy] { - return pulumix.Output[map[string]*FunctionAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o FunctionAssurancePolicyMapOutput) MapIndex(k pulumi.StringInput) FunctionAssurancePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *FunctionAssurancePolicy { return vs[0].(map[string]*FunctionAssurancePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/functionRuntimePolicy.go b/sdk/go/aquasec/functionRuntimePolicy.go index 6b2d88ac..795379f2 100644 --- a/sdk/go/aquasec/functionRuntimePolicy.go +++ b/sdk/go/aquasec/functionRuntimePolicy.go @@ -8,82 +8,60 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// _, err := aquasec.NewFunctionRuntimePolicy(ctx, "functionRuntimePolicy", &aquasec.FunctionRuntimePolicyArgs{ -// ApplicationScopes: pulumi.StringArray{ -// pulumi.String("Global"), -// }, -// BlockMaliciousExecutables: pulumi.Bool(true), -// BlockMaliciousExecutablesAllowedProcesses: pulumi.StringArray{ -// pulumi.String("proc1"), -// pulumi.String("proc2"), -// }, -// BlockRunningExecutablesInTmpFolder: pulumi.Bool(true), -// BlockedExecutables: pulumi.StringArray{ -// pulumi.String("exe1"), -// pulumi.String("exe2"), -// }, -// Description: pulumi.String("function_runtime_policy"), -// Enabled: pulumi.Bool(true), -// Enforce: pulumi.Bool(false), -// ScopeVariables: aquasec.FunctionRuntimePolicyScopeVariableArray{ -// &aquasec.FunctionRuntimePolicyScopeVariableArgs{ -// Attribute: pulumi.String("kubernetes.cluster"), -// Value: pulumi.String("default"), -// }, -// &aquasec.FunctionRuntimePolicyScopeVariableArgs{ -// Attribute: pulumi.String("kubernetes.label"), -// Name: pulumi.String("app"), -// Value: pulumi.String("aqua"), -// }, -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` type FunctionRuntimePolicy struct { pulumi.CustomResourceState + // Allowed executables configuration. + AllowedExecutables FunctionRuntimePolicyAllowedExecutableArrayOutput `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries FunctionRuntimePolicyAllowedRegistryArrayOutput `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` + // Detects brute force login attempts + AuditBruteForceLogin pulumi.BoolPtrOutput `pulumi:"auditBruteForceLogin"` + Auditing FunctionRuntimePolicyAuditingOutput `pulumi:"auditing"` // Username of the account that created the service. - Author pulumi.StringOutput `pulumi:"author"` - // If true, prevent creation of malicious executables in functions during their runtime post invocation. - BlockMaliciousExecutables pulumi.BoolPtrOutput `pulumi:"blockMaliciousExecutables"` - // List of processes that will be allowed - BlockMaliciousExecutablesAllowedProcesses pulumi.StringArrayOutput `pulumi:"blockMaliciousExecutablesAllowedProcesses"` - // If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - BlockRunningExecutablesInTmpFolder pulumi.BoolPtrOutput `pulumi:"blockRunningExecutablesInTmpFolder"` - // List of executables that are prevented from running in containers. - BlockedExecutables pulumi.StringArrayOutput `pulumi:"blockedExecutables"` + Author pulumi.StringOutput `pulumi:"author"` + BlacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsersOutput `pulumi:"blacklistedOsUsers"` + BlockContainerExec pulumi.BoolPtrOutput `pulumi:"blockContainerExec"` + BlockDisallowedImages pulumi.BoolPtrOutput `pulumi:"blockDisallowedImages"` + BlockFilelessExec pulumi.BoolPtrOutput `pulumi:"blockFilelessExec"` + BlockNonCompliantWorkloads pulumi.BoolPtrOutput `pulumi:"blockNonCompliantWorkloads"` + BlockNonK8sContainers pulumi.BoolPtrOutput `pulumi:"blockNonK8sContainers"` + // Bypass scope configuration. + BypassScopes FunctionRuntimePolicyBypassScopeArrayOutput `pulumi:"bypassScopes"` + ContainerExec FunctionRuntimePolicyContainerExecOutput `pulumi:"containerExec"` + Created pulumi.StringOutput `pulumi:"created"` + Cve pulumi.StringPtrOutput `pulumi:"cve"` + DefaultSecurityProfile pulumi.StringPtrOutput `pulumi:"defaultSecurityProfile"` // The description of the function runtime policy Description pulumi.StringPtrOutput `pulumi:"description"` - // Indicates if the runtime policy is enabled or not. + Digest pulumi.StringPtrOutput `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions FunctionRuntimePolicyDriftPreventionArrayOutput `pulumi:"driftPreventions"` + EnableCryptoMiningDns pulumi.BoolPtrOutput `pulumi:"enableCryptoMiningDns"` + EnableForkGuard pulumi.BoolPtrOutput `pulumi:"enableForkGuard"` + EnableIpReputation pulumi.BoolPtrOutput `pulumi:"enableIpReputation"` + EnablePortScanProtection pulumi.BoolPtrOutput `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrOutput `pulumi:"enforce"` + // Indicates the number of days after which the runtime policy will be changed to enforce mode. + EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn pulumi.IntPtrOutput `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists FunctionRuntimePolicyExecutableBlacklistArrayOutput `pulumi:"executableBlacklists"` + FailedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecksOutput `pulumi:"failedKubernetesChecks"` + FileBlock FunctionRuntimePolicyFileBlockOutput `pulumi:"fileBlock"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput `pulumi:"fileIntegrityMonitorings"` + ForkGuardProcessLimit pulumi.IntPtrOutput `pulumi:"forkGuardProcessLimit"` // Honeypot User ID (Access Key) HoneypotAccessKey pulumi.StringPtrOutput `pulumi:"honeypotAccessKey"` // List of options to apply the honeypot on (Environment Vairable, Layer, File) @@ -92,12 +70,48 @@ type FunctionRuntimePolicy struct { HoneypotSecretKey pulumi.StringPtrOutput `pulumi:"honeypotSecretKey"` // Serverless application name HoneypotServerlessAppName pulumi.StringPtrOutput `pulumi:"honeypotServerlessAppName"` - // Name of the function runtime policy - Name pulumi.StringOutput `pulumi:"name"` + ImageName pulumi.StringPtrOutput `pulumi:"imageName"` + IsAuditChecked pulumi.BoolPtrOutput `pulumi:"isAuditChecked"` + IsAutoGenerated pulumi.BoolPtrOutput `pulumi:"isAutoGenerated"` + IsOotbPolicy pulumi.BoolPtrOutput `pulumi:"isOotbPolicy"` + Lastupdate pulumi.IntOutput `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput `pulumi:"limitContainerPrivileges"` + LinuxCapabilities FunctionRuntimePolicyLinuxCapabilitiesOutput `pulumi:"linuxCapabilities"` + // Configuration for Real-Time Malware Protection. + MalwareScanOptions FunctionRuntimePolicyMalwareScanOptionsPtrOutput `pulumi:"malwareScanOptions"` + // Name assigned to the attribute. + Name pulumi.StringOutput `pulumi:"name"` + NoNewPrivileges pulumi.BoolPtrOutput `pulumi:"noNewPrivileges"` + OnlyRegisteredImages pulumi.BoolPtrOutput `pulumi:"onlyRegisteredImages"` + PackageBlock FunctionRuntimePolicyPackageBlockOutput `pulumi:"packageBlock"` + Permission pulumi.StringPtrOutput `pulumi:"permission"` + PortBlock FunctionRuntimePolicyPortBlockOutput `pulumi:"portBlock"` + ReadonlyFiles FunctionRuntimePolicyReadonlyFilesOutput `pulumi:"readonlyFiles"` + ReadonlyRegistry FunctionRuntimePolicyReadonlyRegistryOutput `pulumi:"readonlyRegistry"` + Registry pulumi.StringPtrOutput `pulumi:"registry"` + RegistryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoringOutput `pulumi:"registryAccessMonitoring"` + RepoName pulumi.StringPtrOutput `pulumi:"repoName"` + ResourceName pulumi.StringPtrOutput `pulumi:"resourceName"` + ResourceType pulumi.StringPtrOutput `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes FunctionRuntimePolicyRestrictedVolumeArrayOutput `pulumi:"restrictedVolumes"` + ReverseShell FunctionRuntimePolicyReverseShellOutput `pulumi:"reverseShell"` + RuntimeMode pulumi.IntPtrOutput `pulumi:"runtimeMode"` + RuntimeType pulumi.StringPtrOutput `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringOutput `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables FunctionRuntimePolicyScopeVariableArrayOutput `pulumi:"scopeVariables"` + // Scope configuration. + Scopes FunctionRuntimePolicyScopeArrayOutput `pulumi:"scopes"` + SystemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtectionOutput `pulumi:"systemIntegrityProtection"` + Tripwire FunctionRuntimePolicyTripwireOutput `pulumi:"tripwire"` + Type pulumi.StringPtrOutput `pulumi:"type"` + Updated pulumi.StringOutput `pulumi:"updated"` + Version pulumi.StringPtrOutput `pulumi:"version"` + VpatchVersion pulumi.StringPtrOutput `pulumi:"vpatchVersion"` + WhitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsersOutput `pulumi:"whitelistedOsUsers"` } // NewFunctionRuntimePolicy registers a new resource with the given unique name, arguments, and options. @@ -137,24 +151,54 @@ func GetFunctionRuntimePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering FunctionRuntimePolicy resources. type functionRuntimePolicyState struct { + // Allowed executables configuration. + AllowedExecutables []FunctionRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []FunctionRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` + // Detects brute force login attempts + AuditBruteForceLogin *bool `pulumi:"auditBruteForceLogin"` + Auditing *FunctionRuntimePolicyAuditing `pulumi:"auditing"` // Username of the account that created the service. - Author *string `pulumi:"author"` - // If true, prevent creation of malicious executables in functions during their runtime post invocation. - BlockMaliciousExecutables *bool `pulumi:"blockMaliciousExecutables"` - // List of processes that will be allowed - BlockMaliciousExecutablesAllowedProcesses []string `pulumi:"blockMaliciousExecutablesAllowedProcesses"` - // If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - BlockRunningExecutablesInTmpFolder *bool `pulumi:"blockRunningExecutablesInTmpFolder"` - // List of executables that are prevented from running in containers. - BlockedExecutables []string `pulumi:"blockedExecutables"` + Author *string `pulumi:"author"` + BlacklistedOsUsers *FunctionRuntimePolicyBlacklistedOsUsers `pulumi:"blacklistedOsUsers"` + BlockContainerExec *bool `pulumi:"blockContainerExec"` + BlockDisallowedImages *bool `pulumi:"blockDisallowedImages"` + BlockFilelessExec *bool `pulumi:"blockFilelessExec"` + BlockNonCompliantWorkloads *bool `pulumi:"blockNonCompliantWorkloads"` + BlockNonK8sContainers *bool `pulumi:"blockNonK8sContainers"` + // Bypass scope configuration. + BypassScopes []FunctionRuntimePolicyBypassScope `pulumi:"bypassScopes"` + ContainerExec *FunctionRuntimePolicyContainerExec `pulumi:"containerExec"` + Created *string `pulumi:"created"` + Cve *string `pulumi:"cve"` + DefaultSecurityProfile *string `pulumi:"defaultSecurityProfile"` // The description of the function runtime policy Description *string `pulumi:"description"` - // Indicates if the runtime policy is enabled or not. + Digest *string `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions []FunctionRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + EnableCryptoMiningDns *bool `pulumi:"enableCryptoMiningDns"` + EnableForkGuard *bool `pulumi:"enableForkGuard"` + EnableIpReputation *bool `pulumi:"enableIpReputation"` + EnablePortScanProtection *bool `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled *bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce *bool `pulumi:"enforce"` + // Indicates the number of days after which the runtime policy will be changed to enforce mode. + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn *int `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists []FunctionRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + FailedKubernetesChecks *FunctionRuntimePolicyFailedKubernetesChecks `pulumi:"failedKubernetesChecks"` + FileBlock *FunctionRuntimePolicyFileBlock `pulumi:"fileBlock"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings []FunctionRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitorings"` + ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` // Honeypot User ID (Access Key) HoneypotAccessKey *string `pulumi:"honeypotAccessKey"` // List of options to apply the honeypot on (Environment Vairable, Layer, File) @@ -163,33 +207,99 @@ type functionRuntimePolicyState struct { HoneypotSecretKey *string `pulumi:"honeypotSecretKey"` // Serverless application name HoneypotServerlessAppName *string `pulumi:"honeypotServerlessAppName"` - // Name of the function runtime policy - Name *string `pulumi:"name"` + ImageName *string `pulumi:"imageName"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + IsAutoGenerated *bool `pulumi:"isAutoGenerated"` + IsOotbPolicy *bool `pulumi:"isOotbPolicy"` + Lastupdate *int `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges []FunctionRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` + LinuxCapabilities *FunctionRuntimePolicyLinuxCapabilities `pulumi:"linuxCapabilities"` + // Configuration for Real-Time Malware Protection. + MalwareScanOptions *FunctionRuntimePolicyMalwareScanOptions `pulumi:"malwareScanOptions"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + NoNewPrivileges *bool `pulumi:"noNewPrivileges"` + OnlyRegisteredImages *bool `pulumi:"onlyRegisteredImages"` + PackageBlock *FunctionRuntimePolicyPackageBlock `pulumi:"packageBlock"` + Permission *string `pulumi:"permission"` + PortBlock *FunctionRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *FunctionRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + ReadonlyRegistry *FunctionRuntimePolicyReadonlyRegistry `pulumi:"readonlyRegistry"` + Registry *string `pulumi:"registry"` + RegistryAccessMonitoring *FunctionRuntimePolicyRegistryAccessMonitoring `pulumi:"registryAccessMonitoring"` + RepoName *string `pulumi:"repoName"` + ResourceName *string `pulumi:"resourceName"` + ResourceType *string `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes []FunctionRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` + ReverseShell *FunctionRuntimePolicyReverseShell `pulumi:"reverseShell"` + RuntimeMode *int `pulumi:"runtimeMode"` + RuntimeType *string `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression *string `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables []FunctionRuntimePolicyScopeVariable `pulumi:"scopeVariables"` + // Scope configuration. + Scopes []FunctionRuntimePolicyScope `pulumi:"scopes"` + SystemIntegrityProtection *FunctionRuntimePolicySystemIntegrityProtection `pulumi:"systemIntegrityProtection"` + Tripwire *FunctionRuntimePolicyTripwire `pulumi:"tripwire"` + Type *string `pulumi:"type"` + Updated *string `pulumi:"updated"` + Version *string `pulumi:"version"` + VpatchVersion *string `pulumi:"vpatchVersion"` + WhitelistedOsUsers *FunctionRuntimePolicyWhitelistedOsUsers `pulumi:"whitelistedOsUsers"` } type FunctionRuntimePolicyState struct { + // Allowed executables configuration. + AllowedExecutables FunctionRuntimePolicyAllowedExecutableArrayInput + // List of allowed registries. + AllowedRegistries FunctionRuntimePolicyAllowedRegistryArrayInput // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayInput + // Detects brute force login attempts + AuditBruteForceLogin pulumi.BoolPtrInput + Auditing FunctionRuntimePolicyAuditingPtrInput // Username of the account that created the service. - Author pulumi.StringPtrInput - // If true, prevent creation of malicious executables in functions during their runtime post invocation. - BlockMaliciousExecutables pulumi.BoolPtrInput - // List of processes that will be allowed - BlockMaliciousExecutablesAllowedProcesses pulumi.StringArrayInput - // If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - BlockRunningExecutablesInTmpFolder pulumi.BoolPtrInput - // List of executables that are prevented from running in containers. - BlockedExecutables pulumi.StringArrayInput + Author pulumi.StringPtrInput + BlacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsersPtrInput + BlockContainerExec pulumi.BoolPtrInput + BlockDisallowedImages pulumi.BoolPtrInput + BlockFilelessExec pulumi.BoolPtrInput + BlockNonCompliantWorkloads pulumi.BoolPtrInput + BlockNonK8sContainers pulumi.BoolPtrInput + // Bypass scope configuration. + BypassScopes FunctionRuntimePolicyBypassScopeArrayInput + ContainerExec FunctionRuntimePolicyContainerExecPtrInput + Created pulumi.StringPtrInput + Cve pulumi.StringPtrInput + DefaultSecurityProfile pulumi.StringPtrInput // The description of the function runtime policy Description pulumi.StringPtrInput - // Indicates if the runtime policy is enabled or not. + Digest pulumi.StringPtrInput + // Drift prevention configuration. + DriftPreventions FunctionRuntimePolicyDriftPreventionArrayInput + EnableCryptoMiningDns pulumi.BoolPtrInput + EnableForkGuard pulumi.BoolPtrInput + EnableIpReputation pulumi.BoolPtrInput + EnablePortScanProtection pulumi.BoolPtrInput + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrInput // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrInput + // Indicates the number of days after which the runtime policy will be changed to enforce mode. + EnforceAfterDays pulumi.IntPtrInput + EnforceSchedulerAddedOn pulumi.IntPtrInput + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayInput + // Executable blacklist configuration. + ExecutableBlacklists FunctionRuntimePolicyExecutableBlacklistArrayInput + FailedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecksPtrInput + FileBlock FunctionRuntimePolicyFileBlockPtrInput + // Configuration for file integrity monitoring. + FileIntegrityMonitorings FunctionRuntimePolicyFileIntegrityMonitoringArrayInput + ForkGuardProcessLimit pulumi.IntPtrInput // Honeypot User ID (Access Key) HoneypotAccessKey pulumi.StringPtrInput // List of options to apply the honeypot on (Environment Vairable, Layer, File) @@ -198,12 +308,48 @@ type FunctionRuntimePolicyState struct { HoneypotSecretKey pulumi.StringPtrInput // Serverless application name HoneypotServerlessAppName pulumi.StringPtrInput - // Name of the function runtime policy - Name pulumi.StringPtrInput + ImageName pulumi.StringPtrInput + IsAuditChecked pulumi.BoolPtrInput + IsAutoGenerated pulumi.BoolPtrInput + IsOotbPolicy pulumi.BoolPtrInput + Lastupdate pulumi.IntPtrInput + // Container privileges configuration. + LimitContainerPrivileges FunctionRuntimePolicyLimitContainerPrivilegeArrayInput + LinuxCapabilities FunctionRuntimePolicyLinuxCapabilitiesPtrInput + // Configuration for Real-Time Malware Protection. + MalwareScanOptions FunctionRuntimePolicyMalwareScanOptionsPtrInput + // Name assigned to the attribute. + Name pulumi.StringPtrInput + NoNewPrivileges pulumi.BoolPtrInput + OnlyRegisteredImages pulumi.BoolPtrInput + PackageBlock FunctionRuntimePolicyPackageBlockPtrInput + Permission pulumi.StringPtrInput + PortBlock FunctionRuntimePolicyPortBlockPtrInput + ReadonlyFiles FunctionRuntimePolicyReadonlyFilesPtrInput + ReadonlyRegistry FunctionRuntimePolicyReadonlyRegistryPtrInput + Registry pulumi.StringPtrInput + RegistryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoringPtrInput + RepoName pulumi.StringPtrInput + ResourceName pulumi.StringPtrInput + ResourceType pulumi.StringPtrInput + // Restricted volumes configuration. + RestrictedVolumes FunctionRuntimePolicyRestrictedVolumeArrayInput + ReverseShell FunctionRuntimePolicyReverseShellPtrInput + RuntimeMode pulumi.IntPtrInput + RuntimeType pulumi.StringPtrInput // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringPtrInput // List of scope attributes. ScopeVariables FunctionRuntimePolicyScopeVariableArrayInput + // Scope configuration. + Scopes FunctionRuntimePolicyScopeArrayInput + SystemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtectionPtrInput + Tripwire FunctionRuntimePolicyTripwirePtrInput + Type pulumi.StringPtrInput + Updated pulumi.StringPtrInput + Version pulumi.StringPtrInput + VpatchVersion pulumi.StringPtrInput + WhitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsersPtrInput } func (FunctionRuntimePolicyState) ElementType() reflect.Type { @@ -211,22 +357,54 @@ func (FunctionRuntimePolicyState) ElementType() reflect.Type { } type functionRuntimePolicyArgs struct { + // Allowed executables configuration. + AllowedExecutables []FunctionRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []FunctionRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` - // If true, prevent creation of malicious executables in functions during their runtime post invocation. - BlockMaliciousExecutables *bool `pulumi:"blockMaliciousExecutables"` - // List of processes that will be allowed - BlockMaliciousExecutablesAllowedProcesses []string `pulumi:"blockMaliciousExecutablesAllowedProcesses"` - // If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - BlockRunningExecutablesInTmpFolder *bool `pulumi:"blockRunningExecutablesInTmpFolder"` - // List of executables that are prevented from running in containers. - BlockedExecutables []string `pulumi:"blockedExecutables"` + // Detects brute force login attempts + AuditBruteForceLogin *bool `pulumi:"auditBruteForceLogin"` + Auditing *FunctionRuntimePolicyAuditing `pulumi:"auditing"` + // Username of the account that created the service. + Author *string `pulumi:"author"` + BlacklistedOsUsers *FunctionRuntimePolicyBlacklistedOsUsers `pulumi:"blacklistedOsUsers"` + BlockContainerExec *bool `pulumi:"blockContainerExec"` + BlockDisallowedImages *bool `pulumi:"blockDisallowedImages"` + BlockFilelessExec *bool `pulumi:"blockFilelessExec"` + BlockNonCompliantWorkloads *bool `pulumi:"blockNonCompliantWorkloads"` + BlockNonK8sContainers *bool `pulumi:"blockNonK8sContainers"` + // Bypass scope configuration. + BypassScopes []FunctionRuntimePolicyBypassScope `pulumi:"bypassScopes"` + ContainerExec *FunctionRuntimePolicyContainerExec `pulumi:"containerExec"` + Created *string `pulumi:"created"` + Cve *string `pulumi:"cve"` + DefaultSecurityProfile *string `pulumi:"defaultSecurityProfile"` // The description of the function runtime policy Description *string `pulumi:"description"` - // Indicates if the runtime policy is enabled or not. + Digest *string `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions []FunctionRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + EnableCryptoMiningDns *bool `pulumi:"enableCryptoMiningDns"` + EnableForkGuard *bool `pulumi:"enableForkGuard"` + EnableIpReputation *bool `pulumi:"enableIpReputation"` + EnablePortScanProtection *bool `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled *bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce *bool `pulumi:"enforce"` + // Indicates the number of days after which the runtime policy will be changed to enforce mode. + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn *int `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists []FunctionRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + FailedKubernetesChecks *FunctionRuntimePolicyFailedKubernetesChecks `pulumi:"failedKubernetesChecks"` + FileBlock *FunctionRuntimePolicyFileBlock `pulumi:"fileBlock"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings []FunctionRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitorings"` + ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` // Honeypot User ID (Access Key) HoneypotAccessKey *string `pulumi:"honeypotAccessKey"` // List of options to apply the honeypot on (Environment Vairable, Layer, File) @@ -235,32 +413,100 @@ type functionRuntimePolicyArgs struct { HoneypotSecretKey *string `pulumi:"honeypotSecretKey"` // Serverless application name HoneypotServerlessAppName *string `pulumi:"honeypotServerlessAppName"` - // Name of the function runtime policy - Name *string `pulumi:"name"` + ImageName *string `pulumi:"imageName"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + IsAutoGenerated *bool `pulumi:"isAutoGenerated"` + IsOotbPolicy *bool `pulumi:"isOotbPolicy"` + Lastupdate *int `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges []FunctionRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` + LinuxCapabilities *FunctionRuntimePolicyLinuxCapabilities `pulumi:"linuxCapabilities"` + // Configuration for Real-Time Malware Protection. + MalwareScanOptions *FunctionRuntimePolicyMalwareScanOptions `pulumi:"malwareScanOptions"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + NoNewPrivileges *bool `pulumi:"noNewPrivileges"` + OnlyRegisteredImages *bool `pulumi:"onlyRegisteredImages"` + PackageBlock *FunctionRuntimePolicyPackageBlock `pulumi:"packageBlock"` + Permission *string `pulumi:"permission"` + PortBlock *FunctionRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *FunctionRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + ReadonlyRegistry *FunctionRuntimePolicyReadonlyRegistry `pulumi:"readonlyRegistry"` + Registry *string `pulumi:"registry"` + RegistryAccessMonitoring *FunctionRuntimePolicyRegistryAccessMonitoring `pulumi:"registryAccessMonitoring"` + RepoName *string `pulumi:"repoName"` + ResourceName *string `pulumi:"resourceName"` + ResourceType *string `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes []FunctionRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` + ReverseShell *FunctionRuntimePolicyReverseShell `pulumi:"reverseShell"` + RuntimeMode *int `pulumi:"runtimeMode"` + RuntimeType *string `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression *string `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables []FunctionRuntimePolicyScopeVariable `pulumi:"scopeVariables"` + // Scope configuration. + Scopes []FunctionRuntimePolicyScope `pulumi:"scopes"` + SystemIntegrityProtection *FunctionRuntimePolicySystemIntegrityProtection `pulumi:"systemIntegrityProtection"` + Tripwire *FunctionRuntimePolicyTripwire `pulumi:"tripwire"` + Type *string `pulumi:"type"` + Updated *string `pulumi:"updated"` + Version *string `pulumi:"version"` + VpatchVersion *string `pulumi:"vpatchVersion"` + WhitelistedOsUsers *FunctionRuntimePolicyWhitelistedOsUsers `pulumi:"whitelistedOsUsers"` } // The set of arguments for constructing a FunctionRuntimePolicy resource. type FunctionRuntimePolicyArgs struct { + // Allowed executables configuration. + AllowedExecutables FunctionRuntimePolicyAllowedExecutableArrayInput + // List of allowed registries. + AllowedRegistries FunctionRuntimePolicyAllowedRegistryArrayInput // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayInput - // If true, prevent creation of malicious executables in functions during their runtime post invocation. - BlockMaliciousExecutables pulumi.BoolPtrInput - // List of processes that will be allowed - BlockMaliciousExecutablesAllowedProcesses pulumi.StringArrayInput - // If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - BlockRunningExecutablesInTmpFolder pulumi.BoolPtrInput - // List of executables that are prevented from running in containers. - BlockedExecutables pulumi.StringArrayInput + // Detects brute force login attempts + AuditBruteForceLogin pulumi.BoolPtrInput + Auditing FunctionRuntimePolicyAuditingPtrInput + // Username of the account that created the service. + Author pulumi.StringPtrInput + BlacklistedOsUsers FunctionRuntimePolicyBlacklistedOsUsersPtrInput + BlockContainerExec pulumi.BoolPtrInput + BlockDisallowedImages pulumi.BoolPtrInput + BlockFilelessExec pulumi.BoolPtrInput + BlockNonCompliantWorkloads pulumi.BoolPtrInput + BlockNonK8sContainers pulumi.BoolPtrInput + // Bypass scope configuration. + BypassScopes FunctionRuntimePolicyBypassScopeArrayInput + ContainerExec FunctionRuntimePolicyContainerExecPtrInput + Created pulumi.StringPtrInput + Cve pulumi.StringPtrInput + DefaultSecurityProfile pulumi.StringPtrInput // The description of the function runtime policy Description pulumi.StringPtrInput - // Indicates if the runtime policy is enabled or not. + Digest pulumi.StringPtrInput + // Drift prevention configuration. + DriftPreventions FunctionRuntimePolicyDriftPreventionArrayInput + EnableCryptoMiningDns pulumi.BoolPtrInput + EnableForkGuard pulumi.BoolPtrInput + EnableIpReputation pulumi.BoolPtrInput + EnablePortScanProtection pulumi.BoolPtrInput + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrInput // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrInput + // Indicates the number of days after which the runtime policy will be changed to enforce mode. + EnforceAfterDays pulumi.IntPtrInput + EnforceSchedulerAddedOn pulumi.IntPtrInput + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayInput + // Executable blacklist configuration. + ExecutableBlacklists FunctionRuntimePolicyExecutableBlacklistArrayInput + FailedKubernetesChecks FunctionRuntimePolicyFailedKubernetesChecksPtrInput + FileBlock FunctionRuntimePolicyFileBlockPtrInput + // Configuration for file integrity monitoring. + FileIntegrityMonitorings FunctionRuntimePolicyFileIntegrityMonitoringArrayInput + ForkGuardProcessLimit pulumi.IntPtrInput // Honeypot User ID (Access Key) HoneypotAccessKey pulumi.StringPtrInput // List of options to apply the honeypot on (Environment Vairable, Layer, File) @@ -269,12 +515,48 @@ type FunctionRuntimePolicyArgs struct { HoneypotSecretKey pulumi.StringPtrInput // Serverless application name HoneypotServerlessAppName pulumi.StringPtrInput - // Name of the function runtime policy - Name pulumi.StringPtrInput + ImageName pulumi.StringPtrInput + IsAuditChecked pulumi.BoolPtrInput + IsAutoGenerated pulumi.BoolPtrInput + IsOotbPolicy pulumi.BoolPtrInput + Lastupdate pulumi.IntPtrInput + // Container privileges configuration. + LimitContainerPrivileges FunctionRuntimePolicyLimitContainerPrivilegeArrayInput + LinuxCapabilities FunctionRuntimePolicyLinuxCapabilitiesPtrInput + // Configuration for Real-Time Malware Protection. + MalwareScanOptions FunctionRuntimePolicyMalwareScanOptionsPtrInput + // Name assigned to the attribute. + Name pulumi.StringPtrInput + NoNewPrivileges pulumi.BoolPtrInput + OnlyRegisteredImages pulumi.BoolPtrInput + PackageBlock FunctionRuntimePolicyPackageBlockPtrInput + Permission pulumi.StringPtrInput + PortBlock FunctionRuntimePolicyPortBlockPtrInput + ReadonlyFiles FunctionRuntimePolicyReadonlyFilesPtrInput + ReadonlyRegistry FunctionRuntimePolicyReadonlyRegistryPtrInput + Registry pulumi.StringPtrInput + RegistryAccessMonitoring FunctionRuntimePolicyRegistryAccessMonitoringPtrInput + RepoName pulumi.StringPtrInput + ResourceName pulumi.StringPtrInput + ResourceType pulumi.StringPtrInput + // Restricted volumes configuration. + RestrictedVolumes FunctionRuntimePolicyRestrictedVolumeArrayInput + ReverseShell FunctionRuntimePolicyReverseShellPtrInput + RuntimeMode pulumi.IntPtrInput + RuntimeType pulumi.StringPtrInput // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringPtrInput // List of scope attributes. ScopeVariables FunctionRuntimePolicyScopeVariableArrayInput + // Scope configuration. + Scopes FunctionRuntimePolicyScopeArrayInput + SystemIntegrityProtection FunctionRuntimePolicySystemIntegrityProtectionPtrInput + Tripwire FunctionRuntimePolicyTripwirePtrInput + Type pulumi.StringPtrInput + Updated pulumi.StringPtrInput + Version pulumi.StringPtrInput + VpatchVersion pulumi.StringPtrInput + WhitelistedOsUsers FunctionRuntimePolicyWhitelistedOsUsersPtrInput } func (FunctionRuntimePolicyArgs) ElementType() reflect.Type { @@ -300,12 +582,6 @@ func (i *FunctionRuntimePolicy) ToFunctionRuntimePolicyOutputWithContext(ctx con return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyOutput) } -func (i *FunctionRuntimePolicy) ToOutput(ctx context.Context) pulumix.Output[*FunctionRuntimePolicy] { - return pulumix.Output[*FunctionRuntimePolicy]{ - OutputState: i.ToFunctionRuntimePolicyOutputWithContext(ctx).OutputState, - } -} - // FunctionRuntimePolicyArrayInput is an input type that accepts FunctionRuntimePolicyArray and FunctionRuntimePolicyArrayOutput values. // You can construct a concrete instance of `FunctionRuntimePolicyArrayInput` via: // @@ -331,12 +607,6 @@ func (i FunctionRuntimePolicyArray) ToFunctionRuntimePolicyArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyArrayOutput) } -func (i FunctionRuntimePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*FunctionRuntimePolicy] { - return pulumix.Output[[]*FunctionRuntimePolicy]{ - OutputState: i.ToFunctionRuntimePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // FunctionRuntimePolicyMapInput is an input type that accepts FunctionRuntimePolicyMap and FunctionRuntimePolicyMapOutput values. // You can construct a concrete instance of `FunctionRuntimePolicyMapInput` via: // @@ -362,12 +632,6 @@ func (i FunctionRuntimePolicyMap) ToFunctionRuntimePolicyMapOutputWithContext(ct return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyMapOutput) } -func (i FunctionRuntimePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*FunctionRuntimePolicy] { - return pulumix.Output[map[string]*FunctionRuntimePolicy]{ - OutputState: i.ToFunctionRuntimePolicyMapOutputWithContext(ctx).OutputState, - } -} - type FunctionRuntimePolicyOutput struct{ *pulumi.OutputState } func (FunctionRuntimePolicyOutput) ElementType() reflect.Type { @@ -382,10 +646,18 @@ func (o FunctionRuntimePolicyOutput) ToFunctionRuntimePolicyOutputWithContext(ct return o } -func (o FunctionRuntimePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*FunctionRuntimePolicy] { - return pulumix.Output[*FunctionRuntimePolicy]{ - OutputState: o.OutputState, - } +// Allowed executables configuration. +func (o FunctionRuntimePolicyOutput) AllowedExecutables() FunctionRuntimePolicyAllowedExecutableArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyAllowedExecutableArrayOutput { + return v.AllowedExecutables + }).(FunctionRuntimePolicyAllowedExecutableArrayOutput) +} + +// List of allowed registries. +func (o FunctionRuntimePolicyOutput) AllowedRegistries() FunctionRuntimePolicyAllowedRegistryArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyAllowedRegistryArrayOutput { + return v.AllowedRegistries + }).(FunctionRuntimePolicyAllowedRegistryArrayOutput) } // Indicates the application scope of the service. @@ -393,31 +665,65 @@ func (o FunctionRuntimePolicyOutput) ApplicationScopes() pulumi.StringArrayOutpu return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) } +// Detects brute force login attempts +func (o FunctionRuntimePolicyOutput) AuditBruteForceLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditBruteForceLogin }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) Auditing() FunctionRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyAuditingOutput { return v.Auditing }).(FunctionRuntimePolicyAuditingOutput) +} + // Username of the account that created the service. func (o FunctionRuntimePolicyOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) } -// If true, prevent creation of malicious executables in functions during their runtime post invocation. -func (o FunctionRuntimePolicyOutput) BlockMaliciousExecutables() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockMaliciousExecutables }).(pulumi.BoolPtrOutput) +func (o FunctionRuntimePolicyOutput) BlacklistedOsUsers() FunctionRuntimePolicyBlacklistedOsUsersOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyBlacklistedOsUsersOutput { + return v.BlacklistedOsUsers + }).(FunctionRuntimePolicyBlacklistedOsUsersOutput) +} + +func (o FunctionRuntimePolicyOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockContainerExec }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) BlockDisallowedImages() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockDisallowedImages }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) BlockFilelessExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockFilelessExec }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) BlockNonCompliantWorkloads() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockNonCompliantWorkloads }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) BlockNonK8sContainers() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockNonK8sContainers }).(pulumi.BoolPtrOutput) } -// List of processes that will be allowed -func (o FunctionRuntimePolicyOutput) BlockMaliciousExecutablesAllowedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringArrayOutput { - return v.BlockMaliciousExecutablesAllowedProcesses - }).(pulumi.StringArrayOutput) +// Bypass scope configuration. +func (o FunctionRuntimePolicyOutput) BypassScopes() FunctionRuntimePolicyBypassScopeArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyBypassScopeArrayOutput { return v.BypassScopes }).(FunctionRuntimePolicyBypassScopeArrayOutput) } -// If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. -func (o FunctionRuntimePolicyOutput) BlockRunningExecutablesInTmpFolder() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockRunningExecutablesInTmpFolder }).(pulumi.BoolPtrOutput) +func (o FunctionRuntimePolicyOutput) ContainerExec() FunctionRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyContainerExecOutput { return v.ContainerExec }).(FunctionRuntimePolicyContainerExecOutput) } -// List of executables that are prevented from running in containers. -func (o FunctionRuntimePolicyOutput) BlockedExecutables() pulumi.StringArrayOutput { - return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringArrayOutput { return v.BlockedExecutables }).(pulumi.StringArrayOutput) +func (o FunctionRuntimePolicyOutput) Created() pulumi.StringOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringOutput { return v.Created }).(pulumi.StringOutput) +} + +func (o FunctionRuntimePolicyOutput) Cve() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Cve }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) DefaultSecurityProfile() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.DefaultSecurityProfile }).(pulumi.StringPtrOutput) } // The description of the function runtime policy @@ -425,7 +731,34 @@ func (o FunctionRuntimePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// Indicates if the runtime policy is enabled or not. +func (o FunctionRuntimePolicyOutput) Digest() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Digest }).(pulumi.StringPtrOutput) +} + +// Drift prevention configuration. +func (o FunctionRuntimePolicyOutput) DriftPreventions() FunctionRuntimePolicyDriftPreventionArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyDriftPreventionArrayOutput { + return v.DriftPreventions + }).(FunctionRuntimePolicyDriftPreventionArrayOutput) +} + +func (o FunctionRuntimePolicyOutput) EnableCryptoMiningDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableCryptoMiningDns }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) EnableForkGuard() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableForkGuard }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) EnableIpReputation() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableIpReputation }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) EnablePortScanProtection() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.EnablePortScanProtection }).(pulumi.BoolPtrOutput) +} + +// Whether allowed executables configuration is enabled. func (o FunctionRuntimePolicyOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -435,6 +768,48 @@ func (o FunctionRuntimePolicyOutput) Enforce() pulumi.BoolPtrOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.Enforce }).(pulumi.BoolPtrOutput) } +// Indicates the number of days after which the runtime policy will be changed to enforce mode. +func (o FunctionRuntimePolicyOutput) EnforceAfterDays() pulumi.IntPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.IntPtrOutput { return v.EnforceAfterDays }).(pulumi.IntPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) EnforceSchedulerAddedOn() pulumi.IntPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.IntPtrOutput { return v.EnforceSchedulerAddedOn }).(pulumi.IntPtrOutput) +} + +// List of excluded application scopes. +func (o FunctionRuntimePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + +// Executable blacklist configuration. +func (o FunctionRuntimePolicyOutput) ExecutableBlacklists() FunctionRuntimePolicyExecutableBlacklistArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyExecutableBlacklistArrayOutput { + return v.ExecutableBlacklists + }).(FunctionRuntimePolicyExecutableBlacklistArrayOutput) +} + +func (o FunctionRuntimePolicyOutput) FailedKubernetesChecks() FunctionRuntimePolicyFailedKubernetesChecksOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyFailedKubernetesChecksOutput { + return v.FailedKubernetesChecks + }).(FunctionRuntimePolicyFailedKubernetesChecksOutput) +} + +func (o FunctionRuntimePolicyOutput) FileBlock() FunctionRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyFileBlockOutput { return v.FileBlock }).(FunctionRuntimePolicyFileBlockOutput) +} + +// Configuration for file integrity monitoring. +func (o FunctionRuntimePolicyOutput) FileIntegrityMonitorings() FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput { + return v.FileIntegrityMonitorings + }).(FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput) +} + +func (o FunctionRuntimePolicyOutput) ForkGuardProcessLimit() pulumi.IntPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.IntPtrOutput { return v.ForkGuardProcessLimit }).(pulumi.IntPtrOutput) +} + // Honeypot User ID (Access Key) func (o FunctionRuntimePolicyOutput) HoneypotAccessKey() pulumi.StringPtrOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.HoneypotAccessKey }).(pulumi.StringPtrOutput) @@ -455,11 +830,120 @@ func (o FunctionRuntimePolicyOutput) HoneypotServerlessAppName() pulumi.StringPt return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.HoneypotServerlessAppName }).(pulumi.StringPtrOutput) } -// Name of the function runtime policy +func (o FunctionRuntimePolicyOutput) ImageName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.ImageName }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) IsAutoGenerated() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.IsAutoGenerated }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) IsOotbPolicy() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.IsOotbPolicy }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) Lastupdate() pulumi.IntOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.IntOutput { return v.Lastupdate }).(pulumi.IntOutput) +} + +// Container privileges configuration. +func (o FunctionRuntimePolicyOutput) LimitContainerPrivileges() FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput { + return v.LimitContainerPrivileges + }).(FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput) +} + +func (o FunctionRuntimePolicyOutput) LinuxCapabilities() FunctionRuntimePolicyLinuxCapabilitiesOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyLinuxCapabilitiesOutput { + return v.LinuxCapabilities + }).(FunctionRuntimePolicyLinuxCapabilitiesOutput) +} + +// Configuration for Real-Time Malware Protection. +func (o FunctionRuntimePolicyOutput) MalwareScanOptions() FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return v.MalwareScanOptions + }).(FunctionRuntimePolicyMalwareScanOptionsPtrOutput) +} + +// Name assigned to the attribute. func (o FunctionRuntimePolicyOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } +func (o FunctionRuntimePolicyOutput) NoNewPrivileges() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.NoNewPrivileges }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) OnlyRegisteredImages() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.BoolPtrOutput { return v.OnlyRegisteredImages }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) PackageBlock() FunctionRuntimePolicyPackageBlockOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyPackageBlockOutput { return v.PackageBlock }).(FunctionRuntimePolicyPackageBlockOutput) +} + +func (o FunctionRuntimePolicyOutput) Permission() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Permission }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) PortBlock() FunctionRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyPortBlockOutput { return v.PortBlock }).(FunctionRuntimePolicyPortBlockOutput) +} + +func (o FunctionRuntimePolicyOutput) ReadonlyFiles() FunctionRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyReadonlyFilesOutput { return v.ReadonlyFiles }).(FunctionRuntimePolicyReadonlyFilesOutput) +} + +func (o FunctionRuntimePolicyOutput) ReadonlyRegistry() FunctionRuntimePolicyReadonlyRegistryOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyReadonlyRegistryOutput { return v.ReadonlyRegistry }).(FunctionRuntimePolicyReadonlyRegistryOutput) +} + +func (o FunctionRuntimePolicyOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Registry }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) RegistryAccessMonitoring() FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return v.RegistryAccessMonitoring + }).(FunctionRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (o FunctionRuntimePolicyOutput) RepoName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.RepoName }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) ResourceName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.ResourceName }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) ResourceType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.ResourceType }).(pulumi.StringPtrOutput) +} + +// Restricted volumes configuration. +func (o FunctionRuntimePolicyOutput) RestrictedVolumes() FunctionRuntimePolicyRestrictedVolumeArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyRestrictedVolumeArrayOutput { + return v.RestrictedVolumes + }).(FunctionRuntimePolicyRestrictedVolumeArrayOutput) +} + +func (o FunctionRuntimePolicyOutput) ReverseShell() FunctionRuntimePolicyReverseShellOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyReverseShellOutput { return v.ReverseShell }).(FunctionRuntimePolicyReverseShellOutput) +} + +func (o FunctionRuntimePolicyOutput) RuntimeMode() pulumi.IntPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.IntPtrOutput { return v.RuntimeMode }).(pulumi.IntPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) RuntimeType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.RuntimeType }).(pulumi.StringPtrOutput) +} + // Logical expression of how to compute the dependency of the scope variables. func (o FunctionRuntimePolicyOutput) ScopeExpression() pulumi.StringOutput { return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringOutput { return v.ScopeExpression }).(pulumi.StringOutput) @@ -470,6 +954,43 @@ func (o FunctionRuntimePolicyOutput) ScopeVariables() FunctionRuntimePolicyScope return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyScopeVariableArrayOutput { return v.ScopeVariables }).(FunctionRuntimePolicyScopeVariableArrayOutput) } +// Scope configuration. +func (o FunctionRuntimePolicyOutput) Scopes() FunctionRuntimePolicyScopeArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyScopeArrayOutput { return v.Scopes }).(FunctionRuntimePolicyScopeArrayOutput) +} + +func (o FunctionRuntimePolicyOutput) SystemIntegrityProtection() FunctionRuntimePolicySystemIntegrityProtectionOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicySystemIntegrityProtectionOutput { + return v.SystemIntegrityProtection + }).(FunctionRuntimePolicySystemIntegrityProtectionOutput) +} + +func (o FunctionRuntimePolicyOutput) Tripwire() FunctionRuntimePolicyTripwireOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyTripwireOutput { return v.Tripwire }).(FunctionRuntimePolicyTripwireOutput) +} + +func (o FunctionRuntimePolicyOutput) Type() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Type }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) Updated() pulumi.StringOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringOutput { return v.Updated }).(pulumi.StringOutput) +} + +func (o FunctionRuntimePolicyOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) VpatchVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) pulumi.StringPtrOutput { return v.VpatchVersion }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyOutput) WhitelistedOsUsers() FunctionRuntimePolicyWhitelistedOsUsersOutput { + return o.ApplyT(func(v *FunctionRuntimePolicy) FunctionRuntimePolicyWhitelistedOsUsersOutput { + return v.WhitelistedOsUsers + }).(FunctionRuntimePolicyWhitelistedOsUsersOutput) +} + type FunctionRuntimePolicyArrayOutput struct{ *pulumi.OutputState } func (FunctionRuntimePolicyArrayOutput) ElementType() reflect.Type { @@ -484,12 +1005,6 @@ func (o FunctionRuntimePolicyArrayOutput) ToFunctionRuntimePolicyArrayOutputWith return o } -func (o FunctionRuntimePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*FunctionRuntimePolicy] { - return pulumix.Output[[]*FunctionRuntimePolicy]{ - OutputState: o.OutputState, - } -} - func (o FunctionRuntimePolicyArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *FunctionRuntimePolicy { return vs[0].([]*FunctionRuntimePolicy)[vs[1].(int)] @@ -510,12 +1025,6 @@ func (o FunctionRuntimePolicyMapOutput) ToFunctionRuntimePolicyMapOutputWithCont return o } -func (o FunctionRuntimePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*FunctionRuntimePolicy] { - return pulumix.Output[map[string]*FunctionRuntimePolicy]{ - OutputState: o.OutputState, - } -} - func (o FunctionRuntimePolicyMapOutput) MapIndex(k pulumi.StringInput) FunctionRuntimePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *FunctionRuntimePolicy { return vs[0].(map[string]*FunctionRuntimePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/getAcknowledges.go b/sdk/go/aquasec/getAcknowledges.go index 8f649d7c..84647ae5 100644 --- a/sdk/go/aquasec/getAcknowledges.go +++ b/sdk/go/aquasec/getAcknowledges.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -51,3 +54,43 @@ type GetAcknowledgesResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` } + +func GetAcknowledgesOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetAcknowledgesResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetAcknowledgesResult, error) { + r, err := GetAcknowledges(ctx, opts...) + var s GetAcknowledgesResult + if r != nil { + s = *r + } + return s, err + }).(GetAcknowledgesResultOutput) +} + +// A collection of values returned by getAcknowledges. +type GetAcknowledgesResultOutput struct{ *pulumi.OutputState } + +func (GetAcknowledgesResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetAcknowledgesResult)(nil)).Elem() +} + +func (o GetAcknowledgesResultOutput) ToGetAcknowledgesResultOutput() GetAcknowledgesResultOutput { + return o +} + +func (o GetAcknowledgesResultOutput) ToGetAcknowledgesResultOutputWithContext(ctx context.Context) GetAcknowledgesResultOutput { + return o +} + +// A list of existing security acknowledges. +func (o GetAcknowledgesResultOutput) Acknowledges() GetAcknowledgesAcknowledgeArrayOutput { + return o.ApplyT(func(v GetAcknowledgesResult) []GetAcknowledgesAcknowledge { return v.Acknowledges }).(GetAcknowledgesAcknowledgeArrayOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o GetAcknowledgesResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesResult) string { return v.Id }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(GetAcknowledgesResultOutput{}) +} diff --git a/sdk/go/aquasec/getApplicationScope.go b/sdk/go/aquasec/getApplicationScope.go index 825691a3..f8308ac0 100644 --- a/sdk/go/aquasec/getApplicationScope.go +++ b/sdk/go/aquasec/getApplicationScope.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -112,12 +111,6 @@ func (o LookupApplicationScopeResultOutput) ToLookupApplicationScopeResultOutput return o } -func (o LookupApplicationScopeResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupApplicationScopeResult] { - return pulumix.Output[LookupApplicationScopeResult]{ - OutputState: o.OutputState, - } -} - // Username of the account that created the service. func (o LookupApplicationScopeResultOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v LookupApplicationScopeResult) string { return v.Author }).(pulumi.StringOutput) diff --git a/sdk/go/aquasec/getAquaLabels.go b/sdk/go/aquasec/getAquaLabels.go index bc3412a2..83b090f7 100644 --- a/sdk/go/aquasec/getAquaLabels.go +++ b/sdk/go/aquasec/getAquaLabels.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,3 +53,42 @@ type GetAquaLabelsResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` } + +func GetAquaLabelsOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetAquaLabelsResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetAquaLabelsResult, error) { + r, err := GetAquaLabels(ctx, opts...) + var s GetAquaLabelsResult + if r != nil { + s = *r + } + return s, err + }).(GetAquaLabelsResultOutput) +} + +// A collection of values returned by getAquaLabels. +type GetAquaLabelsResultOutput struct{ *pulumi.OutputState } + +func (GetAquaLabelsResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetAquaLabelsResult)(nil)).Elem() +} + +func (o GetAquaLabelsResultOutput) ToGetAquaLabelsResultOutput() GetAquaLabelsResultOutput { + return o +} + +func (o GetAquaLabelsResultOutput) ToGetAquaLabelsResultOutputWithContext(ctx context.Context) GetAquaLabelsResultOutput { + return o +} + +func (o GetAquaLabelsResultOutput) AquaLabels() GetAquaLabelsAquaLabelArrayOutput { + return o.ApplyT(func(v GetAquaLabelsResult) []GetAquaLabelsAquaLabel { return v.AquaLabels }).(GetAquaLabelsAquaLabelArrayOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o GetAquaLabelsResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetAquaLabelsResult) string { return v.Id }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(GetAquaLabelsResultOutput{}) +} diff --git a/sdk/go/aquasec/getContainerRuntimePolicy.go b/sdk/go/aquasec/getContainerRuntimePolicy.go index d5f2dbc5..8af1fb98 100644 --- a/sdk/go/aquasec/getContainerRuntimePolicy.go +++ b/sdk/go/aquasec/getContainerRuntimePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,18 +49,32 @@ func LookupContainerRuntimePolicy(ctx *pulumi.Context, args *LookupContainerRunt // A collection of arguments for invoking getContainerRuntimePolicy. type LookupContainerRuntimePolicyArgs struct { + // Allowed executables configuration. + AllowedExecutables []GetContainerRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []GetContainerRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` + Auditing *GetContainerRuntimePolicyAuditing `pulumi:"auditing"` + ContainerExec *GetContainerRuntimePolicyContainerExec `pulumi:"containerExec"` + FileBlock *GetContainerRuntimePolicyFileBlock `pulumi:"fileBlock"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings []GetContainerRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitorings"` + // Container privileges configuration. + LimitContainerPrivileges []GetContainerRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` // Configuration for Real-Time Malware Protection. MalwareScanOptions []GetContainerRuntimePolicyMalwareScanOption `pulumi:"malwareScanOptions"` - // Name of the container runtime policy - Name string `pulumi:"name"` + Name string `pulumi:"name"` + PortBlock *GetContainerRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *GetContainerRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + // Restricted volumes configuration. + RestrictedVolumes []GetContainerRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` } // A collection of values returned by getContainerRuntimePolicy. type LookupContainerRuntimePolicyResult struct { - // List of executables that are allowed for the user. - AllowedExecutables []string `pulumi:"allowedExecutables"` - // List of registries that allowed for running containers. - AllowedRegistries []string `pulumi:"allowedRegistries"` + // Allowed executables configuration. + AllowedExecutables []GetContainerRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // Allowed registries configuration. + AllowedRegistries []GetContainerRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` // If true, all network activity will be audited. @@ -69,7 +82,8 @@ type LookupContainerRuntimePolicyResult struct { // If true, all process activity will be audited. AuditAllProcessesActivity bool `pulumi:"auditAllProcessesActivity"` // If true, full command arguments will be audited. - AuditFullCommandArguments bool `pulumi:"auditFullCommandArguments"` + AuditFullCommandArguments bool `pulumi:"auditFullCommandArguments"` + Auditing *GetContainerRuntimePolicyAuditing `pulumi:"auditing"` // Username of the account that created the service. Author string `pulumi:"author"` // If true, prevent containers from running with access to host network. @@ -119,7 +133,8 @@ type LookupContainerRuntimePolicyResult struct { // Prevent containers from reading, writing, or executing all files in the list of packages. BlockedPackages []string `pulumi:"blockedPackages"` // List of volumes that are prevented from being mounted in the containers. - BlockedVolumes []string `pulumi:"blockedVolumes"` + BlockedVolumes []string `pulumi:"blockedVolumes"` + ContainerExec *GetContainerRuntimePolicyContainerExec `pulumi:"containerExec"` // List of processes that will be allowed. ContainerExecAllowedProcesses []string `pulumi:"containerExecAllowedProcesses"` // The description of the container runtime policy @@ -141,13 +156,16 @@ type LookupContainerRuntimePolicyResult struct { // List of files and directories to be excluded from the read-only list. ExceptionalReadonlyFilesAndDirectories []string `pulumi:"exceptionalReadonlyFilesAndDirectories"` // Specify processes that will be allowed - ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + FileBlock *GetContainerRuntimePolicyFileBlock `pulumi:"fileBlock"` // Configuration for file integrity monitoring. FileIntegrityMonitorings []GetContainerRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitorings"` // Process limit for the fork guard. ForkGuardProcessLimit int `pulumi:"forkGuardProcessLimit"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` + // Container privileges configuration. + LimitContainerPrivileges []GetContainerRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) LimitNewPrivileges bool `pulumi:"limitNewPrivileges"` // Configuration for Real-Time Malware Protection. @@ -155,9 +173,13 @@ type LookupContainerRuntimePolicyResult struct { // If true, system time changes will be monitored. MonitorSystemTimeChanges bool `pulumi:"monitorSystemTimeChanges"` // Name of the container runtime policy - Name string `pulumi:"name"` + Name string `pulumi:"name"` + PortBlock *GetContainerRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *GetContainerRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` // List of files and directories to be restricted as read-only ReadonlyFilesAndDirectories []string `pulumi:"readonlyFilesAndDirectories"` + // Restricted volumes configuration. + RestrictedVolumes []GetContainerRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` // List of IPs/ CIDRs that will be allowed ReverseShellAllowedIps []string `pulumi:"reverseShellAllowedIps"` // List of processes that will be allowed @@ -183,10 +205,24 @@ func LookupContainerRuntimePolicyOutput(ctx *pulumi.Context, args LookupContaine // A collection of arguments for invoking getContainerRuntimePolicy. type LookupContainerRuntimePolicyOutputArgs struct { + // Allowed executables configuration. + AllowedExecutables GetContainerRuntimePolicyAllowedExecutableArrayInput `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries GetContainerRuntimePolicyAllowedRegistryArrayInput `pulumi:"allowedRegistries"` + Auditing GetContainerRuntimePolicyAuditingPtrInput `pulumi:"auditing"` + ContainerExec GetContainerRuntimePolicyContainerExecPtrInput `pulumi:"containerExec"` + FileBlock GetContainerRuntimePolicyFileBlockPtrInput `pulumi:"fileBlock"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput `pulumi:"fileIntegrityMonitorings"` + // Container privileges configuration. + LimitContainerPrivileges GetContainerRuntimePolicyLimitContainerPrivilegeArrayInput `pulumi:"limitContainerPrivileges"` // Configuration for Real-Time Malware Protection. MalwareScanOptions GetContainerRuntimePolicyMalwareScanOptionArrayInput `pulumi:"malwareScanOptions"` - // Name of the container runtime policy - Name pulumi.StringInput `pulumi:"name"` + Name pulumi.StringInput `pulumi:"name"` + PortBlock GetContainerRuntimePolicyPortBlockPtrInput `pulumi:"portBlock"` + ReadonlyFiles GetContainerRuntimePolicyReadonlyFilesPtrInput `pulumi:"readonlyFiles"` + // Restricted volumes configuration. + RestrictedVolumes GetContainerRuntimePolicyRestrictedVolumeArrayInput `pulumi:"restrictedVolumes"` } func (LookupContainerRuntimePolicyOutputArgs) ElementType() reflect.Type { @@ -208,20 +244,18 @@ func (o LookupContainerRuntimePolicyResultOutput) ToLookupContainerRuntimePolicy return o } -func (o LookupContainerRuntimePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupContainerRuntimePolicyResult] { - return pulumix.Output[LookupContainerRuntimePolicyResult]{ - OutputState: o.OutputState, - } +// Allowed executables configuration. +func (o LookupContainerRuntimePolicyResultOutput) AllowedExecutables() GetContainerRuntimePolicyAllowedExecutableArrayOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []GetContainerRuntimePolicyAllowedExecutable { + return v.AllowedExecutables + }).(GetContainerRuntimePolicyAllowedExecutableArrayOutput) } -// List of executables that are allowed for the user. -func (o LookupContainerRuntimePolicyResultOutput) AllowedExecutables() pulumi.StringArrayOutput { - return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.AllowedExecutables }).(pulumi.StringArrayOutput) -} - -// List of registries that allowed for running containers. -func (o LookupContainerRuntimePolicyResultOutput) AllowedRegistries() pulumi.StringArrayOutput { - return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.AllowedRegistries }).(pulumi.StringArrayOutput) +// Allowed registries configuration. +func (o LookupContainerRuntimePolicyResultOutput) AllowedRegistries() GetContainerRuntimePolicyAllowedRegistryArrayOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []GetContainerRuntimePolicyAllowedRegistry { + return v.AllowedRegistries + }).(GetContainerRuntimePolicyAllowedRegistryArrayOutput) } // Indicates the application scope of the service. @@ -244,6 +278,10 @@ func (o LookupContainerRuntimePolicyResultOutput) AuditFullCommandArguments() pu return o.ApplyT(func(v LookupContainerRuntimePolicyResult) bool { return v.AuditFullCommandArguments }).(pulumi.BoolOutput) } +func (o LookupContainerRuntimePolicyResultOutput) Auditing() GetContainerRuntimePolicyAuditingPtrOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) *GetContainerRuntimePolicyAuditing { return v.Auditing }).(GetContainerRuntimePolicyAuditingPtrOutput) +} + // Username of the account that created the service. func (o LookupContainerRuntimePolicyResultOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) string { return v.Author }).(pulumi.StringOutput) @@ -369,6 +407,12 @@ func (o LookupContainerRuntimePolicyResultOutput) BlockedVolumes() pulumi.String return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.BlockedVolumes }).(pulumi.StringArrayOutput) } +func (o LookupContainerRuntimePolicyResultOutput) ContainerExec() GetContainerRuntimePolicyContainerExecPtrOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) *GetContainerRuntimePolicyContainerExec { + return v.ContainerExec + }).(GetContainerRuntimePolicyContainerExecPtrOutput) +} + // List of processes that will be allowed. func (o LookupContainerRuntimePolicyResultOutput) ContainerExecAllowedProcesses() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.ContainerExecAllowedProcesses }).(pulumi.StringArrayOutput) @@ -424,6 +468,10 @@ func (o LookupContainerRuntimePolicyResultOutput) ExecLockdownWhiteLists() pulum return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.ExecLockdownWhiteLists }).(pulumi.StringArrayOutput) } +func (o LookupContainerRuntimePolicyResultOutput) FileBlock() GetContainerRuntimePolicyFileBlockPtrOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) *GetContainerRuntimePolicyFileBlock { return v.FileBlock }).(GetContainerRuntimePolicyFileBlockPtrOutput) +} + // Configuration for file integrity monitoring. func (o LookupContainerRuntimePolicyResultOutput) FileIntegrityMonitorings() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []GetContainerRuntimePolicyFileIntegrityMonitoring { @@ -441,6 +489,13 @@ func (o LookupContainerRuntimePolicyResultOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) string { return v.Id }).(pulumi.StringOutput) } +// Container privileges configuration. +func (o LookupContainerRuntimePolicyResultOutput) LimitContainerPrivileges() GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []GetContainerRuntimePolicyLimitContainerPrivilege { + return v.LimitContainerPrivileges + }).(GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) +} + // If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) func (o LookupContainerRuntimePolicyResultOutput) LimitNewPrivileges() pulumi.BoolOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) bool { return v.LimitNewPrivileges }).(pulumi.BoolOutput) @@ -463,11 +518,28 @@ func (o LookupContainerRuntimePolicyResultOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) string { return v.Name }).(pulumi.StringOutput) } +func (o LookupContainerRuntimePolicyResultOutput) PortBlock() GetContainerRuntimePolicyPortBlockPtrOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) *GetContainerRuntimePolicyPortBlock { return v.PortBlock }).(GetContainerRuntimePolicyPortBlockPtrOutput) +} + +func (o LookupContainerRuntimePolicyResultOutput) ReadonlyFiles() GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) *GetContainerRuntimePolicyReadonlyFiles { + return v.ReadonlyFiles + }).(GetContainerRuntimePolicyReadonlyFilesPtrOutput) +} + // List of files and directories to be restricted as read-only func (o LookupContainerRuntimePolicyResultOutput) ReadonlyFilesAndDirectories() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.ReadonlyFilesAndDirectories }).(pulumi.StringArrayOutput) } +// Restricted volumes configuration. +func (o LookupContainerRuntimePolicyResultOutput) RestrictedVolumes() GetContainerRuntimePolicyRestrictedVolumeArrayOutput { + return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []GetContainerRuntimePolicyRestrictedVolume { + return v.RestrictedVolumes + }).(GetContainerRuntimePolicyRestrictedVolumeArrayOutput) +} + // List of IPs/ CIDRs that will be allowed func (o LookupContainerRuntimePolicyResultOutput) ReverseShellAllowedIps() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupContainerRuntimePolicyResult) []string { return v.ReverseShellAllowedIps }).(pulumi.StringArrayOutput) diff --git a/sdk/go/aquasec/getEnforcerGroups.go b/sdk/go/aquasec/getEnforcerGroups.go index 266b5016..7cfc0ec2 100644 --- a/sdk/go/aquasec/getEnforcerGroups.go +++ b/sdk/go/aquasec/getEnforcerGroups.go @@ -8,10 +8,11 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) +// The data source `EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. +// // ## Example Usage // // ```go @@ -231,12 +232,6 @@ func (o LookupEnforcerGroupsResultOutput) ToLookupEnforcerGroupsResultOutputWith return o } -func (o LookupEnforcerGroupsResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupEnforcerGroupsResult] { - return pulumix.Output[LookupEnforcerGroupsResult]{ - OutputState: o.OutputState, - } -} - // Selecting this option will allow the KubeEnforcer to block the deployment of container images that have failed any of these Container Runtime Policy controls:\ // - Block Non-Compliant Images\ // - Block Non-Compliant Workloads\ diff --git a/sdk/go/aquasec/getFirewallPolicy.go b/sdk/go/aquasec/getFirewallPolicy.go index 058e0534..b0ae4111 100644 --- a/sdk/go/aquasec/getFirewallPolicy.go +++ b/sdk/go/aquasec/getFirewallPolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -96,12 +95,6 @@ func (o LookupFirewallPolicyResultOutput) ToLookupFirewallPolicyResultOutputWith return o } -func (o LookupFirewallPolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupFirewallPolicyResult] { - return pulumix.Output[LookupFirewallPolicyResult]{ - OutputState: o.OutputState, - } -} - // Username of the account that created the policy. func (o LookupFirewallPolicyResultOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v LookupFirewallPolicyResult) string { return v.Author }).(pulumi.StringOutput) diff --git a/sdk/go/aquasec/getFunctionAssurancePolicy.go b/sdk/go/aquasec/getFunctionAssurancePolicy.go index b4edfa2c..56ab4ac5 100644 --- a/sdk/go/aquasec/getFunctionAssurancePolicy.go +++ b/sdk/go/aquasec/getFunctionAssurancePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -45,7 +44,7 @@ type LookupFunctionAssurancePolicyResult struct { BlacklistPermissionsEnabled bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed bool `pulumi:"blockFailed"` @@ -55,11 +54,11 @@ type LookupFunctionAssurancePolicyResult struct { // Indicates if scanning should include custom checks. CustomChecksEnabled bool `pulumi:"customChecksEnabled"` CustomSeverityEnabled bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -71,7 +70,8 @@ type LookupFunctionAssurancePolicyResult struct { CvssSeverityExcludeNoFix bool `pulumi:"cvssSeverityExcludeNoFix"` Description string `pulumi:"description"` // Indicates if malware should block the image. - DisallowMalware bool `pulumi:"disallowMalware"` + DisallowMalware bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain string `pulumi:"domain"` @@ -98,8 +98,9 @@ type LookupFunctionAssurancePolicyResult struct { // List of ignored risk resources. IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled bool `pulumi:"kubeCisEnabled"` // List of labels. Labels []string `pulumi:"labels"` MalwareAction string `pulumi:"malwareAction"` @@ -115,7 +116,7 @@ type LookupFunctionAssurancePolicyResult struct { OnlyNoneRootUsers bool `pulumi:"onlyNoneRootUsers"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []GetFunctionAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled bool `pulumi:"packagesWhiteListEnabled"` @@ -183,12 +184,6 @@ func (o LookupFunctionAssurancePolicyResultOutput) ToLookupFunctionAssurancePoli return o } -func (o LookupFunctionAssurancePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupFunctionAssurancePolicyResult] { - return pulumix.Output[LookupFunctionAssurancePolicyResult]{ - OutputState: o.OutputState, - } -} - // List of explicitly allowed images. func (o LookupFunctionAssurancePolicyResultOutput) AllowedImages() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) []string { return v.AllowedImages }).(pulumi.StringArrayOutput) @@ -237,7 +232,7 @@ func (o LookupFunctionAssurancePolicyResultOutput) BlacklistedLicenses() pulumi. return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) []string { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o LookupFunctionAssurancePolicyResultOutput) BlacklistedLicensesEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.BlacklistedLicensesEnabled }).(pulumi.BoolOutput) } @@ -267,17 +262,17 @@ func (o LookupFunctionAssurancePolicyResultOutput) CustomSeverityEnabled() pulum return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.CustomSeverityEnabled }).(pulumi.BoolOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o LookupFunctionAssurancePolicyResultOutput) CvesBlackListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.CvesBlackListEnabled }).(pulumi.BoolOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o LookupFunctionAssurancePolicyResultOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) []string { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o LookupFunctionAssurancePolicyResultOutput) CvesWhiteListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.CvesWhiteListEnabled }).(pulumi.BoolOutput) } @@ -311,6 +306,7 @@ func (o LookupFunctionAssurancePolicyResultOutput) DisallowMalware() pulumi.Bool return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.DisallowMalware }).(pulumi.BoolOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o LookupFunctionAssurancePolicyResultOutput) DockerCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.DockerCisEnabled }).(pulumi.BoolOutput) } @@ -403,6 +399,7 @@ func (o LookupFunctionAssurancePolicyResultOutput) Images() pulumi.StringArrayOu return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) []string { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o LookupFunctionAssurancePolicyResultOutput) KubeCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.KubeCisEnabled }).(pulumi.BoolOutput) } @@ -449,7 +446,7 @@ func (o LookupFunctionAssurancePolicyResultOutput) PackagesBlackListEnabled() pu return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) bool { return v.PackagesBlackListEnabled }).(pulumi.BoolOutput) } -// List of backlisted images. +// List of blacklisted images. func (o LookupFunctionAssurancePolicyResultOutput) PackagesBlackLists() GetFunctionAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v LookupFunctionAssurancePolicyResult) []GetFunctionAssurancePolicyPackagesBlackList { return v.PackagesBlackLists diff --git a/sdk/go/aquasec/getFunctionRuntimePolicy.go b/sdk/go/aquasec/getFunctionRuntimePolicy.go index 26d7f17c..db48273a 100644 --- a/sdk/go/aquasec/getFunctionRuntimePolicy.go +++ b/sdk/go/aquasec/getFunctionRuntimePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,8 +49,11 @@ func LookupFunctionRuntimePolicy(ctx *pulumi.Context, args *LookupFunctionRuntim // A collection of arguments for invoking getFunctionRuntimePolicy. type LookupFunctionRuntimePolicyArgs struct { - // Name of the function runtime policy - Name string `pulumi:"name"` + // Drift prevention configuration. + DriftPreventions []GetFunctionRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + // Executable blacklist configuration. + ExecutableBlacklists []GetFunctionRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + Name string `pulumi:"name"` } // A collection of values returned by getFunctionRuntimePolicy. @@ -70,10 +72,14 @@ type LookupFunctionRuntimePolicyResult struct { BlockedExecutables []string `pulumi:"blockedExecutables"` // The description of the function runtime policy Description string `pulumi:"description"` + // Drift prevention configuration. + DriftPreventions []GetFunctionRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` // Indicates if the runtime policy is enabled or not. Enabled bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce bool `pulumi:"enforce"` + // Executable blacklist configuration. + ExecutableBlacklists []GetFunctionRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` // Honeypot User ID (Access Key) HoneypotAccessKey string `pulumi:"honeypotAccessKey"` // List of options to apply the honeypot on (Environment Vairable, Layer, File) @@ -107,8 +113,11 @@ func LookupFunctionRuntimePolicyOutput(ctx *pulumi.Context, args LookupFunctionR // A collection of arguments for invoking getFunctionRuntimePolicy. type LookupFunctionRuntimePolicyOutputArgs struct { - // Name of the function runtime policy - Name pulumi.StringInput `pulumi:"name"` + // Drift prevention configuration. + DriftPreventions GetFunctionRuntimePolicyDriftPreventionArrayInput `pulumi:"driftPreventions"` + // Executable blacklist configuration. + ExecutableBlacklists GetFunctionRuntimePolicyExecutableBlacklistArrayInput `pulumi:"executableBlacklists"` + Name pulumi.StringInput `pulumi:"name"` } func (LookupFunctionRuntimePolicyOutputArgs) ElementType() reflect.Type { @@ -130,12 +139,6 @@ func (o LookupFunctionRuntimePolicyResultOutput) ToLookupFunctionRuntimePolicyRe return o } -func (o LookupFunctionRuntimePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupFunctionRuntimePolicyResult] { - return pulumix.Output[LookupFunctionRuntimePolicyResult]{ - OutputState: o.OutputState, - } -} - // Indicates the application scope of the service. func (o LookupFunctionRuntimePolicyResultOutput) ApplicationScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) []string { return v.ApplicationScopes }).(pulumi.StringArrayOutput) @@ -171,6 +174,13 @@ func (o LookupFunctionRuntimePolicyResultOutput) Description() pulumi.StringOutp return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) string { return v.Description }).(pulumi.StringOutput) } +// Drift prevention configuration. +func (o LookupFunctionRuntimePolicyResultOutput) DriftPreventions() GetFunctionRuntimePolicyDriftPreventionArrayOutput { + return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) []GetFunctionRuntimePolicyDriftPrevention { + return v.DriftPreventions + }).(GetFunctionRuntimePolicyDriftPreventionArrayOutput) +} + // Indicates if the runtime policy is enabled or not. func (o LookupFunctionRuntimePolicyResultOutput) Enabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) bool { return v.Enabled }).(pulumi.BoolOutput) @@ -181,6 +191,13 @@ func (o LookupFunctionRuntimePolicyResultOutput) Enforce() pulumi.BoolOutput { return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) bool { return v.Enforce }).(pulumi.BoolOutput) } +// Executable blacklist configuration. +func (o LookupFunctionRuntimePolicyResultOutput) ExecutableBlacklists() GetFunctionRuntimePolicyExecutableBlacklistArrayOutput { + return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) []GetFunctionRuntimePolicyExecutableBlacklist { + return v.ExecutableBlacklists + }).(GetFunctionRuntimePolicyExecutableBlacklistArrayOutput) +} + // Honeypot User ID (Access Key) func (o LookupFunctionRuntimePolicyResultOutput) HoneypotAccessKey() pulumi.StringOutput { return o.ApplyT(func(v LookupFunctionRuntimePolicyResult) string { return v.HoneypotAccessKey }).(pulumi.StringOutput) diff --git a/sdk/go/aquasec/getGateways.go b/sdk/go/aquasec/getGateways.go index d1f93ef8..6f804fb4 100644 --- a/sdk/go/aquasec/getGateways.go +++ b/sdk/go/aquasec/getGateways.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -57,3 +60,43 @@ type GetGatewaysResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` } + +func GetGatewaysOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetGatewaysResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetGatewaysResult, error) { + r, err := GetGateways(ctx, opts...) + var s GetGatewaysResult + if r != nil { + s = *r + } + return s, err + }).(GetGatewaysResultOutput) +} + +// A collection of values returned by getGateways. +type GetGatewaysResultOutput struct{ *pulumi.OutputState } + +func (GetGatewaysResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetGatewaysResult)(nil)).Elem() +} + +func (o GetGatewaysResultOutput) ToGetGatewaysResultOutput() GetGatewaysResultOutput { + return o +} + +func (o GetGatewaysResultOutput) ToGetGatewaysResultOutputWithContext(ctx context.Context) GetGatewaysResultOutput { + return o +} + +// A list of existing gateways' parameters. +func (o GetGatewaysResultOutput) Gateways() GetGatewaysGatewayArrayOutput { + return o.ApplyT(func(v GetGatewaysResult) []GetGatewaysGateway { return v.Gateways }).(GetGatewaysGatewayArrayOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o GetGatewaysResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetGatewaysResult) string { return v.Id }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(GetGatewaysResultOutput{}) +} diff --git a/sdk/go/aquasec/getGroups.go b/sdk/go/aquasec/getGroups.go index 12c26ce6..b25f5a7e 100644 --- a/sdk/go/aquasec/getGroups.go +++ b/sdk/go/aquasec/getGroups.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,3 +53,42 @@ type GetGroupsResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` } + +func GetGroupsOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetGroupsResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetGroupsResult, error) { + r, err := GetGroups(ctx, opts...) + var s GetGroupsResult + if r != nil { + s = *r + } + return s, err + }).(GetGroupsResultOutput) +} + +// A collection of values returned by getGroups. +type GetGroupsResultOutput struct{ *pulumi.OutputState } + +func (GetGroupsResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetGroupsResult)(nil)).Elem() +} + +func (o GetGroupsResultOutput) ToGetGroupsResultOutput() GetGroupsResultOutput { + return o +} + +func (o GetGroupsResultOutput) ToGetGroupsResultOutputWithContext(ctx context.Context) GetGroupsResultOutput { + return o +} + +func (o GetGroupsResultOutput) Groups() GetGroupsGroupArrayOutput { + return o.ApplyT(func(v GetGroupsResult) []GetGroupsGroup { return v.Groups }).(GetGroupsGroupArrayOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o GetGroupsResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetGroupsResult) string { return v.Id }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(GetGroupsResultOutput{}) +} diff --git a/sdk/go/aquasec/getHostAssurancePolicy.go b/sdk/go/aquasec/getHostAssurancePolicy.go index 08c384c9..8a890132 100644 --- a/sdk/go/aquasec/getHostAssurancePolicy.go +++ b/sdk/go/aquasec/getHostAssurancePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -45,7 +44,7 @@ type LookupHostAssurancePolicyResult struct { BlacklistPermissionsEnabled bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed bool `pulumi:"blockFailed"` @@ -55,11 +54,11 @@ type LookupHostAssurancePolicyResult struct { // Indicates if scanning should include custom checks. CustomChecksEnabled bool `pulumi:"customChecksEnabled"` CustomSeverityEnabled bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -71,7 +70,8 @@ type LookupHostAssurancePolicyResult struct { CvssSeverityExcludeNoFix bool `pulumi:"cvssSeverityExcludeNoFix"` Description string `pulumi:"description"` // Indicates if malware should block the image. - DisallowMalware bool `pulumi:"disallowMalware"` + DisallowMalware bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain string `pulumi:"domain"` @@ -98,8 +98,9 @@ type LookupHostAssurancePolicyResult struct { // List of ignored risk resources. IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled bool `pulumi:"kubeCisEnabled"` // List of labels. Labels []string `pulumi:"labels"` MalwareAction string `pulumi:"malwareAction"` @@ -115,7 +116,7 @@ type LookupHostAssurancePolicyResult struct { OnlyNoneRootUsers bool `pulumi:"onlyNoneRootUsers"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []GetHostAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled bool `pulumi:"packagesWhiteListEnabled"` @@ -183,12 +184,6 @@ func (o LookupHostAssurancePolicyResultOutput) ToLookupHostAssurancePolicyResult return o } -func (o LookupHostAssurancePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupHostAssurancePolicyResult] { - return pulumix.Output[LookupHostAssurancePolicyResult]{ - OutputState: o.OutputState, - } -} - // List of explicitly allowed images. func (o LookupHostAssurancePolicyResultOutput) AllowedImages() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) []string { return v.AllowedImages }).(pulumi.StringArrayOutput) @@ -235,7 +230,7 @@ func (o LookupHostAssurancePolicyResultOutput) BlacklistedLicenses() pulumi.Stri return o.ApplyT(func(v LookupHostAssurancePolicyResult) []string { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o LookupHostAssurancePolicyResultOutput) BlacklistedLicensesEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.BlacklistedLicensesEnabled }).(pulumi.BoolOutput) } @@ -263,17 +258,17 @@ func (o LookupHostAssurancePolicyResultOutput) CustomSeverityEnabled() pulumi.Bo return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.CustomSeverityEnabled }).(pulumi.BoolOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o LookupHostAssurancePolicyResultOutput) CvesBlackListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.CvesBlackListEnabled }).(pulumi.BoolOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o LookupHostAssurancePolicyResultOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) []string { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o LookupHostAssurancePolicyResultOutput) CvesWhiteListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.CvesWhiteListEnabled }).(pulumi.BoolOutput) } @@ -307,6 +302,7 @@ func (o LookupHostAssurancePolicyResultOutput) DisallowMalware() pulumi.BoolOutp return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.DisallowMalware }).(pulumi.BoolOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o LookupHostAssurancePolicyResultOutput) DockerCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.DockerCisEnabled }).(pulumi.BoolOutput) } @@ -399,6 +395,7 @@ func (o LookupHostAssurancePolicyResultOutput) Images() pulumi.StringArrayOutput return o.ApplyT(func(v LookupHostAssurancePolicyResult) []string { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o LookupHostAssurancePolicyResultOutput) KubeCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.KubeCisEnabled }).(pulumi.BoolOutput) } @@ -445,7 +442,7 @@ func (o LookupHostAssurancePolicyResultOutput) PackagesBlackListEnabled() pulumi return o.ApplyT(func(v LookupHostAssurancePolicyResult) bool { return v.PackagesBlackListEnabled }).(pulumi.BoolOutput) } -// List of backlisted images. +// List of blacklisted images. func (o LookupHostAssurancePolicyResultOutput) PackagesBlackLists() GetHostAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v LookupHostAssurancePolicyResult) []GetHostAssurancePolicyPackagesBlackList { return v.PackagesBlackLists diff --git a/sdk/go/aquasec/getHostRuntimePolicy.go b/sdk/go/aquasec/getHostRuntimePolicy.go index 62177a66..e62e5ef5 100644 --- a/sdk/go/aquasec/getHostRuntimePolicy.go +++ b/sdk/go/aquasec/getHostRuntimePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,8 +49,13 @@ func LookupHostRuntimePolicy(ctx *pulumi.Context, args *LookupHostRuntimePolicyA // A collection of arguments for invoking getHostRuntimePolicy. type LookupHostRuntimePolicyArgs struct { - // Name of the host runtime policy - Name string `pulumi:"name"` + Auditing *GetHostRuntimePolicyAuditing `pulumi:"auditing"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings []GetHostRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitorings"` + // Configuration for Real-Time Malware Protection. + MalwareScanOptions []GetHostRuntimePolicyMalwareScanOption `pulumi:"malwareScanOptions"` + Name string `pulumi:"name"` + PackageBlocks []GetHostRuntimePolicyPackageBlock `pulumi:"packageBlocks"` } // A collection of values returned by getHostRuntimePolicy. @@ -69,7 +73,8 @@ type LookupHostRuntimePolicyResult struct { // If true, host successful logins will be audited. AuditHostSuccessfulLoginEvents bool `pulumi:"auditHostSuccessfulLoginEvents"` // If true, account management will be audited. - AuditUserAccountManagement bool `pulumi:"auditUserAccountManagement"` + AuditUserAccountManagement bool `pulumi:"auditUserAccountManagement"` + Auditing *GetHostRuntimePolicyAuditing `pulumi:"auditing"` // Username of the account that created the service. Author string `pulumi:"author"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining @@ -79,7 +84,7 @@ type LookupHostRuntimePolicyResult struct { // The description of the host runtime policy Description string `pulumi:"description"` // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity bool `pulumi:"enableIpReputationSecurity"` + EnableIpReputation bool `pulumi:"enableIpReputation"` // Indicates if the runtime policy is enabled or not. Enabled bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). @@ -107,9 +112,8 @@ type LookupHostRuntimePolicyResult struct { // List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. OsUsersAlloweds []string `pulumi:"osUsersAlloweds"` // List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - OsUsersBlockeds []string `pulumi:"osUsersBlockeds"` - // List of packages that are not allowed read, write or execute all files that under the packages. - PackageBlocks []string `pulumi:"packageBlocks"` + OsUsersBlockeds []string `pulumi:"osUsersBlockeds"` + PackageBlocks []GetHostRuntimePolicyPackageBlock `pulumi:"packageBlocks"` // If true, port scanning behaviors will be audited. PortScanningDetection bool `pulumi:"portScanningDetection"` // Logical expression of how to compute the dependency of the scope variables. @@ -137,8 +141,13 @@ func LookupHostRuntimePolicyOutput(ctx *pulumi.Context, args LookupHostRuntimePo // A collection of arguments for invoking getHostRuntimePolicy. type LookupHostRuntimePolicyOutputArgs struct { - // Name of the host runtime policy - Name pulumi.StringInput `pulumi:"name"` + Auditing GetHostRuntimePolicyAuditingPtrInput `pulumi:"auditing"` + // Configuration for file integrity monitoring. + FileIntegrityMonitorings GetHostRuntimePolicyFileIntegrityMonitoringArrayInput `pulumi:"fileIntegrityMonitorings"` + // Configuration for Real-Time Malware Protection. + MalwareScanOptions GetHostRuntimePolicyMalwareScanOptionArrayInput `pulumi:"malwareScanOptions"` + Name pulumi.StringInput `pulumi:"name"` + PackageBlocks GetHostRuntimePolicyPackageBlockArrayInput `pulumi:"packageBlocks"` } func (LookupHostRuntimePolicyOutputArgs) ElementType() reflect.Type { @@ -160,12 +169,6 @@ func (o LookupHostRuntimePolicyResultOutput) ToLookupHostRuntimePolicyResultOutp return o } -func (o LookupHostRuntimePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupHostRuntimePolicyResult] { - return pulumix.Output[LookupHostRuntimePolicyResult]{ - OutputState: o.OutputState, - } -} - // Indicates the application scope of the service. func (o LookupHostRuntimePolicyResultOutput) ApplicationScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupHostRuntimePolicyResult) []string { return v.ApplicationScopes }).(pulumi.StringArrayOutput) @@ -201,6 +204,10 @@ func (o LookupHostRuntimePolicyResultOutput) AuditUserAccountManagement() pulumi return o.ApplyT(func(v LookupHostRuntimePolicyResult) bool { return v.AuditUserAccountManagement }).(pulumi.BoolOutput) } +func (o LookupHostRuntimePolicyResultOutput) Auditing() GetHostRuntimePolicyAuditingPtrOutput { + return o.ApplyT(func(v LookupHostRuntimePolicyResult) *GetHostRuntimePolicyAuditing { return v.Auditing }).(GetHostRuntimePolicyAuditingPtrOutput) +} + // Username of the account that created the service. func (o LookupHostRuntimePolicyResultOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v LookupHostRuntimePolicyResult) string { return v.Author }).(pulumi.StringOutput) @@ -222,8 +229,8 @@ func (o LookupHostRuntimePolicyResultOutput) Description() pulumi.StringOutput { } // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. -func (o LookupHostRuntimePolicyResultOutput) EnableIpReputationSecurity() pulumi.BoolOutput { - return o.ApplyT(func(v LookupHostRuntimePolicyResult) bool { return v.EnableIpReputationSecurity }).(pulumi.BoolOutput) +func (o LookupHostRuntimePolicyResultOutput) EnableIpReputation() pulumi.BoolOutput { + return o.ApplyT(func(v LookupHostRuntimePolicyResult) bool { return v.EnableIpReputation }).(pulumi.BoolOutput) } // Indicates if the runtime policy is enabled or not. @@ -300,9 +307,8 @@ func (o LookupHostRuntimePolicyResultOutput) OsUsersBlockeds() pulumi.StringArra return o.ApplyT(func(v LookupHostRuntimePolicyResult) []string { return v.OsUsersBlockeds }).(pulumi.StringArrayOutput) } -// List of packages that are not allowed read, write or execute all files that under the packages. -func (o LookupHostRuntimePolicyResultOutput) PackageBlocks() pulumi.StringArrayOutput { - return o.ApplyT(func(v LookupHostRuntimePolicyResult) []string { return v.PackageBlocks }).(pulumi.StringArrayOutput) +func (o LookupHostRuntimePolicyResultOutput) PackageBlocks() GetHostRuntimePolicyPackageBlockArrayOutput { + return o.ApplyT(func(v LookupHostRuntimePolicyResult) []GetHostRuntimePolicyPackageBlock { return v.PackageBlocks }).(GetHostRuntimePolicyPackageBlockArrayOutput) } // If true, port scanning behaviors will be audited. diff --git a/sdk/go/aquasec/getImage.go b/sdk/go/aquasec/getImage.go index 0d098dd4..65a5f35e 100644 --- a/sdk/go/aquasec/getImage.go +++ b/sdk/go/aquasec/getImage.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -24,9 +23,7 @@ func LookupImage(ctx *pulumi.Context, args *LookupImageArgs, opts ...pulumi.Invo // A collection of arguments for invoking getImage. type LookupImageArgs struct { - // The name of the registry where the image is stored. - Registry string `pulumi:"registry"` - // The name of the image's repository. + Registry string `pulumi:"registry"` Repository string `pulumi:"repository"` // The tag of the image. Tag string `pulumi:"tag"` @@ -153,9 +150,7 @@ func LookupImageOutput(ctx *pulumi.Context, args LookupImageOutputArgs, opts ... // A collection of arguments for invoking getImage. type LookupImageOutputArgs struct { - // The name of the registry where the image is stored. - Registry pulumi.StringInput `pulumi:"registry"` - // The name of the image's repository. + Registry pulumi.StringInput `pulumi:"registry"` Repository pulumi.StringInput `pulumi:"repository"` // The tag of the image. Tag pulumi.StringInput `pulumi:"tag"` @@ -180,12 +175,6 @@ func (o LookupImageResultOutput) ToLookupImageResultOutputWithContext(ctx contex return o } -func (o LookupImageResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupImageResult] { - return pulumix.Output[LookupImageResult]{ - OutputState: o.OutputState, - } -} - // The image architecture. func (o LookupImageResultOutput) Architecture() pulumi.StringOutput { return o.ApplyT(func(v LookupImageResult) string { return v.Architecture }).(pulumi.StringOutput) diff --git a/sdk/go/aquasec/getImageAssurancePolicy.go b/sdk/go/aquasec/getImageAssurancePolicy.go index 3648bbd9..b43609cb 100644 --- a/sdk/go/aquasec/getImageAssurancePolicy.go +++ b/sdk/go/aquasec/getImageAssurancePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -45,7 +44,7 @@ type LookupImageAssurancePolicyResult struct { BlacklistPermissionsEnabled bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed bool `pulumi:"blockFailed"` @@ -55,11 +54,11 @@ type LookupImageAssurancePolicyResult struct { // Indicates if scanning should include custom checks. CustomChecksEnabled bool `pulumi:"customChecksEnabled"` CustomSeverityEnabled bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -71,7 +70,8 @@ type LookupImageAssurancePolicyResult struct { CvssSeverityExcludeNoFix bool `pulumi:"cvssSeverityExcludeNoFix"` Description string `pulumi:"description"` // Indicates if malware should block the image. - DisallowMalware bool `pulumi:"disallowMalware"` + DisallowMalware bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain string `pulumi:"domain"` @@ -98,8 +98,9 @@ type LookupImageAssurancePolicyResult struct { // List of ignored risk resources. IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled bool `pulumi:"kubeCisEnabled"` // List of labels. Labels []string `pulumi:"labels"` MalwareAction string `pulumi:"malwareAction"` @@ -115,7 +116,7 @@ type LookupImageAssurancePolicyResult struct { OnlyNoneRootUsers bool `pulumi:"onlyNoneRootUsers"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []GetImageAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled bool `pulumi:"packagesWhiteListEnabled"` @@ -183,12 +184,6 @@ func (o LookupImageAssurancePolicyResultOutput) ToLookupImageAssurancePolicyResu return o } -func (o LookupImageAssurancePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupImageAssurancePolicyResult] { - return pulumix.Output[LookupImageAssurancePolicyResult]{ - OutputState: o.OutputState, - } -} - // List of explicitly allowed images. func (o LookupImageAssurancePolicyResultOutput) AllowedImages() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) []string { return v.AllowedImages }).(pulumi.StringArrayOutput) @@ -235,7 +230,7 @@ func (o LookupImageAssurancePolicyResultOutput) BlacklistedLicenses() pulumi.Str return o.ApplyT(func(v LookupImageAssurancePolicyResult) []string { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o LookupImageAssurancePolicyResultOutput) BlacklistedLicensesEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.BlacklistedLicensesEnabled }).(pulumi.BoolOutput) } @@ -263,17 +258,17 @@ func (o LookupImageAssurancePolicyResultOutput) CustomSeverityEnabled() pulumi.B return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.CustomSeverityEnabled }).(pulumi.BoolOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o LookupImageAssurancePolicyResultOutput) CvesBlackListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.CvesBlackListEnabled }).(pulumi.BoolOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o LookupImageAssurancePolicyResultOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) []string { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o LookupImageAssurancePolicyResultOutput) CvesWhiteListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.CvesWhiteListEnabled }).(pulumi.BoolOutput) } @@ -307,6 +302,7 @@ func (o LookupImageAssurancePolicyResultOutput) DisallowMalware() pulumi.BoolOut return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.DisallowMalware }).(pulumi.BoolOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o LookupImageAssurancePolicyResultOutput) DockerCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.DockerCisEnabled }).(pulumi.BoolOutput) } @@ -399,6 +395,7 @@ func (o LookupImageAssurancePolicyResultOutput) Images() pulumi.StringArrayOutpu return o.ApplyT(func(v LookupImageAssurancePolicyResult) []string { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o LookupImageAssurancePolicyResultOutput) KubeCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.KubeCisEnabled }).(pulumi.BoolOutput) } @@ -445,7 +442,7 @@ func (o LookupImageAssurancePolicyResultOutput) PackagesBlackListEnabled() pulum return o.ApplyT(func(v LookupImageAssurancePolicyResult) bool { return v.PackagesBlackListEnabled }).(pulumi.BoolOutput) } -// List of backlisted images. +// List of blacklisted images. func (o LookupImageAssurancePolicyResultOutput) PackagesBlackLists() GetImageAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v LookupImageAssurancePolicyResult) []GetImageAssurancePolicyPackagesBlackList { return v.PackagesBlackLists diff --git a/sdk/go/aquasec/getIntegrationRegistries.go b/sdk/go/aquasec/getIntegrationRegistries.go new file mode 100644 index 00000000..66cbade8 --- /dev/null +++ b/sdk/go/aquasec/getIntegrationRegistries.go @@ -0,0 +1,311 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package aquasec + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" +) + +func GetIntegrationRegistries(ctx *pulumi.Context, args *GetIntegrationRegistriesArgs, opts ...pulumi.InvokeOption) (*GetIntegrationRegistriesResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv GetIntegrationRegistriesResult + err := ctx.Invoke("aquasec:index/getIntegrationRegistries:getIntegrationRegistries", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +// A collection of arguments for invoking getIntegrationRegistries. +type GetIntegrationRegistriesArgs struct { + // Automatically clean up that don't match the pull criteria + AdvancedSettingsCleanup *bool `pulumi:"advancedSettingsCleanup"` + // List of image patterns to pull always + AlwaysPullPatterns []string `pulumi:"alwaysPullPatterns"` + // Additional condition for pulling and rescanning images, Defaults to 'none' + ImageCreationDateCondition *string `pulumi:"imageCreationDateCondition"` + // The last time the registry was modified in UNIX time + Lastupdate *int `pulumi:"lastupdate"` + // The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + Name string `pulumi:"name"` + Options []GetIntegrationRegistriesOption `pulumi:"options"` + // When auto pull image enabled, sets maximum age of auto pulled images + PullImageAge *string `pulumi:"pullImageAge"` + // When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + PullImageCount *int `pulumi:"pullImageCount"` + // List of image tags patterns to pull + PullImageTagPatterns []string `pulumi:"pullImageTagPatterns"` + // List of image patterns to exclude + PullRepoPatternsExcludeds []string `pulumi:"pullRepoPatternsExcludeds"` + // Registry scan timeout in Minutes + RegistryScanTimeout *int `pulumi:"registryScanTimeout"` + // List of scanner names + ScannerNames []string `pulumi:"scannerNames"` + // Scanner type + ScannerType *string `pulumi:"scannerType"` + // When enabled, registry events are sent to the given Aqua webhook url + Webhooks []GetIntegrationRegistriesWebhook `pulumi:"webhooks"` +} + +// A collection of values returned by getIntegrationRegistries. +type GetIntegrationRegistriesResult struct { + // Automatically clean up that don't match the pull criteria + AdvancedSettingsCleanup *bool `pulumi:"advancedSettingsCleanup"` + // List of image patterns to pull always + AlwaysPullPatterns []string `pulumi:"alwaysPullPatterns"` + // Automatically clean up images and repositories which are no longer present in the registry from Aqua console + AutoCleanup bool `pulumi:"autoCleanup"` + // Whether to automatically pull images from the registry on creation and daily + AutoPull bool `pulumi:"autoPull"` + // The interval in days to start pulling new images from the registry, Defaults to 1 + AutoPullInterval int `pulumi:"autoPullInterval"` + // Maximum number of repositories to pull every day, defaults to 100 + AutoPullMax int `pulumi:"autoPullMax"` + // Whether to automatically pull and rescan images from the registry on creation and daily + AutoPullRescan bool `pulumi:"autoPullRescan"` + // The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 + AutoPullTime string `pulumi:"autoPullTime"` + // The description of the registry + Description string `pulumi:"description"` + // The provider-assigned unique ID for this managed resource. + Id string `pulumi:"id"` + // Additional condition for pulling and rescanning images, Defaults to 'none' + ImageCreationDateCondition string `pulumi:"imageCreationDateCondition"` + // The last time the registry was modified in UNIX time + Lastupdate int `pulumi:"lastupdate"` + // The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + Name string `pulumi:"name"` + Options []GetIntegrationRegistriesOption `pulumi:"options"` + // The password for registry authentication + Password string `pulumi:"password"` + // List of possible prefixes to image names pulled from the registry + Prefixes []string `pulumi:"prefixes"` + // When auto pull image enabled, sets maximum age of auto pulled images + PullImageAge string `pulumi:"pullImageAge"` + // When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + PullImageCount int `pulumi:"pullImageCount"` + // List of image tags patterns to pull + PullImageTagPatterns []string `pulumi:"pullImageTagPatterns"` + // List of image patterns to exclude + PullRepoPatternsExcludeds []string `pulumi:"pullRepoPatternsExcludeds"` + // Registry scan timeout in Minutes + RegistryScanTimeout *int `pulumi:"registryScanTimeout"` + // List of scanner names + ScannerNames []string `pulumi:"scannerNames"` + // Scanner type + ScannerType string `pulumi:"scannerType"` + // Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). + Type string `pulumi:"type"` + // The URL, address or region of the registry + Url string `pulumi:"url"` + // The username for registry authentication. + Username string `pulumi:"username"` + // When enabled, registry events are sent to the given Aqua webhook url + Webhooks []GetIntegrationRegistriesWebhook `pulumi:"webhooks"` +} + +func GetIntegrationRegistriesOutput(ctx *pulumi.Context, args GetIntegrationRegistriesOutputArgs, opts ...pulumi.InvokeOption) GetIntegrationRegistriesResultOutput { + return pulumi.ToOutputWithContext(context.Background(), args). + ApplyT(func(v interface{}) (GetIntegrationRegistriesResult, error) { + args := v.(GetIntegrationRegistriesArgs) + r, err := GetIntegrationRegistries(ctx, &args, opts...) + var s GetIntegrationRegistriesResult + if r != nil { + s = *r + } + return s, err + }).(GetIntegrationRegistriesResultOutput) +} + +// A collection of arguments for invoking getIntegrationRegistries. +type GetIntegrationRegistriesOutputArgs struct { + // Automatically clean up that don't match the pull criteria + AdvancedSettingsCleanup pulumi.BoolPtrInput `pulumi:"advancedSettingsCleanup"` + // List of image patterns to pull always + AlwaysPullPatterns pulumi.StringArrayInput `pulumi:"alwaysPullPatterns"` + // Additional condition for pulling and rescanning images, Defaults to 'none' + ImageCreationDateCondition pulumi.StringPtrInput `pulumi:"imageCreationDateCondition"` + // The last time the registry was modified in UNIX time + Lastupdate pulumi.IntPtrInput `pulumi:"lastupdate"` + // The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + Name pulumi.StringInput `pulumi:"name"` + Options GetIntegrationRegistriesOptionArrayInput `pulumi:"options"` + // When auto pull image enabled, sets maximum age of auto pulled images + PullImageAge pulumi.StringPtrInput `pulumi:"pullImageAge"` + // When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + PullImageCount pulumi.IntPtrInput `pulumi:"pullImageCount"` + // List of image tags patterns to pull + PullImageTagPatterns pulumi.StringArrayInput `pulumi:"pullImageTagPatterns"` + // List of image patterns to exclude + PullRepoPatternsExcludeds pulumi.StringArrayInput `pulumi:"pullRepoPatternsExcludeds"` + // Registry scan timeout in Minutes + RegistryScanTimeout pulumi.IntPtrInput `pulumi:"registryScanTimeout"` + // List of scanner names + ScannerNames pulumi.StringArrayInput `pulumi:"scannerNames"` + // Scanner type + ScannerType pulumi.StringPtrInput `pulumi:"scannerType"` + // When enabled, registry events are sent to the given Aqua webhook url + Webhooks GetIntegrationRegistriesWebhookArrayInput `pulumi:"webhooks"` +} + +func (GetIntegrationRegistriesOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationRegistriesArgs)(nil)).Elem() +} + +// A collection of values returned by getIntegrationRegistries. +type GetIntegrationRegistriesResultOutput struct{ *pulumi.OutputState } + +func (GetIntegrationRegistriesResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationRegistriesResult)(nil)).Elem() +} + +func (o GetIntegrationRegistriesResultOutput) ToGetIntegrationRegistriesResultOutput() GetIntegrationRegistriesResultOutput { + return o +} + +func (o GetIntegrationRegistriesResultOutput) ToGetIntegrationRegistriesResultOutputWithContext(ctx context.Context) GetIntegrationRegistriesResultOutput { + return o +} + +// Automatically clean up that don't match the pull criteria +func (o GetIntegrationRegistriesResultOutput) AdvancedSettingsCleanup() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) *bool { return v.AdvancedSettingsCleanup }).(pulumi.BoolPtrOutput) +} + +// List of image patterns to pull always +func (o GetIntegrationRegistriesResultOutput) AlwaysPullPatterns() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []string { return v.AlwaysPullPatterns }).(pulumi.StringArrayOutput) +} + +// Automatically clean up images and repositories which are no longer present in the registry from Aqua console +func (o GetIntegrationRegistriesResultOutput) AutoCleanup() pulumi.BoolOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) bool { return v.AutoCleanup }).(pulumi.BoolOutput) +} + +// Whether to automatically pull images from the registry on creation and daily +func (o GetIntegrationRegistriesResultOutput) AutoPull() pulumi.BoolOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) bool { return v.AutoPull }).(pulumi.BoolOutput) +} + +// The interval in days to start pulling new images from the registry, Defaults to 1 +func (o GetIntegrationRegistriesResultOutput) AutoPullInterval() pulumi.IntOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) int { return v.AutoPullInterval }).(pulumi.IntOutput) +} + +// Maximum number of repositories to pull every day, defaults to 100 +func (o GetIntegrationRegistriesResultOutput) AutoPullMax() pulumi.IntOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) int { return v.AutoPullMax }).(pulumi.IntOutput) +} + +// Whether to automatically pull and rescan images from the registry on creation and daily +func (o GetIntegrationRegistriesResultOutput) AutoPullRescan() pulumi.BoolOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) bool { return v.AutoPullRescan }).(pulumi.BoolOutput) +} + +// The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 +func (o GetIntegrationRegistriesResultOutput) AutoPullTime() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.AutoPullTime }).(pulumi.StringOutput) +} + +// The description of the registry +func (o GetIntegrationRegistriesResultOutput) Description() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Description }).(pulumi.StringOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o GetIntegrationRegistriesResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Id }).(pulumi.StringOutput) +} + +// Additional condition for pulling and rescanning images, Defaults to 'none' +func (o GetIntegrationRegistriesResultOutput) ImageCreationDateCondition() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.ImageCreationDateCondition }).(pulumi.StringOutput) +} + +// The last time the registry was modified in UNIX time +func (o GetIntegrationRegistriesResultOutput) Lastupdate() pulumi.IntOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) int { return v.Lastupdate }).(pulumi.IntOutput) +} + +// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces +func (o GetIntegrationRegistriesResultOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Name }).(pulumi.StringOutput) +} + +func (o GetIntegrationRegistriesResultOutput) Options() GetIntegrationRegistriesOptionArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []GetIntegrationRegistriesOption { return v.Options }).(GetIntegrationRegistriesOptionArrayOutput) +} + +// The password for registry authentication +func (o GetIntegrationRegistriesResultOutput) Password() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Password }).(pulumi.StringOutput) +} + +// List of possible prefixes to image names pulled from the registry +func (o GetIntegrationRegistriesResultOutput) Prefixes() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []string { return v.Prefixes }).(pulumi.StringArrayOutput) +} + +// When auto pull image enabled, sets maximum age of auto pulled images +func (o GetIntegrationRegistriesResultOutput) PullImageAge() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.PullImageAge }).(pulumi.StringOutput) +} + +// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. +func (o GetIntegrationRegistriesResultOutput) PullImageCount() pulumi.IntOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) int { return v.PullImageCount }).(pulumi.IntOutput) +} + +// List of image tags patterns to pull +func (o GetIntegrationRegistriesResultOutput) PullImageTagPatterns() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []string { return v.PullImageTagPatterns }).(pulumi.StringArrayOutput) +} + +// List of image patterns to exclude +func (o GetIntegrationRegistriesResultOutput) PullRepoPatternsExcludeds() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []string { return v.PullRepoPatternsExcludeds }).(pulumi.StringArrayOutput) +} + +// Registry scan timeout in Minutes +func (o GetIntegrationRegistriesResultOutput) RegistryScanTimeout() pulumi.IntPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) *int { return v.RegistryScanTimeout }).(pulumi.IntPtrOutput) +} + +// List of scanner names +func (o GetIntegrationRegistriesResultOutput) ScannerNames() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []string { return v.ScannerNames }).(pulumi.StringArrayOutput) +} + +// Scanner type +func (o GetIntegrationRegistriesResultOutput) ScannerType() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.ScannerType }).(pulumi.StringOutput) +} + +// Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). +func (o GetIntegrationRegistriesResultOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Type }).(pulumi.StringOutput) +} + +// The URL, address or region of the registry +func (o GetIntegrationRegistriesResultOutput) Url() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Url }).(pulumi.StringOutput) +} + +// The username for registry authentication. +func (o GetIntegrationRegistriesResultOutput) Username() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) string { return v.Username }).(pulumi.StringOutput) +} + +// When enabled, registry events are sent to the given Aqua webhook url +func (o GetIntegrationRegistriesResultOutput) Webhooks() GetIntegrationRegistriesWebhookArrayOutput { + return o.ApplyT(func(v GetIntegrationRegistriesResult) []GetIntegrationRegistriesWebhook { return v.Webhooks }).(GetIntegrationRegistriesWebhookArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetIntegrationRegistriesResultOutput{}) +} diff --git a/sdk/go/aquasec/getIntegrationRegistry.go b/sdk/go/aquasec/getIntegrationRegistry.go index 612d8a71..0813a17d 100644 --- a/sdk/go/aquasec/getIntegrationRegistry.go +++ b/sdk/go/aquasec/getIntegrationRegistry.go @@ -8,10 +8,10 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) +// Deprecated: aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries func LookupIntegrationRegistry(ctx *pulumi.Context, args *LookupIntegrationRegistryArgs, opts ...pulumi.InvokeOption) (*LookupIntegrationRegistryResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupIntegrationRegistryResult @@ -24,90 +24,52 @@ func LookupIntegrationRegistry(ctx *pulumi.Context, args *LookupIntegrationRegis // A collection of arguments for invoking getIntegrationRegistry. type LookupIntegrationRegistryArgs struct { - // Automatically clean up that don't match the pull criteria - AdvancedSettingsCleanup *bool `pulumi:"advancedSettingsCleanup"` - // List of image patterns to pull always - AlwaysPullPatterns []string `pulumi:"alwaysPullPatterns"` - // Additional condition for pulling and rescanning images, Defaults to 'none' - ImageCreationDateCondition *string `pulumi:"imageCreationDateCondition"` - // The last time the registry was modified in UNIX time - Lastupdate *int `pulumi:"lastupdate"` - // The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - Name string `pulumi:"name"` - Options []GetIntegrationRegistryOption `pulumi:"options"` - // When auto pull image enabled, sets maximum age of auto pulled images - PullImageAge *string `pulumi:"pullImageAge"` - // When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - PullImageCount *int `pulumi:"pullImageCount"` - // List of image tags patterns to pull - PullImageTagPatterns []string `pulumi:"pullImageTagPatterns"` - // List of image patterns to exclude - PullRepoPatternsExcludeds []string `pulumi:"pullRepoPatternsExcludeds"` - // Registry scan timeout in Minutes - RegistryScanTimeout *int `pulumi:"registryScanTimeout"` - // List of scanner names - ScannerNames []string `pulumi:"scannerNames"` - // Scanner type - ScannerType *string `pulumi:"scannerType"` - // When enabled, registry events are sent to the given Aqua webhook url - Webhooks []GetIntegrationRegistryWebhook `pulumi:"webhooks"` + AdvancedSettingsCleanup *bool `pulumi:"advancedSettingsCleanup"` + AlwaysPullPatterns []string `pulumi:"alwaysPullPatterns"` + ImageCreationDateCondition *string `pulumi:"imageCreationDateCondition"` + Lastupdate *int `pulumi:"lastupdate"` + Name string `pulumi:"name"` + Options []GetIntegrationRegistryOption `pulumi:"options"` + PullImageAge *string `pulumi:"pullImageAge"` + PullImageCount *int `pulumi:"pullImageCount"` + PullImageTagPatterns []string `pulumi:"pullImageTagPatterns"` + PullRepoPatternsExcludeds []string `pulumi:"pullRepoPatternsExcludeds"` + RegistryScanTimeout *int `pulumi:"registryScanTimeout"` + ScannerNames []string `pulumi:"scannerNames"` + ScannerType *string `pulumi:"scannerType"` + Webhooks []GetIntegrationRegistryWebhook `pulumi:"webhooks"` } // A collection of values returned by getIntegrationRegistry. type LookupIntegrationRegistryResult struct { - // Automatically clean up that don't match the pull criteria - AdvancedSettingsCleanup *bool `pulumi:"advancedSettingsCleanup"` - // List of image patterns to pull always - AlwaysPullPatterns []string `pulumi:"alwaysPullPatterns"` - // Automatically clean up images and repositories which are no longer present in the registry from Aqua console - AutoCleanup bool `pulumi:"autoCleanup"` - // Whether to automatically pull images from the registry on creation and daily - AutoPull bool `pulumi:"autoPull"` - // The interval in days to start pulling new images from the registry, Defaults to 1 - AutoPullInterval int `pulumi:"autoPullInterval"` - // Maximum number of repositories to pull every day, defaults to 100 - AutoPullMax int `pulumi:"autoPullMax"` - // Whether to automatically pull and rescan images from the registry on creation and daily - AutoPullRescan bool `pulumi:"autoPullRescan"` - // The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 - AutoPullTime string `pulumi:"autoPullTime"` - // The description of the registry - Description string `pulumi:"description"` + AdvancedSettingsCleanup *bool `pulumi:"advancedSettingsCleanup"` + AlwaysPullPatterns []string `pulumi:"alwaysPullPatterns"` + AutoCleanup bool `pulumi:"autoCleanup"` + AutoPull bool `pulumi:"autoPull"` + AutoPullInterval int `pulumi:"autoPullInterval"` + AutoPullMax int `pulumi:"autoPullMax"` + AutoPullRescan bool `pulumi:"autoPullRescan"` + AutoPullTime string `pulumi:"autoPullTime"` + Description string `pulumi:"description"` // The provider-assigned unique ID for this managed resource. - Id string `pulumi:"id"` - // Additional condition for pulling and rescanning images, Defaults to 'none' - ImageCreationDateCondition string `pulumi:"imageCreationDateCondition"` - // The last time the registry was modified in UNIX time - Lastupdate int `pulumi:"lastupdate"` - // The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - Name string `pulumi:"name"` - Options []GetIntegrationRegistryOption `pulumi:"options"` - // The password for registry authentication - Password string `pulumi:"password"` - // List of possible prefixes to image names pulled from the registry - Prefixes []string `pulumi:"prefixes"` - // When auto pull image enabled, sets maximum age of auto pulled images - PullImageAge string `pulumi:"pullImageAge"` - // When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - PullImageCount int `pulumi:"pullImageCount"` - // List of image tags patterns to pull - PullImageTagPatterns []string `pulumi:"pullImageTagPatterns"` - // List of image patterns to exclude - PullRepoPatternsExcludeds []string `pulumi:"pullRepoPatternsExcludeds"` - // Registry scan timeout in Minutes - RegistryScanTimeout *int `pulumi:"registryScanTimeout"` - // List of scanner names - ScannerNames []string `pulumi:"scannerNames"` - // Scanner type - ScannerType string `pulumi:"scannerType"` - // Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). - Type string `pulumi:"type"` - // The URL, address or region of the registry - Url string `pulumi:"url"` - // The username for registry authentication. - Username string `pulumi:"username"` - // When enabled, registry events are sent to the given Aqua webhook url - Webhooks []GetIntegrationRegistryWebhook `pulumi:"webhooks"` + Id string `pulumi:"id"` + ImageCreationDateCondition string `pulumi:"imageCreationDateCondition"` + Lastupdate int `pulumi:"lastupdate"` + Name string `pulumi:"name"` + Options []GetIntegrationRegistryOption `pulumi:"options"` + Password string `pulumi:"password"` + Prefixes []string `pulumi:"prefixes"` + PullImageAge string `pulumi:"pullImageAge"` + PullImageCount int `pulumi:"pullImageCount"` + PullImageTagPatterns []string `pulumi:"pullImageTagPatterns"` + PullRepoPatternsExcludeds []string `pulumi:"pullRepoPatternsExcludeds"` + RegistryScanTimeout *int `pulumi:"registryScanTimeout"` + ScannerNames []string `pulumi:"scannerNames"` + ScannerType string `pulumi:"scannerType"` + Type string `pulumi:"type"` + Url string `pulumi:"url"` + Username string `pulumi:"username"` + Webhooks []GetIntegrationRegistryWebhook `pulumi:"webhooks"` } func LookupIntegrationRegistryOutput(ctx *pulumi.Context, args LookupIntegrationRegistryOutputArgs, opts ...pulumi.InvokeOption) LookupIntegrationRegistryResultOutput { @@ -125,33 +87,20 @@ func LookupIntegrationRegistryOutput(ctx *pulumi.Context, args LookupIntegration // A collection of arguments for invoking getIntegrationRegistry. type LookupIntegrationRegistryOutputArgs struct { - // Automatically clean up that don't match the pull criteria - AdvancedSettingsCleanup pulumi.BoolPtrInput `pulumi:"advancedSettingsCleanup"` - // List of image patterns to pull always - AlwaysPullPatterns pulumi.StringArrayInput `pulumi:"alwaysPullPatterns"` - // Additional condition for pulling and rescanning images, Defaults to 'none' - ImageCreationDateCondition pulumi.StringPtrInput `pulumi:"imageCreationDateCondition"` - // The last time the registry was modified in UNIX time - Lastupdate pulumi.IntPtrInput `pulumi:"lastupdate"` - // The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - Name pulumi.StringInput `pulumi:"name"` - Options GetIntegrationRegistryOptionArrayInput `pulumi:"options"` - // When auto pull image enabled, sets maximum age of auto pulled images - PullImageAge pulumi.StringPtrInput `pulumi:"pullImageAge"` - // When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - PullImageCount pulumi.IntPtrInput `pulumi:"pullImageCount"` - // List of image tags patterns to pull - PullImageTagPatterns pulumi.StringArrayInput `pulumi:"pullImageTagPatterns"` - // List of image patterns to exclude - PullRepoPatternsExcludeds pulumi.StringArrayInput `pulumi:"pullRepoPatternsExcludeds"` - // Registry scan timeout in Minutes - RegistryScanTimeout pulumi.IntPtrInput `pulumi:"registryScanTimeout"` - // List of scanner names - ScannerNames pulumi.StringArrayInput `pulumi:"scannerNames"` - // Scanner type - ScannerType pulumi.StringPtrInput `pulumi:"scannerType"` - // When enabled, registry events are sent to the given Aqua webhook url - Webhooks GetIntegrationRegistryWebhookArrayInput `pulumi:"webhooks"` + AdvancedSettingsCleanup pulumi.BoolPtrInput `pulumi:"advancedSettingsCleanup"` + AlwaysPullPatterns pulumi.StringArrayInput `pulumi:"alwaysPullPatterns"` + ImageCreationDateCondition pulumi.StringPtrInput `pulumi:"imageCreationDateCondition"` + Lastupdate pulumi.IntPtrInput `pulumi:"lastupdate"` + Name pulumi.StringInput `pulumi:"name"` + Options GetIntegrationRegistryOptionArrayInput `pulumi:"options"` + PullImageAge pulumi.StringPtrInput `pulumi:"pullImageAge"` + PullImageCount pulumi.IntPtrInput `pulumi:"pullImageCount"` + PullImageTagPatterns pulumi.StringArrayInput `pulumi:"pullImageTagPatterns"` + PullRepoPatternsExcludeds pulumi.StringArrayInput `pulumi:"pullRepoPatternsExcludeds"` + RegistryScanTimeout pulumi.IntPtrInput `pulumi:"registryScanTimeout"` + ScannerNames pulumi.StringArrayInput `pulumi:"scannerNames"` + ScannerType pulumi.StringPtrInput `pulumi:"scannerType"` + Webhooks GetIntegrationRegistryWebhookArrayInput `pulumi:"webhooks"` } func (LookupIntegrationRegistryOutputArgs) ElementType() reflect.Type { @@ -173,53 +122,38 @@ func (o LookupIntegrationRegistryResultOutput) ToLookupIntegrationRegistryResult return o } -func (o LookupIntegrationRegistryResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupIntegrationRegistryResult] { - return pulumix.Output[LookupIntegrationRegistryResult]{ - OutputState: o.OutputState, - } -} - -// Automatically clean up that don't match the pull criteria func (o LookupIntegrationRegistryResultOutput) AdvancedSettingsCleanup() pulumi.BoolPtrOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) *bool { return v.AdvancedSettingsCleanup }).(pulumi.BoolPtrOutput) } -// List of image patterns to pull always func (o LookupIntegrationRegistryResultOutput) AlwaysPullPatterns() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) []string { return v.AlwaysPullPatterns }).(pulumi.StringArrayOutput) } -// Automatically clean up images and repositories which are no longer present in the registry from Aqua console func (o LookupIntegrationRegistryResultOutput) AutoCleanup() pulumi.BoolOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) bool { return v.AutoCleanup }).(pulumi.BoolOutput) } -// Whether to automatically pull images from the registry on creation and daily func (o LookupIntegrationRegistryResultOutput) AutoPull() pulumi.BoolOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) bool { return v.AutoPull }).(pulumi.BoolOutput) } -// The interval in days to start pulling new images from the registry, Defaults to 1 func (o LookupIntegrationRegistryResultOutput) AutoPullInterval() pulumi.IntOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) int { return v.AutoPullInterval }).(pulumi.IntOutput) } -// Maximum number of repositories to pull every day, defaults to 100 func (o LookupIntegrationRegistryResultOutput) AutoPullMax() pulumi.IntOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) int { return v.AutoPullMax }).(pulumi.IntOutput) } -// Whether to automatically pull and rescan images from the registry on creation and daily func (o LookupIntegrationRegistryResultOutput) AutoPullRescan() pulumi.BoolOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) bool { return v.AutoPullRescan }).(pulumi.BoolOutput) } -// The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 func (o LookupIntegrationRegistryResultOutput) AutoPullTime() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.AutoPullTime }).(pulumi.StringOutput) } -// The description of the registry func (o LookupIntegrationRegistryResultOutput) Description() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Description }).(pulumi.StringOutput) } @@ -229,17 +163,14 @@ func (o LookupIntegrationRegistryResultOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Id }).(pulumi.StringOutput) } -// Additional condition for pulling and rescanning images, Defaults to 'none' func (o LookupIntegrationRegistryResultOutput) ImageCreationDateCondition() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.ImageCreationDateCondition }).(pulumi.StringOutput) } -// The last time the registry was modified in UNIX time func (o LookupIntegrationRegistryResultOutput) Lastupdate() pulumi.IntOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) int { return v.Lastupdate }).(pulumi.IntOutput) } -// The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces func (o LookupIntegrationRegistryResultOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Name }).(pulumi.StringOutput) } @@ -248,67 +179,54 @@ func (o LookupIntegrationRegistryResultOutput) Options() GetIntegrationRegistryO return o.ApplyT(func(v LookupIntegrationRegistryResult) []GetIntegrationRegistryOption { return v.Options }).(GetIntegrationRegistryOptionArrayOutput) } -// The password for registry authentication func (o LookupIntegrationRegistryResultOutput) Password() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Password }).(pulumi.StringOutput) } -// List of possible prefixes to image names pulled from the registry func (o LookupIntegrationRegistryResultOutput) Prefixes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) []string { return v.Prefixes }).(pulumi.StringArrayOutput) } -// When auto pull image enabled, sets maximum age of auto pulled images func (o LookupIntegrationRegistryResultOutput) PullImageAge() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.PullImageAge }).(pulumi.StringOutput) } -// When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. func (o LookupIntegrationRegistryResultOutput) PullImageCount() pulumi.IntOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) int { return v.PullImageCount }).(pulumi.IntOutput) } -// List of image tags patterns to pull func (o LookupIntegrationRegistryResultOutput) PullImageTagPatterns() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) []string { return v.PullImageTagPatterns }).(pulumi.StringArrayOutput) } -// List of image patterns to exclude func (o LookupIntegrationRegistryResultOutput) PullRepoPatternsExcludeds() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) []string { return v.PullRepoPatternsExcludeds }).(pulumi.StringArrayOutput) } -// Registry scan timeout in Minutes func (o LookupIntegrationRegistryResultOutput) RegistryScanTimeout() pulumi.IntPtrOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) *int { return v.RegistryScanTimeout }).(pulumi.IntPtrOutput) } -// List of scanner names func (o LookupIntegrationRegistryResultOutput) ScannerNames() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) []string { return v.ScannerNames }).(pulumi.StringArrayOutput) } -// Scanner type func (o LookupIntegrationRegistryResultOutput) ScannerType() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.ScannerType }).(pulumi.StringOutput) } -// Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). func (o LookupIntegrationRegistryResultOutput) Type() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Type }).(pulumi.StringOutput) } -// The URL, address or region of the registry func (o LookupIntegrationRegistryResultOutput) Url() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Url }).(pulumi.StringOutput) } -// The username for registry authentication. func (o LookupIntegrationRegistryResultOutput) Username() pulumi.StringOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) string { return v.Username }).(pulumi.StringOutput) } -// When enabled, registry events are sent to the given Aqua webhook url func (o LookupIntegrationRegistryResultOutput) Webhooks() GetIntegrationRegistryWebhookArrayOutput { return o.ApplyT(func(v LookupIntegrationRegistryResult) []GetIntegrationRegistryWebhook { return v.Webhooks }).(GetIntegrationRegistryWebhookArrayOutput) } diff --git a/sdk/go/aquasec/getIntegrationState.go b/sdk/go/aquasec/getIntegrationState.go index 32bef3bb..d92fc45b 100644 --- a/sdk/go/aquasec/getIntegrationState.go +++ b/sdk/go/aquasec/getIntegrationState.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -53,3 +56,53 @@ type GetIntegrationStateResult struct { // SAMLSettings enabled status SamlSettings bool `pulumi:"samlSettings"` } + +func GetIntegrationStateOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetIntegrationStateResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetIntegrationStateResult, error) { + r, err := GetIntegrationState(ctx, opts...) + var s GetIntegrationStateResult + if r != nil { + s = *r + } + return s, err + }).(GetIntegrationStateResultOutput) +} + +// A collection of values returned by getIntegrationState. +type GetIntegrationStateResultOutput struct{ *pulumi.OutputState } + +func (GetIntegrationStateResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationStateResult)(nil)).Elem() +} + +func (o GetIntegrationStateResultOutput) ToGetIntegrationStateResultOutput() GetIntegrationStateResultOutput { + return o +} + +func (o GetIntegrationStateResultOutput) ToGetIntegrationStateResultOutputWithContext(ctx context.Context) GetIntegrationStateResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o GetIntegrationStateResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetIntegrationStateResult) string { return v.Id }).(pulumi.StringOutput) +} + +// OIDCSettings enabled status +func (o GetIntegrationStateResultOutput) OidcSettings() pulumi.BoolOutput { + return o.ApplyT(func(v GetIntegrationStateResult) bool { return v.OidcSettings }).(pulumi.BoolOutput) +} + +// OpenIdSettings enabled status +func (o GetIntegrationStateResultOutput) OpenidSettings() pulumi.BoolOutput { + return o.ApplyT(func(v GetIntegrationStateResult) bool { return v.OpenidSettings }).(pulumi.BoolOutput) +} + +// SAMLSettings enabled status +func (o GetIntegrationStateResultOutput) SamlSettings() pulumi.BoolOutput { + return o.ApplyT(func(v GetIntegrationStateResult) bool { return v.SamlSettings }).(pulumi.BoolOutput) +} + +func init() { + pulumi.RegisterOutputType(GetIntegrationStateResultOutput{}) +} diff --git a/sdk/go/aquasec/getKubernetesAssurancePolicy.go b/sdk/go/aquasec/getKubernetesAssurancePolicy.go index e13e5318..d7eccb5d 100644 --- a/sdk/go/aquasec/getKubernetesAssurancePolicy.go +++ b/sdk/go/aquasec/getKubernetesAssurancePolicy.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -45,7 +44,7 @@ type LookupKubernetesAssurancePolicyResult struct { BlacklistPermissionsEnabled bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed bool `pulumi:"blockFailed"` @@ -55,35 +54,37 @@ type LookupKubernetesAssurancePolicyResult struct { // Indicates if scanning should include custom checks. CustomChecksEnabled bool `pulumi:"customChecksEnabled"` CustomSeverityEnabled bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled bool `pulumi:"cvesWhiteListEnabled"` - // List of cves whitelisted licenses + // List of CVEs whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` - // Identifier of the cvss severity. + // Identifier of the CVSS severity. CvssSeverity string `pulumi:"cvssSeverity"` - // Indicates if the cvss severity is scanned. + // Indicates if the CVSS severity is scanned. CvssSeverityEnabled bool `pulumi:"cvssSeverityEnabled"` - // Indicates that policy should ignore cvss cases that do not have a known fix. + // Indicates that policy should ignore CVSS cases that do not have a known fix. CvssSeverityExcludeNoFix bool `pulumi:"cvssSeverityExcludeNoFix"` Description string `pulumi:"description"` // Indicates if malware should block the image. - DisallowMalware bool `pulumi:"disallowMalware"` + DisallowMalware bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled bool `pulumi:"dockerCisEnabled"` // Name of the container image. - Domain string `pulumi:"domain"` - DomainName string `pulumi:"domainName"` - DtaEnabled bool `pulumi:"dtaEnabled"` - DtaSeverity string `pulumi:"dtaSeverity"` - Enabled bool `pulumi:"enabled"` - Enforce bool `pulumi:"enforce"` - EnforceAfterDays int `pulumi:"enforceAfterDays"` - EnforceExcessivePermissions bool `pulumi:"enforceExcessivePermissions"` + Domain string `pulumi:"domain"` + DomainName string `pulumi:"domainName"` + DtaEnabled bool `pulumi:"dtaEnabled"` + DtaSeverity string `pulumi:"dtaSeverity"` + Enabled bool `pulumi:"enabled"` + Enforce bool `pulumi:"enforce"` + EnforceAfterDays int `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions bool `pulumi:"enforceExcessivePermissions"` + // Directories to be excluded from monitoring. ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` - // Indicates if cicd failures will fail the image. + // Indicates if CI/CD failures will fail the image. FailCicd bool `pulumi:"failCicd"` ForbiddenLabels []GetKubernetesAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled bool `pulumi:"forbiddenLabelsEnabled"` @@ -98,8 +99,9 @@ type LookupKubernetesAssurancePolicyResult struct { // List of ignored risk resources. IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled bool `pulumi:"kubeCisEnabled"` // List of kubernetes control names KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. @@ -110,14 +112,15 @@ type LookupKubernetesAssurancePolicyResult struct { // Indicates if exceeding the maximum score is scanned. MaximumScoreEnabled bool `pulumi:"maximumScoreEnabled"` // Indicates that policy should ignore cases that do not have a known fix. - MaximumScoreExcludeNoFix bool `pulumi:"maximumScoreExcludeNoFix"` - MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` - Name string `pulumi:"name"` + MaximumScoreExcludeNoFix bool `pulumi:"maximumScoreExcludeNoFix"` + // Directories to be monitored. + MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` + Name string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. OnlyNoneRootUsers bool `pulumi:"onlyNoneRootUsers"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []GetKubernetesAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled bool `pulumi:"packagesWhiteListEnabled"` @@ -133,7 +136,7 @@ type LookupKubernetesAssurancePolicyResult struct { ScanNfsMounts bool `pulumi:"scanNfsMounts"` // Indicates if scan should include sensitive data in the image. ScanSensitiveData bool `pulumi:"scanSensitiveData"` - // Indicates if scanning should include scap. + // Indicates if scanning should include SCAP. ScapEnabled bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. ScapFiles []string `pulumi:"scapFiles"` @@ -185,12 +188,6 @@ func (o LookupKubernetesAssurancePolicyResultOutput) ToLookupKubernetesAssurance return o } -func (o LookupKubernetesAssurancePolicyResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupKubernetesAssurancePolicyResult] { - return pulumix.Output[LookupKubernetesAssurancePolicyResult]{ - OutputState: o.OutputState, - } -} - // List of explicitly allowed images. func (o LookupKubernetesAssurancePolicyResultOutput) AllowedImages() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.AllowedImages }).(pulumi.StringArrayOutput) @@ -239,7 +236,7 @@ func (o LookupKubernetesAssurancePolicyResultOutput) BlacklistedLicenses() pulum return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o LookupKubernetesAssurancePolicyResultOutput) BlacklistedLicensesEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.BlacklistedLicensesEnabled }).(pulumi.BoolOutput) } @@ -269,37 +266,37 @@ func (o LookupKubernetesAssurancePolicyResultOutput) CustomSeverityEnabled() pul return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.CustomSeverityEnabled }).(pulumi.BoolOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o LookupKubernetesAssurancePolicyResultOutput) CvesBlackListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.CvesBlackListEnabled }).(pulumi.BoolOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o LookupKubernetesAssurancePolicyResultOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o LookupKubernetesAssurancePolicyResultOutput) CvesWhiteListEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.CvesWhiteListEnabled }).(pulumi.BoolOutput) } -// List of cves whitelisted licenses +// List of CVEs whitelisted licenses func (o LookupKubernetesAssurancePolicyResultOutput) CvesWhiteLists() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.CvesWhiteLists }).(pulumi.StringArrayOutput) } -// Identifier of the cvss severity. +// Identifier of the CVSS severity. func (o LookupKubernetesAssurancePolicyResultOutput) CvssSeverity() pulumi.StringOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) string { return v.CvssSeverity }).(pulumi.StringOutput) } -// Indicates if the cvss severity is scanned. +// Indicates if the CVSS severity is scanned. func (o LookupKubernetesAssurancePolicyResultOutput) CvssSeverityEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.CvssSeverityEnabled }).(pulumi.BoolOutput) } -// Indicates that policy should ignore cvss cases that do not have a known fix. +// Indicates that policy should ignore CVSS cases that do not have a known fix. func (o LookupKubernetesAssurancePolicyResultOutput) CvssSeverityExcludeNoFix() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.CvssSeverityExcludeNoFix }).(pulumi.BoolOutput) } @@ -313,6 +310,7 @@ func (o LookupKubernetesAssurancePolicyResultOutput) DisallowMalware() pulumi.Bo return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.DisallowMalware }).(pulumi.BoolOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o LookupKubernetesAssurancePolicyResultOutput) DockerCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.DockerCisEnabled }).(pulumi.BoolOutput) } @@ -350,11 +348,12 @@ func (o LookupKubernetesAssurancePolicyResultOutput) EnforceExcessivePermissions return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.EnforceExcessivePermissions }).(pulumi.BoolOutput) } +// Directories to be excluded from monitoring. func (o LookupKubernetesAssurancePolicyResultOutput) ExceptionalMonitoredMalwarePaths() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.ExceptionalMonitoredMalwarePaths }).(pulumi.StringArrayOutput) } -// Indicates if cicd failures will fail the image. +// Indicates if CI/CD failures will fail the image. func (o LookupKubernetesAssurancePolicyResultOutput) FailCicd() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.FailCicd }).(pulumi.BoolOutput) } @@ -405,6 +404,7 @@ func (o LookupKubernetesAssurancePolicyResultOutput) Images() pulumi.StringArray return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o LookupKubernetesAssurancePolicyResultOutput) KubeCisEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.KubeCisEnabled }).(pulumi.BoolOutput) } @@ -438,6 +438,7 @@ func (o LookupKubernetesAssurancePolicyResultOutput) MaximumScoreExcludeNoFix() return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.MaximumScoreExcludeNoFix }).(pulumi.BoolOutput) } +// Directories to be monitored. func (o LookupKubernetesAssurancePolicyResultOutput) MonitoredMalwarePaths() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []string { return v.MonitoredMalwarePaths }).(pulumi.StringArrayOutput) } @@ -456,7 +457,7 @@ func (o LookupKubernetesAssurancePolicyResultOutput) PackagesBlackListEnabled() return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.PackagesBlackListEnabled }).(pulumi.BoolOutput) } -// List of backlisted images. +// List of blacklisted images. func (o LookupKubernetesAssurancePolicyResultOutput) PackagesBlackLists() GetKubernetesAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) []GetKubernetesAssurancePolicyPackagesBlackList { return v.PackagesBlackLists @@ -511,7 +512,7 @@ func (o LookupKubernetesAssurancePolicyResultOutput) ScanSensitiveData() pulumi. return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.ScanSensitiveData }).(pulumi.BoolOutput) } -// Indicates if scanning should include scap. +// Indicates if scanning should include SCAP. func (o LookupKubernetesAssurancePolicyResultOutput) ScapEnabled() pulumi.BoolOutput { return o.ApplyT(func(v LookupKubernetesAssurancePolicyResult) bool { return v.ScapEnabled }).(pulumi.BoolOutput) } diff --git a/sdk/go/aquasec/getNotifications.go b/sdk/go/aquasec/getNotifications.go index 7d82fad3..e115fe9e 100644 --- a/sdk/go/aquasec/getNotifications.go +++ b/sdk/go/aquasec/getNotifications.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -30,3 +33,66 @@ type GetNotificationsResult struct { Teams []GetNotificationsTeam `pulumi:"teams"` Webhooks []GetNotificationsWebhook `pulumi:"webhooks"` } + +func GetNotificationsOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetNotificationsResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetNotificationsResult, error) { + r, err := GetNotifications(ctx, opts...) + var s GetNotificationsResult + if r != nil { + s = *r + } + return s, err + }).(GetNotificationsResultOutput) +} + +// A collection of values returned by getNotifications. +type GetNotificationsResultOutput struct{ *pulumi.OutputState } + +func (GetNotificationsResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetNotificationsResult)(nil)).Elem() +} + +func (o GetNotificationsResultOutput) ToGetNotificationsResultOutput() GetNotificationsResultOutput { + return o +} + +func (o GetNotificationsResultOutput) ToGetNotificationsResultOutputWithContext(ctx context.Context) GetNotificationsResultOutput { + return o +} + +func (o GetNotificationsResultOutput) Emails() GetNotificationsEmailArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsEmail { return v.Emails }).(GetNotificationsEmailArrayOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o GetNotificationsResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetNotificationsResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o GetNotificationsResultOutput) Jiras() GetNotificationsJiraArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsJira { return v.Jiras }).(GetNotificationsJiraArrayOutput) +} + +func (o GetNotificationsResultOutput) Servicenows() GetNotificationsServicenowArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsServicenow { return v.Servicenows }).(GetNotificationsServicenowArrayOutput) +} + +func (o GetNotificationsResultOutput) Slacks() GetNotificationsSlackArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsSlack { return v.Slacks }).(GetNotificationsSlackArrayOutput) +} + +func (o GetNotificationsResultOutput) Splunks() GetNotificationsSplunkArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsSplunk { return v.Splunks }).(GetNotificationsSplunkArrayOutput) +} + +func (o GetNotificationsResultOutput) Teams() GetNotificationsTeamArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsTeam { return v.Teams }).(GetNotificationsTeamArrayOutput) +} + +func (o GetNotificationsResultOutput) Webhooks() GetNotificationsWebhookArrayOutput { + return o.ApplyT(func(v GetNotificationsResult) []GetNotificationsWebhook { return v.Webhooks }).(GetNotificationsWebhookArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetNotificationsResultOutput{}) +} diff --git a/sdk/go/aquasec/getPermissionsSets.go b/sdk/go/aquasec/getPermissionsSets.go index f9f12510..14162c3d 100644 --- a/sdk/go/aquasec/getPermissionsSets.go +++ b/sdk/go/aquasec/getPermissionsSets.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -55,3 +58,42 @@ type LookupPermissionsSetsResult struct { Id string `pulumi:"id"` PermissionsSets []GetPermissionsSetsPermissionsSet `pulumi:"permissionsSets"` } + +func LookupPermissionsSetsOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) LookupPermissionsSetsResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (LookupPermissionsSetsResult, error) { + r, err := LookupPermissionsSets(ctx, opts...) + var s LookupPermissionsSetsResult + if r != nil { + s = *r + } + return s, err + }).(LookupPermissionsSetsResultOutput) +} + +// A collection of values returned by getPermissionsSets. +type LookupPermissionsSetsResultOutput struct{ *pulumi.OutputState } + +func (LookupPermissionsSetsResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupPermissionsSetsResult)(nil)).Elem() +} + +func (o LookupPermissionsSetsResultOutput) ToLookupPermissionsSetsResultOutput() LookupPermissionsSetsResultOutput { + return o +} + +func (o LookupPermissionsSetsResultOutput) ToLookupPermissionsSetsResultOutputWithContext(ctx context.Context) LookupPermissionsSetsResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o LookupPermissionsSetsResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v LookupPermissionsSetsResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o LookupPermissionsSetsResultOutput) PermissionsSets() GetPermissionsSetsPermissionsSetArrayOutput { + return o.ApplyT(func(v LookupPermissionsSetsResult) []GetPermissionsSetsPermissionsSet { return v.PermissionsSets }).(GetPermissionsSetsPermissionsSetArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupPermissionsSetsResultOutput{}) +} diff --git a/sdk/go/aquasec/getRoles.go b/sdk/go/aquasec/getRoles.go index 57b063c8..2bcf4b15 100644 --- a/sdk/go/aquasec/getRoles.go +++ b/sdk/go/aquasec/getRoles.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,3 +53,42 @@ type GetRolesResult struct { Id string `pulumi:"id"` Roles []GetRolesRole `pulumi:"roles"` } + +func GetRolesOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetRolesResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetRolesResult, error) { + r, err := GetRoles(ctx, opts...) + var s GetRolesResult + if r != nil { + s = *r + } + return s, err + }).(GetRolesResultOutput) +} + +// A collection of values returned by getRoles. +type GetRolesResultOutput struct{ *pulumi.OutputState } + +func (GetRolesResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetRolesResult)(nil)).Elem() +} + +func (o GetRolesResultOutput) ToGetRolesResultOutput() GetRolesResultOutput { + return o +} + +func (o GetRolesResultOutput) ToGetRolesResultOutputWithContext(ctx context.Context) GetRolesResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o GetRolesResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetRolesResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o GetRolesResultOutput) Roles() GetRolesRoleArrayOutput { + return o.ApplyT(func(v GetRolesResult) []GetRolesRole { return v.Roles }).(GetRolesRoleArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetRolesResultOutput{}) +} diff --git a/sdk/go/aquasec/getRolesMapping.go b/sdk/go/aquasec/getRolesMapping.go index 4b47614f..9962886e 100644 --- a/sdk/go/aquasec/getRolesMapping.go +++ b/sdk/go/aquasec/getRolesMapping.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -56,3 +59,58 @@ type GetRolesMappingResult struct { // SAML Authentication Samls []GetRolesMappingSaml `pulumi:"samls"` } + +func GetRolesMappingOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetRolesMappingResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetRolesMappingResult, error) { + r, err := GetRolesMapping(ctx, opts...) + var s GetRolesMappingResult + if r != nil { + s = *r + } + return s, err + }).(GetRolesMappingResultOutput) +} + +// A collection of values returned by getRolesMapping. +type GetRolesMappingResultOutput struct{ *pulumi.OutputState } + +func (GetRolesMappingResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetRolesMappingResult)(nil)).Elem() +} + +func (o GetRolesMappingResultOutput) ToGetRolesMappingResultOutput() GetRolesMappingResultOutput { + return o +} + +func (o GetRolesMappingResultOutput) ToGetRolesMappingResultOutputWithContext(ctx context.Context) GetRolesMappingResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o GetRolesMappingResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetRolesMappingResult) string { return v.Id }).(pulumi.StringOutput) +} + +// LDAP Authentication +func (o GetRolesMappingResultOutput) Ldaps() GetRolesMappingLdapArrayOutput { + return o.ApplyT(func(v GetRolesMappingResult) []GetRolesMappingLdap { return v.Ldaps }).(GetRolesMappingLdapArrayOutput) +} + +// Oauth2 Authentication +func (o GetRolesMappingResultOutput) Oauth2s() GetRolesMappingOauth2ArrayOutput { + return o.ApplyT(func(v GetRolesMappingResult) []GetRolesMappingOauth2 { return v.Oauth2s }).(GetRolesMappingOauth2ArrayOutput) +} + +// OpenId Authentication +func (o GetRolesMappingResultOutput) Openids() GetRolesMappingOpenidArrayOutput { + return o.ApplyT(func(v GetRolesMappingResult) []GetRolesMappingOpenid { return v.Openids }).(GetRolesMappingOpenidArrayOutput) +} + +// SAML Authentication +func (o GetRolesMappingResultOutput) Samls() GetRolesMappingSamlArrayOutput { + return o.ApplyT(func(v GetRolesMappingResult) []GetRolesMappingSaml { return v.Samls }).(GetRolesMappingSamlArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetRolesMappingResultOutput{}) +} diff --git a/sdk/go/aquasec/getRolesMappingSaas.go b/sdk/go/aquasec/getRolesMappingSaas.go index 7e5d4c1d..4b825803 100644 --- a/sdk/go/aquasec/getRolesMappingSaas.go +++ b/sdk/go/aquasec/getRolesMappingSaas.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -48,3 +51,42 @@ type GetRolesMappingSaasResult struct { Id string `pulumi:"id"` RolesMappings []GetRolesMappingSaasRolesMapping `pulumi:"rolesMappings"` } + +func GetRolesMappingSaasOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetRolesMappingSaasResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetRolesMappingSaasResult, error) { + r, err := GetRolesMappingSaas(ctx, opts...) + var s GetRolesMappingSaasResult + if r != nil { + s = *r + } + return s, err + }).(GetRolesMappingSaasResultOutput) +} + +// A collection of values returned by getRolesMappingSaas. +type GetRolesMappingSaasResultOutput struct{ *pulumi.OutputState } + +func (GetRolesMappingSaasResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetRolesMappingSaasResult)(nil)).Elem() +} + +func (o GetRolesMappingSaasResultOutput) ToGetRolesMappingSaasResultOutput() GetRolesMappingSaasResultOutput { + return o +} + +func (o GetRolesMappingSaasResultOutput) ToGetRolesMappingSaasResultOutputWithContext(ctx context.Context) GetRolesMappingSaasResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o GetRolesMappingSaasResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetRolesMappingSaasResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o GetRolesMappingSaasResultOutput) RolesMappings() GetRolesMappingSaasRolesMappingArrayOutput { + return o.ApplyT(func(v GetRolesMappingSaasResult) []GetRolesMappingSaasRolesMapping { return v.RolesMappings }).(GetRolesMappingSaasRolesMappingArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetRolesMappingSaasResultOutput{}) +} diff --git a/sdk/go/aquasec/getService.go b/sdk/go/aquasec/getService.go index 1fa99ad0..f0bfef70 100644 --- a/sdk/go/aquasec/getService.go +++ b/sdk/go/aquasec/getService.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -24,7 +23,6 @@ func LookupService(ctx *pulumi.Context, args *LookupServiceArgs, opts ...pulumi. // A collection of arguments for invoking getService. type LookupServiceArgs struct { - // The name of the service. It is recommended not to use whitespace characters in the name. Name string `pulumi:"name"` } @@ -99,7 +97,6 @@ func LookupServiceOutput(ctx *pulumi.Context, args LookupServiceOutputArgs, opts // A collection of arguments for invoking getService. type LookupServiceOutputArgs struct { - // The name of the service. It is recommended not to use whitespace characters in the name. Name pulumi.StringInput `pulumi:"name"` } @@ -122,12 +119,6 @@ func (o LookupServiceResultOutput) ToLookupServiceResultOutputWithContext(ctx co return o } -func (o LookupServiceResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupServiceResult] { - return pulumix.Output[LookupServiceResult]{ - OutputState: o.OutputState, - } -} - // Indicates the application scope of the service. func (o LookupServiceResultOutput) ApplicationScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupServiceResult) []string { return v.ApplicationScopes }).(pulumi.StringArrayOutput) diff --git a/sdk/go/aquasec/getUsers.go b/sdk/go/aquasec/getUsers.go index fd4d070a..14c77df0 100644 --- a/sdk/go/aquasec/getUsers.go +++ b/sdk/go/aquasec/getUsers.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,3 +53,42 @@ type GetUsersResult struct { Id string `pulumi:"id"` Users []GetUsersUser `pulumi:"users"` } + +func GetUsersOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetUsersResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetUsersResult, error) { + r, err := GetUsers(ctx, opts...) + var s GetUsersResult + if r != nil { + s = *r + } + return s, err + }).(GetUsersResultOutput) +} + +// A collection of values returned by getUsers. +type GetUsersResultOutput struct{ *pulumi.OutputState } + +func (GetUsersResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetUsersResult)(nil)).Elem() +} + +func (o GetUsersResultOutput) ToGetUsersResultOutput() GetUsersResultOutput { + return o +} + +func (o GetUsersResultOutput) ToGetUsersResultOutputWithContext(ctx context.Context) GetUsersResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o GetUsersResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetUsersResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o GetUsersResultOutput) Users() GetUsersUserArrayOutput { + return o.ApplyT(func(v GetUsersResult) []GetUsersUser { return v.Users }).(GetUsersUserArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetUsersResultOutput{}) +} diff --git a/sdk/go/aquasec/getUsersSaas.go b/sdk/go/aquasec/getUsersSaas.go index eb4a10e3..e4a9334d 100644 --- a/sdk/go/aquasec/getUsersSaas.go +++ b/sdk/go/aquasec/getUsersSaas.go @@ -4,6 +4,9 @@ package aquasec import ( + "context" + "reflect" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -50,3 +53,42 @@ type GetUsersSaasResult struct { Id string `pulumi:"id"` Users []GetUsersSaasUser `pulumi:"users"` } + +func GetUsersSaasOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetUsersSaasResultOutput { + return pulumi.ToOutput(0).ApplyT(func(int) (GetUsersSaasResult, error) { + r, err := GetUsersSaas(ctx, opts...) + var s GetUsersSaasResult + if r != nil { + s = *r + } + return s, err + }).(GetUsersSaasResultOutput) +} + +// A collection of values returned by getUsersSaas. +type GetUsersSaasResultOutput struct{ *pulumi.OutputState } + +func (GetUsersSaasResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetUsersSaasResult)(nil)).Elem() +} + +func (o GetUsersSaasResultOutput) ToGetUsersSaasResultOutput() GetUsersSaasResultOutput { + return o +} + +func (o GetUsersSaasResultOutput) ToGetUsersSaasResultOutputWithContext(ctx context.Context) GetUsersSaasResultOutput { + return o +} + +// The provider-assigned unique ID for this managed resource. +func (o GetUsersSaasResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v GetUsersSaasResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o GetUsersSaasResultOutput) Users() GetUsersSaasUserArrayOutput { + return o.ApplyT(func(v GetUsersSaasResult) []GetUsersSaasUser { return v.Users }).(GetUsersSaasUserArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(GetUsersSaasResultOutput{}) +} diff --git a/sdk/go/aquasec/group.go b/sdk/go/aquasec/group.go index 50e61ccd..46d157e1 100644 --- a/sdk/go/aquasec/group.go +++ b/sdk/go/aquasec/group.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -135,12 +134,6 @@ func (i *Group) ToGroupOutputWithContext(ctx context.Context) GroupOutput { return pulumi.ToOutputWithContext(ctx, i).(GroupOutput) } -func (i *Group) ToOutput(ctx context.Context) pulumix.Output[*Group] { - return pulumix.Output[*Group]{ - OutputState: i.ToGroupOutputWithContext(ctx).OutputState, - } -} - // GroupArrayInput is an input type that accepts GroupArray and GroupArrayOutput values. // You can construct a concrete instance of `GroupArrayInput` via: // @@ -166,12 +159,6 @@ func (i GroupArray) ToGroupArrayOutputWithContext(ctx context.Context) GroupArra return pulumi.ToOutputWithContext(ctx, i).(GroupArrayOutput) } -func (i GroupArray) ToOutput(ctx context.Context) pulumix.Output[[]*Group] { - return pulumix.Output[[]*Group]{ - OutputState: i.ToGroupArrayOutputWithContext(ctx).OutputState, - } -} - // GroupMapInput is an input type that accepts GroupMap and GroupMapOutput values. // You can construct a concrete instance of `GroupMapInput` via: // @@ -197,12 +184,6 @@ func (i GroupMap) ToGroupMapOutputWithContext(ctx context.Context) GroupMapOutpu return pulumi.ToOutputWithContext(ctx, i).(GroupMapOutput) } -func (i GroupMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Group] { - return pulumix.Output[map[string]*Group]{ - OutputState: i.ToGroupMapOutputWithContext(ctx).OutputState, - } -} - type GroupOutput struct{ *pulumi.OutputState } func (GroupOutput) ElementType() reflect.Type { @@ -217,12 +198,6 @@ func (o GroupOutput) ToGroupOutputWithContext(ctx context.Context) GroupOutput { return o } -func (o GroupOutput) ToOutput(ctx context.Context) pulumix.Output[*Group] { - return pulumix.Output[*Group]{ - OutputState: o.OutputState, - } -} - // The creation date of the group. func (o GroupOutput) Created() pulumi.StringOutput { return o.ApplyT(func(v *Group) pulumi.StringOutput { return v.Created }).(pulumi.StringOutput) @@ -252,12 +227,6 @@ func (o GroupArrayOutput) ToGroupArrayOutputWithContext(ctx context.Context) Gro return o } -func (o GroupArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Group] { - return pulumix.Output[[]*Group]{ - OutputState: o.OutputState, - } -} - func (o GroupArrayOutput) Index(i pulumi.IntInput) GroupOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Group { return vs[0].([]*Group)[vs[1].(int)] @@ -278,12 +247,6 @@ func (o GroupMapOutput) ToGroupMapOutputWithContext(ctx context.Context) GroupMa return o } -func (o GroupMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Group] { - return pulumix.Output[map[string]*Group]{ - OutputState: o.OutputState, - } -} - func (o GroupMapOutput) MapIndex(k pulumi.StringInput) GroupOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Group { return vs[0].(map[string]*Group)[vs[1].(string)] diff --git a/sdk/go/aquasec/hostAssurancePolicy.go b/sdk/go/aquasec/hostAssurancePolicy.go index e0a6e9a1..89bcee8b 100644 --- a/sdk/go/aquasec/hostAssurancePolicy.go +++ b/sdk/go/aquasec/hostAssurancePolicy.go @@ -9,16 +9,26 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) +// Host Assurance is a subsystem of Aqua. It is responsible for: +// +// Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. +// +// Evaluates scan findings according to defined Host Assurance Policies. +// Determines host compliance based on these policies. +// Generates an audit event for host assurance failure. type HostAssurancePolicy struct { pulumi.CustomResourceState + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapOutput `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages pulumi.StringArrayOutput `pulumi:"allowedImages"` ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType pulumi.StringOutput `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrOutput `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -32,7 +42,7 @@ type HostAssurancePolicy struct { BlacklistPermissionsEnabled pulumi.BoolPtrOutput `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayOutput `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrOutput `pulumi:"blockFailed"` @@ -41,12 +51,13 @@ type HostAssurancePolicy struct { CustomChecks HostAssurancePolicyCustomCheckArrayOutput `pulumi:"customChecks"` // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrOutput `pulumi:"customChecksEnabled"` + CustomSeverity pulumi.StringOutput `pulumi:"customSeverity"` CustomSeverityEnabled pulumi.BoolPtrOutput `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayOutput `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayOutput `pulumi:"cvesWhiteLists"` @@ -55,10 +66,12 @@ type HostAssurancePolicy struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled pulumi.BoolPtrOutput `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` - Description pulumi.StringPtrOutput `pulumi:"description"` + CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` + Description pulumi.StringPtrOutput `pulumi:"description"` + DisallowExploitTypes pulumi.StringArrayOutput `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrOutput `pulumi:"dockerCisEnabled"` // Name of the container image. Domain pulumi.StringPtrOutput `pulumi:"domain"` @@ -70,24 +83,33 @@ type HostAssurancePolicy struct { EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` EnforceExcessivePermissions pulumi.BoolPtrOutput `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. FailCicd pulumi.BoolPtrOutput `pulumi:"failCicd"` ForbiddenLabels HostAssurancePolicyForbiddenLabelArrayOutput `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled pulumi.BoolPtrOutput `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer pulumi.BoolPtrOutput `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled pulumi.BoolPtrOutput `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln pulumi.BoolPtrOutput `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln pulumi.BoolPtrOutput `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod pulumi.IntOutput `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrOutput `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources pulumi.StringArrayOutput `pulumi:"ignoredSensitiveResources"` // List of images. - Images pulumi.StringArrayOutput `pulumi:"images"` - KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + Images pulumi.StringArrayOutput `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + KubernetesControls pulumi.StringArrayOutput `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds pulumi.StringArrayOutput `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames pulumi.StringArrayOutput `pulumi:"kubernetesControlsNames"` // List of labels. - Labels pulumi.StringArrayOutput `pulumi:"labels"` - MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` + Labels pulumi.StringArrayOutput `pulumi:"labels"` + Lastupdate pulumi.StringOutput `pulumi:"lastupdate"` + LinuxCisEnabled pulumi.BoolPtrOutput `pulumi:"linuxCisEnabled"` + MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore pulumi.Float64PtrOutput `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. @@ -97,25 +119,31 @@ type HostAssurancePolicy struct { MonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"monitoredMalwarePaths"` Name pulumi.StringOutput `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled pulumi.BoolPtrOutput `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists HostAssurancePolicyPackagesBlackListArrayOutput `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists HostAssurancePolicyPackagesWhiteListArrayOutput `pulumi:"packagesWhiteLists"` PartialResultsImageFail pulumi.BoolPtrOutput `pulumi:"partialResultsImageFail"` + Permission pulumi.StringOutput `pulumi:"permission"` + PolicySettings HostAssurancePolicyPolicySettingsOutput `pulumi:"policySettings"` ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` // List of registries. Registries pulumi.StringArrayOutput `pulumi:"registries"` Registry pulumi.StringPtrOutput `pulumi:"registry"` RequiredLabels HostAssurancePolicyRequiredLabelArrayOutput `pulumi:"requiredLabels"` RequiredLabelsEnabled pulumi.BoolPtrOutput `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives pulumi.BoolPtrOutput `pulumi:"scanMalwareInArchives"` ScanNfsMounts pulumi.BoolPtrOutput `pulumi:"scanNfsMounts"` + ScanProcessMemory pulumi.BoolPtrOutput `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanWindowsRegistry pulumi.BoolPtrOutput `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrOutput `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -124,11 +152,15 @@ type HostAssurancePolicy struct { // List of trusted images. TrustedBaseImages HostAssurancePolicyTrustedBaseImageArrayOutput `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability pulumi.BoolPtrOutput `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges pulumi.IntArrayOutput `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayOutput `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. WhitelistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"whitelistedLicensesEnabled"` + // Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + WindowsCisEnabled pulumi.BoolPtrOutput `pulumi:"windowsCisEnabled"` } // NewHostAssurancePolicy registers a new resource with the given unique name, arguments, and options. @@ -164,9 +196,13 @@ func GetHostAssurancePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering HostAssurancePolicy resources. type hostAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure *bool `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -180,7 +216,7 @@ type hostAssurancePolicyState struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -188,13 +224,14 @@ type hostAssurancePolicyState struct { // List of Custom user scripts for checks. CustomChecks []HostAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -203,10 +240,12 @@ type hostAssurancePolicyState struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain *string `pulumi:"domain"` @@ -218,24 +257,33 @@ type hostAssurancePolicyState struct { EnforceAfterDays *int `pulumi:"enforceAfterDays"` EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. FailCicd *bool `pulumi:"failCicd"` ForbiddenLabels []HostAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + KubernetesControls []string `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. @@ -245,25 +293,31 @@ type hostAssurancePolicyState struct { MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []HostAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []HostAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *HostAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []HostAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -272,17 +326,25 @@ type hostAssurancePolicyState struct { // List of trusted images. TrustedBaseImages []HostAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. WhitelistedLicensesEnabled *bool `pulumi:"whitelistedLicensesEnabled"` + // Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + WindowsCisEnabled *bool `pulumi:"windowsCisEnabled"` } type HostAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrInput // Name of user account that created the policy. @@ -296,7 +358,7 @@ type HostAssurancePolicyState struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -305,12 +367,13 @@ type HostAssurancePolicyState struct { CustomChecks HostAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayInput - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrInput // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayInput @@ -321,8 +384,10 @@ type HostAssurancePolicyState struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. Domain pulumi.StringPtrInput @@ -334,24 +399,33 @@ type HostAssurancePolicyState struct { EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput // Indicates if cicd failures will fail the image. FailCicd pulumi.BoolPtrInput ForbiddenLabels HostAssurancePolicyForbiddenLabelArrayInput ForbiddenLabelsEnabled pulumi.BoolPtrInput ForceMicroenforcer pulumi.BoolPtrInput FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput - KubeCisEnabled pulumi.BoolPtrInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrInput + KubernetesControls pulumi.StringArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. @@ -361,25 +435,31 @@ type HostAssurancePolicyState struct { MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists HostAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists HostAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings HostAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels HostAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -388,11 +468,15 @@ type HostAssurancePolicyState struct { // List of trusted images. TrustedBaseImages HostAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. WhitelistedLicensesEnabled pulumi.BoolPtrInput + // Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + WindowsCisEnabled pulumi.BoolPtrInput } func (HostAssurancePolicyState) ElementType() reflect.Type { @@ -400,11 +484,17 @@ func (HostAssurancePolicyState) ElementType() reflect.Type { } type hostAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. - AuditOnFailure *bool `pulumi:"auditOnFailure"` + AuditOnFailure *bool `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author *string `pulumi:"author"` AutoScanConfigured *bool `pulumi:"autoScanConfigured"` AutoScanEnabled *bool `pulumi:"autoScanEnabled"` AutoScanTimes []HostAssurancePolicyAutoScanTime `pulumi:"autoScanTimes"` @@ -414,7 +504,7 @@ type hostAssurancePolicyArgs struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -422,13 +512,14 @@ type hostAssurancePolicyArgs struct { // List of Custom user scripts for checks. CustomChecks []HostAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -437,10 +528,12 @@ type hostAssurancePolicyArgs struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain *string `pulumi:"domain"` @@ -452,23 +545,33 @@ type hostAssurancePolicyArgs struct { EnforceAfterDays *int `pulumi:"enforceAfterDays"` EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. - FailCicd *bool `pulumi:"failCicd"` - ForbiddenLabels []HostAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` - ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` - ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` - FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` - IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + FailCicd *bool `pulumi:"failCicd"` + ForbiddenLabels []HostAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` + ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` + ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` + FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` + IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + KubernetesControls []string `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. @@ -478,25 +581,31 @@ type hostAssurancePolicyArgs struct { MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []HostAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []HostAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *HostAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []HostAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -505,20 +614,30 @@ type hostAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages []HostAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. WhitelistedLicensesEnabled *bool `pulumi:"whitelistedLicensesEnabled"` + // Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + WindowsCisEnabled *bool `pulumi:"windowsCisEnabled"` } // The set of arguments for constructing a HostAssurancePolicy resource. type HostAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. - AuditOnFailure pulumi.BoolPtrInput + AuditOnFailure pulumi.BoolPtrInput + // Name of user account that created the policy. + Author pulumi.StringPtrInput AutoScanConfigured pulumi.BoolPtrInput AutoScanEnabled pulumi.BoolPtrInput AutoScanTimes HostAssurancePolicyAutoScanTimeArrayInput @@ -528,7 +647,7 @@ type HostAssurancePolicyArgs struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -537,12 +656,13 @@ type HostAssurancePolicyArgs struct { CustomChecks HostAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayInput - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrInput // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayInput @@ -553,8 +673,10 @@ type HostAssurancePolicyArgs struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. Domain pulumi.StringPtrInput @@ -566,23 +688,33 @@ type HostAssurancePolicyArgs struct { EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput // Indicates if cicd failures will fail the image. - FailCicd pulumi.BoolPtrInput - ForbiddenLabels HostAssurancePolicyForbiddenLabelArrayInput - ForbiddenLabelsEnabled pulumi.BoolPtrInput - ForceMicroenforcer pulumi.BoolPtrInput - FunctionIntegrityEnabled pulumi.BoolPtrInput - IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + FailCicd pulumi.BoolPtrInput + ForbiddenLabels HostAssurancePolicyForbiddenLabelArrayInput + ForbiddenLabelsEnabled pulumi.BoolPtrInput + ForceMicroenforcer pulumi.BoolPtrInput + FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput - KubeCisEnabled pulumi.BoolPtrInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrInput + KubernetesControls pulumi.StringArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. @@ -592,25 +724,31 @@ type HostAssurancePolicyArgs struct { MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists HostAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists HostAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings HostAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels HostAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -619,11 +757,15 @@ type HostAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages HostAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. WhitelistedLicensesEnabled pulumi.BoolPtrInput + // Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + WindowsCisEnabled pulumi.BoolPtrInput } func (HostAssurancePolicyArgs) ElementType() reflect.Type { @@ -649,12 +791,6 @@ func (i *HostAssurancePolicy) ToHostAssurancePolicyOutputWithContext(ctx context return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyOutput) } -func (i *HostAssurancePolicy) ToOutput(ctx context.Context) pulumix.Output[*HostAssurancePolicy] { - return pulumix.Output[*HostAssurancePolicy]{ - OutputState: i.ToHostAssurancePolicyOutputWithContext(ctx).OutputState, - } -} - // HostAssurancePolicyArrayInput is an input type that accepts HostAssurancePolicyArray and HostAssurancePolicyArrayOutput values. // You can construct a concrete instance of `HostAssurancePolicyArrayInput` via: // @@ -680,12 +816,6 @@ func (i HostAssurancePolicyArray) ToHostAssurancePolicyArrayOutputWithContext(ct return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyArrayOutput) } -func (i HostAssurancePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*HostAssurancePolicy] { - return pulumix.Output[[]*HostAssurancePolicy]{ - OutputState: i.ToHostAssurancePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // HostAssurancePolicyMapInput is an input type that accepts HostAssurancePolicyMap and HostAssurancePolicyMapOutput values. // You can construct a concrete instance of `HostAssurancePolicyMapInput` via: // @@ -711,12 +841,6 @@ func (i HostAssurancePolicyMap) ToHostAssurancePolicyMapOutputWithContext(ctx co return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyMapOutput) } -func (i HostAssurancePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*HostAssurancePolicy] { - return pulumix.Output[map[string]*HostAssurancePolicy]{ - OutputState: i.ToHostAssurancePolicyMapOutputWithContext(ctx).OutputState, - } -} - type HostAssurancePolicyOutput struct{ *pulumi.OutputState } func (HostAssurancePolicyOutput) ElementType() reflect.Type { @@ -731,10 +855,9 @@ func (o HostAssurancePolicyOutput) ToHostAssurancePolicyOutputWithContext(ctx co return o } -func (o HostAssurancePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*HostAssurancePolicy] { - return pulumix.Output[*HostAssurancePolicy]{ - OutputState: o.OutputState, - } +// Aggregated vulnerability information. +func (o HostAssurancePolicyOutput) AggregatedVulnerability() pulumi.StringMapOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringMapOutput { return v.AggregatedVulnerability }).(pulumi.StringMapOutput) } // List of explicitly allowed images. @@ -746,6 +869,11 @@ func (o HostAssurancePolicyOutput) ApplicationScopes() pulumi.StringArrayOutput return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) } +// What type of assurance policy is described. +func (o HostAssurancePolicyOutput) AssuranceType() pulumi.StringOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringOutput { return v.AssuranceType }).(pulumi.StringOutput) +} + // Indicates if auditing for failures. func (o HostAssurancePolicyOutput) AuditOnFailure() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.AuditOnFailure }).(pulumi.BoolPtrOutput) @@ -783,7 +911,7 @@ func (o HostAssurancePolicyOutput) BlacklistedLicenses() pulumi.StringArrayOutpu return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o HostAssurancePolicyOutput) BlacklistedLicensesEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.BlacklistedLicensesEnabled }).(pulumi.BoolPtrOutput) } @@ -807,21 +935,25 @@ func (o HostAssurancePolicyOutput) CustomChecksEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomChecksEnabled }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) CustomSeverity() pulumi.StringOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringOutput { return v.CustomSeverity }).(pulumi.StringOutput) +} + func (o HostAssurancePolicyOutput) CustomSeverityEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomSeverityEnabled }).(pulumi.BoolPtrOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o HostAssurancePolicyOutput) CvesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o HostAssurancePolicyOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o HostAssurancePolicyOutput) CvesWhiteListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesWhiteListEnabled }).(pulumi.BoolPtrOutput) } @@ -850,11 +982,16 @@ func (o HostAssurancePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } +func (o HostAssurancePolicyOutput) DisallowExploitTypes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.DisallowExploitTypes }).(pulumi.StringArrayOutput) +} + // Indicates if malware should block the image. func (o HostAssurancePolicyOutput) DisallowMalware() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.DisallowMalware }).(pulumi.BoolPtrOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o HostAssurancePolicyOutput) DockerCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.DockerCisEnabled }).(pulumi.BoolPtrOutput) } @@ -896,6 +1033,10 @@ func (o HostAssurancePolicyOutput) ExceptionalMonitoredMalwarePaths() pulumi.Str return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.ExceptionalMonitoredMalwarePaths }).(pulumi.StringArrayOutput) } +func (o HostAssurancePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + // Indicates if cicd failures will fail the image. func (o HostAssurancePolicyOutput) FailCicd() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.FailCicd }).(pulumi.BoolPtrOutput) @@ -917,6 +1058,10 @@ func (o HostAssurancePolicyOutput) FunctionIntegrityEnabled() pulumi.BoolPtrOutp return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.FunctionIntegrityEnabled }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) IgnoreBaseImageVln() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreBaseImageVln }).(pulumi.BoolPtrOutput) +} + func (o HostAssurancePolicyOutput) IgnoreRecentlyPublishedVln() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreRecentlyPublishedVln }).(pulumi.BoolPtrOutput) } @@ -935,20 +1080,45 @@ func (o HostAssurancePolicyOutput) IgnoredRiskResources() pulumi.StringArrayOutp return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredRiskResources }).(pulumi.StringArrayOutput) } +func (o HostAssurancePolicyOutput) IgnoredSensitiveResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredSensitiveResources }).(pulumi.StringArrayOutput) +} + // List of images. func (o HostAssurancePolicyOutput) Images() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o HostAssurancePolicyOutput) KubeCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.KubeCisEnabled }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) KubernetesControls() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControls }).(pulumi.StringArrayOutput) +} + +func (o HostAssurancePolicyOutput) KubernetesControlsAvdIds() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsAvdIds }).(pulumi.StringArrayOutput) +} + +func (o HostAssurancePolicyOutput) KubernetesControlsNames() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsNames }).(pulumi.StringArrayOutput) +} + // List of labels. func (o HostAssurancePolicyOutput) Labels() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.Labels }).(pulumi.StringArrayOutput) } +func (o HostAssurancePolicyOutput) Lastupdate() pulumi.StringOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringOutput { return v.Lastupdate }).(pulumi.StringOutput) +} + +func (o HostAssurancePolicyOutput) LinuxCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.LinuxCisEnabled }).(pulumi.BoolPtrOutput) +} + func (o HostAssurancePolicyOutput) MalwareAction() pulumi.StringPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringPtrOutput { return v.MalwareAction }).(pulumi.StringPtrOutput) } @@ -981,12 +1151,16 @@ func (o HostAssurancePolicyOutput) OnlyNoneRootUsers() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.OnlyNoneRootUsers }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) OpenshiftHardeningEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.OpenshiftHardeningEnabled }).(pulumi.BoolPtrOutput) +} + // Indicates if packages blacklist is relevant. func (o HostAssurancePolicyOutput) PackagesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.PackagesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of backlisted images. +// List of blacklisted images. func (o HostAssurancePolicyOutput) PackagesBlackLists() HostAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v *HostAssurancePolicy) HostAssurancePolicyPackagesBlackListArrayOutput { return v.PackagesBlackLists @@ -1009,6 +1183,14 @@ func (o HostAssurancePolicyOutput) PartialResultsImageFail() pulumi.BoolPtrOutpu return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.PartialResultsImageFail }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) Permission() pulumi.StringOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringOutput { return v.Permission }).(pulumi.StringOutput) +} + +func (o HostAssurancePolicyOutput) PolicySettings() HostAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *HostAssurancePolicy) HostAssurancePolicyPolicySettingsOutput { return v.PolicySettings }).(HostAssurancePolicyPolicySettingsOutput) +} + func (o HostAssurancePolicyOutput) ReadOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) } @@ -1030,15 +1212,27 @@ func (o HostAssurancePolicyOutput) RequiredLabelsEnabled() pulumi.BoolPtrOutput return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.RequiredLabelsEnabled }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) ScanMalwareInArchives() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanMalwareInArchives }).(pulumi.BoolPtrOutput) +} + func (o HostAssurancePolicyOutput) ScanNfsMounts() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanNfsMounts }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) ScanProcessMemory() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanProcessMemory }).(pulumi.BoolPtrOutput) +} + // Indicates if scan should include sensitive data in the image. func (o HostAssurancePolicyOutput) ScanSensitiveData() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanSensitiveData }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) ScanWindowsRegistry() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanWindowsRegistry }).(pulumi.BoolPtrOutput) +} + // Indicates if scanning should include scap. func (o HostAssurancePolicyOutput) ScapEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.ScapEnabled }).(pulumi.BoolPtrOutput) @@ -1065,6 +1259,14 @@ func (o HostAssurancePolicyOutput) TrustedBaseImagesEnabled() pulumi.BoolPtrOutp return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.TrustedBaseImagesEnabled }).(pulumi.BoolPtrOutput) } +func (o HostAssurancePolicyOutput) VulnerabilityExploitability() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.VulnerabilityExploitability }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyOutput) VulnerabilityScoreRanges() pulumi.IntArrayOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.IntArrayOutput { return v.VulnerabilityScoreRanges }).(pulumi.IntArrayOutput) +} + // List of whitelisted licenses. func (o HostAssurancePolicyOutput) WhitelistedLicenses() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostAssurancePolicy) pulumi.StringArrayOutput { return v.WhitelistedLicenses }).(pulumi.StringArrayOutput) @@ -1075,6 +1277,11 @@ func (o HostAssurancePolicyOutput) WhitelistedLicensesEnabled() pulumi.BoolPtrOu return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.WhitelistedLicensesEnabled }).(pulumi.BoolPtrOutput) } +// Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). +func (o HostAssurancePolicyOutput) WindowsCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicy) pulumi.BoolPtrOutput { return v.WindowsCisEnabled }).(pulumi.BoolPtrOutput) +} + type HostAssurancePolicyArrayOutput struct{ *pulumi.OutputState } func (HostAssurancePolicyArrayOutput) ElementType() reflect.Type { @@ -1089,12 +1296,6 @@ func (o HostAssurancePolicyArrayOutput) ToHostAssurancePolicyArrayOutputWithCont return o } -func (o HostAssurancePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*HostAssurancePolicy] { - return pulumix.Output[[]*HostAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o HostAssurancePolicyArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *HostAssurancePolicy { return vs[0].([]*HostAssurancePolicy)[vs[1].(int)] @@ -1115,12 +1316,6 @@ func (o HostAssurancePolicyMapOutput) ToHostAssurancePolicyMapOutputWithContext( return o } -func (o HostAssurancePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*HostAssurancePolicy] { - return pulumix.Output[map[string]*HostAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o HostAssurancePolicyMapOutput) MapIndex(k pulumi.StringInput) HostAssurancePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *HostAssurancePolicy { return vs[0].(map[string]*HostAssurancePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/hostRuntimePolicy.go b/sdk/go/aquasec/hostRuntimePolicy.go index 7468fb3b..b268ef27 100644 --- a/sdk/go/aquasec/hostRuntimePolicy.go +++ b/sdk/go/aquasec/hostRuntimePolicy.go @@ -8,158 +8,18 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) -// ## Example Usage -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// _, err := aquasec.NewHostRuntimePolicy(ctx, "hostRuntimePolicy", &aquasec.HostRuntimePolicyArgs{ -// ApplicationScopes: pulumi.StringArray{ -// pulumi.String("Global"), -// }, -// AuditAllOsUserActivity: pulumi.Bool(true), -// AuditBruteForceLogin: pulumi.Bool(true), -// AuditFullCommandArguments: pulumi.Bool(true), -// AuditHostFailedLoginEvents: pulumi.Bool(true), -// AuditHostSuccessfulLoginEvents: pulumi.Bool(true), -// AuditUserAccountManagement: pulumi.Bool(true), -// BlockCryptocurrencyMining: pulumi.Bool(true), -// BlockedFiles: pulumi.StringArray{ -// pulumi.String("blocked"), -// }, -// Description: pulumi.String("host_runtime_policy"), -// EnableIpReputationSecurity: pulumi.Bool(true), -// Enabled: pulumi.Bool(true), -// Enforce: pulumi.Bool(false), -// FileIntegrityMonitoring: &aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs{ -// ExcludedPaths: pulumi.StringArray{ -// pulumi.String("expaths"), -// }, -// ExcludedProcesses: pulumi.StringArray{ -// pulumi.String("exprocess"), -// }, -// ExcludedUsers: pulumi.StringArray{ -// pulumi.String("expuser"), -// }, -// MonitorAttributes: pulumi.Bool(true), -// MonitorCreate: pulumi.Bool(true), -// MonitorDelete: pulumi.Bool(true), -// MonitorModify: pulumi.Bool(true), -// MonitorRead: pulumi.Bool(true), -// MonitoredPaths: pulumi.StringArray{ -// pulumi.String("paths"), -// }, -// MonitoredProcesses: pulumi.StringArray{ -// pulumi.String("process"), -// }, -// MonitoredUsers: pulumi.StringArray{ -// pulumi.String("user"), -// }, -// }, -// MonitorSystemLogIntegrity: pulumi.Bool(true), -// MonitorSystemTimeChanges: pulumi.Bool(true), -// MonitorWindowsServices: pulumi.Bool(true), -// OsGroupsAlloweds: pulumi.StringArray{ -// pulumi.String("group1"), -// }, -// OsGroupsBlockeds: pulumi.StringArray{ -// pulumi.String("group2"), -// }, -// OsUsersAlloweds: pulumi.StringArray{ -// pulumi.String("user1"), -// }, -// OsUsersBlockeds: pulumi.StringArray{ -// pulumi.String("user2"), -// }, -// PackageBlocks: pulumi.StringArray{ -// pulumi.String("package1"), -// }, -// PortScanningDetection: pulumi.Bool(true), -// ScopeVariables: aquasec.HostRuntimePolicyScopeVariableArray{ -// &aquasec.HostRuntimePolicyScopeVariableArgs{ -// Attribute: pulumi.String("kubernetes.cluster"), -// Value: pulumi.String("default"), -// }, -// &aquasec.HostRuntimePolicyScopeVariableArgs{ -// Attribute: pulumi.String("kubernetes.label"), -// Name: pulumi.String("app"), -// Value: pulumi.String("aqua"), -// }, -// }, -// WindowsRegistryMonitoring: &aquasec.HostRuntimePolicyWindowsRegistryMonitoringArgs{ -// ExcludedPaths: pulumi.StringArray{ -// pulumi.String("expaths"), -// }, -// ExcludedProcesses: pulumi.StringArray{ -// pulumi.String("exprocess"), -// }, -// ExcludedUsers: pulumi.StringArray{ -// pulumi.String("expuser"), -// }, -// MonitorAttributes: pulumi.Bool(true), -// MonitorCreate: pulumi.Bool(true), -// MonitorDelete: pulumi.Bool(true), -// MonitorModify: pulumi.Bool(true), -// MonitorRead: pulumi.Bool(true), -// MonitoredPaths: pulumi.StringArray{ -// pulumi.String("paths"), -// }, -// MonitoredProcesses: pulumi.StringArray{ -// pulumi.String("process"), -// }, -// MonitoredUsers: pulumi.StringArray{ -// pulumi.String("user"), -// }, -// }, -// WindowsRegistryProtection: &aquasec.HostRuntimePolicyWindowsRegistryProtectionArgs{ -// ExcludedPaths: pulumi.StringArray{ -// pulumi.String("expaths"), -// }, -// ExcludedProcesses: pulumi.StringArray{ -// pulumi.String("exprocess"), -// }, -// ExcludedUsers: pulumi.StringArray{ -// pulumi.String("expuser"), -// }, -// ProtectedPaths: pulumi.StringArray{ -// pulumi.String("paths"), -// }, -// ProtectedProcesses: pulumi.StringArray{ -// pulumi.String("process"), -// }, -// ProtectedUsers: pulumi.StringArray{ -// pulumi.String("user"), -// }, -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` type HostRuntimePolicy struct { pulumi.CustomResourceState + // Allowed executables configuration. + AllowedExecutables HostRuntimePolicyAllowedExecutableArrayOutput `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries HostRuntimePolicyAllowedRegistryArrayOutput `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` - // If true, all process activity will be audited. - AuditAllOsUserActivity pulumi.BoolPtrOutput `pulumi:"auditAllOsUserActivity"` // Detects brute force login attempts AuditBruteForceLogin pulumi.BoolPtrOutput `pulumi:"auditBruteForceLogin"` // If true, full command arguments will be audited. @@ -169,35 +29,71 @@ type HostRuntimePolicy struct { // If true, host successful logins will be audited. AuditHostSuccessfulLoginEvents pulumi.BoolPtrOutput `pulumi:"auditHostSuccessfulLoginEvents"` // If true, account management will be audited. - AuditUserAccountManagement pulumi.BoolPtrOutput `pulumi:"auditUserAccountManagement"` + AuditUserAccountManagement pulumi.BoolPtrOutput `pulumi:"auditUserAccountManagement"` + Auditing HostRuntimePolicyAuditingOutput `pulumi:"auditing"` // Username of the account that created the service. - Author pulumi.StringOutput `pulumi:"author"` + Author pulumi.StringOutput `pulumi:"author"` + BlacklistedOsUsers HostRuntimePolicyBlacklistedOsUsersOutput `pulumi:"blacklistedOsUsers"` + BlockContainerExec pulumi.BoolPtrOutput `pulumi:"blockContainerExec"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining - BlockCryptocurrencyMining pulumi.BoolPtrOutput `pulumi:"blockCryptocurrencyMining"` + BlockCryptocurrencyMining pulumi.BoolPtrOutput `pulumi:"blockCryptocurrencyMining"` + BlockDisallowedImages pulumi.BoolPtrOutput `pulumi:"blockDisallowedImages"` + BlockFilelessExec pulumi.BoolPtrOutput `pulumi:"blockFilelessExec"` + BlockNonCompliantWorkloads pulumi.BoolPtrOutput `pulumi:"blockNonCompliantWorkloads"` + BlockNonK8sContainers pulumi.BoolPtrOutput `pulumi:"blockNonK8sContainers"` // List of files that are prevented from being read, modified and executed in the containers. BlockedFiles pulumi.StringArrayOutput `pulumi:"blockedFiles"` + // Bypass scope configuration. + BypassScopes HostRuntimePolicyBypassScopeArrayOutput `pulumi:"bypassScopes"` + ContainerExec HostRuntimePolicyContainerExecOutput `pulumi:"containerExec"` + Created pulumi.StringOutput `pulumi:"created"` + Cve pulumi.StringPtrOutput `pulumi:"cve"` + DefaultSecurityProfile pulumi.StringPtrOutput `pulumi:"defaultSecurityProfile"` // The description of the host runtime policy Description pulumi.StringPtrOutput `pulumi:"description"` - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity pulumi.BoolPtrOutput `pulumi:"enableIpReputationSecurity"` - // Indicates if the runtime policy is enabled or not. + Digest pulumi.StringPtrOutput `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions HostRuntimePolicyDriftPreventionArrayOutput `pulumi:"driftPreventions"` + EnableCryptoMiningDns pulumi.BoolPtrOutput `pulumi:"enableCryptoMiningDns"` + EnableForkGuard pulumi.BoolPtrOutput `pulumi:"enableForkGuard"` + EnableIpReputation pulumi.BoolPtrOutput `pulumi:"enableIpReputation"` + EnablePortScanProtection pulumi.BoolPtrOutput `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrOutput `pulumi:"enforce"` // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` + EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn pulumi.IntOutput `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists HostRuntimePolicyExecutableBlacklistArrayOutput `pulumi:"executableBlacklists"` + FailedKubernetesChecks HostRuntimePolicyFailedKubernetesChecksOutput `pulumi:"failedKubernetesChecks"` + FileBlock HostRuntimePolicyFileBlockOutput `pulumi:"fileBlock"` // Configuration for file integrity monitoring. - FileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoringPtrOutput `pulumi:"fileIntegrityMonitoring"` + FileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoringOutput `pulumi:"fileIntegrityMonitoring"` + ForkGuardProcessLimit pulumi.IntPtrOutput `pulumi:"forkGuardProcessLimit"` + ImageName pulumi.StringPtrOutput `pulumi:"imageName"` + IsAuditChecked pulumi.BoolPtrOutput `pulumi:"isAuditChecked"` + IsAutoGenerated pulumi.BoolPtrOutput `pulumi:"isAutoGenerated"` + IsOotbPolicy pulumi.BoolPtrOutput `pulumi:"isOotbPolicy"` + Lastupdate pulumi.IntOutput `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges HostRuntimePolicyLimitContainerPrivilegeArrayOutput `pulumi:"limitContainerPrivileges"` + LinuxCapabilities HostRuntimePolicyLinuxCapabilitiesOutput `pulumi:"linuxCapabilities"` // Configuration for Real-Time Malware Protection. - MalwareScanOptions HostRuntimePolicyMalwareScanOptionsPtrOutput `pulumi:"malwareScanOptions"` + MalwareScanOptions HostRuntimePolicyMalwareScanOptionsOutput `pulumi:"malwareScanOptions"` // If true, system log will be monitored. MonitorSystemLogIntegrity pulumi.BoolPtrOutput `pulumi:"monitorSystemLogIntegrity"` // If true, system time changes will be monitored. MonitorSystemTimeChanges pulumi.BoolPtrOutput `pulumi:"monitorSystemTimeChanges"` // If true, windows service operations will be monitored. MonitorWindowsServices pulumi.BoolPtrOutput `pulumi:"monitorWindowsServices"` - // Name of the host runtime policy - Name pulumi.StringOutput `pulumi:"name"` + // Name assigned to the attribute. + Name pulumi.StringOutput `pulumi:"name"` + NoNewPrivileges pulumi.BoolPtrOutput `pulumi:"noNewPrivileges"` + OnlyRegisteredImages pulumi.BoolPtrOutput `pulumi:"onlyRegisteredImages"` // List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. OsGroupsAlloweds pulumi.StringArrayOutput `pulumi:"osGroupsAlloweds"` // List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. @@ -205,19 +101,35 @@ type HostRuntimePolicy struct { // List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. OsUsersAlloweds pulumi.StringArrayOutput `pulumi:"osUsersAlloweds"` // List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - OsUsersBlockeds pulumi.StringArrayOutput `pulumi:"osUsersBlockeds"` - // List of packages that are not allowed read, write or execute all files that under the packages. - PackageBlocks pulumi.StringArrayOutput `pulumi:"packageBlocks"` - // If true, port scanning behaviors will be audited. - PortScanningDetection pulumi.BoolPtrOutput `pulumi:"portScanningDetection"` + OsUsersBlockeds pulumi.StringArrayOutput `pulumi:"osUsersBlockeds"` + PackageBlocks HostRuntimePolicyPackageBlockArrayOutput `pulumi:"packageBlocks"` + Permission pulumi.StringPtrOutput `pulumi:"permission"` + PortBlock HostRuntimePolicyPortBlockOutput `pulumi:"portBlock"` + ReadonlyFiles HostRuntimePolicyReadonlyFilesOutput `pulumi:"readonlyFiles"` + ReadonlyRegistry HostRuntimePolicyReadonlyRegistryOutput `pulumi:"readonlyRegistry"` + Registry pulumi.StringPtrOutput `pulumi:"registry"` + RegistryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoringOutput `pulumi:"registryAccessMonitoring"` + RepoName pulumi.StringPtrOutput `pulumi:"repoName"` + ResourceName pulumi.StringPtrOutput `pulumi:"resourceName"` + ResourceType pulumi.StringPtrOutput `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes HostRuntimePolicyRestrictedVolumeArrayOutput `pulumi:"restrictedVolumes"` + ReverseShell HostRuntimePolicyReverseShellOutput `pulumi:"reverseShell"` + RuntimeMode pulumi.IntPtrOutput `pulumi:"runtimeMode"` + RuntimeType pulumi.StringOutput `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringOutput `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables HostRuntimePolicyScopeVariableArrayOutput `pulumi:"scopeVariables"` - // Configuration for windows registry monitoring. - WindowsRegistryMonitoring HostRuntimePolicyWindowsRegistryMonitoringPtrOutput `pulumi:"windowsRegistryMonitoring"` - // Configuration for windows registry protection. - WindowsRegistryProtection HostRuntimePolicyWindowsRegistryProtectionPtrOutput `pulumi:"windowsRegistryProtection"` + // Scope configuration. + Scopes HostRuntimePolicyScopeArrayOutput `pulumi:"scopes"` + SystemIntegrityProtection HostRuntimePolicySystemIntegrityProtectionOutput `pulumi:"systemIntegrityProtection"` + Tripwire HostRuntimePolicyTripwireOutput `pulumi:"tripwire"` + Type pulumi.StringOutput `pulumi:"type"` + Updated pulumi.StringOutput `pulumi:"updated"` + Version pulumi.StringPtrOutput `pulumi:"version"` + VpatchVersion pulumi.StringPtrOutput `pulumi:"vpatchVersion"` + WhitelistedOsUsers HostRuntimePolicyWhitelistedOsUsersOutput `pulumi:"whitelistedOsUsers"` } // NewHostRuntimePolicy registers a new resource with the given unique name, arguments, and options. @@ -250,10 +162,12 @@ func GetHostRuntimePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering HostRuntimePolicy resources. type hostRuntimePolicyState struct { + // Allowed executables configuration. + AllowedExecutables []HostRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []HostRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` - // If true, all process activity will be audited. - AuditAllOsUserActivity *bool `pulumi:"auditAllOsUserActivity"` // Detects brute force login attempts AuditBruteForceLogin *bool `pulumi:"auditBruteForceLogin"` // If true, full command arguments will be audited. @@ -263,25 +177,59 @@ type hostRuntimePolicyState struct { // If true, host successful logins will be audited. AuditHostSuccessfulLoginEvents *bool `pulumi:"auditHostSuccessfulLoginEvents"` // If true, account management will be audited. - AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Auditing *HostRuntimePolicyAuditing `pulumi:"auditing"` // Username of the account that created the service. - Author *string `pulumi:"author"` + Author *string `pulumi:"author"` + BlacklistedOsUsers *HostRuntimePolicyBlacklistedOsUsers `pulumi:"blacklistedOsUsers"` + BlockContainerExec *bool `pulumi:"blockContainerExec"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining - BlockCryptocurrencyMining *bool `pulumi:"blockCryptocurrencyMining"` + BlockCryptocurrencyMining *bool `pulumi:"blockCryptocurrencyMining"` + BlockDisallowedImages *bool `pulumi:"blockDisallowedImages"` + BlockFilelessExec *bool `pulumi:"blockFilelessExec"` + BlockNonCompliantWorkloads *bool `pulumi:"blockNonCompliantWorkloads"` + BlockNonK8sContainers *bool `pulumi:"blockNonK8sContainers"` // List of files that are prevented from being read, modified and executed in the containers. BlockedFiles []string `pulumi:"blockedFiles"` + // Bypass scope configuration. + BypassScopes []HostRuntimePolicyBypassScope `pulumi:"bypassScopes"` + ContainerExec *HostRuntimePolicyContainerExec `pulumi:"containerExec"` + Created *string `pulumi:"created"` + Cve *string `pulumi:"cve"` + DefaultSecurityProfile *string `pulumi:"defaultSecurityProfile"` // The description of the host runtime policy Description *string `pulumi:"description"` - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity *bool `pulumi:"enableIpReputationSecurity"` - // Indicates if the runtime policy is enabled or not. + Digest *string `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions []HostRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + EnableCryptoMiningDns *bool `pulumi:"enableCryptoMiningDns"` + EnableForkGuard *bool `pulumi:"enableForkGuard"` + EnableIpReputation *bool `pulumi:"enableIpReputation"` + EnablePortScanProtection *bool `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled *bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce *bool `pulumi:"enforce"` // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn *int `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists []HostRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + FailedKubernetesChecks *HostRuntimePolicyFailedKubernetesChecks `pulumi:"failedKubernetesChecks"` + FileBlock *HostRuntimePolicyFileBlock `pulumi:"fileBlock"` // Configuration for file integrity monitoring. FileIntegrityMonitoring *HostRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitoring"` + ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` + ImageName *string `pulumi:"imageName"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + IsAutoGenerated *bool `pulumi:"isAutoGenerated"` + IsOotbPolicy *bool `pulumi:"isOotbPolicy"` + Lastupdate *int `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges []HostRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` + LinuxCapabilities *HostRuntimePolicyLinuxCapabilities `pulumi:"linuxCapabilities"` // Configuration for Real-Time Malware Protection. MalwareScanOptions *HostRuntimePolicyMalwareScanOptions `pulumi:"malwareScanOptions"` // If true, system log will be monitored. @@ -290,8 +238,10 @@ type hostRuntimePolicyState struct { MonitorSystemTimeChanges *bool `pulumi:"monitorSystemTimeChanges"` // If true, windows service operations will be monitored. MonitorWindowsServices *bool `pulumi:"monitorWindowsServices"` - // Name of the host runtime policy - Name *string `pulumi:"name"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + NoNewPrivileges *bool `pulumi:"noNewPrivileges"` + OnlyRegisteredImages *bool `pulumi:"onlyRegisteredImages"` // List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. OsGroupsAlloweds []string `pulumi:"osGroupsAlloweds"` // List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. @@ -299,26 +249,44 @@ type hostRuntimePolicyState struct { // List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. OsUsersAlloweds []string `pulumi:"osUsersAlloweds"` // List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - OsUsersBlockeds []string `pulumi:"osUsersBlockeds"` - // List of packages that are not allowed read, write or execute all files that under the packages. - PackageBlocks []string `pulumi:"packageBlocks"` - // If true, port scanning behaviors will be audited. - PortScanningDetection *bool `pulumi:"portScanningDetection"` + OsUsersBlockeds []string `pulumi:"osUsersBlockeds"` + PackageBlocks []HostRuntimePolicyPackageBlock `pulumi:"packageBlocks"` + Permission *string `pulumi:"permission"` + PortBlock *HostRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *HostRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + ReadonlyRegistry *HostRuntimePolicyReadonlyRegistry `pulumi:"readonlyRegistry"` + Registry *string `pulumi:"registry"` + RegistryAccessMonitoring *HostRuntimePolicyRegistryAccessMonitoring `pulumi:"registryAccessMonitoring"` + RepoName *string `pulumi:"repoName"` + ResourceName *string `pulumi:"resourceName"` + ResourceType *string `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes []HostRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` + ReverseShell *HostRuntimePolicyReverseShell `pulumi:"reverseShell"` + RuntimeMode *int `pulumi:"runtimeMode"` + RuntimeType *string `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression *string `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables []HostRuntimePolicyScopeVariable `pulumi:"scopeVariables"` - // Configuration for windows registry monitoring. - WindowsRegistryMonitoring *HostRuntimePolicyWindowsRegistryMonitoring `pulumi:"windowsRegistryMonitoring"` - // Configuration for windows registry protection. - WindowsRegistryProtection *HostRuntimePolicyWindowsRegistryProtection `pulumi:"windowsRegistryProtection"` + // Scope configuration. + Scopes []HostRuntimePolicyScope `pulumi:"scopes"` + SystemIntegrityProtection *HostRuntimePolicySystemIntegrityProtection `pulumi:"systemIntegrityProtection"` + Tripwire *HostRuntimePolicyTripwire `pulumi:"tripwire"` + Type *string `pulumi:"type"` + Updated *string `pulumi:"updated"` + Version *string `pulumi:"version"` + VpatchVersion *string `pulumi:"vpatchVersion"` + WhitelistedOsUsers *HostRuntimePolicyWhitelistedOsUsers `pulumi:"whitelistedOsUsers"` } type HostRuntimePolicyState struct { + // Allowed executables configuration. + AllowedExecutables HostRuntimePolicyAllowedExecutableArrayInput + // List of allowed registries. + AllowedRegistries HostRuntimePolicyAllowedRegistryArrayInput // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayInput - // If true, all process activity will be audited. - AuditAllOsUserActivity pulumi.BoolPtrInput // Detects brute force login attempts AuditBruteForceLogin pulumi.BoolPtrInput // If true, full command arguments will be audited. @@ -329,24 +297,58 @@ type HostRuntimePolicyState struct { AuditHostSuccessfulLoginEvents pulumi.BoolPtrInput // If true, account management will be audited. AuditUserAccountManagement pulumi.BoolPtrInput + Auditing HostRuntimePolicyAuditingPtrInput // Username of the account that created the service. - Author pulumi.StringPtrInput + Author pulumi.StringPtrInput + BlacklistedOsUsers HostRuntimePolicyBlacklistedOsUsersPtrInput + BlockContainerExec pulumi.BoolPtrInput // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining - BlockCryptocurrencyMining pulumi.BoolPtrInput + BlockCryptocurrencyMining pulumi.BoolPtrInput + BlockDisallowedImages pulumi.BoolPtrInput + BlockFilelessExec pulumi.BoolPtrInput + BlockNonCompliantWorkloads pulumi.BoolPtrInput + BlockNonK8sContainers pulumi.BoolPtrInput // List of files that are prevented from being read, modified and executed in the containers. BlockedFiles pulumi.StringArrayInput + // Bypass scope configuration. + BypassScopes HostRuntimePolicyBypassScopeArrayInput + ContainerExec HostRuntimePolicyContainerExecPtrInput + Created pulumi.StringPtrInput + Cve pulumi.StringPtrInput + DefaultSecurityProfile pulumi.StringPtrInput // The description of the host runtime policy Description pulumi.StringPtrInput - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity pulumi.BoolPtrInput - // Indicates if the runtime policy is enabled or not. + Digest pulumi.StringPtrInput + // Drift prevention configuration. + DriftPreventions HostRuntimePolicyDriftPreventionArrayInput + EnableCryptoMiningDns pulumi.BoolPtrInput + EnableForkGuard pulumi.BoolPtrInput + EnableIpReputation pulumi.BoolPtrInput + EnablePortScanProtection pulumi.BoolPtrInput + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrInput // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrInput // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays pulumi.IntPtrInput + EnforceAfterDays pulumi.IntPtrInput + EnforceSchedulerAddedOn pulumi.IntPtrInput + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayInput + // Executable blacklist configuration. + ExecutableBlacklists HostRuntimePolicyExecutableBlacklistArrayInput + FailedKubernetesChecks HostRuntimePolicyFailedKubernetesChecksPtrInput + FileBlock HostRuntimePolicyFileBlockPtrInput // Configuration for file integrity monitoring. FileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoringPtrInput + ForkGuardProcessLimit pulumi.IntPtrInput + ImageName pulumi.StringPtrInput + IsAuditChecked pulumi.BoolPtrInput + IsAutoGenerated pulumi.BoolPtrInput + IsOotbPolicy pulumi.BoolPtrInput + Lastupdate pulumi.IntPtrInput + // Container privileges configuration. + LimitContainerPrivileges HostRuntimePolicyLimitContainerPrivilegeArrayInput + LinuxCapabilities HostRuntimePolicyLinuxCapabilitiesPtrInput // Configuration for Real-Time Malware Protection. MalwareScanOptions HostRuntimePolicyMalwareScanOptionsPtrInput // If true, system log will be monitored. @@ -355,8 +357,10 @@ type HostRuntimePolicyState struct { MonitorSystemTimeChanges pulumi.BoolPtrInput // If true, windows service operations will be monitored. MonitorWindowsServices pulumi.BoolPtrInput - // Name of the host runtime policy - Name pulumi.StringPtrInput + // Name assigned to the attribute. + Name pulumi.StringPtrInput + NoNewPrivileges pulumi.BoolPtrInput + OnlyRegisteredImages pulumi.BoolPtrInput // List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. OsGroupsAlloweds pulumi.StringArrayInput // List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. @@ -364,19 +368,35 @@ type HostRuntimePolicyState struct { // List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. OsUsersAlloweds pulumi.StringArrayInput // List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - OsUsersBlockeds pulumi.StringArrayInput - // List of packages that are not allowed read, write or execute all files that under the packages. - PackageBlocks pulumi.StringArrayInput - // If true, port scanning behaviors will be audited. - PortScanningDetection pulumi.BoolPtrInput + OsUsersBlockeds pulumi.StringArrayInput + PackageBlocks HostRuntimePolicyPackageBlockArrayInput + Permission pulumi.StringPtrInput + PortBlock HostRuntimePolicyPortBlockPtrInput + ReadonlyFiles HostRuntimePolicyReadonlyFilesPtrInput + ReadonlyRegistry HostRuntimePolicyReadonlyRegistryPtrInput + Registry pulumi.StringPtrInput + RegistryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoringPtrInput + RepoName pulumi.StringPtrInput + ResourceName pulumi.StringPtrInput + ResourceType pulumi.StringPtrInput + // Restricted volumes configuration. + RestrictedVolumes HostRuntimePolicyRestrictedVolumeArrayInput + ReverseShell HostRuntimePolicyReverseShellPtrInput + RuntimeMode pulumi.IntPtrInput + RuntimeType pulumi.StringPtrInput // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringPtrInput // List of scope attributes. ScopeVariables HostRuntimePolicyScopeVariableArrayInput - // Configuration for windows registry monitoring. - WindowsRegistryMonitoring HostRuntimePolicyWindowsRegistryMonitoringPtrInput - // Configuration for windows registry protection. - WindowsRegistryProtection HostRuntimePolicyWindowsRegistryProtectionPtrInput + // Scope configuration. + Scopes HostRuntimePolicyScopeArrayInput + SystemIntegrityProtection HostRuntimePolicySystemIntegrityProtectionPtrInput + Tripwire HostRuntimePolicyTripwirePtrInput + Type pulumi.StringPtrInput + Updated pulumi.StringPtrInput + Version pulumi.StringPtrInput + VpatchVersion pulumi.StringPtrInput + WhitelistedOsUsers HostRuntimePolicyWhitelistedOsUsersPtrInput } func (HostRuntimePolicyState) ElementType() reflect.Type { @@ -384,10 +404,12 @@ func (HostRuntimePolicyState) ElementType() reflect.Type { } type hostRuntimePolicyArgs struct { + // Allowed executables configuration. + AllowedExecutables []HostRuntimePolicyAllowedExecutable `pulumi:"allowedExecutables"` + // List of allowed registries. + AllowedRegistries []HostRuntimePolicyAllowedRegistry `pulumi:"allowedRegistries"` // Indicates the application scope of the service. ApplicationScopes []string `pulumi:"applicationScopes"` - // If true, all process activity will be audited. - AuditAllOsUserActivity *bool `pulumi:"auditAllOsUserActivity"` // Detects brute force login attempts AuditBruteForceLogin *bool `pulumi:"auditBruteForceLogin"` // If true, full command arguments will be audited. @@ -397,23 +419,59 @@ type hostRuntimePolicyArgs struct { // If true, host successful logins will be audited. AuditHostSuccessfulLoginEvents *bool `pulumi:"auditHostSuccessfulLoginEvents"` // If true, account management will be audited. - AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Auditing *HostRuntimePolicyAuditing `pulumi:"auditing"` + // Username of the account that created the service. + Author *string `pulumi:"author"` + BlacklistedOsUsers *HostRuntimePolicyBlacklistedOsUsers `pulumi:"blacklistedOsUsers"` + BlockContainerExec *bool `pulumi:"blockContainerExec"` // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining - BlockCryptocurrencyMining *bool `pulumi:"blockCryptocurrencyMining"` + BlockCryptocurrencyMining *bool `pulumi:"blockCryptocurrencyMining"` + BlockDisallowedImages *bool `pulumi:"blockDisallowedImages"` + BlockFilelessExec *bool `pulumi:"blockFilelessExec"` + BlockNonCompliantWorkloads *bool `pulumi:"blockNonCompliantWorkloads"` + BlockNonK8sContainers *bool `pulumi:"blockNonK8sContainers"` // List of files that are prevented from being read, modified and executed in the containers. BlockedFiles []string `pulumi:"blockedFiles"` + // Bypass scope configuration. + BypassScopes []HostRuntimePolicyBypassScope `pulumi:"bypassScopes"` + ContainerExec *HostRuntimePolicyContainerExec `pulumi:"containerExec"` + Created *string `pulumi:"created"` + Cve *string `pulumi:"cve"` + DefaultSecurityProfile *string `pulumi:"defaultSecurityProfile"` // The description of the host runtime policy Description *string `pulumi:"description"` - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity *bool `pulumi:"enableIpReputationSecurity"` - // Indicates if the runtime policy is enabled or not. + Digest *string `pulumi:"digest"` + // Drift prevention configuration. + DriftPreventions []HostRuntimePolicyDriftPrevention `pulumi:"driftPreventions"` + EnableCryptoMiningDns *bool `pulumi:"enableCryptoMiningDns"` + EnableForkGuard *bool `pulumi:"enableForkGuard"` + EnableIpReputation *bool `pulumi:"enableIpReputation"` + EnablePortScanProtection *bool `pulumi:"enablePortScanProtection"` + // Whether allowed executables configuration is enabled. Enabled *bool `pulumi:"enabled"` // Indicates that policy should effect container execution (not just for audit). Enforce *bool `pulumi:"enforce"` // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceSchedulerAddedOn *int `pulumi:"enforceSchedulerAddedOn"` + // List of excluded application scopes. + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Executable blacklist configuration. + ExecutableBlacklists []HostRuntimePolicyExecutableBlacklist `pulumi:"executableBlacklists"` + FailedKubernetesChecks *HostRuntimePolicyFailedKubernetesChecks `pulumi:"failedKubernetesChecks"` + FileBlock *HostRuntimePolicyFileBlock `pulumi:"fileBlock"` // Configuration for file integrity monitoring. FileIntegrityMonitoring *HostRuntimePolicyFileIntegrityMonitoring `pulumi:"fileIntegrityMonitoring"` + ForkGuardProcessLimit *int `pulumi:"forkGuardProcessLimit"` + ImageName *string `pulumi:"imageName"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + IsAutoGenerated *bool `pulumi:"isAutoGenerated"` + IsOotbPolicy *bool `pulumi:"isOotbPolicy"` + Lastupdate *int `pulumi:"lastupdate"` + // Container privileges configuration. + LimitContainerPrivileges []HostRuntimePolicyLimitContainerPrivilege `pulumi:"limitContainerPrivileges"` + LinuxCapabilities *HostRuntimePolicyLinuxCapabilities `pulumi:"linuxCapabilities"` // Configuration for Real-Time Malware Protection. MalwareScanOptions *HostRuntimePolicyMalwareScanOptions `pulumi:"malwareScanOptions"` // If true, system log will be monitored. @@ -422,8 +480,10 @@ type hostRuntimePolicyArgs struct { MonitorSystemTimeChanges *bool `pulumi:"monitorSystemTimeChanges"` // If true, windows service operations will be monitored. MonitorWindowsServices *bool `pulumi:"monitorWindowsServices"` - // Name of the host runtime policy - Name *string `pulumi:"name"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + NoNewPrivileges *bool `pulumi:"noNewPrivileges"` + OnlyRegisteredImages *bool `pulumi:"onlyRegisteredImages"` // List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. OsGroupsAlloweds []string `pulumi:"osGroupsAlloweds"` // List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. @@ -431,27 +491,45 @@ type hostRuntimePolicyArgs struct { // List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. OsUsersAlloweds []string `pulumi:"osUsersAlloweds"` // List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - OsUsersBlockeds []string `pulumi:"osUsersBlockeds"` - // List of packages that are not allowed read, write or execute all files that under the packages. - PackageBlocks []string `pulumi:"packageBlocks"` - // If true, port scanning behaviors will be audited. - PortScanningDetection *bool `pulumi:"portScanningDetection"` + OsUsersBlockeds []string `pulumi:"osUsersBlockeds"` + PackageBlocks []HostRuntimePolicyPackageBlock `pulumi:"packageBlocks"` + Permission *string `pulumi:"permission"` + PortBlock *HostRuntimePolicyPortBlock `pulumi:"portBlock"` + ReadonlyFiles *HostRuntimePolicyReadonlyFiles `pulumi:"readonlyFiles"` + ReadonlyRegistry *HostRuntimePolicyReadonlyRegistry `pulumi:"readonlyRegistry"` + Registry *string `pulumi:"registry"` + RegistryAccessMonitoring *HostRuntimePolicyRegistryAccessMonitoring `pulumi:"registryAccessMonitoring"` + RepoName *string `pulumi:"repoName"` + ResourceName *string `pulumi:"resourceName"` + ResourceType *string `pulumi:"resourceType"` + // Restricted volumes configuration. + RestrictedVolumes []HostRuntimePolicyRestrictedVolume `pulumi:"restrictedVolumes"` + ReverseShell *HostRuntimePolicyReverseShell `pulumi:"reverseShell"` + RuntimeMode *int `pulumi:"runtimeMode"` + RuntimeType *string `pulumi:"runtimeType"` // Logical expression of how to compute the dependency of the scope variables. ScopeExpression *string `pulumi:"scopeExpression"` // List of scope attributes. ScopeVariables []HostRuntimePolicyScopeVariable `pulumi:"scopeVariables"` - // Configuration for windows registry monitoring. - WindowsRegistryMonitoring *HostRuntimePolicyWindowsRegistryMonitoring `pulumi:"windowsRegistryMonitoring"` - // Configuration for windows registry protection. - WindowsRegistryProtection *HostRuntimePolicyWindowsRegistryProtection `pulumi:"windowsRegistryProtection"` + // Scope configuration. + Scopes []HostRuntimePolicyScope `pulumi:"scopes"` + SystemIntegrityProtection *HostRuntimePolicySystemIntegrityProtection `pulumi:"systemIntegrityProtection"` + Tripwire *HostRuntimePolicyTripwire `pulumi:"tripwire"` + Type *string `pulumi:"type"` + Updated *string `pulumi:"updated"` + Version *string `pulumi:"version"` + VpatchVersion *string `pulumi:"vpatchVersion"` + WhitelistedOsUsers *HostRuntimePolicyWhitelistedOsUsers `pulumi:"whitelistedOsUsers"` } // The set of arguments for constructing a HostRuntimePolicy resource. type HostRuntimePolicyArgs struct { + // Allowed executables configuration. + AllowedExecutables HostRuntimePolicyAllowedExecutableArrayInput + // List of allowed registries. + AllowedRegistries HostRuntimePolicyAllowedRegistryArrayInput // Indicates the application scope of the service. ApplicationScopes pulumi.StringArrayInput - // If true, all process activity will be audited. - AuditAllOsUserActivity pulumi.BoolPtrInput // Detects brute force login attempts AuditBruteForceLogin pulumi.BoolPtrInput // If true, full command arguments will be audited. @@ -462,22 +540,58 @@ type HostRuntimePolicyArgs struct { AuditHostSuccessfulLoginEvents pulumi.BoolPtrInput // If true, account management will be audited. AuditUserAccountManagement pulumi.BoolPtrInput + Auditing HostRuntimePolicyAuditingPtrInput + // Username of the account that created the service. + Author pulumi.StringPtrInput + BlacklistedOsUsers HostRuntimePolicyBlacklistedOsUsersPtrInput + BlockContainerExec pulumi.BoolPtrInput // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining - BlockCryptocurrencyMining pulumi.BoolPtrInput + BlockCryptocurrencyMining pulumi.BoolPtrInput + BlockDisallowedImages pulumi.BoolPtrInput + BlockFilelessExec pulumi.BoolPtrInput + BlockNonCompliantWorkloads pulumi.BoolPtrInput + BlockNonK8sContainers pulumi.BoolPtrInput // List of files that are prevented from being read, modified and executed in the containers. BlockedFiles pulumi.StringArrayInput + // Bypass scope configuration. + BypassScopes HostRuntimePolicyBypassScopeArrayInput + ContainerExec HostRuntimePolicyContainerExecPtrInput + Created pulumi.StringPtrInput + Cve pulumi.StringPtrInput + DefaultSecurityProfile pulumi.StringPtrInput // The description of the host runtime policy Description pulumi.StringPtrInput - // If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - EnableIpReputationSecurity pulumi.BoolPtrInput - // Indicates if the runtime policy is enabled or not. + Digest pulumi.StringPtrInput + // Drift prevention configuration. + DriftPreventions HostRuntimePolicyDriftPreventionArrayInput + EnableCryptoMiningDns pulumi.BoolPtrInput + EnableForkGuard pulumi.BoolPtrInput + EnableIpReputation pulumi.BoolPtrInput + EnablePortScanProtection pulumi.BoolPtrInput + // Whether allowed executables configuration is enabled. Enabled pulumi.BoolPtrInput // Indicates that policy should effect container execution (not just for audit). Enforce pulumi.BoolPtrInput // Indicates the number of days after which the runtime policy will be changed to enforce mode. - EnforceAfterDays pulumi.IntPtrInput + EnforceAfterDays pulumi.IntPtrInput + EnforceSchedulerAddedOn pulumi.IntPtrInput + // List of excluded application scopes. + ExcludeApplicationScopes pulumi.StringArrayInput + // Executable blacklist configuration. + ExecutableBlacklists HostRuntimePolicyExecutableBlacklistArrayInput + FailedKubernetesChecks HostRuntimePolicyFailedKubernetesChecksPtrInput + FileBlock HostRuntimePolicyFileBlockPtrInput // Configuration for file integrity monitoring. FileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoringPtrInput + ForkGuardProcessLimit pulumi.IntPtrInput + ImageName pulumi.StringPtrInput + IsAuditChecked pulumi.BoolPtrInput + IsAutoGenerated pulumi.BoolPtrInput + IsOotbPolicy pulumi.BoolPtrInput + Lastupdate pulumi.IntPtrInput + // Container privileges configuration. + LimitContainerPrivileges HostRuntimePolicyLimitContainerPrivilegeArrayInput + LinuxCapabilities HostRuntimePolicyLinuxCapabilitiesPtrInput // Configuration for Real-Time Malware Protection. MalwareScanOptions HostRuntimePolicyMalwareScanOptionsPtrInput // If true, system log will be monitored. @@ -486,8 +600,10 @@ type HostRuntimePolicyArgs struct { MonitorSystemTimeChanges pulumi.BoolPtrInput // If true, windows service operations will be monitored. MonitorWindowsServices pulumi.BoolPtrInput - // Name of the host runtime policy - Name pulumi.StringPtrInput + // Name assigned to the attribute. + Name pulumi.StringPtrInput + NoNewPrivileges pulumi.BoolPtrInput + OnlyRegisteredImages pulumi.BoolPtrInput // List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. OsGroupsAlloweds pulumi.StringArrayInput // List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. @@ -495,19 +611,35 @@ type HostRuntimePolicyArgs struct { // List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. OsUsersAlloweds pulumi.StringArrayInput // List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - OsUsersBlockeds pulumi.StringArrayInput - // List of packages that are not allowed read, write or execute all files that under the packages. - PackageBlocks pulumi.StringArrayInput - // If true, port scanning behaviors will be audited. - PortScanningDetection pulumi.BoolPtrInput + OsUsersBlockeds pulumi.StringArrayInput + PackageBlocks HostRuntimePolicyPackageBlockArrayInput + Permission pulumi.StringPtrInput + PortBlock HostRuntimePolicyPortBlockPtrInput + ReadonlyFiles HostRuntimePolicyReadonlyFilesPtrInput + ReadonlyRegistry HostRuntimePolicyReadonlyRegistryPtrInput + Registry pulumi.StringPtrInput + RegistryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoringPtrInput + RepoName pulumi.StringPtrInput + ResourceName pulumi.StringPtrInput + ResourceType pulumi.StringPtrInput + // Restricted volumes configuration. + RestrictedVolumes HostRuntimePolicyRestrictedVolumeArrayInput + ReverseShell HostRuntimePolicyReverseShellPtrInput + RuntimeMode pulumi.IntPtrInput + RuntimeType pulumi.StringPtrInput // Logical expression of how to compute the dependency of the scope variables. ScopeExpression pulumi.StringPtrInput // List of scope attributes. ScopeVariables HostRuntimePolicyScopeVariableArrayInput - // Configuration for windows registry monitoring. - WindowsRegistryMonitoring HostRuntimePolicyWindowsRegistryMonitoringPtrInput - // Configuration for windows registry protection. - WindowsRegistryProtection HostRuntimePolicyWindowsRegistryProtectionPtrInput + // Scope configuration. + Scopes HostRuntimePolicyScopeArrayInput + SystemIntegrityProtection HostRuntimePolicySystemIntegrityProtectionPtrInput + Tripwire HostRuntimePolicyTripwirePtrInput + Type pulumi.StringPtrInput + Updated pulumi.StringPtrInput + Version pulumi.StringPtrInput + VpatchVersion pulumi.StringPtrInput + WhitelistedOsUsers HostRuntimePolicyWhitelistedOsUsersPtrInput } func (HostRuntimePolicyArgs) ElementType() reflect.Type { @@ -533,12 +665,6 @@ func (i *HostRuntimePolicy) ToHostRuntimePolicyOutputWithContext(ctx context.Con return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyOutput) } -func (i *HostRuntimePolicy) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicy] { - return pulumix.Output[*HostRuntimePolicy]{ - OutputState: i.ToHostRuntimePolicyOutputWithContext(ctx).OutputState, - } -} - // HostRuntimePolicyArrayInput is an input type that accepts HostRuntimePolicyArray and HostRuntimePolicyArrayOutput values. // You can construct a concrete instance of `HostRuntimePolicyArrayInput` via: // @@ -564,12 +690,6 @@ func (i HostRuntimePolicyArray) ToHostRuntimePolicyArrayOutputWithContext(ctx co return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyArrayOutput) } -func (i HostRuntimePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*HostRuntimePolicy] { - return pulumix.Output[[]*HostRuntimePolicy]{ - OutputState: i.ToHostRuntimePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // HostRuntimePolicyMapInput is an input type that accepts HostRuntimePolicyMap and HostRuntimePolicyMapOutput values. // You can construct a concrete instance of `HostRuntimePolicyMapInput` via: // @@ -595,12 +715,6 @@ func (i HostRuntimePolicyMap) ToHostRuntimePolicyMapOutputWithContext(ctx contex return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMapOutput) } -func (i HostRuntimePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*HostRuntimePolicy] { - return pulumix.Output[map[string]*HostRuntimePolicy]{ - OutputState: i.ToHostRuntimePolicyMapOutputWithContext(ctx).OutputState, - } -} - type HostRuntimePolicyOutput struct{ *pulumi.OutputState } func (HostRuntimePolicyOutput) ElementType() reflect.Type { @@ -615,10 +729,14 @@ func (o HostRuntimePolicyOutput) ToHostRuntimePolicyOutputWithContext(ctx contex return o } -func (o HostRuntimePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicy] { - return pulumix.Output[*HostRuntimePolicy]{ - OutputState: o.OutputState, - } +// Allowed executables configuration. +func (o HostRuntimePolicyOutput) AllowedExecutables() HostRuntimePolicyAllowedExecutableArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyAllowedExecutableArrayOutput { return v.AllowedExecutables }).(HostRuntimePolicyAllowedExecutableArrayOutput) +} + +// List of allowed registries. +func (o HostRuntimePolicyOutput) AllowedRegistries() HostRuntimePolicyAllowedRegistryArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyAllowedRegistryArrayOutput { return v.AllowedRegistries }).(HostRuntimePolicyAllowedRegistryArrayOutput) } // Indicates the application scope of the service. @@ -626,11 +744,6 @@ func (o HostRuntimePolicyOutput) ApplicationScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) } -// If true, all process activity will be audited. -func (o HostRuntimePolicyOutput) AuditAllOsUserActivity() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditAllOsUserActivity }).(pulumi.BoolPtrOutput) -} - // Detects brute force login attempts func (o HostRuntimePolicyOutput) AuditBruteForceLogin() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditBruteForceLogin }).(pulumi.BoolPtrOutput) @@ -656,32 +769,101 @@ func (o HostRuntimePolicyOutput) AuditUserAccountManagement() pulumi.BoolPtrOutp return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.AuditUserAccountManagement }).(pulumi.BoolPtrOutput) } +func (o HostRuntimePolicyOutput) Auditing() HostRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyAuditingOutput { return v.Auditing }).(HostRuntimePolicyAuditingOutput) +} + // Username of the account that created the service. func (o HostRuntimePolicyOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) } +func (o HostRuntimePolicyOutput) BlacklistedOsUsers() HostRuntimePolicyBlacklistedOsUsersOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyBlacklistedOsUsersOutput { return v.BlacklistedOsUsers }).(HostRuntimePolicyBlacklistedOsUsersOutput) +} + +func (o HostRuntimePolicyOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockContainerExec }).(pulumi.BoolPtrOutput) +} + // Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining func (o HostRuntimePolicyOutput) BlockCryptocurrencyMining() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockCryptocurrencyMining }).(pulumi.BoolPtrOutput) } +func (o HostRuntimePolicyOutput) BlockDisallowedImages() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockDisallowedImages }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) BlockFilelessExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockFilelessExec }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) BlockNonCompliantWorkloads() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockNonCompliantWorkloads }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) BlockNonK8sContainers() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.BlockNonK8sContainers }).(pulumi.BoolPtrOutput) +} + // List of files that are prevented from being read, modified and executed in the containers. func (o HostRuntimePolicyOutput) BlockedFiles() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringArrayOutput { return v.BlockedFiles }).(pulumi.StringArrayOutput) } +// Bypass scope configuration. +func (o HostRuntimePolicyOutput) BypassScopes() HostRuntimePolicyBypassScopeArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyBypassScopeArrayOutput { return v.BypassScopes }).(HostRuntimePolicyBypassScopeArrayOutput) +} + +func (o HostRuntimePolicyOutput) ContainerExec() HostRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyContainerExecOutput { return v.ContainerExec }).(HostRuntimePolicyContainerExecOutput) +} + +func (o HostRuntimePolicyOutput) Created() pulumi.StringOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringOutput { return v.Created }).(pulumi.StringOutput) +} + +func (o HostRuntimePolicyOutput) Cve() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.Cve }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) DefaultSecurityProfile() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.DefaultSecurityProfile }).(pulumi.StringPtrOutput) +} + // The description of the host runtime policy func (o HostRuntimePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. -func (o HostRuntimePolicyOutput) EnableIpReputationSecurity() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableIpReputationSecurity }).(pulumi.BoolPtrOutput) +func (o HostRuntimePolicyOutput) Digest() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.Digest }).(pulumi.StringPtrOutput) +} + +// Drift prevention configuration. +func (o HostRuntimePolicyOutput) DriftPreventions() HostRuntimePolicyDriftPreventionArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyDriftPreventionArrayOutput { return v.DriftPreventions }).(HostRuntimePolicyDriftPreventionArrayOutput) } -// Indicates if the runtime policy is enabled or not. +func (o HostRuntimePolicyOutput) EnableCryptoMiningDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableCryptoMiningDns }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) EnableForkGuard() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableForkGuard }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) EnableIpReputation() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.EnableIpReputation }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) EnablePortScanProtection() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.EnablePortScanProtection }).(pulumi.BoolPtrOutput) +} + +// Whether allowed executables configuration is enabled. func (o HostRuntimePolicyOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -696,16 +878,77 @@ func (o HostRuntimePolicyOutput) EnforceAfterDays() pulumi.IntPtrOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.IntPtrOutput { return v.EnforceAfterDays }).(pulumi.IntPtrOutput) } +func (o HostRuntimePolicyOutput) EnforceSchedulerAddedOn() pulumi.IntOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.IntOutput { return v.EnforceSchedulerAddedOn }).(pulumi.IntOutput) +} + +// List of excluded application scopes. +func (o HostRuntimePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + +// Executable blacklist configuration. +func (o HostRuntimePolicyOutput) ExecutableBlacklists() HostRuntimePolicyExecutableBlacklistArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyExecutableBlacklistArrayOutput { + return v.ExecutableBlacklists + }).(HostRuntimePolicyExecutableBlacklistArrayOutput) +} + +func (o HostRuntimePolicyOutput) FailedKubernetesChecks() HostRuntimePolicyFailedKubernetesChecksOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyFailedKubernetesChecksOutput { + return v.FailedKubernetesChecks + }).(HostRuntimePolicyFailedKubernetesChecksOutput) +} + +func (o HostRuntimePolicyOutput) FileBlock() HostRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyFileBlockOutput { return v.FileBlock }).(HostRuntimePolicyFileBlockOutput) +} + // Configuration for file integrity monitoring. -func (o HostRuntimePolicyOutput) FileIntegrityMonitoring() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { +func (o HostRuntimePolicyOutput) FileIntegrityMonitoring() HostRuntimePolicyFileIntegrityMonitoringOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyFileIntegrityMonitoringOutput { return v.FileIntegrityMonitoring - }).(HostRuntimePolicyFileIntegrityMonitoringPtrOutput) + }).(HostRuntimePolicyFileIntegrityMonitoringOutput) +} + +func (o HostRuntimePolicyOutput) ForkGuardProcessLimit() pulumi.IntPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.IntPtrOutput { return v.ForkGuardProcessLimit }).(pulumi.IntPtrOutput) +} + +func (o HostRuntimePolicyOutput) ImageName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.ImageName }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) IsAutoGenerated() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.IsAutoGenerated }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) IsOotbPolicy() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.IsOotbPolicy }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) Lastupdate() pulumi.IntOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.IntOutput { return v.Lastupdate }).(pulumi.IntOutput) +} + +// Container privileges configuration. +func (o HostRuntimePolicyOutput) LimitContainerPrivileges() HostRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyLimitContainerPrivilegeArrayOutput { + return v.LimitContainerPrivileges + }).(HostRuntimePolicyLimitContainerPrivilegeArrayOutput) +} + +func (o HostRuntimePolicyOutput) LinuxCapabilities() HostRuntimePolicyLinuxCapabilitiesOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyLinuxCapabilitiesOutput { return v.LinuxCapabilities }).(HostRuntimePolicyLinuxCapabilitiesOutput) } // Configuration for Real-Time Malware Protection. -func (o HostRuntimePolicyOutput) MalwareScanOptions() HostRuntimePolicyMalwareScanOptionsPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyMalwareScanOptionsPtrOutput { return v.MalwareScanOptions }).(HostRuntimePolicyMalwareScanOptionsPtrOutput) +func (o HostRuntimePolicyOutput) MalwareScanOptions() HostRuntimePolicyMalwareScanOptionsOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyMalwareScanOptionsOutput { return v.MalwareScanOptions }).(HostRuntimePolicyMalwareScanOptionsOutput) } // If true, system log will be monitored. @@ -723,11 +966,19 @@ func (o HostRuntimePolicyOutput) MonitorWindowsServices() pulumi.BoolPtrOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.MonitorWindowsServices }).(pulumi.BoolPtrOutput) } -// Name of the host runtime policy +// Name assigned to the attribute. func (o HostRuntimePolicyOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } +func (o HostRuntimePolicyOutput) NoNewPrivileges() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.NoNewPrivileges }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyOutput) OnlyRegisteredImages() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.OnlyRegisteredImages }).(pulumi.BoolPtrOutput) +} + // List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. func (o HostRuntimePolicyOutput) OsGroupsAlloweds() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringArrayOutput { return v.OsGroupsAlloweds }).(pulumi.StringArrayOutput) @@ -748,14 +999,63 @@ func (o HostRuntimePolicyOutput) OsUsersBlockeds() pulumi.StringArrayOutput { return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringArrayOutput { return v.OsUsersBlockeds }).(pulumi.StringArrayOutput) } -// List of packages that are not allowed read, write or execute all files that under the packages. -func (o HostRuntimePolicyOutput) PackageBlocks() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringArrayOutput { return v.PackageBlocks }).(pulumi.StringArrayOutput) +func (o HostRuntimePolicyOutput) PackageBlocks() HostRuntimePolicyPackageBlockArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyPackageBlockArrayOutput { return v.PackageBlocks }).(HostRuntimePolicyPackageBlockArrayOutput) +} + +func (o HostRuntimePolicyOutput) Permission() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.Permission }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) PortBlock() HostRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyPortBlockOutput { return v.PortBlock }).(HostRuntimePolicyPortBlockOutput) +} + +func (o HostRuntimePolicyOutput) ReadonlyFiles() HostRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyReadonlyFilesOutput { return v.ReadonlyFiles }).(HostRuntimePolicyReadonlyFilesOutput) +} + +func (o HostRuntimePolicyOutput) ReadonlyRegistry() HostRuntimePolicyReadonlyRegistryOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyReadonlyRegistryOutput { return v.ReadonlyRegistry }).(HostRuntimePolicyReadonlyRegistryOutput) +} + +func (o HostRuntimePolicyOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.Registry }).(pulumi.StringPtrOutput) } -// If true, port scanning behaviors will be audited. -func (o HostRuntimePolicyOutput) PortScanningDetection() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) pulumi.BoolPtrOutput { return v.PortScanningDetection }).(pulumi.BoolPtrOutput) +func (o HostRuntimePolicyOutput) RegistryAccessMonitoring() HostRuntimePolicyRegistryAccessMonitoringOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyRegistryAccessMonitoringOutput { + return v.RegistryAccessMonitoring + }).(HostRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (o HostRuntimePolicyOutput) RepoName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.RepoName }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) ResourceName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.ResourceName }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) ResourceType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.ResourceType }).(pulumi.StringPtrOutput) +} + +// Restricted volumes configuration. +func (o HostRuntimePolicyOutput) RestrictedVolumes() HostRuntimePolicyRestrictedVolumeArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyRestrictedVolumeArrayOutput { return v.RestrictedVolumes }).(HostRuntimePolicyRestrictedVolumeArrayOutput) +} + +func (o HostRuntimePolicyOutput) ReverseShell() HostRuntimePolicyReverseShellOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyReverseShellOutput { return v.ReverseShell }).(HostRuntimePolicyReverseShellOutput) +} + +func (o HostRuntimePolicyOutput) RuntimeMode() pulumi.IntPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.IntPtrOutput { return v.RuntimeMode }).(pulumi.IntPtrOutput) +} + +func (o HostRuntimePolicyOutput) RuntimeType() pulumi.StringOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringOutput { return v.RuntimeType }).(pulumi.StringOutput) } // Logical expression of how to compute the dependency of the scope variables. @@ -768,18 +1068,39 @@ func (o HostRuntimePolicyOutput) ScopeVariables() HostRuntimePolicyScopeVariable return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyScopeVariableArrayOutput { return v.ScopeVariables }).(HostRuntimePolicyScopeVariableArrayOutput) } -// Configuration for windows registry monitoring. -func (o HostRuntimePolicyOutput) WindowsRegistryMonitoring() HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return v.WindowsRegistryMonitoring - }).(HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) +// Scope configuration. +func (o HostRuntimePolicyOutput) Scopes() HostRuntimePolicyScopeArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyScopeArrayOutput { return v.Scopes }).(HostRuntimePolicyScopeArrayOutput) +} + +func (o HostRuntimePolicyOutput) SystemIntegrityProtection() HostRuntimePolicySystemIntegrityProtectionOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicySystemIntegrityProtectionOutput { + return v.SystemIntegrityProtection + }).(HostRuntimePolicySystemIntegrityProtectionOutput) } -// Configuration for windows registry protection. -func (o HostRuntimePolicyOutput) WindowsRegistryProtection() HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return v.WindowsRegistryProtection - }).(HostRuntimePolicyWindowsRegistryProtectionPtrOutput) +func (o HostRuntimePolicyOutput) Tripwire() HostRuntimePolicyTripwireOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyTripwireOutput { return v.Tripwire }).(HostRuntimePolicyTripwireOutput) +} + +func (o HostRuntimePolicyOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +func (o HostRuntimePolicyOutput) Updated() pulumi.StringOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringOutput { return v.Updated }).(pulumi.StringOutput) +} + +func (o HostRuntimePolicyOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) VpatchVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicy) pulumi.StringPtrOutput { return v.VpatchVersion }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyOutput) WhitelistedOsUsers() HostRuntimePolicyWhitelistedOsUsersOutput { + return o.ApplyT(func(v *HostRuntimePolicy) HostRuntimePolicyWhitelistedOsUsersOutput { return v.WhitelistedOsUsers }).(HostRuntimePolicyWhitelistedOsUsersOutput) } type HostRuntimePolicyArrayOutput struct{ *pulumi.OutputState } @@ -796,12 +1117,6 @@ func (o HostRuntimePolicyArrayOutput) ToHostRuntimePolicyArrayOutputWithContext( return o } -func (o HostRuntimePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*HostRuntimePolicy] { - return pulumix.Output[[]*HostRuntimePolicy]{ - OutputState: o.OutputState, - } -} - func (o HostRuntimePolicyArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *HostRuntimePolicy { return vs[0].([]*HostRuntimePolicy)[vs[1].(int)] @@ -822,12 +1137,6 @@ func (o HostRuntimePolicyMapOutput) ToHostRuntimePolicyMapOutputWithContext(ctx return o } -func (o HostRuntimePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*HostRuntimePolicy] { - return pulumix.Output[map[string]*HostRuntimePolicy]{ - OutputState: o.OutputState, - } -} - func (o HostRuntimePolicyMapOutput) MapIndex(k pulumi.StringInput) HostRuntimePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *HostRuntimePolicy { return vs[0].(map[string]*HostRuntimePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/image.go b/sdk/go/aquasec/image.go index 62c27139..bd854ca8 100644 --- a/sdk/go/aquasec/image.go +++ b/sdk/go/aquasec/image.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -438,12 +437,6 @@ func (i *Image) ToImageOutputWithContext(ctx context.Context) ImageOutput { return pulumi.ToOutputWithContext(ctx, i).(ImageOutput) } -func (i *Image) ToOutput(ctx context.Context) pulumix.Output[*Image] { - return pulumix.Output[*Image]{ - OutputState: i.ToImageOutputWithContext(ctx).OutputState, - } -} - // ImageArrayInput is an input type that accepts ImageArray and ImageArrayOutput values. // You can construct a concrete instance of `ImageArrayInput` via: // @@ -469,12 +462,6 @@ func (i ImageArray) ToImageArrayOutputWithContext(ctx context.Context) ImageArra return pulumi.ToOutputWithContext(ctx, i).(ImageArrayOutput) } -func (i ImageArray) ToOutput(ctx context.Context) pulumix.Output[[]*Image] { - return pulumix.Output[[]*Image]{ - OutputState: i.ToImageArrayOutputWithContext(ctx).OutputState, - } -} - // ImageMapInput is an input type that accepts ImageMap and ImageMapOutput values. // You can construct a concrete instance of `ImageMapInput` via: // @@ -500,12 +487,6 @@ func (i ImageMap) ToImageMapOutputWithContext(ctx context.Context) ImageMapOutpu return pulumi.ToOutputWithContext(ctx, i).(ImageMapOutput) } -func (i ImageMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Image] { - return pulumix.Output[map[string]*Image]{ - OutputState: i.ToImageMapOutputWithContext(ctx).OutputState, - } -} - type ImageOutput struct{ *pulumi.OutputState } func (ImageOutput) ElementType() reflect.Type { @@ -520,12 +501,6 @@ func (o ImageOutput) ToImageOutputWithContext(ctx context.Context) ImageOutput { return o } -func (o ImageOutput) ToOutput(ctx context.Context) pulumix.Output[*Image] { - return pulumix.Output[*Image]{ - OutputState: o.OutputState, - } -} - // If this field is set to true, the image will be whitelisted. func (o ImageOutput) AllowImage() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Image) pulumi.BoolPtrOutput { return v.AllowImage }).(pulumi.BoolPtrOutput) @@ -805,12 +780,6 @@ func (o ImageArrayOutput) ToImageArrayOutputWithContext(ctx context.Context) Ima return o } -func (o ImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Image] { - return pulumix.Output[[]*Image]{ - OutputState: o.OutputState, - } -} - func (o ImageArrayOutput) Index(i pulumi.IntInput) ImageOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Image { return vs[0].([]*Image)[vs[1].(int)] @@ -831,12 +800,6 @@ func (o ImageMapOutput) ToImageMapOutputWithContext(ctx context.Context) ImageMa return o } -func (o ImageMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Image] { - return pulumix.Output[map[string]*Image]{ - OutputState: o.OutputState, - } -} - func (o ImageMapOutput) MapIndex(k pulumi.StringInput) ImageOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Image { return vs[0].(map[string]*Image)[vs[1].(string)] diff --git a/sdk/go/aquasec/imageAssurancePolicy.go b/sdk/go/aquasec/imageAssurancePolicy.go index 8a3cb9ba..2dd91cd8 100644 --- a/sdk/go/aquasec/imageAssurancePolicy.go +++ b/sdk/go/aquasec/imageAssurancePolicy.go @@ -9,16 +9,20 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) +// Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. type ImageAssurancePolicy struct { pulumi.CustomResourceState + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapOutput `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages pulumi.StringArrayOutput `pulumi:"allowedImages"` ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType pulumi.StringOutput `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrOutput `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -32,7 +36,7 @@ type ImageAssurancePolicy struct { BlacklistPermissionsEnabled pulumi.BoolPtrOutput `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayOutput `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrOutput `pulumi:"blockFailed"` @@ -41,8 +45,9 @@ type ImageAssurancePolicy struct { CustomChecks ImageAssurancePolicyCustomCheckArrayOutput `pulumi:"customChecks"` // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrOutput `pulumi:"customChecksEnabled"` + CustomSeverity pulumi.StringOutput `pulumi:"customSeverity"` CustomSeverityEnabled pulumi.BoolPtrOutput `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"cvesBlackListEnabled"` // List of cves blacklisted items. CvesBlackLists pulumi.StringArrayOutput `pulumi:"cvesBlackLists"` @@ -55,10 +60,12 @@ type ImageAssurancePolicy struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled pulumi.BoolPtrOutput `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` - Description pulumi.StringPtrOutput `pulumi:"description"` + CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` + Description pulumi.StringPtrOutput `pulumi:"description"` + DisallowExploitTypes pulumi.StringArrayOutput `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrOutput `pulumi:"dockerCisEnabled"` // Name of the container image. Domain pulumi.StringPtrOutput `pulumi:"domain"` @@ -70,52 +77,67 @@ type ImageAssurancePolicy struct { EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` EnforceExcessivePermissions pulumi.BoolPtrOutput `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. FailCicd pulumi.BoolPtrOutput `pulumi:"failCicd"` ForbiddenLabels ImageAssurancePolicyForbiddenLabelArrayOutput `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled pulumi.BoolPtrOutput `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer pulumi.BoolPtrOutput `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled pulumi.BoolPtrOutput `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln pulumi.BoolPtrOutput `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln pulumi.BoolPtrOutput `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod pulumi.IntOutput `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrOutput `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources pulumi.StringArrayOutput `pulumi:"ignoredSensitiveResources"` // List of images. - Images pulumi.StringArrayOutput `pulumi:"images"` - KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + Images pulumi.StringArrayOutput `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls ImageAssurancePolicyKubernetesControlsPtrOutput `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds pulumi.StringArrayOutput `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames pulumi.StringArrayOutput `pulumi:"kubernetesControlsNames"` // List of labels. - Labels pulumi.StringArrayOutput `pulumi:"labels"` - MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` + Labels pulumi.StringArrayOutput `pulumi:"labels"` + Lastupdate pulumi.StringOutput `pulumi:"lastupdate"` + LinuxCisEnabled pulumi.BoolPtrOutput `pulumi:"linuxCisEnabled"` + MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore pulumi.Float64PtrOutput `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled pulumi.BoolPtrOutput `pulumi:"maximumScoreEnabled"` - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled pulumi.BoolPtrOutput `pulumi:"maximumScoreEnabled"` MaximumScoreExcludeNoFix pulumi.BoolPtrOutput `pulumi:"maximumScoreExcludeNoFix"` MonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"monitoredMalwarePaths"` Name pulumi.StringOutput `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled pulumi.BoolPtrOutput `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists ImageAssurancePolicyPackagesBlackListArrayOutput `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists ImageAssurancePolicyPackagesWhiteListArrayOutput `pulumi:"packagesWhiteLists"` PartialResultsImageFail pulumi.BoolPtrOutput `pulumi:"partialResultsImageFail"` + Permission pulumi.StringOutput `pulumi:"permission"` + PolicySettings ImageAssurancePolicyPolicySettingsOutput `pulumi:"policySettings"` ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` // List of registries. Registries pulumi.StringArrayOutput `pulumi:"registries"` Registry pulumi.StringPtrOutput `pulumi:"registry"` RequiredLabels ImageAssurancePolicyRequiredLabelArrayOutput `pulumi:"requiredLabels"` RequiredLabelsEnabled pulumi.BoolPtrOutput `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives pulumi.BoolPtrOutput `pulumi:"scanMalwareInArchives"` ScanNfsMounts pulumi.BoolPtrOutput `pulumi:"scanNfsMounts"` + ScanProcessMemory pulumi.BoolPtrOutput `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanWindowsRegistry pulumi.BoolPtrOutput `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrOutput `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -124,7 +146,9 @@ type ImageAssurancePolicy struct { // List of trusted images. TrustedBaseImages ImageAssurancePolicyTrustedBaseImageArrayOutput `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability pulumi.BoolPtrOutput `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges pulumi.IntArrayOutput `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayOutput `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -164,9 +188,13 @@ func GetImageAssurancePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering ImageAssurancePolicy resources. type imageAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure *bool `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -180,7 +208,7 @@ type imageAssurancePolicyState struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -188,9 +216,10 @@ type imageAssurancePolicyState struct { // List of Custom user scripts for checks. CustomChecks []ImageAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` // List of cves blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` @@ -203,10 +232,12 @@ type imageAssurancePolicyState struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain *string `pulumi:"domain"` @@ -218,52 +249,67 @@ type imageAssurancePolicyState struct { EnforceAfterDays *int `pulumi:"enforceAfterDays"` EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. FailCicd *bool `pulumi:"failCicd"` ForbiddenLabels []ImageAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls *ImageAssurancePolicyKubernetesControls `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` MaximumScoreExcludeNoFix *bool `pulumi:"maximumScoreExcludeNoFix"` MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []ImageAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []ImageAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *ImageAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []ImageAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -272,7 +318,9 @@ type imageAssurancePolicyState struct { // List of trusted images. TrustedBaseImages []ImageAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -280,9 +328,13 @@ type imageAssurancePolicyState struct { } type ImageAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrInput // Name of user account that created the policy. @@ -296,7 +348,7 @@ type ImageAssurancePolicyState struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -305,8 +357,9 @@ type ImageAssurancePolicyState struct { CustomChecks ImageAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput // List of cves blacklisted items. CvesBlackLists pulumi.StringArrayInput @@ -321,8 +374,10 @@ type ImageAssurancePolicyState struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. Domain pulumi.StringPtrInput @@ -334,52 +389,67 @@ type ImageAssurancePolicyState struct { EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput // Indicates if cicd failures will fail the image. FailCicd pulumi.BoolPtrInput ForbiddenLabels ImageAssurancePolicyForbiddenLabelArrayInput ForbiddenLabelsEnabled pulumi.BoolPtrInput ForceMicroenforcer pulumi.BoolPtrInput FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls ImageAssurancePolicyKubernetesControlsPtrInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled pulumi.BoolPtrInput - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled pulumi.BoolPtrInput MaximumScoreExcludeNoFix pulumi.BoolPtrInput MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists ImageAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists ImageAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings ImageAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels ImageAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -388,7 +458,9 @@ type ImageAssurancePolicyState struct { // List of trusted images. TrustedBaseImages ImageAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. @@ -400,11 +472,17 @@ func (ImageAssurancePolicyState) ElementType() reflect.Type { } type imageAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. - AuditOnFailure *bool `pulumi:"auditOnFailure"` + AuditOnFailure *bool `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author *string `pulumi:"author"` AutoScanConfigured *bool `pulumi:"autoScanConfigured"` AutoScanEnabled *bool `pulumi:"autoScanEnabled"` AutoScanTimes []ImageAssurancePolicyAutoScanTime `pulumi:"autoScanTimes"` @@ -414,7 +492,7 @@ type imageAssurancePolicyArgs struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -422,9 +500,10 @@ type imageAssurancePolicyArgs struct { // List of Custom user scripts for checks. CustomChecks []ImageAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` // List of cves blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` @@ -437,10 +516,12 @@ type imageAssurancePolicyArgs struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. Domain *string `pulumi:"domain"` @@ -452,51 +533,67 @@ type imageAssurancePolicyArgs struct { EnforceAfterDays *int `pulumi:"enforceAfterDays"` EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` // Indicates if cicd failures will fail the image. - FailCicd *bool `pulumi:"failCicd"` - ForbiddenLabels []ImageAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` - ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` - ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` - FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` - IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + FailCicd *bool `pulumi:"failCicd"` + ForbiddenLabels []ImageAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` + ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` + ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` + FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` + IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls *ImageAssurancePolicyKubernetesControls `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` MaximumScoreExcludeNoFix *bool `pulumi:"maximumScoreExcludeNoFix"` MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []ImageAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []ImageAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *ImageAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []ImageAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -505,7 +602,9 @@ type imageAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages []ImageAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -514,11 +613,17 @@ type imageAssurancePolicyArgs struct { // The set of arguments for constructing a ImageAssurancePolicy resource. type ImageAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. - AuditOnFailure pulumi.BoolPtrInput + AuditOnFailure pulumi.BoolPtrInput + // Name of user account that created the policy. + Author pulumi.StringPtrInput AutoScanConfigured pulumi.BoolPtrInput AutoScanEnabled pulumi.BoolPtrInput AutoScanTimes ImageAssurancePolicyAutoScanTimeArrayInput @@ -528,7 +633,7 @@ type ImageAssurancePolicyArgs struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -537,8 +642,9 @@ type ImageAssurancePolicyArgs struct { CustomChecks ImageAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput // List of cves blacklisted items. CvesBlackLists pulumi.StringArrayInput @@ -553,8 +659,10 @@ type ImageAssurancePolicyArgs struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. Domain pulumi.StringPtrInput @@ -566,51 +674,67 @@ type ImageAssurancePolicyArgs struct { EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput // Indicates if cicd failures will fail the image. - FailCicd pulumi.BoolPtrInput - ForbiddenLabels ImageAssurancePolicyForbiddenLabelArrayInput - ForbiddenLabelsEnabled pulumi.BoolPtrInput - ForceMicroenforcer pulumi.BoolPtrInput - FunctionIntegrityEnabled pulumi.BoolPtrInput - IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + FailCicd pulumi.BoolPtrInput + ForbiddenLabels ImageAssurancePolicyForbiddenLabelArrayInput + ForbiddenLabelsEnabled pulumi.BoolPtrInput + ForceMicroenforcer pulumi.BoolPtrInput + FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls ImageAssurancePolicyKubernetesControlsPtrInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. - MaximumScoreEnabled pulumi.BoolPtrInput - // Indicates that policy should ignore cases that do not have a known fix. + MaximumScoreEnabled pulumi.BoolPtrInput MaximumScoreExcludeNoFix pulumi.BoolPtrInput MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists ImageAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists ImageAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings ImageAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels ImageAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -619,7 +743,9 @@ type ImageAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages ImageAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. @@ -649,12 +775,6 @@ func (i *ImageAssurancePolicy) ToImageAssurancePolicyOutputWithContext(ctx conte return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyOutput) } -func (i *ImageAssurancePolicy) ToOutput(ctx context.Context) pulumix.Output[*ImageAssurancePolicy] { - return pulumix.Output[*ImageAssurancePolicy]{ - OutputState: i.ToImageAssurancePolicyOutputWithContext(ctx).OutputState, - } -} - // ImageAssurancePolicyArrayInput is an input type that accepts ImageAssurancePolicyArray and ImageAssurancePolicyArrayOutput values. // You can construct a concrete instance of `ImageAssurancePolicyArrayInput` via: // @@ -680,12 +800,6 @@ func (i ImageAssurancePolicyArray) ToImageAssurancePolicyArrayOutputWithContext( return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyArrayOutput) } -func (i ImageAssurancePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*ImageAssurancePolicy] { - return pulumix.Output[[]*ImageAssurancePolicy]{ - OutputState: i.ToImageAssurancePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // ImageAssurancePolicyMapInput is an input type that accepts ImageAssurancePolicyMap and ImageAssurancePolicyMapOutput values. // You can construct a concrete instance of `ImageAssurancePolicyMapInput` via: // @@ -711,12 +825,6 @@ func (i ImageAssurancePolicyMap) ToImageAssurancePolicyMapOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyMapOutput) } -func (i ImageAssurancePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*ImageAssurancePolicy] { - return pulumix.Output[map[string]*ImageAssurancePolicy]{ - OutputState: i.ToImageAssurancePolicyMapOutputWithContext(ctx).OutputState, - } -} - type ImageAssurancePolicyOutput struct{ *pulumi.OutputState } func (ImageAssurancePolicyOutput) ElementType() reflect.Type { @@ -731,10 +839,9 @@ func (o ImageAssurancePolicyOutput) ToImageAssurancePolicyOutputWithContext(ctx return o } -func (o ImageAssurancePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*ImageAssurancePolicy] { - return pulumix.Output[*ImageAssurancePolicy]{ - OutputState: o.OutputState, - } +// Aggregated vulnerability information. +func (o ImageAssurancePolicyOutput) AggregatedVulnerability() pulumi.StringMapOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringMapOutput { return v.AggregatedVulnerability }).(pulumi.StringMapOutput) } // List of explicitly allowed images. @@ -746,6 +853,11 @@ func (o ImageAssurancePolicyOutput) ApplicationScopes() pulumi.StringArrayOutput return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) } +// What type of assurance policy is described. +func (o ImageAssurancePolicyOutput) AssuranceType() pulumi.StringOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringOutput { return v.AssuranceType }).(pulumi.StringOutput) +} + // Indicates if auditing for failures. func (o ImageAssurancePolicyOutput) AuditOnFailure() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.AuditOnFailure }).(pulumi.BoolPtrOutput) @@ -783,7 +895,7 @@ func (o ImageAssurancePolicyOutput) BlacklistedLicenses() pulumi.StringArrayOutp return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o ImageAssurancePolicyOutput) BlacklistedLicensesEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.BlacklistedLicensesEnabled }).(pulumi.BoolPtrOutput) } @@ -807,11 +919,15 @@ func (o ImageAssurancePolicyOutput) CustomChecksEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomChecksEnabled }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) CustomSeverity() pulumi.StringOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringOutput { return v.CustomSeverity }).(pulumi.StringOutput) +} + func (o ImageAssurancePolicyOutput) CustomSeverityEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomSeverityEnabled }).(pulumi.BoolPtrOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o ImageAssurancePolicyOutput) CvesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesBlackListEnabled }).(pulumi.BoolPtrOutput) } @@ -850,11 +966,16 @@ func (o ImageAssurancePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } +func (o ImageAssurancePolicyOutput) DisallowExploitTypes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.DisallowExploitTypes }).(pulumi.StringArrayOutput) +} + // Indicates if malware should block the image. func (o ImageAssurancePolicyOutput) DisallowMalware() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.DisallowMalware }).(pulumi.BoolPtrOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o ImageAssurancePolicyOutput) DockerCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.DockerCisEnabled }).(pulumi.BoolPtrOutput) } @@ -896,6 +1017,10 @@ func (o ImageAssurancePolicyOutput) ExceptionalMonitoredMalwarePaths() pulumi.St return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.ExceptionalMonitoredMalwarePaths }).(pulumi.StringArrayOutput) } +func (o ImageAssurancePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + // Indicates if cicd failures will fail the image. func (o ImageAssurancePolicyOutput) FailCicd() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.FailCicd }).(pulumi.BoolPtrOutput) @@ -917,6 +1042,10 @@ func (o ImageAssurancePolicyOutput) FunctionIntegrityEnabled() pulumi.BoolPtrOut return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.FunctionIntegrityEnabled }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) IgnoreBaseImageVln() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreBaseImageVln }).(pulumi.BoolPtrOutput) +} + func (o ImageAssurancePolicyOutput) IgnoreRecentlyPublishedVln() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreRecentlyPublishedVln }).(pulumi.BoolPtrOutput) } @@ -935,20 +1064,48 @@ func (o ImageAssurancePolicyOutput) IgnoredRiskResources() pulumi.StringArrayOut return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredRiskResources }).(pulumi.StringArrayOutput) } +func (o ImageAssurancePolicyOutput) IgnoredSensitiveResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredSensitiveResources }).(pulumi.StringArrayOutput) +} + // List of images. func (o ImageAssurancePolicyOutput) Images() pulumi.StringArrayOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o ImageAssurancePolicyOutput) KubeCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.KubeCisEnabled }).(pulumi.BoolPtrOutput) } +// List of Kubernetes controls. +func (o ImageAssurancePolicyOutput) KubernetesControls() ImageAssurancePolicyKubernetesControlsPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) ImageAssurancePolicyKubernetesControlsPtrOutput { + return v.KubernetesControls + }).(ImageAssurancePolicyKubernetesControlsPtrOutput) +} + +func (o ImageAssurancePolicyOutput) KubernetesControlsAvdIds() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsAvdIds }).(pulumi.StringArrayOutput) +} + +func (o ImageAssurancePolicyOutput) KubernetesControlsNames() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsNames }).(pulumi.StringArrayOutput) +} + // List of labels. func (o ImageAssurancePolicyOutput) Labels() pulumi.StringArrayOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.Labels }).(pulumi.StringArrayOutput) } +func (o ImageAssurancePolicyOutput) Lastupdate() pulumi.StringOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringOutput { return v.Lastupdate }).(pulumi.StringOutput) +} + +func (o ImageAssurancePolicyOutput) LinuxCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.LinuxCisEnabled }).(pulumi.BoolPtrOutput) +} + func (o ImageAssurancePolicyOutput) MalwareAction() pulumi.StringPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringPtrOutput { return v.MalwareAction }).(pulumi.StringPtrOutput) } @@ -963,7 +1120,6 @@ func (o ImageAssurancePolicyOutput) MaximumScoreEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.MaximumScoreEnabled }).(pulumi.BoolPtrOutput) } -// Indicates that policy should ignore cases that do not have a known fix. func (o ImageAssurancePolicyOutput) MaximumScoreExcludeNoFix() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.MaximumScoreExcludeNoFix }).(pulumi.BoolPtrOutput) } @@ -981,12 +1137,16 @@ func (o ImageAssurancePolicyOutput) OnlyNoneRootUsers() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.OnlyNoneRootUsers }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) OpenshiftHardeningEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.OpenshiftHardeningEnabled }).(pulumi.BoolPtrOutput) +} + // Indicates if packages blacklist is relevant. func (o ImageAssurancePolicyOutput) PackagesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.PackagesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of backlisted images. +// List of blacklisted images. func (o ImageAssurancePolicyOutput) PackagesBlackLists() ImageAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v *ImageAssurancePolicy) ImageAssurancePolicyPackagesBlackListArrayOutput { return v.PackagesBlackLists @@ -1009,6 +1169,14 @@ func (o ImageAssurancePolicyOutput) PartialResultsImageFail() pulumi.BoolPtrOutp return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.PartialResultsImageFail }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) Permission() pulumi.StringOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringOutput { return v.Permission }).(pulumi.StringOutput) +} + +func (o ImageAssurancePolicyOutput) PolicySettings() ImageAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) ImageAssurancePolicyPolicySettingsOutput { return v.PolicySettings }).(ImageAssurancePolicyPolicySettingsOutput) +} + func (o ImageAssurancePolicyOutput) ReadOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) } @@ -1030,15 +1198,27 @@ func (o ImageAssurancePolicyOutput) RequiredLabelsEnabled() pulumi.BoolPtrOutput return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.RequiredLabelsEnabled }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) ScanMalwareInArchives() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanMalwareInArchives }).(pulumi.BoolPtrOutput) +} + func (o ImageAssurancePolicyOutput) ScanNfsMounts() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanNfsMounts }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) ScanProcessMemory() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanProcessMemory }).(pulumi.BoolPtrOutput) +} + // Indicates if scan should include sensitive data in the image. func (o ImageAssurancePolicyOutput) ScanSensitiveData() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanSensitiveData }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) ScanWindowsRegistry() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanWindowsRegistry }).(pulumi.BoolPtrOutput) +} + // Indicates if scanning should include scap. func (o ImageAssurancePolicyOutput) ScapEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.ScapEnabled }).(pulumi.BoolPtrOutput) @@ -1065,6 +1245,14 @@ func (o ImageAssurancePolicyOutput) TrustedBaseImagesEnabled() pulumi.BoolPtrOut return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.TrustedBaseImagesEnabled }).(pulumi.BoolPtrOutput) } +func (o ImageAssurancePolicyOutput) VulnerabilityExploitability() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.BoolPtrOutput { return v.VulnerabilityExploitability }).(pulumi.BoolPtrOutput) +} + +func (o ImageAssurancePolicyOutput) VulnerabilityScoreRanges() pulumi.IntArrayOutput { + return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.IntArrayOutput { return v.VulnerabilityScoreRanges }).(pulumi.IntArrayOutput) +} + // List of whitelisted licenses. func (o ImageAssurancePolicyOutput) WhitelistedLicenses() pulumi.StringArrayOutput { return o.ApplyT(func(v *ImageAssurancePolicy) pulumi.StringArrayOutput { return v.WhitelistedLicenses }).(pulumi.StringArrayOutput) @@ -1089,12 +1277,6 @@ func (o ImageAssurancePolicyArrayOutput) ToImageAssurancePolicyArrayOutputWithCo return o } -func (o ImageAssurancePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*ImageAssurancePolicy] { - return pulumix.Output[[]*ImageAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o ImageAssurancePolicyArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *ImageAssurancePolicy { return vs[0].([]*ImageAssurancePolicy)[vs[1].(int)] @@ -1115,12 +1297,6 @@ func (o ImageAssurancePolicyMapOutput) ToImageAssurancePolicyMapOutputWithContex return o } -func (o ImageAssurancePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*ImageAssurancePolicy] { - return pulumix.Output[map[string]*ImageAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o ImageAssurancePolicyMapOutput) MapIndex(k pulumi.StringInput) ImageAssurancePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *ImageAssurancePolicy { return vs[0].(map[string]*ImageAssurancePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/init.go b/sdk/go/aquasec/init.go index 97ed9d00..0a575209 100644 --- a/sdk/go/aquasec/init.go +++ b/sdk/go/aquasec/init.go @@ -69,6 +69,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &User{} case "aquasec:index/userSaas:UserSaas": r = &UserSaas{} + case "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": + r = &VmwareAssurancePolicy{} default: return nil, fmt.Errorf("unknown resource type: %s", typ) } @@ -220,6 +222,11 @@ func init() { "index/userSaas", &module{version}, ) + pulumi.RegisterResourceModule( + "aquasec", + "index/vmwareAssurancePolicy", + &module{version}, + ) pulumi.RegisterResourcePackage( "aquasec", &pkg{version}, diff --git a/sdk/go/aquasec/integrationRegistry.go b/sdk/go/aquasec/integrationRegistry.go index 0f43fb50..86e6b032 100644 --- a/sdk/go/aquasec/integrationRegistry.go +++ b/sdk/go/aquasec/integrationRegistry.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -56,6 +55,7 @@ import ( // Value: pulumi.String("nginx:latest"), // }, // }, +// Password: pulumi.String(""), // Prefixes: pulumi.StringArray{ // pulumi.String("111111111111.dkr.ecr.us-east-1.amazonaws.com"), // }, @@ -69,14 +69,11 @@ import ( // pulumi.String(":xyz"), // pulumi.String(":onlytest"), // }, -// ScannerNames: pulumi.StringArray{ -// pulumi.String("aqua-scanner-645f867c4f-4sbtj"), -// pulumi.String("aqua-scanner-645f867c4f-8pkdd"), -// }, -// ScannerType: pulumi.String("specific"), -// Type: pulumi.String("AWS"), -// Url: pulumi.String("us-east-1"), -// Username: pulumi.String(""), +// ScannerNames: pulumi.StringArray{}, +// ScannerType: pulumi.String("any"), +// Type: pulumi.String("AWS"), +// Url: pulumi.String("us-east-1"), +// Username: pulumi.String(""), // Webhooks: aquasec.IntegrationRegistryWebhookArray{ // &aquasec.IntegrationRegistryWebhookArgs{ // AuthToken: pulumi.String("test1-test2-test3"), @@ -142,7 +139,7 @@ type IntegrationRegistry struct { ScannerNames pulumi.StringArrayOutput `pulumi:"scannerNames"` // The Scanner type ScannerType pulumi.StringOutput `pulumi:"scannerType"` - // Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + // Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). Type pulumi.StringOutput `pulumi:"type"` // The URL, address or region of the registry Url pulumi.StringOutput `pulumi:"url"` @@ -230,7 +227,7 @@ type integrationRegistryState struct { ScannerNames []string `pulumi:"scannerNames"` // The Scanner type ScannerType *string `pulumi:"scannerType"` - // Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + // Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). Type *string `pulumi:"type"` // The URL, address or region of the registry Url *string `pulumi:"url"` @@ -286,7 +283,7 @@ type IntegrationRegistryState struct { ScannerNames pulumi.StringArrayInput // The Scanner type ScannerType pulumi.StringPtrInput - // Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + // Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). Type pulumi.StringPtrInput // The URL, address or region of the registry Url pulumi.StringPtrInput @@ -346,7 +343,7 @@ type integrationRegistryArgs struct { ScannerNames []string `pulumi:"scannerNames"` // The Scanner type ScannerType *string `pulumi:"scannerType"` - // Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + // Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). Type string `pulumi:"type"` // The URL, address or region of the registry Url *string `pulumi:"url"` @@ -403,7 +400,7 @@ type IntegrationRegistryArgs struct { ScannerNames pulumi.StringArrayInput // The Scanner type ScannerType pulumi.StringPtrInput - // Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + // Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). Type pulumi.StringInput // The URL, address or region of the registry Url pulumi.StringPtrInput @@ -436,12 +433,6 @@ func (i *IntegrationRegistry) ToIntegrationRegistryOutputWithContext(ctx context return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryOutput) } -func (i *IntegrationRegistry) ToOutput(ctx context.Context) pulumix.Output[*IntegrationRegistry] { - return pulumix.Output[*IntegrationRegistry]{ - OutputState: i.ToIntegrationRegistryOutputWithContext(ctx).OutputState, - } -} - // IntegrationRegistryArrayInput is an input type that accepts IntegrationRegistryArray and IntegrationRegistryArrayOutput values. // You can construct a concrete instance of `IntegrationRegistryArrayInput` via: // @@ -467,12 +458,6 @@ func (i IntegrationRegistryArray) ToIntegrationRegistryArrayOutputWithContext(ct return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryArrayOutput) } -func (i IntegrationRegistryArray) ToOutput(ctx context.Context) pulumix.Output[[]*IntegrationRegistry] { - return pulumix.Output[[]*IntegrationRegistry]{ - OutputState: i.ToIntegrationRegistryArrayOutputWithContext(ctx).OutputState, - } -} - // IntegrationRegistryMapInput is an input type that accepts IntegrationRegistryMap and IntegrationRegistryMapOutput values. // You can construct a concrete instance of `IntegrationRegistryMapInput` via: // @@ -498,12 +483,6 @@ func (i IntegrationRegistryMap) ToIntegrationRegistryMapOutputWithContext(ctx co return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryMapOutput) } -func (i IntegrationRegistryMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*IntegrationRegistry] { - return pulumix.Output[map[string]*IntegrationRegistry]{ - OutputState: i.ToIntegrationRegistryMapOutputWithContext(ctx).OutputState, - } -} - type IntegrationRegistryOutput struct{ *pulumi.OutputState } func (IntegrationRegistryOutput) ElementType() reflect.Type { @@ -518,12 +497,6 @@ func (o IntegrationRegistryOutput) ToIntegrationRegistryOutputWithContext(ctx co return o } -func (o IntegrationRegistryOutput) ToOutput(ctx context.Context) pulumix.Output[*IntegrationRegistry] { - return pulumix.Output[*IntegrationRegistry]{ - OutputState: o.OutputState, - } -} - // Automatically clean up that don't match the pull criteria func (o IntegrationRegistryOutput) AdvancedSettingsCleanup() pulumi.BoolPtrOutput { return o.ApplyT(func(v *IntegrationRegistry) pulumi.BoolPtrOutput { return v.AdvancedSettingsCleanup }).(pulumi.BoolPtrOutput) @@ -638,7 +611,7 @@ func (o IntegrationRegistryOutput) ScannerType() pulumi.StringOutput { return o.ApplyT(func(v *IntegrationRegistry) pulumi.StringOutput { return v.ScannerType }).(pulumi.StringOutput) } -// Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). +// Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). func (o IntegrationRegistryOutput) Type() pulumi.StringOutput { return o.ApplyT(func(v *IntegrationRegistry) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) } @@ -672,12 +645,6 @@ func (o IntegrationRegistryArrayOutput) ToIntegrationRegistryArrayOutputWithCont return o } -func (o IntegrationRegistryArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*IntegrationRegistry] { - return pulumix.Output[[]*IntegrationRegistry]{ - OutputState: o.OutputState, - } -} - func (o IntegrationRegistryArrayOutput) Index(i pulumi.IntInput) IntegrationRegistryOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *IntegrationRegistry { return vs[0].([]*IntegrationRegistry)[vs[1].(int)] @@ -698,12 +665,6 @@ func (o IntegrationRegistryMapOutput) ToIntegrationRegistryMapOutputWithContext( return o } -func (o IntegrationRegistryMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*IntegrationRegistry] { - return pulumix.Output[map[string]*IntegrationRegistry]{ - OutputState: o.OutputState, - } -} - func (o IntegrationRegistryMapOutput) MapIndex(k pulumi.StringInput) IntegrationRegistryOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *IntegrationRegistry { return vs[0].(map[string]*IntegrationRegistry)[vs[1].(string)] diff --git a/sdk/go/aquasec/internal/pulumiUtilities.go b/sdk/go/aquasec/internal/pulumiUtilities.go index 00552298..93a6eac8 100644 --- a/sdk/go/aquasec/internal/pulumiUtilities.go +++ b/sdk/go/aquasec/internal/pulumiUtilities.go @@ -15,6 +15,10 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +import ( + "github.com/pulumi/pulumi/sdk/v3/go/pulumi/internals" +) + type envParser func(v string) interface{} func ParseEnvBool(v string) interface{} { @@ -90,6 +94,73 @@ func IsZero(v interface{}) bool { return reflect.ValueOf(v).IsZero() } +func CallPlain( + ctx *pulumi.Context, + tok string, + args pulumi.Input, + output pulumi.Output, + self pulumi.Resource, + property string, + resultPtr reflect.Value, + errorPtr *error, + opts ...pulumi.InvokeOption, +) { + res, err := callPlainInner(ctx, tok, args, output, self, opts...) + if err != nil { + *errorPtr = err + return + } + + v := reflect.ValueOf(res) + + // extract res.property field if asked to do so + if property != "" { + v = v.FieldByName("Res") + } + + // return by setting the result pointer; this style of returns shortens the generated code without generics + resultPtr.Elem().Set(v) +} + +func callPlainInner( + ctx *pulumi.Context, + tok string, + args pulumi.Input, + output pulumi.Output, + self pulumi.Resource, + opts ...pulumi.InvokeOption, +) (any, error) { + o, err := ctx.Call(tok, args, output, self, opts...) + if err != nil { + return nil, err + } + + outputData, err := internals.UnsafeAwaitOutput(ctx.Context(), o) + if err != nil { + return nil, err + } + + // Ingoring deps silently. They are typically non-empty, r.f() calls include r as a dependency. + known := outputData.Known + value := outputData.Value + secret := outputData.Secret + + problem := "" + if !known { + problem = "an unknown value" + } else if secret { + problem = "a secret value" + } + + if problem != "" { + return nil, fmt.Errorf("Plain resource method %q incorrectly returned %s. "+ + "This is an error in the provider, please report this to the provider developer.", + tok, problem) + } + + return value, nil +} + // PkgResourceDefaultOpts provides package level defaults to pulumi.OptionResource. func PkgResourceDefaultOpts(opts []pulumi.ResourceOption) []pulumi.ResourceOption { defaults := []pulumi.ResourceOption{} diff --git a/sdk/go/aquasec/kubernetesAssurancePolicy.go b/sdk/go/aquasec/kubernetesAssurancePolicy.go index d22bd5ef..5d52150b 100644 --- a/sdk/go/aquasec/kubernetesAssurancePolicy.go +++ b/sdk/go/aquasec/kubernetesAssurancePolicy.go @@ -9,16 +9,20 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) +// Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. type KubernetesAssurancePolicy struct { pulumi.CustomResourceState + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapOutput `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages pulumi.StringArrayOutput `pulumi:"allowedImages"` ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType pulumi.StringOutput `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrOutput `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -32,7 +36,7 @@ type KubernetesAssurancePolicy struct { BlacklistPermissionsEnabled pulumi.BoolPtrOutput `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayOutput `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrOutput `pulumi:"blockFailed"` @@ -41,12 +45,13 @@ type KubernetesAssurancePolicy struct { CustomChecks KubernetesAssurancePolicyCustomCheckArrayOutput `pulumi:"customChecks"` // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrOutput `pulumi:"customChecksEnabled"` + CustomSeverity pulumi.StringOutput `pulumi:"customSeverity"` CustomSeverityEnabled pulumi.BoolPtrOutput `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayOutput `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayOutput `pulumi:"cvesWhiteLists"` @@ -55,39 +60,53 @@ type KubernetesAssurancePolicy struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled pulumi.BoolPtrOutput `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` - Description pulumi.StringPtrOutput `pulumi:"description"` + CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` + Description pulumi.StringPtrOutput `pulumi:"description"` + DisallowExploitTypes pulumi.StringArrayOutput `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrOutput `pulumi:"dockerCisEnabled"` // Name of the container image. - Domain pulumi.StringPtrOutput `pulumi:"domain"` - DomainName pulumi.StringPtrOutput `pulumi:"domainName"` - DtaEnabled pulumi.BoolPtrOutput `pulumi:"dtaEnabled"` - DtaSeverity pulumi.StringPtrOutput `pulumi:"dtaSeverity"` - Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` - Enforce pulumi.BoolPtrOutput `pulumi:"enforce"` - EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` - EnforceExcessivePermissions pulumi.BoolPtrOutput `pulumi:"enforceExcessivePermissions"` - ExceptionalMonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"exceptionalMonitoredMalwarePaths"` + Domain pulumi.StringPtrOutput `pulumi:"domain"` + DomainName pulumi.StringPtrOutput `pulumi:"domainName"` + DtaEnabled pulumi.BoolPtrOutput `pulumi:"dtaEnabled"` + DtaSeverity pulumi.StringPtrOutput `pulumi:"dtaSeverity"` + // Is the control enabled? + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + Enforce pulumi.BoolPtrOutput `pulumi:"enforce"` + EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions pulumi.BoolPtrOutput `pulumi:"enforceExcessivePermissions"` + ExceptionalMonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` + // Indicates if cicd failures will fail the image. + FailCicd pulumi.BoolPtrOutput `pulumi:"failCicd"` ForbiddenLabels KubernetesAssurancePolicyForbiddenLabelArrayOutput `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled pulumi.BoolPtrOutput `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer pulumi.BoolPtrOutput `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled pulumi.BoolPtrOutput `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln pulumi.BoolPtrOutput `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln pulumi.BoolPtrOutput `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod pulumi.IntOutput `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrOutput `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources pulumi.StringArrayOutput `pulumi:"ignoredSensitiveResources"` // List of images. - Images pulumi.StringArrayOutput `pulumi:"images"` - KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + Images pulumi.StringArrayOutput `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls KubernetesAssurancePolicyKubernetesControlArrayOutput `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds pulumi.StringArrayOutput `pulumi:"kubernetesControlsAvdIds"` // List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' KubernetesControlsNames pulumi.StringArrayOutput `pulumi:"kubernetesControlsNames"` // List of labels. - Labels pulumi.StringArrayOutput `pulumi:"labels"` - MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` + Labels pulumi.StringArrayOutput `pulumi:"labels"` + Lastupdate pulumi.StringOutput `pulumi:"lastupdate"` + LinuxCisEnabled pulumi.BoolPtrOutput `pulumi:"linuxCisEnabled"` + MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore pulumi.Float64PtrOutput `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. @@ -97,25 +116,31 @@ type KubernetesAssurancePolicy struct { MonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"monitoredMalwarePaths"` Name pulumi.StringOutput `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled pulumi.BoolPtrOutput `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists KubernetesAssurancePolicyPackagesBlackListArrayOutput `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists KubernetesAssurancePolicyPackagesWhiteListArrayOutput `pulumi:"packagesWhiteLists"` PartialResultsImageFail pulumi.BoolPtrOutput `pulumi:"partialResultsImageFail"` + Permission pulumi.StringOutput `pulumi:"permission"` + PolicySettings KubernetesAssurancePolicyPolicySettingsOutput `pulumi:"policySettings"` ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` // List of registries. Registries pulumi.StringArrayOutput `pulumi:"registries"` Registry pulumi.StringPtrOutput `pulumi:"registry"` RequiredLabels KubernetesAssurancePolicyRequiredLabelArrayOutput `pulumi:"requiredLabels"` RequiredLabelsEnabled pulumi.BoolPtrOutput `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives pulumi.BoolPtrOutput `pulumi:"scanMalwareInArchives"` ScanNfsMounts pulumi.BoolPtrOutput `pulumi:"scanNfsMounts"` + ScanProcessMemory pulumi.BoolPtrOutput `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanWindowsRegistry pulumi.BoolPtrOutput `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrOutput `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -124,7 +149,9 @@ type KubernetesAssurancePolicy struct { // List of trusted images. TrustedBaseImages KubernetesAssurancePolicyTrustedBaseImageArrayOutput `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability pulumi.BoolPtrOutput `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges pulumi.IntArrayOutput `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayOutput `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -164,9 +191,13 @@ func GetKubernetesAssurancePolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering KubernetesAssurancePolicy resources. type kubernetesAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. AuditOnFailure *bool `pulumi:"auditOnFailure"` // Name of user account that created the policy. @@ -180,7 +211,7 @@ type kubernetesAssurancePolicyState struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -188,13 +219,14 @@ type kubernetesAssurancePolicyState struct { // List of Custom user scripts for checks. CustomChecks []KubernetesAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -203,39 +235,53 @@ type kubernetesAssurancePolicyState struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. - Domain *string `pulumi:"domain"` - DomainName *string `pulumi:"domainName"` - DtaEnabled *bool `pulumi:"dtaEnabled"` - DtaSeverity *string `pulumi:"dtaSeverity"` - Enabled *bool `pulumi:"enabled"` - Enforce *bool `pulumi:"enforce"` - EnforceAfterDays *int `pulumi:"enforceAfterDays"` - EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` - ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + Domain *string `pulumi:"domain"` + DomainName *string `pulumi:"domainName"` + DtaEnabled *bool `pulumi:"dtaEnabled"` + DtaSeverity *string `pulumi:"dtaSeverity"` + // Is the control enabled? + Enabled *bool `pulumi:"enabled"` + Enforce *bool `pulumi:"enforce"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` + ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Indicates if cicd failures will fail the image. + FailCicd *bool `pulumi:"failCicd"` ForbiddenLabels []KubernetesAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls []KubernetesAssurancePolicyKubernetesControl `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` // List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. @@ -245,25 +291,31 @@ type kubernetesAssurancePolicyState struct { MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []KubernetesAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []KubernetesAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *KubernetesAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []KubernetesAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -272,7 +324,9 @@ type kubernetesAssurancePolicyState struct { // List of trusted images. TrustedBaseImages []KubernetesAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -280,9 +334,13 @@ type kubernetesAssurancePolicyState struct { } type KubernetesAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. AuditOnFailure pulumi.BoolPtrInput // Name of user account that created the policy. @@ -296,7 +354,7 @@ type KubernetesAssurancePolicyState struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -305,12 +363,13 @@ type KubernetesAssurancePolicyState struct { CustomChecks KubernetesAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayInput - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrInput // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayInput @@ -321,37 +380,51 @@ type KubernetesAssurancePolicyState struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. - Domain pulumi.StringPtrInput - DomainName pulumi.StringPtrInput - DtaEnabled pulumi.BoolPtrInput - DtaSeverity pulumi.StringPtrInput + Domain pulumi.StringPtrInput + DomainName pulumi.StringPtrInput + DtaEnabled pulumi.BoolPtrInput + DtaSeverity pulumi.StringPtrInput + // Is the control enabled? Enabled pulumi.BoolPtrInput Enforce pulumi.BoolPtrInput EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput + // Indicates if cicd failures will fail the image. + FailCicd pulumi.BoolPtrInput ForbiddenLabels KubernetesAssurancePolicyForbiddenLabelArrayInput ForbiddenLabelsEnabled pulumi.BoolPtrInput ForceMicroenforcer pulumi.BoolPtrInput FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls KubernetesAssurancePolicyKubernetesControlArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput // List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. @@ -361,25 +434,31 @@ type KubernetesAssurancePolicyState struct { MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists KubernetesAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists KubernetesAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings KubernetesAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels KubernetesAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -388,7 +467,9 @@ type KubernetesAssurancePolicyState struct { // List of trusted images. TrustedBaseImages KubernetesAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. @@ -400,11 +481,17 @@ func (KubernetesAssurancePolicyState) ElementType() reflect.Type { } type kubernetesAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` // List of explicitly allowed images. AllowedImages []string `pulumi:"allowedImages"` ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` // Indicates if auditing for failures. - AuditOnFailure *bool `pulumi:"auditOnFailure"` + AuditOnFailure *bool `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author *string `pulumi:"author"` AutoScanConfigured *bool `pulumi:"autoScanConfigured"` AutoScanEnabled *bool `pulumi:"autoScanEnabled"` AutoScanTimes []KubernetesAssurancePolicyAutoScanTime `pulumi:"autoScanTimes"` @@ -414,7 +501,7 @@ type kubernetesAssurancePolicyArgs struct { BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` // List of blacklisted licenses. BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` // Indicates if failed images are blocked. BlockFailed *bool `pulumi:"blockFailed"` @@ -422,13 +509,14 @@ type kubernetesAssurancePolicyArgs struct { // List of Custom user scripts for checks. CustomChecks []KubernetesAssurancePolicyCustomCheck `pulumi:"customChecks"` // Indicates if scanning should include custom checks. - CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` - CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` - // Indicates if cves blacklist is relevant. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists []string `pulumi:"cvesBlackLists"` - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` // List of cves whitelisted licenses CvesWhiteLists []string `pulumi:"cvesWhiteLists"` @@ -437,38 +525,53 @@ type kubernetesAssurancePolicyArgs struct { // Indicates if the cvss severity is scanned. CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` // Indicates that policy should ignore cvss cases that do not have a known fix. - CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` - Description *string `pulumi:"description"` + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` // Indicates if malware should block the image. - DisallowMalware *bool `pulumi:"disallowMalware"` + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` // Name of the container image. - Domain *string `pulumi:"domain"` - DomainName *string `pulumi:"domainName"` - DtaEnabled *bool `pulumi:"dtaEnabled"` - DtaSeverity *string `pulumi:"dtaSeverity"` - Enabled *bool `pulumi:"enabled"` - Enforce *bool `pulumi:"enforce"` - EnforceAfterDays *int `pulumi:"enforceAfterDays"` - EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` - ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + Domain *string `pulumi:"domain"` + DomainName *string `pulumi:"domainName"` + DtaEnabled *bool `pulumi:"dtaEnabled"` + DtaSeverity *string `pulumi:"dtaSeverity"` + // Is the control enabled? + Enabled *bool `pulumi:"enabled"` + Enforce *bool `pulumi:"enforce"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` + ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Indicates if cicd failures will fail the image. + FailCicd *bool `pulumi:"failCicd"` ForbiddenLabels []KubernetesAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` // List of ignored risk resources. - IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` // List of images. - Images []string `pulumi:"images"` - KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls []KubernetesAssurancePolicyKubernetesControl `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` // List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` // List of labels. - Labels []string `pulumi:"labels"` - MalwareAction *string `pulumi:"malwareAction"` + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` // Value of allowed maximum score. MaximumScore *float64 `pulumi:"maximumScore"` // Indicates if exceeding the maximum score is scanned. @@ -478,25 +581,31 @@ type kubernetesAssurancePolicyArgs struct { MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` Name *string `pulumi:"name"` // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` // Indicates if packages blacklist is relevant. PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists []KubernetesAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` // List of whitelisted images. PackagesWhiteLists []KubernetesAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *KubernetesAssurancePolicyPolicySettings `pulumi:"policySettings"` ReadOnly *bool `pulumi:"readOnly"` // List of registries. Registries []string `pulumi:"registries"` Registry *string `pulumi:"registry"` RequiredLabels []KubernetesAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` // Indicates if scan should include sensitive data in the image. - ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` // Indicates if scanning should include scap. ScapEnabled *bool `pulumi:"scapEnabled"` // List of SCAP user scripts for checks. @@ -505,7 +614,9 @@ type kubernetesAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages []KubernetesAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` // List of whitelisted licenses. WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` // Indicates if license blacklist is relevant. @@ -514,11 +625,17 @@ type kubernetesAssurancePolicyArgs struct { // The set of arguments for constructing a KubernetesAssurancePolicy resource. type KubernetesAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput // List of explicitly allowed images. AllowedImages pulumi.StringArrayInput ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput // Indicates if auditing for failures. - AuditOnFailure pulumi.BoolPtrInput + AuditOnFailure pulumi.BoolPtrInput + // Name of user account that created the policy. + Author pulumi.StringPtrInput AutoScanConfigured pulumi.BoolPtrInput AutoScanEnabled pulumi.BoolPtrInput AutoScanTimes KubernetesAssurancePolicyAutoScanTimeArrayInput @@ -528,7 +645,7 @@ type KubernetesAssurancePolicyArgs struct { BlacklistPermissionsEnabled pulumi.BoolPtrInput // List of blacklisted licenses. BlacklistedLicenses pulumi.StringArrayInput - // Lndicates if license blacklist is relevant. + // Indicates if license blacklist is relevant. BlacklistedLicensesEnabled pulumi.BoolPtrInput // Indicates if failed images are blocked. BlockFailed pulumi.BoolPtrInput @@ -537,12 +654,13 @@ type KubernetesAssurancePolicyArgs struct { CustomChecks KubernetesAssurancePolicyCustomCheckArrayInput // Indicates if scanning should include custom checks. CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput CustomSeverityEnabled pulumi.BoolPtrInput - // Indicates if cves blacklist is relevant. + // Indicates if CVEs blacklist is relevant. CvesBlackListEnabled pulumi.BoolPtrInput - // List of cves blacklisted items. + // List of CVEs blacklisted items. CvesBlackLists pulumi.StringArrayInput - // Indicates if cves whitelist is relevant. + // Indicates if CVEs whitelist is relevant. CvesWhiteListEnabled pulumi.BoolPtrInput // List of cves whitelisted licenses CvesWhiteLists pulumi.StringArrayInput @@ -553,36 +671,51 @@ type KubernetesAssurancePolicyArgs struct { // Indicates that policy should ignore cvss cases that do not have a known fix. CvssSeverityExcludeNoFix pulumi.BoolPtrInput Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput // Indicates if malware should block the image. - DisallowMalware pulumi.BoolPtrInput + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. DockerCisEnabled pulumi.BoolPtrInput // Name of the container image. - Domain pulumi.StringPtrInput - DomainName pulumi.StringPtrInput - DtaEnabled pulumi.BoolPtrInput - DtaSeverity pulumi.StringPtrInput + Domain pulumi.StringPtrInput + DomainName pulumi.StringPtrInput + DtaEnabled pulumi.BoolPtrInput + DtaSeverity pulumi.StringPtrInput + // Is the control enabled? Enabled pulumi.BoolPtrInput Enforce pulumi.BoolPtrInput EnforceAfterDays pulumi.IntPtrInput EnforceExcessivePermissions pulumi.BoolPtrInput ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput + // Indicates if cicd failures will fail the image. + FailCicd pulumi.BoolPtrInput ForbiddenLabels KubernetesAssurancePolicyForbiddenLabelArrayInput ForbiddenLabelsEnabled pulumi.BoolPtrInput ForceMicroenforcer pulumi.BoolPtrInput FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput // Indicates if risk resources are ignored. IgnoreRiskResourcesEnabled pulumi.BoolPtrInput // List of ignored risk resources. - IgnoredRiskResources pulumi.StringArrayInput + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput // List of images. - Images pulumi.StringArrayInput + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls KubernetesAssurancePolicyKubernetesControlArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput // List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' KubernetesControlsNames pulumi.StringArrayInput // List of labels. - Labels pulumi.StringArrayInput - MalwareAction pulumi.StringPtrInput + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput // Value of allowed maximum score. MaximumScore pulumi.Float64PtrInput // Indicates if exceeding the maximum score is scanned. @@ -592,25 +725,31 @@ type KubernetesAssurancePolicyArgs struct { MonitoredMalwarePaths pulumi.StringArrayInput Name pulumi.StringPtrInput // Indicates if raise a warning for images that should only be run as root. - OnlyNoneRootUsers pulumi.BoolPtrInput + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput // Indicates if packages blacklist is relevant. PackagesBlackListEnabled pulumi.BoolPtrInput - // List of backlisted images. + // List of blacklisted images. PackagesBlackLists KubernetesAssurancePolicyPackagesBlackListArrayInput // Indicates if packages whitelist is relevant. PackagesWhiteListEnabled pulumi.BoolPtrInput // List of whitelisted images. PackagesWhiteLists KubernetesAssurancePolicyPackagesWhiteListArrayInput PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings KubernetesAssurancePolicyPolicySettingsPtrInput ReadOnly pulumi.BoolPtrInput // List of registries. Registries pulumi.StringArrayInput Registry pulumi.StringPtrInput RequiredLabels KubernetesAssurancePolicyRequiredLabelArrayInput RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput // Indicates if scan should include sensitive data in the image. - ScanSensitiveData pulumi.BoolPtrInput + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput // Indicates if scanning should include scap. ScapEnabled pulumi.BoolPtrInput // List of SCAP user scripts for checks. @@ -619,7 +758,9 @@ type KubernetesAssurancePolicyArgs struct { // List of trusted images. TrustedBaseImages KubernetesAssurancePolicyTrustedBaseImageArrayInput // Indicates if list of trusted base images is relevant. - TrustedBaseImagesEnabled pulumi.BoolPtrInput + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput // List of whitelisted licenses. WhitelistedLicenses pulumi.StringArrayInput // Indicates if license blacklist is relevant. @@ -649,12 +790,6 @@ func (i *KubernetesAssurancePolicy) ToKubernetesAssurancePolicyOutputWithContext return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyOutput) } -func (i *KubernetesAssurancePolicy) ToOutput(ctx context.Context) pulumix.Output[*KubernetesAssurancePolicy] { - return pulumix.Output[*KubernetesAssurancePolicy]{ - OutputState: i.ToKubernetesAssurancePolicyOutputWithContext(ctx).OutputState, - } -} - // KubernetesAssurancePolicyArrayInput is an input type that accepts KubernetesAssurancePolicyArray and KubernetesAssurancePolicyArrayOutput values. // You can construct a concrete instance of `KubernetesAssurancePolicyArrayInput` via: // @@ -680,12 +815,6 @@ func (i KubernetesAssurancePolicyArray) ToKubernetesAssurancePolicyArrayOutputWi return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyArrayOutput) } -func (i KubernetesAssurancePolicyArray) ToOutput(ctx context.Context) pulumix.Output[[]*KubernetesAssurancePolicy] { - return pulumix.Output[[]*KubernetesAssurancePolicy]{ - OutputState: i.ToKubernetesAssurancePolicyArrayOutputWithContext(ctx).OutputState, - } -} - // KubernetesAssurancePolicyMapInput is an input type that accepts KubernetesAssurancePolicyMap and KubernetesAssurancePolicyMapOutput values. // You can construct a concrete instance of `KubernetesAssurancePolicyMapInput` via: // @@ -711,12 +840,6 @@ func (i KubernetesAssurancePolicyMap) ToKubernetesAssurancePolicyMapOutputWithCo return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyMapOutput) } -func (i KubernetesAssurancePolicyMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*KubernetesAssurancePolicy] { - return pulumix.Output[map[string]*KubernetesAssurancePolicy]{ - OutputState: i.ToKubernetesAssurancePolicyMapOutputWithContext(ctx).OutputState, - } -} - type KubernetesAssurancePolicyOutput struct{ *pulumi.OutputState } func (KubernetesAssurancePolicyOutput) ElementType() reflect.Type { @@ -731,10 +854,9 @@ func (o KubernetesAssurancePolicyOutput) ToKubernetesAssurancePolicyOutputWithCo return o } -func (o KubernetesAssurancePolicyOutput) ToOutput(ctx context.Context) pulumix.Output[*KubernetesAssurancePolicy] { - return pulumix.Output[*KubernetesAssurancePolicy]{ - OutputState: o.OutputState, - } +// Aggregated vulnerability information. +func (o KubernetesAssurancePolicyOutput) AggregatedVulnerability() pulumi.StringMapOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringMapOutput { return v.AggregatedVulnerability }).(pulumi.StringMapOutput) } // List of explicitly allowed images. @@ -746,6 +868,11 @@ func (o KubernetesAssurancePolicyOutput) ApplicationScopes() pulumi.StringArrayO return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) } +// What type of assurance policy is described. +func (o KubernetesAssurancePolicyOutput) AssuranceType() pulumi.StringOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringOutput { return v.AssuranceType }).(pulumi.StringOutput) +} + // Indicates if auditing for failures. func (o KubernetesAssurancePolicyOutput) AuditOnFailure() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.AuditOnFailure }).(pulumi.BoolPtrOutput) @@ -785,7 +912,7 @@ func (o KubernetesAssurancePolicyOutput) BlacklistedLicenses() pulumi.StringArra return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) } -// Lndicates if license blacklist is relevant. +// Indicates if license blacklist is relevant. func (o KubernetesAssurancePolicyOutput) BlacklistedLicensesEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.BlacklistedLicensesEnabled }).(pulumi.BoolPtrOutput) } @@ -811,21 +938,25 @@ func (o KubernetesAssurancePolicyOutput) CustomChecksEnabled() pulumi.BoolPtrOut return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomChecksEnabled }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) CustomSeverity() pulumi.StringOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringOutput { return v.CustomSeverity }).(pulumi.StringOutput) +} + func (o KubernetesAssurancePolicyOutput) CustomSeverityEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomSeverityEnabled }).(pulumi.BoolPtrOutput) } -// Indicates if cves blacklist is relevant. +// Indicates if CVEs blacklist is relevant. func (o KubernetesAssurancePolicyOutput) CvesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of cves blacklisted items. +// List of CVEs blacklisted items. func (o KubernetesAssurancePolicyOutput) CvesBlackLists() pulumi.StringArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.CvesBlackLists }).(pulumi.StringArrayOutput) } -// Indicates if cves whitelist is relevant. +// Indicates if CVEs whitelist is relevant. func (o KubernetesAssurancePolicyOutput) CvesWhiteListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesWhiteListEnabled }).(pulumi.BoolPtrOutput) } @@ -854,11 +985,16 @@ func (o KubernetesAssurancePolicyOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } +func (o KubernetesAssurancePolicyOutput) DisallowExploitTypes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.DisallowExploitTypes }).(pulumi.StringArrayOutput) +} + // Indicates if malware should block the image. func (o KubernetesAssurancePolicyOutput) DisallowMalware() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.DisallowMalware }).(pulumi.BoolPtrOutput) } +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. func (o KubernetesAssurancePolicyOutput) DockerCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.DockerCisEnabled }).(pulumi.BoolPtrOutput) } @@ -880,6 +1016,7 @@ func (o KubernetesAssurancePolicyOutput) DtaSeverity() pulumi.StringPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringPtrOutput { return v.DtaSeverity }).(pulumi.StringPtrOutput) } +// Is the control enabled? func (o KubernetesAssurancePolicyOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) } @@ -900,6 +1037,15 @@ func (o KubernetesAssurancePolicyOutput) ExceptionalMonitoredMalwarePaths() pulu return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.ExceptionalMonitoredMalwarePaths }).(pulumi.StringArrayOutput) } +func (o KubernetesAssurancePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + +// Indicates if cicd failures will fail the image. +func (o KubernetesAssurancePolicyOutput) FailCicd() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.FailCicd }).(pulumi.BoolPtrOutput) +} + func (o KubernetesAssurancePolicyOutput) ForbiddenLabels() KubernetesAssurancePolicyForbiddenLabelArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) KubernetesAssurancePolicyForbiddenLabelArrayOutput { return v.ForbiddenLabels @@ -918,6 +1064,10 @@ func (o KubernetesAssurancePolicyOutput) FunctionIntegrityEnabled() pulumi.BoolP return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.FunctionIntegrityEnabled }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) IgnoreBaseImageVln() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreBaseImageVln }).(pulumi.BoolPtrOutput) +} + func (o KubernetesAssurancePolicyOutput) IgnoreRecentlyPublishedVln() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreRecentlyPublishedVln }).(pulumi.BoolPtrOutput) } @@ -936,15 +1086,31 @@ func (o KubernetesAssurancePolicyOutput) IgnoredRiskResources() pulumi.StringArr return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredRiskResources }).(pulumi.StringArrayOutput) } +func (o KubernetesAssurancePolicyOutput) IgnoredSensitiveResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredSensitiveResources }).(pulumi.StringArrayOutput) +} + // List of images. func (o KubernetesAssurancePolicyOutput) Images() pulumi.StringArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.Images }).(pulumi.StringArrayOutput) } +// Performs a Kubernetes CIS benchmark check for the host. func (o KubernetesAssurancePolicyOutput) KubeCisEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.KubeCisEnabled }).(pulumi.BoolPtrOutput) } +// List of Kubernetes controls. +func (o KubernetesAssurancePolicyOutput) KubernetesControls() KubernetesAssurancePolicyKubernetesControlArrayOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) KubernetesAssurancePolicyKubernetesControlArrayOutput { + return v.KubernetesControls + }).(KubernetesAssurancePolicyKubernetesControlArrayOutput) +} + +func (o KubernetesAssurancePolicyOutput) KubernetesControlsAvdIds() pulumi.StringArrayOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsAvdIds }).(pulumi.StringArrayOutput) +} + // List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' func (o KubernetesAssurancePolicyOutput) KubernetesControlsNames() pulumi.StringArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsNames }).(pulumi.StringArrayOutput) @@ -955,6 +1121,14 @@ func (o KubernetesAssurancePolicyOutput) Labels() pulumi.StringArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.Labels }).(pulumi.StringArrayOutput) } +func (o KubernetesAssurancePolicyOutput) Lastupdate() pulumi.StringOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringOutput { return v.Lastupdate }).(pulumi.StringOutput) +} + +func (o KubernetesAssurancePolicyOutput) LinuxCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.LinuxCisEnabled }).(pulumi.BoolPtrOutput) +} + func (o KubernetesAssurancePolicyOutput) MalwareAction() pulumi.StringPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringPtrOutput { return v.MalwareAction }).(pulumi.StringPtrOutput) } @@ -987,12 +1161,16 @@ func (o KubernetesAssurancePolicyOutput) OnlyNoneRootUsers() pulumi.BoolPtrOutpu return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.OnlyNoneRootUsers }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) OpenshiftHardeningEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.OpenshiftHardeningEnabled }).(pulumi.BoolPtrOutput) +} + // Indicates if packages blacklist is relevant. func (o KubernetesAssurancePolicyOutput) PackagesBlackListEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.PackagesBlackListEnabled }).(pulumi.BoolPtrOutput) } -// List of backlisted images. +// List of blacklisted images. func (o KubernetesAssurancePolicyOutput) PackagesBlackLists() KubernetesAssurancePolicyPackagesBlackListArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) KubernetesAssurancePolicyPackagesBlackListArrayOutput { return v.PackagesBlackLists @@ -1015,6 +1193,16 @@ func (o KubernetesAssurancePolicyOutput) PartialResultsImageFail() pulumi.BoolPt return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.PartialResultsImageFail }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) Permission() pulumi.StringOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringOutput { return v.Permission }).(pulumi.StringOutput) +} + +func (o KubernetesAssurancePolicyOutput) PolicySettings() KubernetesAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) KubernetesAssurancePolicyPolicySettingsOutput { + return v.PolicySettings + }).(KubernetesAssurancePolicyPolicySettingsOutput) +} + func (o KubernetesAssurancePolicyOutput) ReadOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) } @@ -1038,15 +1226,27 @@ func (o KubernetesAssurancePolicyOutput) RequiredLabelsEnabled() pulumi.BoolPtrO return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.RequiredLabelsEnabled }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) ScanMalwareInArchives() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanMalwareInArchives }).(pulumi.BoolPtrOutput) +} + func (o KubernetesAssurancePolicyOutput) ScanNfsMounts() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanNfsMounts }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) ScanProcessMemory() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanProcessMemory }).(pulumi.BoolPtrOutput) +} + // Indicates if scan should include sensitive data in the image. func (o KubernetesAssurancePolicyOutput) ScanSensitiveData() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanSensitiveData }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) ScanWindowsRegistry() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanWindowsRegistry }).(pulumi.BoolPtrOutput) +} + // Indicates if scanning should include scap. func (o KubernetesAssurancePolicyOutput) ScapEnabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.ScapEnabled }).(pulumi.BoolPtrOutput) @@ -1073,6 +1273,14 @@ func (o KubernetesAssurancePolicyOutput) TrustedBaseImagesEnabled() pulumi.BoolP return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.TrustedBaseImagesEnabled }).(pulumi.BoolPtrOutput) } +func (o KubernetesAssurancePolicyOutput) VulnerabilityExploitability() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.BoolPtrOutput { return v.VulnerabilityExploitability }).(pulumi.BoolPtrOutput) +} + +func (o KubernetesAssurancePolicyOutput) VulnerabilityScoreRanges() pulumi.IntArrayOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.IntArrayOutput { return v.VulnerabilityScoreRanges }).(pulumi.IntArrayOutput) +} + // List of whitelisted licenses. func (o KubernetesAssurancePolicyOutput) WhitelistedLicenses() pulumi.StringArrayOutput { return o.ApplyT(func(v *KubernetesAssurancePolicy) pulumi.StringArrayOutput { return v.WhitelistedLicenses }).(pulumi.StringArrayOutput) @@ -1097,12 +1305,6 @@ func (o KubernetesAssurancePolicyArrayOutput) ToKubernetesAssurancePolicyArrayOu return o } -func (o KubernetesAssurancePolicyArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*KubernetesAssurancePolicy] { - return pulumix.Output[[]*KubernetesAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o KubernetesAssurancePolicyArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *KubernetesAssurancePolicy { return vs[0].([]*KubernetesAssurancePolicy)[vs[1].(int)] @@ -1123,12 +1325,6 @@ func (o KubernetesAssurancePolicyMapOutput) ToKubernetesAssurancePolicyMapOutput return o } -func (o KubernetesAssurancePolicyMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*KubernetesAssurancePolicy] { - return pulumix.Output[map[string]*KubernetesAssurancePolicy]{ - OutputState: o.OutputState, - } -} - func (o KubernetesAssurancePolicyMapOutput) MapIndex(k pulumi.StringInput) KubernetesAssurancePolicyOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *KubernetesAssurancePolicy { return vs[0].(map[string]*KubernetesAssurancePolicy)[vs[1].(string)] diff --git a/sdk/go/aquasec/notification.go b/sdk/go/aquasec/notification.go index 490e536f..36e2d49f 100644 --- a/sdk/go/aquasec/notification.go +++ b/sdk/go/aquasec/notification.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -254,12 +253,6 @@ func (i *Notification) ToNotificationOutputWithContext(ctx context.Context) Noti return pulumi.ToOutputWithContext(ctx, i).(NotificationOutput) } -func (i *Notification) ToOutput(ctx context.Context) pulumix.Output[*Notification] { - return pulumix.Output[*Notification]{ - OutputState: i.ToNotificationOutputWithContext(ctx).OutputState, - } -} - // NotificationArrayInput is an input type that accepts NotificationArray and NotificationArrayOutput values. // You can construct a concrete instance of `NotificationArrayInput` via: // @@ -285,12 +278,6 @@ func (i NotificationArray) ToNotificationArrayOutputWithContext(ctx context.Cont return pulumi.ToOutputWithContext(ctx, i).(NotificationArrayOutput) } -func (i NotificationArray) ToOutput(ctx context.Context) pulumix.Output[[]*Notification] { - return pulumix.Output[[]*Notification]{ - OutputState: i.ToNotificationArrayOutputWithContext(ctx).OutputState, - } -} - // NotificationMapInput is an input type that accepts NotificationMap and NotificationMapOutput values. // You can construct a concrete instance of `NotificationMapInput` via: // @@ -316,12 +303,6 @@ func (i NotificationMap) ToNotificationMapOutputWithContext(ctx context.Context) return pulumi.ToOutputWithContext(ctx, i).(NotificationMapOutput) } -func (i NotificationMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Notification] { - return pulumix.Output[map[string]*Notification]{ - OutputState: i.ToNotificationMapOutputWithContext(ctx).OutputState, - } -} - type NotificationOutput struct{ *pulumi.OutputState } func (NotificationOutput) ElementType() reflect.Type { @@ -336,12 +317,6 @@ func (o NotificationOutput) ToNotificationOutputWithContext(ctx context.Context) return o } -func (o NotificationOutput) ToOutput(ctx context.Context) pulumix.Output[*Notification] { - return pulumix.Output[*Notification]{ - OutputState: o.OutputState, - } -} - // The user that created the notification func (o NotificationOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *Notification) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) @@ -386,12 +361,6 @@ func (o NotificationArrayOutput) ToNotificationArrayOutputWithContext(ctx contex return o } -func (o NotificationArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Notification] { - return pulumix.Output[[]*Notification]{ - OutputState: o.OutputState, - } -} - func (o NotificationArrayOutput) Index(i pulumi.IntInput) NotificationOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Notification { return vs[0].([]*Notification)[vs[1].(int)] @@ -412,12 +381,6 @@ func (o NotificationMapOutput) ToNotificationMapOutputWithContext(ctx context.Co return o } -func (o NotificationMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Notification] { - return pulumix.Output[map[string]*Notification]{ - OutputState: o.OutputState, - } -} - func (o NotificationMapOutput) MapIndex(k pulumi.StringInput) NotificationOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Notification { return vs[0].(map[string]*Notification)[vs[1].(string)] diff --git a/sdk/go/aquasec/notificationSlack.go b/sdk/go/aquasec/notificationSlack.go index 14a5658e..a0ef9d63 100644 --- a/sdk/go/aquasec/notificationSlack.go +++ b/sdk/go/aquasec/notificationSlack.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -151,12 +150,6 @@ func (i *NotificationSlack) ToNotificationSlackOutputWithContext(ctx context.Con return pulumi.ToOutputWithContext(ctx, i).(NotificationSlackOutput) } -func (i *NotificationSlack) ToOutput(ctx context.Context) pulumix.Output[*NotificationSlack] { - return pulumix.Output[*NotificationSlack]{ - OutputState: i.ToNotificationSlackOutputWithContext(ctx).OutputState, - } -} - // NotificationSlackArrayInput is an input type that accepts NotificationSlackArray and NotificationSlackArrayOutput values. // You can construct a concrete instance of `NotificationSlackArrayInput` via: // @@ -182,12 +175,6 @@ func (i NotificationSlackArray) ToNotificationSlackArrayOutputWithContext(ctx co return pulumi.ToOutputWithContext(ctx, i).(NotificationSlackArrayOutput) } -func (i NotificationSlackArray) ToOutput(ctx context.Context) pulumix.Output[[]*NotificationSlack] { - return pulumix.Output[[]*NotificationSlack]{ - OutputState: i.ToNotificationSlackArrayOutputWithContext(ctx).OutputState, - } -} - // NotificationSlackMapInput is an input type that accepts NotificationSlackMap and NotificationSlackMapOutput values. // You can construct a concrete instance of `NotificationSlackMapInput` via: // @@ -213,12 +200,6 @@ func (i NotificationSlackMap) ToNotificationSlackMapOutputWithContext(ctx contex return pulumi.ToOutputWithContext(ctx, i).(NotificationSlackMapOutput) } -func (i NotificationSlackMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*NotificationSlack] { - return pulumix.Output[map[string]*NotificationSlack]{ - OutputState: i.ToNotificationSlackMapOutputWithContext(ctx).OutputState, - } -} - type NotificationSlackOutput struct{ *pulumi.OutputState } func (NotificationSlackOutput) ElementType() reflect.Type { @@ -233,12 +214,6 @@ func (o NotificationSlackOutput) ToNotificationSlackOutputWithContext(ctx contex return o } -func (o NotificationSlackOutput) ToOutput(ctx context.Context) pulumix.Output[*NotificationSlack] { - return pulumix.Output[*NotificationSlack]{ - OutputState: o.OutputState, - } -} - func (o NotificationSlackOutput) Channel() pulumi.StringOutput { return o.ApplyT(func(v *NotificationSlack) pulumi.StringOutput { return v.Channel }).(pulumi.StringOutput) } @@ -289,12 +264,6 @@ func (o NotificationSlackArrayOutput) ToNotificationSlackArrayOutputWithContext( return o } -func (o NotificationSlackArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*NotificationSlack] { - return pulumix.Output[[]*NotificationSlack]{ - OutputState: o.OutputState, - } -} - func (o NotificationSlackArrayOutput) Index(i pulumi.IntInput) NotificationSlackOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *NotificationSlack { return vs[0].([]*NotificationSlack)[vs[1].(int)] @@ -315,12 +284,6 @@ func (o NotificationSlackMapOutput) ToNotificationSlackMapOutputWithContext(ctx return o } -func (o NotificationSlackMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*NotificationSlack] { - return pulumix.Output[map[string]*NotificationSlack]{ - OutputState: o.OutputState, - } -} - func (o NotificationSlackMapOutput) MapIndex(k pulumi.StringInput) NotificationSlackOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *NotificationSlack { return vs[0].(map[string]*NotificationSlack)[vs[1].(string)] diff --git a/sdk/go/aquasec/permissionsSets.go b/sdk/go/aquasec/permissionsSets.go index eed53a69..b04a3cf2 100644 --- a/sdk/go/aquasec/permissionsSets.go +++ b/sdk/go/aquasec/permissionsSets.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -233,12 +232,6 @@ func (i *PermissionsSets) ToPermissionsSetsOutputWithContext(ctx context.Context return pulumi.ToOutputWithContext(ctx, i).(PermissionsSetsOutput) } -func (i *PermissionsSets) ToOutput(ctx context.Context) pulumix.Output[*PermissionsSets] { - return pulumix.Output[*PermissionsSets]{ - OutputState: i.ToPermissionsSetsOutputWithContext(ctx).OutputState, - } -} - // PermissionsSetsArrayInput is an input type that accepts PermissionsSetsArray and PermissionsSetsArrayOutput values. // You can construct a concrete instance of `PermissionsSetsArrayInput` via: // @@ -264,12 +257,6 @@ func (i PermissionsSetsArray) ToPermissionsSetsArrayOutputWithContext(ctx contex return pulumi.ToOutputWithContext(ctx, i).(PermissionsSetsArrayOutput) } -func (i PermissionsSetsArray) ToOutput(ctx context.Context) pulumix.Output[[]*PermissionsSets] { - return pulumix.Output[[]*PermissionsSets]{ - OutputState: i.ToPermissionsSetsArrayOutputWithContext(ctx).OutputState, - } -} - // PermissionsSetsMapInput is an input type that accepts PermissionsSetsMap and PermissionsSetsMapOutput values. // You can construct a concrete instance of `PermissionsSetsMapInput` via: // @@ -295,12 +282,6 @@ func (i PermissionsSetsMap) ToPermissionsSetsMapOutputWithContext(ctx context.Co return pulumi.ToOutputWithContext(ctx, i).(PermissionsSetsMapOutput) } -func (i PermissionsSetsMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*PermissionsSets] { - return pulumix.Output[map[string]*PermissionsSets]{ - OutputState: i.ToPermissionsSetsMapOutputWithContext(ctx).OutputState, - } -} - type PermissionsSetsOutput struct{ *pulumi.OutputState } func (PermissionsSetsOutput) ElementType() reflect.Type { @@ -315,12 +296,6 @@ func (o PermissionsSetsOutput) ToPermissionsSetsOutputWithContext(ctx context.Co return o } -func (o PermissionsSetsOutput) ToOutput(ctx context.Context) pulumix.Output[*PermissionsSets] { - return pulumix.Output[*PermissionsSets]{ - OutputState: o.OutputState, - } -} - // List of allowed actions for the Permission Set (not relevant if 'is_super' is true). func (o PermissionsSetsOutput) Actions() pulumi.StringArrayOutput { return o.ApplyT(func(v *PermissionsSets) pulumi.StringArrayOutput { return v.Actions }).(pulumi.StringArrayOutput) @@ -370,12 +345,6 @@ func (o PermissionsSetsArrayOutput) ToPermissionsSetsArrayOutputWithContext(ctx return o } -func (o PermissionsSetsArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*PermissionsSets] { - return pulumix.Output[[]*PermissionsSets]{ - OutputState: o.OutputState, - } -} - func (o PermissionsSetsArrayOutput) Index(i pulumi.IntInput) PermissionsSetsOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *PermissionsSets { return vs[0].([]*PermissionsSets)[vs[1].(int)] @@ -396,12 +365,6 @@ func (o PermissionsSetsMapOutput) ToPermissionsSetsMapOutputWithContext(ctx cont return o } -func (o PermissionsSetsMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*PermissionsSets] { - return pulumix.Output[map[string]*PermissionsSets]{ - OutputState: o.OutputState, - } -} - func (o PermissionsSetsMapOutput) MapIndex(k pulumi.StringInput) PermissionsSetsOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *PermissionsSets { return vs[0].(map[string]*PermissionsSets)[vs[1].(string)] diff --git a/sdk/go/aquasec/provider.go b/sdk/go/aquasec/provider.go index 2ab7ae19..c2e2f19a 100644 --- a/sdk/go/aquasec/provider.go +++ b/sdk/go/aquasec/provider.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -42,6 +41,36 @@ func NewProvider(ctx *pulumi.Context, args = &ProviderArgs{} } + if args.AquaUrl == nil { + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_URL"); d != nil { + args.AquaUrl = pulumi.StringPtr(d.(string)) + } + } + if args.CaCertificatePath == nil { + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_CA_CERT_PATH"); d != nil { + args.CaCertificatePath = pulumi.StringPtr(d.(string)) + } + } + if args.ConfigPath == nil { + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_CONFIG"); d != nil { + args.ConfigPath = pulumi.StringPtr(d.(string)) + } + } + if args.Password == nil { + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_PASSWORD"); d != nil { + args.Password = pulumi.StringPtr(d.(string)) + } + } + if args.Username == nil { + if d := internal.GetEnvOrDefault(nil, nil, "AQUA_USER"); d != nil { + args.Username = pulumi.StringPtr(d.(string)) + } + } + if args.VerifyTls == nil { + if d := internal.GetEnvOrDefault(true, internal.ParseEnvBool, "AQUA_TLS_VERIFY"); d != nil { + args.VerifyTls = pulumi.BoolPtr(d.(bool)) + } + } if args.Password != nil { args.Password = pulumi.ToSecret(args.Password).(pulumi.StringPtrInput) } @@ -126,12 +155,6 @@ func (i *Provider) ToProviderOutputWithContext(ctx context.Context) ProviderOutp return pulumi.ToOutputWithContext(ctx, i).(ProviderOutput) } -func (i *Provider) ToOutput(ctx context.Context) pulumix.Output[*Provider] { - return pulumix.Output[*Provider]{ - OutputState: i.ToProviderOutputWithContext(ctx).OutputState, - } -} - type ProviderOutput struct{ *pulumi.OutputState } func (ProviderOutput) ElementType() reflect.Type { @@ -146,12 +169,6 @@ func (o ProviderOutput) ToProviderOutputWithContext(ctx context.Context) Provide return o } -func (o ProviderOutput) ToOutput(ctx context.Context) pulumix.Output[*Provider] { - return pulumix.Output[*Provider]{ - OutputState: o.OutputState, - } -} - // This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable. func (o ProviderOutput) AquaUrl() pulumi.StringPtrOutput { return o.ApplyT(func(v *Provider) pulumi.StringPtrOutput { return v.AquaUrl }).(pulumi.StringPtrOutput) diff --git a/sdk/go/aquasec/pulumiTypes.go b/sdk/go/aquasec/pulumiTypes.go index 6fc50e6d..848cc901 100644 --- a/sdk/go/aquasec/pulumiTypes.go +++ b/sdk/go/aquasec/pulumiTypes.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -125,12 +124,6 @@ func (i AcknowledgeIssueArgs) ToAcknowledgeIssueOutputWithContext(ctx context.Co return pulumi.ToOutputWithContext(ctx, i).(AcknowledgeIssueOutput) } -func (i AcknowledgeIssueArgs) ToOutput(ctx context.Context) pulumix.Output[AcknowledgeIssue] { - return pulumix.Output[AcknowledgeIssue]{ - OutputState: i.ToAcknowledgeIssueOutputWithContext(ctx).OutputState, - } -} - // AcknowledgeIssueArrayInput is an input type that accepts AcknowledgeIssueArray and AcknowledgeIssueArrayOutput values. // You can construct a concrete instance of `AcknowledgeIssueArrayInput` via: // @@ -156,12 +149,6 @@ func (i AcknowledgeIssueArray) ToAcknowledgeIssueArrayOutputWithContext(ctx cont return pulumi.ToOutputWithContext(ctx, i).(AcknowledgeIssueArrayOutput) } -func (i AcknowledgeIssueArray) ToOutput(ctx context.Context) pulumix.Output[[]AcknowledgeIssue] { - return pulumix.Output[[]AcknowledgeIssue]{ - OutputState: i.ToAcknowledgeIssueArrayOutputWithContext(ctx).OutputState, - } -} - type AcknowledgeIssueOutput struct{ *pulumi.OutputState } func (AcknowledgeIssueOutput) ElementType() reflect.Type { @@ -176,12 +163,6 @@ func (o AcknowledgeIssueOutput) ToAcknowledgeIssueOutputWithContext(ctx context. return o } -func (o AcknowledgeIssueOutput) ToOutput(ctx context.Context) pulumix.Output[AcknowledgeIssue] { - return pulumix.Output[AcknowledgeIssue]{ - OutputState: o.OutputState, - } -} - // The user who acknowledged the issue. func (o AcknowledgeIssueOutput) Author() pulumi.StringPtrOutput { return o.ApplyT(func(v AcknowledgeIssue) *string { return v.Author }).(pulumi.StringPtrOutput) @@ -300,12 +281,6 @@ func (o AcknowledgeIssueArrayOutput) ToAcknowledgeIssueArrayOutputWithContext(ct return o } -func (o AcknowledgeIssueArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]AcknowledgeIssue] { - return pulumix.Output[[]AcknowledgeIssue]{ - OutputState: o.OutputState, - } -} - func (o AcknowledgeIssueArrayOutput) Index(i pulumi.IntInput) AcknowledgeIssueOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) AcknowledgeIssue { return vs[0].([]AcknowledgeIssue)[vs[1].(int)] @@ -355,12 +330,6 @@ func (i ApplicationScopeCategoryArgs) ToApplicationScopeCategoryOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryOutput) } -func (i ApplicationScopeCategoryArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategory] { - return pulumix.Output[ApplicationScopeCategory]{ - OutputState: i.ToApplicationScopeCategoryOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArrayInput is an input type that accepts ApplicationScopeCategoryArray and ApplicationScopeCategoryArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArrayInput` via: // @@ -386,12 +355,6 @@ func (i ApplicationScopeCategoryArray) ToApplicationScopeCategoryArrayOutputWith return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArrayOutput) } -func (i ApplicationScopeCategoryArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategory] { - return pulumix.Output[[]ApplicationScopeCategory]{ - OutputState: i.ToApplicationScopeCategoryArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryOutput) ElementType() reflect.Type { @@ -406,12 +369,6 @@ func (o ApplicationScopeCategoryOutput) ToApplicationScopeCategoryOutputWithCont return o } -func (o ApplicationScopeCategoryOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategory] { - return pulumix.Output[ApplicationScopeCategory]{ - OutputState: o.OutputState, - } -} - // An artifact is an application. It can be an image (for a container, not a CF application); a serverless function; or a Tanzu Application Service (TAS) droplet. func (o ApplicationScopeCategoryOutput) Artifacts() ApplicationScopeCategoryArtifactArrayOutput { return o.ApplyT(func(v ApplicationScopeCategory) []ApplicationScopeCategoryArtifact { return v.Artifacts }).(ApplicationScopeCategoryArtifactArrayOutput) @@ -445,12 +402,6 @@ func (o ApplicationScopeCategoryArrayOutput) ToApplicationScopeCategoryArrayOutp return o } -func (o ApplicationScopeCategoryArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategory] { - return pulumix.Output[[]ApplicationScopeCategory]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategory { return vs[0].([]ApplicationScopeCategory)[vs[1].(int)] @@ -458,9 +409,11 @@ func (o ApplicationScopeCategoryArrayOutput) Index(i pulumi.IntInput) Applicatio } type ApplicationScopeCategoryArtifact struct { - Cfs []ApplicationScopeCategoryArtifactCf `pulumi:"cfs"` + Cfs []ApplicationScopeCategoryArtifactCf `pulumi:"cfs"` + // Function name Functions []ApplicationScopeCategoryArtifactFunction `pulumi:"functions"` - Images []ApplicationScopeCategoryArtifactImage `pulumi:"images"` + // Name of a registry as defined in Aqua + Images []ApplicationScopeCategoryArtifactImage `pulumi:"images"` } // ApplicationScopeCategoryArtifactInput is an input type that accepts ApplicationScopeCategoryArtifactArgs and ApplicationScopeCategoryArtifactOutput values. @@ -475,9 +428,11 @@ type ApplicationScopeCategoryArtifactInput interface { } type ApplicationScopeCategoryArtifactArgs struct { - Cfs ApplicationScopeCategoryArtifactCfArrayInput `pulumi:"cfs"` + Cfs ApplicationScopeCategoryArtifactCfArrayInput `pulumi:"cfs"` + // Function name Functions ApplicationScopeCategoryArtifactFunctionArrayInput `pulumi:"functions"` - Images ApplicationScopeCategoryArtifactImageArrayInput `pulumi:"images"` + // Name of a registry as defined in Aqua + Images ApplicationScopeCategoryArtifactImageArrayInput `pulumi:"images"` } func (ApplicationScopeCategoryArtifactArgs) ElementType() reflect.Type { @@ -492,12 +447,6 @@ func (i ApplicationScopeCategoryArtifactArgs) ToApplicationScopeCategoryArtifact return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactOutput) } -func (i ApplicationScopeCategoryArtifactArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifact] { - return pulumix.Output[ApplicationScopeCategoryArtifact]{ - OutputState: i.ToApplicationScopeCategoryArtifactOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactArrayInput is an input type that accepts ApplicationScopeCategoryArtifactArray and ApplicationScopeCategoryArtifactArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactArrayInput` via: // @@ -523,12 +472,6 @@ func (i ApplicationScopeCategoryArtifactArray) ToApplicationScopeCategoryArtifac return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactArrayOutput) } -func (i ApplicationScopeCategoryArtifactArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifact] { - return pulumix.Output[[]ApplicationScopeCategoryArtifact]{ - OutputState: i.ToApplicationScopeCategoryArtifactArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactOutput) ElementType() reflect.Type { @@ -543,22 +486,18 @@ func (o ApplicationScopeCategoryArtifactOutput) ToApplicationScopeCategoryArtifa return o } -func (o ApplicationScopeCategoryArtifactOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifact] { - return pulumix.Output[ApplicationScopeCategoryArtifact]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactOutput) Cfs() ApplicationScopeCategoryArtifactCfArrayOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifact) []ApplicationScopeCategoryArtifactCf { return v.Cfs }).(ApplicationScopeCategoryArtifactCfArrayOutput) } +// Function name func (o ApplicationScopeCategoryArtifactOutput) Functions() ApplicationScopeCategoryArtifactFunctionArrayOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifact) []ApplicationScopeCategoryArtifactFunction { return v.Functions }).(ApplicationScopeCategoryArtifactFunctionArrayOutput) } +// Name of a registry as defined in Aqua func (o ApplicationScopeCategoryArtifactOutput) Images() ApplicationScopeCategoryArtifactImageArrayOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifact) []ApplicationScopeCategoryArtifactImage { return v.Images }).(ApplicationScopeCategoryArtifactImageArrayOutput) } @@ -577,12 +516,6 @@ func (o ApplicationScopeCategoryArtifactArrayOutput) ToApplicationScopeCategoryA return o } -func (o ApplicationScopeCategoryArtifactArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifact] { - return pulumix.Output[[]ApplicationScopeCategoryArtifact]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifact { return vs[0].([]ApplicationScopeCategoryArtifact)[vs[1].(int)] @@ -622,12 +555,6 @@ func (i ApplicationScopeCategoryArtifactCfArgs) ToApplicationScopeCategoryArtifa return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactCfOutput) } -func (i ApplicationScopeCategoryArtifactCfArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactCf] { - return pulumix.Output[ApplicationScopeCategoryArtifactCf]{ - OutputState: i.ToApplicationScopeCategoryArtifactCfOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactCfArrayInput is an input type that accepts ApplicationScopeCategoryArtifactCfArray and ApplicationScopeCategoryArtifactCfArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactCfArrayInput` via: // @@ -653,12 +580,6 @@ func (i ApplicationScopeCategoryArtifactCfArray) ToApplicationScopeCategoryArtif return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactCfArrayOutput) } -func (i ApplicationScopeCategoryArtifactCfArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactCf] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactCf]{ - OutputState: i.ToApplicationScopeCategoryArtifactCfArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactCfOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactCfOutput) ElementType() reflect.Type { @@ -673,12 +594,6 @@ func (o ApplicationScopeCategoryArtifactCfOutput) ToApplicationScopeCategoryArti return o } -func (o ApplicationScopeCategoryArtifactCfOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactCf] { - return pulumix.Output[ApplicationScopeCategoryArtifactCf]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactCfOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifactCf) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -703,12 +618,6 @@ func (o ApplicationScopeCategoryArtifactCfArrayOutput) ToApplicationScopeCategor return o } -func (o ApplicationScopeCategoryArtifactCfArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactCf] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactCf]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactCfArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactCfOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifactCf { return vs[0].([]ApplicationScopeCategoryArtifactCf)[vs[1].(int)] @@ -748,12 +657,6 @@ func (i ApplicationScopeCategoryArtifactCfVariableArgs) ToApplicationScopeCatego return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactCfVariableOutput) } -func (i ApplicationScopeCategoryArtifactCfVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[ApplicationScopeCategoryArtifactCfVariable]{ - OutputState: i.ToApplicationScopeCategoryArtifactCfVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactCfVariableArrayInput is an input type that accepts ApplicationScopeCategoryArtifactCfVariableArray and ApplicationScopeCategoryArtifactCfVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactCfVariableArrayInput` via: // @@ -779,12 +682,6 @@ func (i ApplicationScopeCategoryArtifactCfVariableArray) ToApplicationScopeCateg return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactCfVariableArrayOutput) } -func (i ApplicationScopeCategoryArtifactCfVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactCfVariable]{ - OutputState: i.ToApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactCfVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactCfVariableOutput) ElementType() reflect.Type { @@ -799,12 +696,6 @@ func (o ApplicationScopeCategoryArtifactCfVariableOutput) ToApplicationScopeCate return o } -func (o ApplicationScopeCategoryArtifactCfVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[ApplicationScopeCategoryArtifactCfVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactCfVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifactCfVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -827,12 +718,6 @@ func (o ApplicationScopeCategoryArtifactCfVariableArrayOutput) ToApplicationScop return o } -func (o ApplicationScopeCategoryArtifactCfVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactCfVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactCfVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactCfVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifactCfVariable { return vs[0].([]ApplicationScopeCategoryArtifactCfVariable)[vs[1].(int)] @@ -872,12 +757,6 @@ func (i ApplicationScopeCategoryArtifactFunctionArgs) ToApplicationScopeCategory return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactFunctionOutput) } -func (i ApplicationScopeCategoryArtifactFunctionArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[ApplicationScopeCategoryArtifactFunction]{ - OutputState: i.ToApplicationScopeCategoryArtifactFunctionOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactFunctionArrayInput is an input type that accepts ApplicationScopeCategoryArtifactFunctionArray and ApplicationScopeCategoryArtifactFunctionArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactFunctionArrayInput` via: // @@ -903,12 +782,6 @@ func (i ApplicationScopeCategoryArtifactFunctionArray) ToApplicationScopeCategor return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactFunctionArrayOutput) } -func (i ApplicationScopeCategoryArtifactFunctionArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactFunction]{ - OutputState: i.ToApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactFunctionOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactFunctionOutput) ElementType() reflect.Type { @@ -923,12 +796,6 @@ func (o ApplicationScopeCategoryArtifactFunctionOutput) ToApplicationScopeCatego return o } -func (o ApplicationScopeCategoryArtifactFunctionOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[ApplicationScopeCategoryArtifactFunction]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactFunctionOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifactFunction) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -953,12 +820,6 @@ func (o ApplicationScopeCategoryArtifactFunctionArrayOutput) ToApplicationScopeC return o } -func (o ApplicationScopeCategoryArtifactFunctionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactFunction]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactFunctionArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactFunctionOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifactFunction { return vs[0].([]ApplicationScopeCategoryArtifactFunction)[vs[1].(int)] @@ -998,12 +859,6 @@ func (i ApplicationScopeCategoryArtifactFunctionVariableArgs) ToApplicationScope return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactFunctionVariableOutput) } -func (i ApplicationScopeCategoryArtifactFunctionVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[ApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: i.ToApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactFunctionVariableArrayInput is an input type that accepts ApplicationScopeCategoryArtifactFunctionVariableArray and ApplicationScopeCategoryArtifactFunctionVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactFunctionVariableArrayInput` via: // @@ -1029,12 +884,6 @@ func (i ApplicationScopeCategoryArtifactFunctionVariableArray) ToApplicationScop return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactFunctionVariableArrayOutput) } -func (i ApplicationScopeCategoryArtifactFunctionVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: i.ToApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactFunctionVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactFunctionVariableOutput) ElementType() reflect.Type { @@ -1049,12 +898,6 @@ func (o ApplicationScopeCategoryArtifactFunctionVariableOutput) ToApplicationSco return o } -func (o ApplicationScopeCategoryArtifactFunctionVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[ApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactFunctionVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifactFunctionVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -1077,12 +920,6 @@ func (o ApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToApplicati return o } -func (o ApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactFunctionVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactFunctionVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifactFunctionVariable { return vs[0].([]ApplicationScopeCategoryArtifactFunctionVariable)[vs[1].(int)] @@ -1122,12 +959,6 @@ func (i ApplicationScopeCategoryArtifactImageArgs) ToApplicationScopeCategoryArt return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactImageOutput) } -func (i ApplicationScopeCategoryArtifactImageArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactImage] { - return pulumix.Output[ApplicationScopeCategoryArtifactImage]{ - OutputState: i.ToApplicationScopeCategoryArtifactImageOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactImageArrayInput is an input type that accepts ApplicationScopeCategoryArtifactImageArray and ApplicationScopeCategoryArtifactImageArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactImageArrayInput` via: // @@ -1153,12 +984,6 @@ func (i ApplicationScopeCategoryArtifactImageArray) ToApplicationScopeCategoryAr return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactImageArrayOutput) } -func (i ApplicationScopeCategoryArtifactImageArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactImage] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactImage]{ - OutputState: i.ToApplicationScopeCategoryArtifactImageArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactImageOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactImageOutput) ElementType() reflect.Type { @@ -1173,12 +998,6 @@ func (o ApplicationScopeCategoryArtifactImageOutput) ToApplicationScopeCategoryA return o } -func (o ApplicationScopeCategoryArtifactImageOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactImage] { - return pulumix.Output[ApplicationScopeCategoryArtifactImage]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactImageOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifactImage) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -1203,12 +1022,6 @@ func (o ApplicationScopeCategoryArtifactImageArrayOutput) ToApplicationScopeCate return o } -func (o ApplicationScopeCategoryArtifactImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactImage] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactImage]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactImageArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactImageOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifactImage { return vs[0].([]ApplicationScopeCategoryArtifactImage)[vs[1].(int)] @@ -1248,12 +1061,6 @@ func (i ApplicationScopeCategoryArtifactImageVariableArgs) ToApplicationScopeCat return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactImageVariableOutput) } -func (i ApplicationScopeCategoryArtifactImageVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[ApplicationScopeCategoryArtifactImageVariable]{ - OutputState: i.ToApplicationScopeCategoryArtifactImageVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryArtifactImageVariableArrayInput is an input type that accepts ApplicationScopeCategoryArtifactImageVariableArray and ApplicationScopeCategoryArtifactImageVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryArtifactImageVariableArrayInput` via: // @@ -1279,12 +1086,6 @@ func (i ApplicationScopeCategoryArtifactImageVariableArray) ToApplicationScopeCa return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryArtifactImageVariableArrayOutput) } -func (i ApplicationScopeCategoryArtifactImageVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactImageVariable]{ - OutputState: i.ToApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryArtifactImageVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryArtifactImageVariableOutput) ElementType() reflect.Type { @@ -1299,12 +1100,6 @@ func (o ApplicationScopeCategoryArtifactImageVariableOutput) ToApplicationScopeC return o } -func (o ApplicationScopeCategoryArtifactImageVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[ApplicationScopeCategoryArtifactImageVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactImageVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryArtifactImageVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -1327,12 +1122,6 @@ func (o ApplicationScopeCategoryArtifactImageVariableArrayOutput) ToApplicationS return o } -func (o ApplicationScopeCategoryArtifactImageVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[[]ApplicationScopeCategoryArtifactImageVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryArtifactImageVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryArtifactImageVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryArtifactImageVariable { return vs[0].([]ApplicationScopeCategoryArtifactImageVariable)[vs[1].(int)] @@ -1372,12 +1161,6 @@ func (i ApplicationScopeCategoryEntityScopeArgs) ToApplicationScopeCategoryEntit return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryEntityScopeOutput) } -func (i ApplicationScopeCategoryEntityScopeArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryEntityScope] { - return pulumix.Output[ApplicationScopeCategoryEntityScope]{ - OutputState: i.ToApplicationScopeCategoryEntityScopeOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryEntityScopeArrayInput is an input type that accepts ApplicationScopeCategoryEntityScopeArray and ApplicationScopeCategoryEntityScopeArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryEntityScopeArrayInput` via: // @@ -1403,12 +1186,6 @@ func (i ApplicationScopeCategoryEntityScopeArray) ToApplicationScopeCategoryEnti return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryEntityScopeArrayOutput) } -func (i ApplicationScopeCategoryEntityScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryEntityScope] { - return pulumix.Output[[]ApplicationScopeCategoryEntityScope]{ - OutputState: i.ToApplicationScopeCategoryEntityScopeArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryEntityScopeOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryEntityScopeOutput) ElementType() reflect.Type { @@ -1423,12 +1200,6 @@ func (o ApplicationScopeCategoryEntityScopeOutput) ToApplicationScopeCategoryEnt return o } -func (o ApplicationScopeCategoryEntityScopeOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryEntityScope] { - return pulumix.Output[ApplicationScopeCategoryEntityScope]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryEntityScopeOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryEntityScope) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -1453,12 +1224,6 @@ func (o ApplicationScopeCategoryEntityScopeArrayOutput) ToApplicationScopeCatego return o } -func (o ApplicationScopeCategoryEntityScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryEntityScope] { - return pulumix.Output[[]ApplicationScopeCategoryEntityScope]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryEntityScopeArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryEntityScopeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryEntityScope { return vs[0].([]ApplicationScopeCategoryEntityScope)[vs[1].(int)] @@ -1498,12 +1263,6 @@ func (i ApplicationScopeCategoryEntityScopeVariableArgs) ToApplicationScopeCateg return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryEntityScopeVariableOutput) } -func (i ApplicationScopeCategoryEntityScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[ApplicationScopeCategoryEntityScopeVariable]{ - OutputState: i.ToApplicationScopeCategoryEntityScopeVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryEntityScopeVariableArrayInput is an input type that accepts ApplicationScopeCategoryEntityScopeVariableArray and ApplicationScopeCategoryEntityScopeVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryEntityScopeVariableArrayInput` via: // @@ -1529,12 +1288,6 @@ func (i ApplicationScopeCategoryEntityScopeVariableArray) ToApplicationScopeCate return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryEntityScopeVariableArrayOutput) } -func (i ApplicationScopeCategoryEntityScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[[]ApplicationScopeCategoryEntityScopeVariable]{ - OutputState: i.ToApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryEntityScopeVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryEntityScopeVariableOutput) ElementType() reflect.Type { @@ -1549,12 +1302,6 @@ func (o ApplicationScopeCategoryEntityScopeVariableOutput) ToApplicationScopeCat return o } -func (o ApplicationScopeCategoryEntityScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[ApplicationScopeCategoryEntityScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryEntityScopeVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryEntityScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -1577,12 +1324,6 @@ func (o ApplicationScopeCategoryEntityScopeVariableArrayOutput) ToApplicationSco return o } -func (o ApplicationScopeCategoryEntityScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[[]ApplicationScopeCategoryEntityScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryEntityScopeVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryEntityScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryEntityScopeVariable { return vs[0].([]ApplicationScopeCategoryEntityScopeVariable)[vs[1].(int)] @@ -1622,12 +1363,6 @@ func (i ApplicationScopeCategoryInfrastructureArgs) ToApplicationScopeCategoryIn return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureOutput) } -func (i ApplicationScopeCategoryInfrastructureArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructure] { - return pulumix.Output[ApplicationScopeCategoryInfrastructure]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryInfrastructureArrayInput is an input type that accepts ApplicationScopeCategoryInfrastructureArray and ApplicationScopeCategoryInfrastructureArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryInfrastructureArrayInput` via: // @@ -1653,12 +1388,6 @@ func (i ApplicationScopeCategoryInfrastructureArray) ToApplicationScopeCategoryI return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureArrayOutput) } -func (i ApplicationScopeCategoryInfrastructureArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructure] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructure]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryInfrastructureOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryInfrastructureOutput) ElementType() reflect.Type { @@ -1673,12 +1402,6 @@ func (o ApplicationScopeCategoryInfrastructureOutput) ToApplicationScopeCategory return o } -func (o ApplicationScopeCategoryInfrastructureOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructure] { - return pulumix.Output[ApplicationScopeCategoryInfrastructure]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureOutput) Kubernetes() ApplicationScopeCategoryInfrastructureKuberneteArrayOutput { return o.ApplyT(func(v ApplicationScopeCategoryInfrastructure) []ApplicationScopeCategoryInfrastructureKubernete { return v.Kubernetes @@ -1703,12 +1426,6 @@ func (o ApplicationScopeCategoryInfrastructureArrayOutput) ToApplicationScopeCat return o } -func (o ApplicationScopeCategoryInfrastructureArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructure] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructure]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryInfrastructureOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryInfrastructure { return vs[0].([]ApplicationScopeCategoryInfrastructure)[vs[1].(int)] @@ -1748,12 +1465,6 @@ func (i ApplicationScopeCategoryInfrastructureKuberneteArgs) ToApplicationScopeC return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureKuberneteOutput) } -func (i ApplicationScopeCategoryInfrastructureKuberneteArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryInfrastructureKuberneteArrayInput is an input type that accepts ApplicationScopeCategoryInfrastructureKuberneteArray and ApplicationScopeCategoryInfrastructureKuberneteArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryInfrastructureKuberneteArrayInput` via: // @@ -1779,12 +1490,6 @@ func (i ApplicationScopeCategoryInfrastructureKuberneteArray) ToApplicationScope return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureKuberneteArrayOutput) } -func (i ApplicationScopeCategoryInfrastructureKuberneteArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryInfrastructureKuberneteOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryInfrastructureKuberneteOutput) ElementType() reflect.Type { @@ -1799,12 +1504,6 @@ func (o ApplicationScopeCategoryInfrastructureKuberneteOutput) ToApplicationScop return o } -func (o ApplicationScopeCategoryInfrastructureKuberneteOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureKuberneteOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryInfrastructureKubernete) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -1829,12 +1528,6 @@ func (o ApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToApplicatio return o } -func (o ApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureKuberneteArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryInfrastructureKuberneteOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryInfrastructureKubernete { return vs[0].([]ApplicationScopeCategoryInfrastructureKubernete)[vs[1].(int)] @@ -1874,12 +1567,6 @@ func (i ApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToApplicati return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureKuberneteVariableOutput) } -func (i ApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput is an input type that accepts ApplicationScopeCategoryInfrastructureKuberneteVariableArray and ApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput` via: // @@ -1905,12 +1592,6 @@ func (i ApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToApplicat return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) } -func (i ApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryInfrastructureKuberneteVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ElementType() reflect.Type { @@ -1925,12 +1606,6 @@ func (o ApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToApplica return o } -func (o ApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureKuberneteVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryInfrastructureKuberneteVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -1953,12 +1628,6 @@ func (o ApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToAp return o } -func (o ApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryInfrastructureKuberneteVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryInfrastructureKuberneteVariable { return vs[0].([]ApplicationScopeCategoryInfrastructureKuberneteVariable)[vs[1].(int)] @@ -1998,12 +1667,6 @@ func (i ApplicationScopeCategoryInfrastructureOArgs) ToApplicationScopeCategoryI return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureOOutput) } -func (i ApplicationScopeCategoryInfrastructureOArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureO]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureOOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryInfrastructureOArrayInput is an input type that accepts ApplicationScopeCategoryInfrastructureOArray and ApplicationScopeCategoryInfrastructureOArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryInfrastructureOArrayInput` via: // @@ -2029,12 +1692,6 @@ func (i ApplicationScopeCategoryInfrastructureOArray) ToApplicationScopeCategory return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureOArrayOutput) } -func (i ApplicationScopeCategoryInfrastructureOArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureO]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureOArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryInfrastructureOOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryInfrastructureOOutput) ElementType() reflect.Type { @@ -2049,12 +1706,6 @@ func (o ApplicationScopeCategoryInfrastructureOOutput) ToApplicationScopeCategor return o } -func (o ApplicationScopeCategoryInfrastructureOOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureO]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureOOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryInfrastructureO) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -2079,12 +1730,6 @@ func (o ApplicationScopeCategoryInfrastructureOArrayOutput) ToApplicationScopeCa return o } -func (o ApplicationScopeCategoryInfrastructureOArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureO]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureOArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryInfrastructureOOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryInfrastructureO { return vs[0].([]ApplicationScopeCategoryInfrastructureO)[vs[1].(int)] @@ -2124,12 +1769,6 @@ func (i ApplicationScopeCategoryInfrastructureOVariableArgs) ToApplicationScopeC return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureOVariableOutput) } -func (i ApplicationScopeCategoryInfrastructureOVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureOVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryInfrastructureOVariableArrayInput is an input type that accepts ApplicationScopeCategoryInfrastructureOVariableArray and ApplicationScopeCategoryInfrastructureOVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryInfrastructureOVariableArrayInput` via: // @@ -2155,12 +1794,6 @@ func (i ApplicationScopeCategoryInfrastructureOVariableArray) ToApplicationScope return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryInfrastructureOVariableArrayOutput) } -func (i ApplicationScopeCategoryInfrastructureOVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: i.ToApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryInfrastructureOVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryInfrastructureOVariableOutput) ElementType() reflect.Type { @@ -2175,12 +1808,6 @@ func (o ApplicationScopeCategoryInfrastructureOVariableOutput) ToApplicationScop return o } -func (o ApplicationScopeCategoryInfrastructureOVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[ApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureOVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryInfrastructureOVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -2203,12 +1830,6 @@ func (o ApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToApplicatio return o } -func (o ApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[[]ApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryInfrastructureOVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryInfrastructureOVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryInfrastructureOVariable { return vs[0].([]ApplicationScopeCategoryInfrastructureOVariable)[vs[1].(int)] @@ -2250,12 +1871,6 @@ func (i ApplicationScopeCategoryWorkloadArgs) ToApplicationScopeCategoryWorkload return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadOutput) } -func (i ApplicationScopeCategoryWorkloadArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkload] { - return pulumix.Output[ApplicationScopeCategoryWorkload]{ - OutputState: i.ToApplicationScopeCategoryWorkloadOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadArray and ApplicationScopeCategoryWorkloadArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadArrayInput` via: // @@ -2281,12 +1896,6 @@ func (i ApplicationScopeCategoryWorkloadArray) ToApplicationScopeCategoryWorkloa return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadArrayOutput) } -func (i ApplicationScopeCategoryWorkloadArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkload] { - return pulumix.Output[[]ApplicationScopeCategoryWorkload]{ - OutputState: i.ToApplicationScopeCategoryWorkloadArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadOutput) ElementType() reflect.Type { @@ -2301,12 +1910,6 @@ func (o ApplicationScopeCategoryWorkloadOutput) ToApplicationScopeCategoryWorklo return o } -func (o ApplicationScopeCategoryWorkloadOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkload] { - return pulumix.Output[ApplicationScopeCategoryWorkload]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadOutput) Cfs() ApplicationScopeCategoryWorkloadCfArrayOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkload) []ApplicationScopeCategoryWorkloadCf { return v.Cfs }).(ApplicationScopeCategoryWorkloadCfArrayOutput) } @@ -2335,12 +1938,6 @@ func (o ApplicationScopeCategoryWorkloadArrayOutput) ToApplicationScopeCategoryW return o } -func (o ApplicationScopeCategoryWorkloadArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkload] { - return pulumix.Output[[]ApplicationScopeCategoryWorkload]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkload { return vs[0].([]ApplicationScopeCategoryWorkload)[vs[1].(int)] @@ -2380,12 +1977,6 @@ func (i ApplicationScopeCategoryWorkloadCfArgs) ToApplicationScopeCategoryWorklo return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadCfOutput) } -func (i ApplicationScopeCategoryWorkloadCfArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[ApplicationScopeCategoryWorkloadCf]{ - OutputState: i.ToApplicationScopeCategoryWorkloadCfOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadCfArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadCfArray and ApplicationScopeCategoryWorkloadCfArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadCfArrayInput` via: // @@ -2411,12 +2002,6 @@ func (i ApplicationScopeCategoryWorkloadCfArray) ToApplicationScopeCategoryWorkl return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadCfArrayOutput) } -func (i ApplicationScopeCategoryWorkloadCfArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadCf]{ - OutputState: i.ToApplicationScopeCategoryWorkloadCfArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadCfOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadCfOutput) ElementType() reflect.Type { @@ -2431,12 +2016,6 @@ func (o ApplicationScopeCategoryWorkloadCfOutput) ToApplicationScopeCategoryWork return o } -func (o ApplicationScopeCategoryWorkloadCfOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[ApplicationScopeCategoryWorkloadCf]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadCfOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkloadCf) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -2461,12 +2040,6 @@ func (o ApplicationScopeCategoryWorkloadCfArrayOutput) ToApplicationScopeCategor return o } -func (o ApplicationScopeCategoryWorkloadCfArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadCf]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadCfArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadCfOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkloadCf { return vs[0].([]ApplicationScopeCategoryWorkloadCf)[vs[1].(int)] @@ -2506,12 +2079,6 @@ func (i ApplicationScopeCategoryWorkloadCfVariableArgs) ToApplicationScopeCatego return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadCfVariableOutput) } -func (i ApplicationScopeCategoryWorkloadCfVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[ApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: i.ToApplicationScopeCategoryWorkloadCfVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadCfVariableArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadCfVariableArray and ApplicationScopeCategoryWorkloadCfVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadCfVariableArrayInput` via: // @@ -2537,12 +2104,6 @@ func (i ApplicationScopeCategoryWorkloadCfVariableArray) ToApplicationScopeCateg return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadCfVariableArrayOutput) } -func (i ApplicationScopeCategoryWorkloadCfVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: i.ToApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadCfVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadCfVariableOutput) ElementType() reflect.Type { @@ -2557,12 +2118,6 @@ func (o ApplicationScopeCategoryWorkloadCfVariableOutput) ToApplicationScopeCate return o } -func (o ApplicationScopeCategoryWorkloadCfVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[ApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadCfVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkloadCfVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -2585,12 +2140,6 @@ func (o ApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToApplicationScop return o } -func (o ApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadCfVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadCfVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkloadCfVariable { return vs[0].([]ApplicationScopeCategoryWorkloadCfVariable)[vs[1].(int)] @@ -2630,12 +2179,6 @@ func (i ApplicationScopeCategoryWorkloadKuberneteArgs) ToApplicationScopeCategor return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadKuberneteOutput) } -func (i ApplicationScopeCategoryWorkloadKuberneteArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[ApplicationScopeCategoryWorkloadKubernete]{ - OutputState: i.ToApplicationScopeCategoryWorkloadKuberneteOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadKuberneteArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadKuberneteArray and ApplicationScopeCategoryWorkloadKuberneteArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadKuberneteArrayInput` via: // @@ -2661,12 +2204,6 @@ func (i ApplicationScopeCategoryWorkloadKuberneteArray) ToApplicationScopeCatego return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadKuberneteArrayOutput) } -func (i ApplicationScopeCategoryWorkloadKuberneteArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadKubernete]{ - OutputState: i.ToApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadKuberneteOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadKuberneteOutput) ElementType() reflect.Type { @@ -2681,12 +2218,6 @@ func (o ApplicationScopeCategoryWorkloadKuberneteOutput) ToApplicationScopeCateg return o } -func (o ApplicationScopeCategoryWorkloadKuberneteOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[ApplicationScopeCategoryWorkloadKubernete]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadKuberneteOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkloadKubernete) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -2711,12 +2242,6 @@ func (o ApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToApplicationScope return o } -func (o ApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadKubernete]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadKuberneteArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadKuberneteOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkloadKubernete { return vs[0].([]ApplicationScopeCategoryWorkloadKubernete)[vs[1].(int)] @@ -2756,12 +2281,6 @@ func (i ApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToApplicationScop return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadKuberneteVariableOutput) } -func (i ApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[ApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: i.ToApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadKuberneteVariableArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadKuberneteVariableArray and ApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadKuberneteVariableArrayInput` via: // @@ -2787,12 +2306,6 @@ func (i ApplicationScopeCategoryWorkloadKuberneteVariableArray) ToApplicationSco return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) } -func (i ApplicationScopeCategoryWorkloadKuberneteVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: i.ToApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadKuberneteVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadKuberneteVariableOutput) ElementType() reflect.Type { @@ -2807,12 +2320,6 @@ func (o ApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToApplicationSc return o } -func (o ApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[ApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadKuberneteVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkloadKuberneteVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -2835,12 +2342,6 @@ func (o ApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToApplicat return o } -func (o ApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadKuberneteVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkloadKuberneteVariable { return vs[0].([]ApplicationScopeCategoryWorkloadKuberneteVariable)[vs[1].(int)] @@ -2880,12 +2381,6 @@ func (i ApplicationScopeCategoryWorkloadOArgs) ToApplicationScopeCategoryWorkloa return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadOOutput) } -func (i ApplicationScopeCategoryWorkloadOArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadO] { - return pulumix.Output[ApplicationScopeCategoryWorkloadO]{ - OutputState: i.ToApplicationScopeCategoryWorkloadOOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadOArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadOArray and ApplicationScopeCategoryWorkloadOArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadOArrayInput` via: // @@ -2911,12 +2406,6 @@ func (i ApplicationScopeCategoryWorkloadOArray) ToApplicationScopeCategoryWorklo return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadOArrayOutput) } -func (i ApplicationScopeCategoryWorkloadOArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadO] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadO]{ - OutputState: i.ToApplicationScopeCategoryWorkloadOArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadOOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadOOutput) ElementType() reflect.Type { @@ -2931,12 +2420,6 @@ func (o ApplicationScopeCategoryWorkloadOOutput) ToApplicationScopeCategoryWorkl return o } -func (o ApplicationScopeCategoryWorkloadOOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadO] { - return pulumix.Output[ApplicationScopeCategoryWorkloadO]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadOOutput) Expression() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkloadO) *string { return v.Expression }).(pulumi.StringPtrOutput) } @@ -2961,12 +2444,6 @@ func (o ApplicationScopeCategoryWorkloadOArrayOutput) ToApplicationScopeCategory return o } -func (o ApplicationScopeCategoryWorkloadOArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadO] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadO]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadOArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadOOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkloadO { return vs[0].([]ApplicationScopeCategoryWorkloadO)[vs[1].(int)] @@ -3006,12 +2483,6 @@ func (i ApplicationScopeCategoryWorkloadOVariableArgs) ToApplicationScopeCategor return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadOVariableOutput) } -func (i ApplicationScopeCategoryWorkloadOVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[ApplicationScopeCategoryWorkloadOVariable]{ - OutputState: i.ToApplicationScopeCategoryWorkloadOVariableOutputWithContext(ctx).OutputState, - } -} - // ApplicationScopeCategoryWorkloadOVariableArrayInput is an input type that accepts ApplicationScopeCategoryWorkloadOVariableArray and ApplicationScopeCategoryWorkloadOVariableArrayOutput values. // You can construct a concrete instance of `ApplicationScopeCategoryWorkloadOVariableArrayInput` via: // @@ -3037,12 +2508,6 @@ func (i ApplicationScopeCategoryWorkloadOVariableArray) ToApplicationScopeCatego return pulumi.ToOutputWithContext(ctx, i).(ApplicationScopeCategoryWorkloadOVariableArrayOutput) } -func (i ApplicationScopeCategoryWorkloadOVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadOVariable]{ - OutputState: i.ToApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(ctx).OutputState, - } -} - type ApplicationScopeCategoryWorkloadOVariableOutput struct{ *pulumi.OutputState } func (ApplicationScopeCategoryWorkloadOVariableOutput) ElementType() reflect.Type { @@ -3057,12 +2522,6 @@ func (o ApplicationScopeCategoryWorkloadOVariableOutput) ToApplicationScopeCateg return o } -func (o ApplicationScopeCategoryWorkloadOVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[ApplicationScopeCategoryWorkloadOVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadOVariableOutput) Attribute() pulumi.StringPtrOutput { return o.ApplyT(func(v ApplicationScopeCategoryWorkloadOVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } @@ -3085,560 +2544,618 @@ func (o ApplicationScopeCategoryWorkloadOVariableArrayOutput) ToApplicationScope return o } -func (o ApplicationScopeCategoryWorkloadOVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[[]ApplicationScopeCategoryWorkloadOVariable]{ - OutputState: o.OutputState, - } -} - func (o ApplicationScopeCategoryWorkloadOVariableArrayOutput) Index(i pulumi.IntInput) ApplicationScopeCategoryWorkloadOVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) ApplicationScopeCategoryWorkloadOVariable { return vs[0].([]ApplicationScopeCategoryWorkloadOVariable)[vs[1].(int)] }).(ApplicationScopeCategoryWorkloadOVariableOutput) } -type ContainerRuntimePolicyFileIntegrityMonitoring struct { - // List of paths to be excluded from being monitored. - ExcludedPaths []string `pulumi:"excludedPaths"` - // List of processes to be excluded from being monitored. - ExcludedProcesses []string `pulumi:"excludedProcesses"` - // List of users to be excluded from being monitored. - ExcludedUsers []string `pulumi:"excludedUsers"` - // If true, add attributes operations will be monitored. - MonitorAttributes *bool `pulumi:"monitorAttributes"` - // If true, create operations will be monitored. - MonitorCreate *bool `pulumi:"monitorCreate"` - // If true, deletion operations will be monitored. - MonitorDelete *bool `pulumi:"monitorDelete"` - // If true, modification operations will be monitored. - MonitorModify *bool `pulumi:"monitorModify"` - // If true, read operations will be monitored. - MonitorRead *bool `pulumi:"monitorRead"` - // List of paths to be monitored. - MonitoredPaths []string `pulumi:"monitoredPaths"` - // List of processes to be monitored. - MonitoredProcesses []string `pulumi:"monitoredProcesses"` - // List of users to be monitored. - MonitoredUsers []string `pulumi:"monitoredUsers"` +type ContainerRuntimePolicyAllowedExecutable struct { + // List of allowed executables. + AllowExecutables []string `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables []string `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables *bool `pulumi:"separateExecutables"` } -// ContainerRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts ContainerRuntimePolicyFileIntegrityMonitoringArgs and ContainerRuntimePolicyFileIntegrityMonitoringOutput values. -// You can construct a concrete instance of `ContainerRuntimePolicyFileIntegrityMonitoringInput` via: +// ContainerRuntimePolicyAllowedExecutableInput is an input type that accepts ContainerRuntimePolicyAllowedExecutableArgs and ContainerRuntimePolicyAllowedExecutableOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyAllowedExecutableInput` via: // -// ContainerRuntimePolicyFileIntegrityMonitoringArgs{...} -type ContainerRuntimePolicyFileIntegrityMonitoringInput interface { +// ContainerRuntimePolicyAllowedExecutableArgs{...} +type ContainerRuntimePolicyAllowedExecutableInput interface { pulumi.Input - ToContainerRuntimePolicyFileIntegrityMonitoringOutput() ContainerRuntimePolicyFileIntegrityMonitoringOutput - ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) ContainerRuntimePolicyFileIntegrityMonitoringOutput -} - -type ContainerRuntimePolicyFileIntegrityMonitoringArgs struct { - // List of paths to be excluded from being monitored. - ExcludedPaths pulumi.StringArrayInput `pulumi:"excludedPaths"` - // List of processes to be excluded from being monitored. - ExcludedProcesses pulumi.StringArrayInput `pulumi:"excludedProcesses"` - // List of users to be excluded from being monitored. - ExcludedUsers pulumi.StringArrayInput `pulumi:"excludedUsers"` - // If true, add attributes operations will be monitored. - MonitorAttributes pulumi.BoolPtrInput `pulumi:"monitorAttributes"` - // If true, create operations will be monitored. - MonitorCreate pulumi.BoolPtrInput `pulumi:"monitorCreate"` - // If true, deletion operations will be monitored. - MonitorDelete pulumi.BoolPtrInput `pulumi:"monitorDelete"` - // If true, modification operations will be monitored. - MonitorModify pulumi.BoolPtrInput `pulumi:"monitorModify"` - // If true, read operations will be monitored. - MonitorRead pulumi.BoolPtrInput `pulumi:"monitorRead"` - // List of paths to be monitored. - MonitoredPaths pulumi.StringArrayInput `pulumi:"monitoredPaths"` - // List of processes to be monitored. - MonitoredProcesses pulumi.StringArrayInput `pulumi:"monitoredProcesses"` - // List of users to be monitored. - MonitoredUsers pulumi.StringArrayInput `pulumi:"monitoredUsers"` -} - -func (ContainerRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() -} - -func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringOutput() ContainerRuntimePolicyFileIntegrityMonitoringOutput { - return i.ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) + ToContainerRuntimePolicyAllowedExecutableOutput() ContainerRuntimePolicyAllowedExecutableOutput + ToContainerRuntimePolicyAllowedExecutableOutputWithContext(context.Context) ContainerRuntimePolicyAllowedExecutableOutput } -func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileIntegrityMonitoringOutput) +type ContainerRuntimePolicyAllowedExecutableArgs struct { + // List of allowed executables. + AllowExecutables pulumi.StringArrayInput `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables pulumi.StringArrayInput `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables pulumi.BoolPtrInput `pulumi:"separateExecutables"` } -func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToOutput(ctx context.Context) pulumix.Output[ContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[ContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx).OutputState, - } +func (ContainerRuntimePolicyAllowedExecutableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return i.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyAllowedExecutableArgs) ToContainerRuntimePolicyAllowedExecutableOutput() ContainerRuntimePolicyAllowedExecutableOutput { + return i.ToContainerRuntimePolicyAllowedExecutableOutputWithContext(context.Background()) } -func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileIntegrityMonitoringOutput).ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx) +func (i ContainerRuntimePolicyAllowedExecutableArgs) ToContainerRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedExecutableOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAllowedExecutableOutput) } -// ContainerRuntimePolicyFileIntegrityMonitoringPtrInput is an input type that accepts ContainerRuntimePolicyFileIntegrityMonitoringArgs, ContainerRuntimePolicyFileIntegrityMonitoringPtr and ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput values. -// You can construct a concrete instance of `ContainerRuntimePolicyFileIntegrityMonitoringPtrInput` via: +// ContainerRuntimePolicyAllowedExecutableArrayInput is an input type that accepts ContainerRuntimePolicyAllowedExecutableArray and ContainerRuntimePolicyAllowedExecutableArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyAllowedExecutableArrayInput` via: // -// ContainerRuntimePolicyFileIntegrityMonitoringArgs{...} -// -// or: -// -// nil -type ContainerRuntimePolicyFileIntegrityMonitoringPtrInput interface { +// ContainerRuntimePolicyAllowedExecutableArray{ ContainerRuntimePolicyAllowedExecutableArgs{...} } +type ContainerRuntimePolicyAllowedExecutableArrayInput interface { pulumi.Input - ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput - ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput + ToContainerRuntimePolicyAllowedExecutableArrayOutput() ContainerRuntimePolicyAllowedExecutableArrayOutput + ToContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Context) ContainerRuntimePolicyAllowedExecutableArrayOutput } -type containerRuntimePolicyFileIntegrityMonitoringPtrType ContainerRuntimePolicyFileIntegrityMonitoringArgs +type ContainerRuntimePolicyAllowedExecutableArray []ContainerRuntimePolicyAllowedExecutableInput -func ContainerRuntimePolicyFileIntegrityMonitoringPtr(v *ContainerRuntimePolicyFileIntegrityMonitoringArgs) ContainerRuntimePolicyFileIntegrityMonitoringPtrInput { - return (*containerRuntimePolicyFileIntegrityMonitoringPtrType)(v) +func (ContainerRuntimePolicyAllowedExecutableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -func (*containerRuntimePolicyFileIntegrityMonitoringPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (i ContainerRuntimePolicyAllowedExecutableArray) ToContainerRuntimePolicyAllowedExecutableArrayOutput() ContainerRuntimePolicyAllowedExecutableArrayOutput { + return i.ToContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Background()) } -func (i *containerRuntimePolicyFileIntegrityMonitoringPtrType) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return i.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyAllowedExecutableArray) ToContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedExecutableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAllowedExecutableArrayOutput) } -func (i *containerRuntimePolicyFileIntegrityMonitoringPtrType) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) -} +type ContainerRuntimePolicyAllowedExecutableOutput struct{ *pulumi.OutputState } -func (i *containerRuntimePolicyFileIntegrityMonitoringPtrType) ToOutput(ctx context.Context) pulumix.Output[*ContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[*ContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx).OutputState, - } +func (ContainerRuntimePolicyAllowedExecutableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -type ContainerRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } - -func (ContainerRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (o ContainerRuntimePolicyAllowedExecutableOutput) ToContainerRuntimePolicyAllowedExecutableOutput() ContainerRuntimePolicyAllowedExecutableOutput { + return o } -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringOutput() ContainerRuntimePolicyFileIntegrityMonitoringOutput { +func (o ContainerRuntimePolicyAllowedExecutableOutput) ToContainerRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedExecutableOutput { return o } -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringOutput { - return o +// List of allowed executables. +func (o ContainerRuntimePolicyAllowedExecutableOutput) AllowExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAllowedExecutable) []string { return v.AllowExecutables }).(pulumi.StringArrayOutput) } -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +// List of allowed root executables. +func (o ContainerRuntimePolicyAllowedExecutableOutput) AllowRootExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAllowedExecutable) []string { return v.AllowRootExecutables }).(pulumi.StringArrayOutput) } -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyFileIntegrityMonitoring) *ContainerRuntimePolicyFileIntegrityMonitoring { - return &v - }).(ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) +// Whether allowed executables configuration is enabled. +func (o ContainerRuntimePolicyAllowedExecutableOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAllowedExecutable) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToOutput(ctx context.Context) pulumix.Output[ContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[ContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } +// Whether to treat executables separately. +func (o ContainerRuntimePolicyAllowedExecutableOutput) SeparateExecutables() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAllowedExecutable) *bool { return v.SeparateExecutables }).(pulumi.BoolPtrOutput) } -// List of paths to be excluded from being monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) +type ContainerRuntimePolicyAllowedExecutableArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyAllowedExecutableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -// List of processes to be excluded from being monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedProcesses }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyAllowedExecutableArrayOutput) ToContainerRuntimePolicyAllowedExecutableArrayOutput() ContainerRuntimePolicyAllowedExecutableArrayOutput { + return o } -// List of users to be excluded from being monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedUsers }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyAllowedExecutableArrayOutput) ToContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedExecutableArrayOutput { + return o } -// If true, add attributes operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorAttributes() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorAttributes }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyAllowedExecutableArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyAllowedExecutableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyAllowedExecutable { + return vs[0].([]ContainerRuntimePolicyAllowedExecutable)[vs[1].(int)] + }).(ContainerRuntimePolicyAllowedExecutableOutput) } -// If true, create operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorCreate() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorCreate }).(pulumi.BoolPtrOutput) +type ContainerRuntimePolicyAllowedRegistry struct { + // List of allowed registries. + AllowedRegistries []string `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled *bool `pulumi:"enabled"` } -// If true, deletion operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorDelete() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorDelete }).(pulumi.BoolPtrOutput) +// ContainerRuntimePolicyAllowedRegistryInput is an input type that accepts ContainerRuntimePolicyAllowedRegistryArgs and ContainerRuntimePolicyAllowedRegistryOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyAllowedRegistryInput` via: +// +// ContainerRuntimePolicyAllowedRegistryArgs{...} +type ContainerRuntimePolicyAllowedRegistryInput interface { + pulumi.Input + + ToContainerRuntimePolicyAllowedRegistryOutput() ContainerRuntimePolicyAllowedRegistryOutput + ToContainerRuntimePolicyAllowedRegistryOutputWithContext(context.Context) ContainerRuntimePolicyAllowedRegistryOutput } -// If true, modification operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorModify() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorModify }).(pulumi.BoolPtrOutput) +type ContainerRuntimePolicyAllowedRegistryArgs struct { + // List of allowed registries. + AllowedRegistries pulumi.StringArrayInput `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` } -// If true, read operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorRead() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorRead }).(pulumi.BoolPtrOutput) +func (ContainerRuntimePolicyAllowedRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -// List of paths to be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredPaths }).(pulumi.StringArrayOutput) +func (i ContainerRuntimePolicyAllowedRegistryArgs) ToContainerRuntimePolicyAllowedRegistryOutput() ContainerRuntimePolicyAllowedRegistryOutput { + return i.ToContainerRuntimePolicyAllowedRegistryOutputWithContext(context.Background()) } -// List of processes to be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredProcesses }).(pulumi.StringArrayOutput) +func (i ContainerRuntimePolicyAllowedRegistryArgs) ToContainerRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAllowedRegistryOutput) } -// List of users to be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredUsers }).(pulumi.StringArrayOutput) +// ContainerRuntimePolicyAllowedRegistryArrayInput is an input type that accepts ContainerRuntimePolicyAllowedRegistryArray and ContainerRuntimePolicyAllowedRegistryArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyAllowedRegistryArrayInput` via: +// +// ContainerRuntimePolicyAllowedRegistryArray{ ContainerRuntimePolicyAllowedRegistryArgs{...} } +type ContainerRuntimePolicyAllowedRegistryArrayInput interface { + pulumi.Input + + ToContainerRuntimePolicyAllowedRegistryArrayOutput() ContainerRuntimePolicyAllowedRegistryArrayOutput + ToContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Context) ContainerRuntimePolicyAllowedRegistryArrayOutput } -type ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyAllowedRegistryArray []ContainerRuntimePolicyAllowedRegistryInput -func (ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (ContainerRuntimePolicyAllowedRegistryArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { +func (i ContainerRuntimePolicyAllowedRegistryArray) ToContainerRuntimePolicyAllowedRegistryArrayOutput() ContainerRuntimePolicyAllowedRegistryArrayOutput { + return i.ToContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyAllowedRegistryArray) ToContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedRegistryArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAllowedRegistryArrayOutput) +} + +type ContainerRuntimePolicyAllowedRegistryOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyAllowedRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (o ContainerRuntimePolicyAllowedRegistryOutput) ToContainerRuntimePolicyAllowedRegistryOutput() ContainerRuntimePolicyAllowedRegistryOutput { return o } -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { +func (o ContainerRuntimePolicyAllowedRegistryOutput) ToContainerRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedRegistryOutput { return o } -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*ContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[*ContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } +// List of allowed registries. +func (o ContainerRuntimePolicyAllowedRegistryOutput) AllowedRegistries() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAllowedRegistry) []string { return v.AllowedRegistries }).(pulumi.StringArrayOutput) } -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) Elem() ContainerRuntimePolicyFileIntegrityMonitoringOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) ContainerRuntimePolicyFileIntegrityMonitoring { - if v != nil { - return *v - } - var ret ContainerRuntimePolicyFileIntegrityMonitoring - return ret - }).(ContainerRuntimePolicyFileIntegrityMonitoringOutput) +// Whether allowed registries are enabled. +func (o ContainerRuntimePolicyAllowedRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAllowedRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// List of paths to be excluded from being monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedPaths - }).(pulumi.StringArrayOutput) +type ContainerRuntimePolicyAllowedRegistryArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyAllowedRegistryArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -// List of processes to be excluded from being monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedProcesses - }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyAllowedRegistryArrayOutput) ToContainerRuntimePolicyAllowedRegistryArrayOutput() ContainerRuntimePolicyAllowedRegistryArrayOutput { + return o } -// List of users to be excluded from being monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil +func (o ContainerRuntimePolicyAllowedRegistryArrayOutput) ToContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyAllowedRegistryArrayOutput { + return o +} + +func (o ContainerRuntimePolicyAllowedRegistryArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyAllowedRegistryOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyAllowedRegistry { + return vs[0].([]ContainerRuntimePolicyAllowedRegistry)[vs[1].(int)] + }).(ContainerRuntimePolicyAllowedRegistryOutput) +} + +type ContainerRuntimePolicyAuditing struct { + AuditAllNetwork *bool `pulumi:"auditAllNetwork"` + AuditAllProcesses *bool `pulumi:"auditAllProcesses"` + AuditFailedLogin *bool `pulumi:"auditFailedLogin"` + AuditOsUserActivity *bool `pulumi:"auditOsUserActivity"` + AuditProcessCmdline *bool `pulumi:"auditProcessCmdline"` + AuditSuccessLogin *bool `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Enabled *bool `pulumi:"enabled"` +} + +// ContainerRuntimePolicyAuditingInput is an input type that accepts ContainerRuntimePolicyAuditingArgs and ContainerRuntimePolicyAuditingOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyAuditingInput` via: +// +// ContainerRuntimePolicyAuditingArgs{...} +type ContainerRuntimePolicyAuditingInput interface { + pulumi.Input + + ToContainerRuntimePolicyAuditingOutput() ContainerRuntimePolicyAuditingOutput + ToContainerRuntimePolicyAuditingOutputWithContext(context.Context) ContainerRuntimePolicyAuditingOutput +} + +type ContainerRuntimePolicyAuditingArgs struct { + AuditAllNetwork pulumi.BoolPtrInput `pulumi:"auditAllNetwork"` + AuditAllProcesses pulumi.BoolPtrInput `pulumi:"auditAllProcesses"` + AuditFailedLogin pulumi.BoolPtrInput `pulumi:"auditFailedLogin"` + AuditOsUserActivity pulumi.BoolPtrInput `pulumi:"auditOsUserActivity"` + AuditProcessCmdline pulumi.BoolPtrInput `pulumi:"auditProcessCmdline"` + AuditSuccessLogin pulumi.BoolPtrInput `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement pulumi.BoolPtrInput `pulumi:"auditUserAccountManagement"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (ContainerRuntimePolicyAuditingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyAuditing)(nil)).Elem() +} + +func (i ContainerRuntimePolicyAuditingArgs) ToContainerRuntimePolicyAuditingOutput() ContainerRuntimePolicyAuditingOutput { + return i.ToContainerRuntimePolicyAuditingOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyAuditingArgs) ToContainerRuntimePolicyAuditingOutputWithContext(ctx context.Context) ContainerRuntimePolicyAuditingOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAuditingOutput) +} + +func (i ContainerRuntimePolicyAuditingArgs) ToContainerRuntimePolicyAuditingPtrOutput() ContainerRuntimePolicyAuditingPtrOutput { + return i.ToContainerRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyAuditingArgs) ToContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAuditingOutput).ToContainerRuntimePolicyAuditingPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyAuditingPtrInput is an input type that accepts ContainerRuntimePolicyAuditingArgs, ContainerRuntimePolicyAuditingPtr and ContainerRuntimePolicyAuditingPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyAuditingPtrInput` via: +// +// ContainerRuntimePolicyAuditingArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyAuditingPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyAuditingPtrOutput() ContainerRuntimePolicyAuditingPtrOutput + ToContainerRuntimePolicyAuditingPtrOutputWithContext(context.Context) ContainerRuntimePolicyAuditingPtrOutput +} + +type containerRuntimePolicyAuditingPtrType ContainerRuntimePolicyAuditingArgs + +func ContainerRuntimePolicyAuditingPtr(v *ContainerRuntimePolicyAuditingArgs) ContainerRuntimePolicyAuditingPtrInput { + return (*containerRuntimePolicyAuditingPtrType)(v) +} + +func (*containerRuntimePolicyAuditingPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyAuditing)(nil)).Elem() +} + +func (i *containerRuntimePolicyAuditingPtrType) ToContainerRuntimePolicyAuditingPtrOutput() ContainerRuntimePolicyAuditingPtrOutput { + return i.ToContainerRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyAuditingPtrType) ToContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyAuditingPtrOutput) +} + +type ContainerRuntimePolicyAuditingOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyAuditingOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyAuditing)(nil)).Elem() +} + +func (o ContainerRuntimePolicyAuditingOutput) ToContainerRuntimePolicyAuditingOutput() ContainerRuntimePolicyAuditingOutput { + return o +} + +func (o ContainerRuntimePolicyAuditingOutput) ToContainerRuntimePolicyAuditingOutputWithContext(ctx context.Context) ContainerRuntimePolicyAuditingOutput { + return o +} + +func (o ContainerRuntimePolicyAuditingOutput) ToContainerRuntimePolicyAuditingPtrOutput() ContainerRuntimePolicyAuditingPtrOutput { + return o.ToContainerRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyAuditingOutput) ToContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyAuditingPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyAuditing) *ContainerRuntimePolicyAuditing { + return &v + }).(ContainerRuntimePolicyAuditingPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditAllNetwork }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditAllProcesses }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditFailedLogin }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditOsUserActivity }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditProcessCmdline }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditSuccessLogin }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.AuditUserAccountManagement }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyAuditingOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyAuditing) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type ContainerRuntimePolicyAuditingPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyAuditingPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyAuditing)(nil)).Elem() +} + +func (o ContainerRuntimePolicyAuditingPtrOutput) ToContainerRuntimePolicyAuditingPtrOutput() ContainerRuntimePolicyAuditingPtrOutput { + return o +} + +func (o ContainerRuntimePolicyAuditingPtrOutput) ToContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyAuditingPtrOutput { + return o +} + +func (o ContainerRuntimePolicyAuditingPtrOutput) Elem() ContainerRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) ContainerRuntimePolicyAuditing { + if v != nil { + return *v } - return v.ExcludedUsers - }).(pulumi.StringArrayOutput) + var ret ContainerRuntimePolicyAuditing + return ret + }).(ContainerRuntimePolicyAuditingOutput) } -// If true, add attributes operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorAttributes() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitorAttributes + return v.AuditAllNetwork }).(pulumi.BoolPtrOutput) } -// If true, create operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorCreate() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitorCreate + return v.AuditAllProcesses }).(pulumi.BoolPtrOutput) } -// If true, deletion operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorDelete() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitorDelete + return v.AuditFailedLogin }).(pulumi.BoolPtrOutput) } -// If true, modification operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorModify() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitorModify + return v.AuditOsUserActivity }).(pulumi.BoolPtrOutput) } -// If true, read operations will be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorRead() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitorRead + return v.AuditProcessCmdline }).(pulumi.BoolPtrOutput) } -// List of paths to be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitoredPaths - }).(pulumi.StringArrayOutput) + return v.AuditSuccessLogin + }).(pulumi.BoolPtrOutput) } -// List of processes to be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { +func (o ContainerRuntimePolicyAuditingPtrOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitoredProcesses - }).(pulumi.StringArrayOutput) + return v.AuditUserAccountManagement + }).(pulumi.BoolPtrOutput) } -// List of users to be monitored. -func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { +func (o ContainerRuntimePolicyAuditingPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyAuditing) *bool { if v == nil { return nil } - return v.MonitoredUsers - }).(pulumi.StringArrayOutput) + return v.Enabled + }).(pulumi.BoolPtrOutput) } -type ContainerRuntimePolicyMalwareScanOptions struct { - // Set Action, Defaults to 'Alert' when empty - Action *string `pulumi:"action"` - // Defines if enabled or not - Enabled *bool `pulumi:"enabled"` - // List of registry paths to be excluded from being protected. - ExcludeDirectories []string `pulumi:"excludeDirectories"` - // List of registry processes to be excluded from being protected. - ExcludeProcesses []string `pulumi:"excludeProcesses"` +type ContainerRuntimePolicyBlacklistedOsUsers struct { + Enabled *bool `pulumi:"enabled"` + GroupBlackLists []string `pulumi:"groupBlackLists"` + UserBlackLists []string `pulumi:"userBlackLists"` } -// ContainerRuntimePolicyMalwareScanOptionsInput is an input type that accepts ContainerRuntimePolicyMalwareScanOptionsArgs and ContainerRuntimePolicyMalwareScanOptionsOutput values. -// You can construct a concrete instance of `ContainerRuntimePolicyMalwareScanOptionsInput` via: +// ContainerRuntimePolicyBlacklistedOsUsersInput is an input type that accepts ContainerRuntimePolicyBlacklistedOsUsersArgs and ContainerRuntimePolicyBlacklistedOsUsersOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBlacklistedOsUsersInput` via: // -// ContainerRuntimePolicyMalwareScanOptionsArgs{...} -type ContainerRuntimePolicyMalwareScanOptionsInput interface { +// ContainerRuntimePolicyBlacklistedOsUsersArgs{...} +type ContainerRuntimePolicyBlacklistedOsUsersInput interface { pulumi.Input - ToContainerRuntimePolicyMalwareScanOptionsOutput() ContainerRuntimePolicyMalwareScanOptionsOutput - ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(context.Context) ContainerRuntimePolicyMalwareScanOptionsOutput -} - -type ContainerRuntimePolicyMalwareScanOptionsArgs struct { - // Set Action, Defaults to 'Alert' when empty - Action pulumi.StringPtrInput `pulumi:"action"` - // Defines if enabled or not - Enabled pulumi.BoolPtrInput `pulumi:"enabled"` - // List of registry paths to be excluded from being protected. - ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` - // List of registry processes to be excluded from being protected. - ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + ToContainerRuntimePolicyBlacklistedOsUsersOutput() ContainerRuntimePolicyBlacklistedOsUsersOutput + ToContainerRuntimePolicyBlacklistedOsUsersOutputWithContext(context.Context) ContainerRuntimePolicyBlacklistedOsUsersOutput } -func (ContainerRuntimePolicyMalwareScanOptionsArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +type ContainerRuntimePolicyBlacklistedOsUsersArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + GroupBlackLists pulumi.StringArrayInput `pulumi:"groupBlackLists"` + UserBlackLists pulumi.StringArrayInput `pulumi:"userBlackLists"` } -func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsOutput() ContainerRuntimePolicyMalwareScanOptionsOutput { - return i.ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(context.Background()) +func (ContainerRuntimePolicyBlacklistedOsUsersArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBlacklistedOsUsers)(nil)).Elem() } -func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMalwareScanOptionsOutput) +func (i ContainerRuntimePolicyBlacklistedOsUsersArgs) ToContainerRuntimePolicyBlacklistedOsUsersOutput() ContainerRuntimePolicyBlacklistedOsUsersOutput { + return i.ToContainerRuntimePolicyBlacklistedOsUsersOutputWithContext(context.Background()) } -func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToOutput(ctx context.Context) pulumix.Output[ContainerRuntimePolicyMalwareScanOptions] { - return pulumix.Output[ContainerRuntimePolicyMalwareScanOptions]{ - OutputState: i.ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyBlacklistedOsUsersArgs) ToContainerRuntimePolicyBlacklistedOsUsersOutputWithContext(ctx context.Context) ContainerRuntimePolicyBlacklistedOsUsersOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBlacklistedOsUsersOutput) } -func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return i.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyBlacklistedOsUsersArgs) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutput() ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { + return i.ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) } -func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMalwareScanOptionsOutput).ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx) +func (i ContainerRuntimePolicyBlacklistedOsUsersArgs) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBlacklistedOsUsersOutput).ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx) } -// ContainerRuntimePolicyMalwareScanOptionsPtrInput is an input type that accepts ContainerRuntimePolicyMalwareScanOptionsArgs, ContainerRuntimePolicyMalwareScanOptionsPtr and ContainerRuntimePolicyMalwareScanOptionsPtrOutput values. -// You can construct a concrete instance of `ContainerRuntimePolicyMalwareScanOptionsPtrInput` via: +// ContainerRuntimePolicyBlacklistedOsUsersPtrInput is an input type that accepts ContainerRuntimePolicyBlacklistedOsUsersArgs, ContainerRuntimePolicyBlacklistedOsUsersPtr and ContainerRuntimePolicyBlacklistedOsUsersPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBlacklistedOsUsersPtrInput` via: // -// ContainerRuntimePolicyMalwareScanOptionsArgs{...} +// ContainerRuntimePolicyBlacklistedOsUsersArgs{...} // // or: // // nil -type ContainerRuntimePolicyMalwareScanOptionsPtrInput interface { +type ContainerRuntimePolicyBlacklistedOsUsersPtrInput interface { pulumi.Input - ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput - ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput + ToContainerRuntimePolicyBlacklistedOsUsersPtrOutput() ContainerRuntimePolicyBlacklistedOsUsersPtrOutput + ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Context) ContainerRuntimePolicyBlacklistedOsUsersPtrOutput } -type containerRuntimePolicyMalwareScanOptionsPtrType ContainerRuntimePolicyMalwareScanOptionsArgs - -func ContainerRuntimePolicyMalwareScanOptionsPtr(v *ContainerRuntimePolicyMalwareScanOptionsArgs) ContainerRuntimePolicyMalwareScanOptionsPtrInput { - return (*containerRuntimePolicyMalwareScanOptionsPtrType)(v) -} +type containerRuntimePolicyBlacklistedOsUsersPtrType ContainerRuntimePolicyBlacklistedOsUsersArgs -func (*containerRuntimePolicyMalwareScanOptionsPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +func ContainerRuntimePolicyBlacklistedOsUsersPtr(v *ContainerRuntimePolicyBlacklistedOsUsersArgs) ContainerRuntimePolicyBlacklistedOsUsersPtrInput { + return (*containerRuntimePolicyBlacklistedOsUsersPtrType)(v) } -func (i *containerRuntimePolicyMalwareScanOptionsPtrType) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return i.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +func (*containerRuntimePolicyBlacklistedOsUsersPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyBlacklistedOsUsers)(nil)).Elem() } -func (i *containerRuntimePolicyMalwareScanOptionsPtrType) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMalwareScanOptionsPtrOutput) +func (i *containerRuntimePolicyBlacklistedOsUsersPtrType) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutput() ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { + return i.ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) } -func (i *containerRuntimePolicyMalwareScanOptionsPtrType) ToOutput(ctx context.Context) pulumix.Output[*ContainerRuntimePolicyMalwareScanOptions] { - return pulumix.Output[*ContainerRuntimePolicyMalwareScanOptions]{ - OutputState: i.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx).OutputState, - } +func (i *containerRuntimePolicyBlacklistedOsUsersPtrType) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) } -type ContainerRuntimePolicyMalwareScanOptionsOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyBlacklistedOsUsersOutput struct{ *pulumi.OutputState } -func (ContainerRuntimePolicyMalwareScanOptionsOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +func (ContainerRuntimePolicyBlacklistedOsUsersOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBlacklistedOsUsers)(nil)).Elem() } -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsOutput() ContainerRuntimePolicyMalwareScanOptionsOutput { +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) ToContainerRuntimePolicyBlacklistedOsUsersOutput() ContainerRuntimePolicyBlacklistedOsUsersOutput { return o } -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsOutput { +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) ToContainerRuntimePolicyBlacklistedOsUsersOutputWithContext(ctx context.Context) ContainerRuntimePolicyBlacklistedOsUsersOutput { return o } -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return o.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutput() ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { + return o.ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) } -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyMalwareScanOptions) *ContainerRuntimePolicyMalwareScanOptions { +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyBlacklistedOsUsers) *ContainerRuntimePolicyBlacklistedOsUsers { return &v - }).(ContainerRuntimePolicyMalwareScanOptionsPtrOutput) -} - -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToOutput(ctx context.Context) pulumix.Output[ContainerRuntimePolicyMalwareScanOptions] { - return pulumix.Output[ContainerRuntimePolicyMalwareScanOptions]{ - OutputState: o.OutputState, - } -} - -// Set Action, Defaults to 'Alert' when empty -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) Action() pulumi.StringPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) *string { return v.Action }).(pulumi.StringPtrOutput) + }).(ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) } -// Defines if enabled or not -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) Enabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBlacklistedOsUsers) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// List of registry paths to be excluded from being protected. -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ExcludeDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) GroupBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBlacklistedOsUsers) []string { return v.GroupBlackLists }).(pulumi.StringArrayOutput) } -// List of registry processes to be excluded from being protected. -func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ExcludeProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyBlacklistedOsUsersOutput) UserBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBlacklistedOsUsers) []string { return v.UserBlackLists }).(pulumi.StringArrayOutput) } -type ContainerRuntimePolicyMalwareScanOptionsPtrOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyBlacklistedOsUsersPtrOutput struct{ *pulumi.OutputState } -func (ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +func (ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyBlacklistedOsUsers)(nil)).Elem() } -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { +func (o ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutput() ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { return o } -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { +func (o ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) ToContainerRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyBlacklistedOsUsersPtrOutput { return o } -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*ContainerRuntimePolicyMalwareScanOptions] { - return pulumix.Output[*ContainerRuntimePolicyMalwareScanOptions]{ - OutputState: o.OutputState, - } -} - -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Elem() ContainerRuntimePolicyMalwareScanOptionsOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) ContainerRuntimePolicyMalwareScanOptions { +func (o ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) Elem() ContainerRuntimePolicyBlacklistedOsUsersOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyBlacklistedOsUsers) ContainerRuntimePolicyBlacklistedOsUsers { if v != nil { return *v } - var ret ContainerRuntimePolicyMalwareScanOptions + var ret ContainerRuntimePolicyBlacklistedOsUsers return ret - }).(ContainerRuntimePolicyMalwareScanOptionsOutput) -} - -// Set Action, Defaults to 'Alert' when empty -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Action() pulumi.StringPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) *string { - if v == nil { - return nil - } - return v.Action - }).(pulumi.StringPtrOutput) + }).(ContainerRuntimePolicyBlacklistedOsUsersOutput) } -// Defines if enabled or not -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Enabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) *bool { +func (o ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyBlacklistedOsUsers) *bool { if v == nil { return nil } @@ -3646,2586 +3163,17499 @@ func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Enabled() pulumi.Bool }).(pulumi.BoolPtrOutput) } -// List of registry paths to be excluded from being protected. -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) []string { +func (o ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) GroupBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyBlacklistedOsUsers) []string { if v == nil { return nil } - return v.ExcludeDirectories + return v.GroupBlackLists }).(pulumi.StringArrayOutput) } -// List of registry processes to be excluded from being protected. -func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) []string { +func (o ContainerRuntimePolicyBlacklistedOsUsersPtrOutput) UserBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyBlacklistedOsUsers) []string { if v == nil { return nil } - return v.ExcludeProcesses + return v.UserBlackLists }).(pulumi.StringArrayOutput) } -type ContainerRuntimePolicyScopeVariable struct { - // Class of supported scope. - Attribute string `pulumi:"attribute"` - // Name assigned to the attribute. - Name *string `pulumi:"name"` - // Value assigned to the attribute. - Value string `pulumi:"value"` +type ContainerRuntimePolicyBypassScope struct { + // Whether bypassing the scope is enabled. + Enabled *bool `pulumi:"enabled"` + // Scope configuration. + Scopes []ContainerRuntimePolicyBypassScopeScope `pulumi:"scopes"` } -// ContainerRuntimePolicyScopeVariableInput is an input type that accepts ContainerRuntimePolicyScopeVariableArgs and ContainerRuntimePolicyScopeVariableOutput values. -// You can construct a concrete instance of `ContainerRuntimePolicyScopeVariableInput` via: +// ContainerRuntimePolicyBypassScopeInput is an input type that accepts ContainerRuntimePolicyBypassScopeArgs and ContainerRuntimePolicyBypassScopeOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBypassScopeInput` via: // -// ContainerRuntimePolicyScopeVariableArgs{...} -type ContainerRuntimePolicyScopeVariableInput interface { +// ContainerRuntimePolicyBypassScopeArgs{...} +type ContainerRuntimePolicyBypassScopeInput interface { pulumi.Input - ToContainerRuntimePolicyScopeVariableOutput() ContainerRuntimePolicyScopeVariableOutput - ToContainerRuntimePolicyScopeVariableOutputWithContext(context.Context) ContainerRuntimePolicyScopeVariableOutput -} - -type ContainerRuntimePolicyScopeVariableArgs struct { - // Class of supported scope. - Attribute pulumi.StringInput `pulumi:"attribute"` - // Name assigned to the attribute. - Name pulumi.StringPtrInput `pulumi:"name"` - // Value assigned to the attribute. - Value pulumi.StringInput `pulumi:"value"` + ToContainerRuntimePolicyBypassScopeOutput() ContainerRuntimePolicyBypassScopeOutput + ToContainerRuntimePolicyBypassScopeOutputWithContext(context.Context) ContainerRuntimePolicyBypassScopeOutput } -func (ContainerRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ContainerRuntimePolicyScopeVariable)(nil)).Elem() +type ContainerRuntimePolicyBypassScopeArgs struct { + // Whether bypassing the scope is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Scope configuration. + Scopes ContainerRuntimePolicyBypassScopeScopeArrayInput `pulumi:"scopes"` } -func (i ContainerRuntimePolicyScopeVariableArgs) ToContainerRuntimePolicyScopeVariableOutput() ContainerRuntimePolicyScopeVariableOutput { - return i.ToContainerRuntimePolicyScopeVariableOutputWithContext(context.Background()) +func (ContainerRuntimePolicyBypassScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBypassScope)(nil)).Elem() } -func (i ContainerRuntimePolicyScopeVariableArgs) ToContainerRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyScopeVariableOutput) +func (i ContainerRuntimePolicyBypassScopeArgs) ToContainerRuntimePolicyBypassScopeOutput() ContainerRuntimePolicyBypassScopeOutput { + return i.ToContainerRuntimePolicyBypassScopeOutputWithContext(context.Background()) } -func (i ContainerRuntimePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ContainerRuntimePolicyScopeVariable] { - return pulumix.Output[ContainerRuntimePolicyScopeVariable]{ - OutputState: i.ToContainerRuntimePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyBypassScopeArgs) ToContainerRuntimePolicyBypassScopeOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBypassScopeOutput) } -// ContainerRuntimePolicyScopeVariableArrayInput is an input type that accepts ContainerRuntimePolicyScopeVariableArray and ContainerRuntimePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `ContainerRuntimePolicyScopeVariableArrayInput` via: +// ContainerRuntimePolicyBypassScopeArrayInput is an input type that accepts ContainerRuntimePolicyBypassScopeArray and ContainerRuntimePolicyBypassScopeArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBypassScopeArrayInput` via: // -// ContainerRuntimePolicyScopeVariableArray{ ContainerRuntimePolicyScopeVariableArgs{...} } -type ContainerRuntimePolicyScopeVariableArrayInput interface { +// ContainerRuntimePolicyBypassScopeArray{ ContainerRuntimePolicyBypassScopeArgs{...} } +type ContainerRuntimePolicyBypassScopeArrayInput interface { pulumi.Input - ToContainerRuntimePolicyScopeVariableArrayOutput() ContainerRuntimePolicyScopeVariableArrayOutput - ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(context.Context) ContainerRuntimePolicyScopeVariableArrayOutput + ToContainerRuntimePolicyBypassScopeArrayOutput() ContainerRuntimePolicyBypassScopeArrayOutput + ToContainerRuntimePolicyBypassScopeArrayOutputWithContext(context.Context) ContainerRuntimePolicyBypassScopeArrayOutput } -type ContainerRuntimePolicyScopeVariableArray []ContainerRuntimePolicyScopeVariableInput - -func (ContainerRuntimePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ContainerRuntimePolicyScopeVariable)(nil)).Elem() -} +type ContainerRuntimePolicyBypassScopeArray []ContainerRuntimePolicyBypassScopeInput -func (i ContainerRuntimePolicyScopeVariableArray) ToContainerRuntimePolicyScopeVariableArrayOutput() ContainerRuntimePolicyScopeVariableArrayOutput { - return i.ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (ContainerRuntimePolicyBypassScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyBypassScope)(nil)).Elem() } -func (i ContainerRuntimePolicyScopeVariableArray) ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyScopeVariableArrayOutput) +func (i ContainerRuntimePolicyBypassScopeArray) ToContainerRuntimePolicyBypassScopeArrayOutput() ContainerRuntimePolicyBypassScopeArrayOutput { + return i.ToContainerRuntimePolicyBypassScopeArrayOutputWithContext(context.Background()) } -func (i ContainerRuntimePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ContainerRuntimePolicyScopeVariable] { - return pulumix.Output[[]ContainerRuntimePolicyScopeVariable]{ - OutputState: i.ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyBypassScopeArray) ToContainerRuntimePolicyBypassScopeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBypassScopeArrayOutput) } -type ContainerRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyBypassScopeOutput struct{ *pulumi.OutputState } -func (ContainerRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ContainerRuntimePolicyScopeVariable)(nil)).Elem() +func (ContainerRuntimePolicyBypassScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBypassScope)(nil)).Elem() } -func (o ContainerRuntimePolicyScopeVariableOutput) ToContainerRuntimePolicyScopeVariableOutput() ContainerRuntimePolicyScopeVariableOutput { +func (o ContainerRuntimePolicyBypassScopeOutput) ToContainerRuntimePolicyBypassScopeOutput() ContainerRuntimePolicyBypassScopeOutput { return o } -func (o ContainerRuntimePolicyScopeVariableOutput) ToContainerRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableOutput { +func (o ContainerRuntimePolicyBypassScopeOutput) ToContainerRuntimePolicyBypassScopeOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeOutput { return o } -func (o ContainerRuntimePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ContainerRuntimePolicyScopeVariable] { - return pulumix.Output[ContainerRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } +// Whether bypassing the scope is enabled. +func (o ContainerRuntimePolicyBypassScopeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBypassScope) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// Class of supported scope. -func (o ContainerRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v ContainerRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +// Scope configuration. +func (o ContainerRuntimePolicyBypassScopeOutput) Scopes() ContainerRuntimePolicyBypassScopeScopeArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBypassScope) []ContainerRuntimePolicyBypassScopeScope { return v.Scopes }).(ContainerRuntimePolicyBypassScopeScopeArrayOutput) } -// Name assigned to the attribute. -func (o ContainerRuntimePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ContainerRuntimePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +type ContainerRuntimePolicyBypassScopeArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyBypassScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyBypassScope)(nil)).Elem() } -// Value assigned to the attribute. -func (o ContainerRuntimePolicyScopeVariableOutput) Value() pulumi.StringOutput { - return o.ApplyT(func(v ContainerRuntimePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +func (o ContainerRuntimePolicyBypassScopeArrayOutput) ToContainerRuntimePolicyBypassScopeArrayOutput() ContainerRuntimePolicyBypassScopeArrayOutput { + return o } -type ContainerRuntimePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +func (o ContainerRuntimePolicyBypassScopeArrayOutput) ToContainerRuntimePolicyBypassScopeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeArrayOutput { + return o +} -func (ContainerRuntimePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ContainerRuntimePolicyScopeVariable)(nil)).Elem() +func (o ContainerRuntimePolicyBypassScopeArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyBypassScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyBypassScope { + return vs[0].([]ContainerRuntimePolicyBypassScope)[vs[1].(int)] + }).(ContainerRuntimePolicyBypassScopeOutput) } -func (o ContainerRuntimePolicyScopeVariableArrayOutput) ToContainerRuntimePolicyScopeVariableArrayOutput() ContainerRuntimePolicyScopeVariableArrayOutput { - return o +type ContainerRuntimePolicyBypassScopeScope struct { + // Scope expression. + Expression *string `pulumi:"expression"` + // List of variables in the scope. + Variables []ContainerRuntimePolicyBypassScopeScopeVariable `pulumi:"variables"` } -func (o ContainerRuntimePolicyScopeVariableArrayOutput) ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableArrayOutput { - return o +// ContainerRuntimePolicyBypassScopeScopeInput is an input type that accepts ContainerRuntimePolicyBypassScopeScopeArgs and ContainerRuntimePolicyBypassScopeScopeOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBypassScopeScopeInput` via: +// +// ContainerRuntimePolicyBypassScopeScopeArgs{...} +type ContainerRuntimePolicyBypassScopeScopeInput interface { + pulumi.Input + + ToContainerRuntimePolicyBypassScopeScopeOutput() ContainerRuntimePolicyBypassScopeScopeOutput + ToContainerRuntimePolicyBypassScopeScopeOutputWithContext(context.Context) ContainerRuntimePolicyBypassScopeScopeOutput } -func (o ContainerRuntimePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ContainerRuntimePolicyScopeVariable] { - return pulumix.Output[[]ContainerRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } +type ContainerRuntimePolicyBypassScopeScopeArgs struct { + // Scope expression. + Expression pulumi.StringPtrInput `pulumi:"expression"` + // List of variables in the scope. + Variables ContainerRuntimePolicyBypassScopeScopeVariableArrayInput `pulumi:"variables"` } -func (o ContainerRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyScopeVariable { - return vs[0].([]ContainerRuntimePolicyScopeVariable)[vs[1].(int)] - }).(ContainerRuntimePolicyScopeVariableOutput) +func (ContainerRuntimePolicyBypassScopeScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScope)(nil)).Elem() } -type EnforcerGroupsCommand struct { - Default *string `pulumi:"default"` - Kubernetes *string `pulumi:"kubernetes"` - Swarm *string `pulumi:"swarm"` - Windows *string `pulumi:"windows"` +func (i ContainerRuntimePolicyBypassScopeScopeArgs) ToContainerRuntimePolicyBypassScopeScopeOutput() ContainerRuntimePolicyBypassScopeScopeOutput { + return i.ToContainerRuntimePolicyBypassScopeScopeOutputWithContext(context.Background()) } -// EnforcerGroupsCommandInput is an input type that accepts EnforcerGroupsCommandArgs and EnforcerGroupsCommandOutput values. -// You can construct a concrete instance of `EnforcerGroupsCommandInput` via: +func (i ContainerRuntimePolicyBypassScopeScopeArgs) ToContainerRuntimePolicyBypassScopeScopeOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBypassScopeScopeOutput) +} + +// ContainerRuntimePolicyBypassScopeScopeArrayInput is an input type that accepts ContainerRuntimePolicyBypassScopeScopeArray and ContainerRuntimePolicyBypassScopeScopeArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBypassScopeScopeArrayInput` via: // -// EnforcerGroupsCommandArgs{...} -type EnforcerGroupsCommandInput interface { +// ContainerRuntimePolicyBypassScopeScopeArray{ ContainerRuntimePolicyBypassScopeScopeArgs{...} } +type ContainerRuntimePolicyBypassScopeScopeArrayInput interface { pulumi.Input - ToEnforcerGroupsCommandOutput() EnforcerGroupsCommandOutput - ToEnforcerGroupsCommandOutputWithContext(context.Context) EnforcerGroupsCommandOutput + ToContainerRuntimePolicyBypassScopeScopeArrayOutput() ContainerRuntimePolicyBypassScopeScopeArrayOutput + ToContainerRuntimePolicyBypassScopeScopeArrayOutputWithContext(context.Context) ContainerRuntimePolicyBypassScopeScopeArrayOutput } -type EnforcerGroupsCommandArgs struct { - Default pulumi.StringPtrInput `pulumi:"default"` - Kubernetes pulumi.StringPtrInput `pulumi:"kubernetes"` - Swarm pulumi.StringPtrInput `pulumi:"swarm"` - Windows pulumi.StringPtrInput `pulumi:"windows"` +type ContainerRuntimePolicyBypassScopeScopeArray []ContainerRuntimePolicyBypassScopeScopeInput + +func (ContainerRuntimePolicyBypassScopeScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyBypassScopeScope)(nil)).Elem() } -func (EnforcerGroupsCommandArgs) ElementType() reflect.Type { - return reflect.TypeOf((*EnforcerGroupsCommand)(nil)).Elem() +func (i ContainerRuntimePolicyBypassScopeScopeArray) ToContainerRuntimePolicyBypassScopeScopeArrayOutput() ContainerRuntimePolicyBypassScopeScopeArrayOutput { + return i.ToContainerRuntimePolicyBypassScopeScopeArrayOutputWithContext(context.Background()) } -func (i EnforcerGroupsCommandArgs) ToEnforcerGroupsCommandOutput() EnforcerGroupsCommandOutput { - return i.ToEnforcerGroupsCommandOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyBypassScopeScopeArray) ToContainerRuntimePolicyBypassScopeScopeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBypassScopeScopeArrayOutput) } -func (i EnforcerGroupsCommandArgs) ToEnforcerGroupsCommandOutputWithContext(ctx context.Context) EnforcerGroupsCommandOutput { - return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsCommandOutput) +type ContainerRuntimePolicyBypassScopeScopeOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyBypassScopeScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScope)(nil)).Elem() } -func (i EnforcerGroupsCommandArgs) ToOutput(ctx context.Context) pulumix.Output[EnforcerGroupsCommand] { - return pulumix.Output[EnforcerGroupsCommand]{ - OutputState: i.ToEnforcerGroupsCommandOutputWithContext(ctx).OutputState, - } +func (o ContainerRuntimePolicyBypassScopeScopeOutput) ToContainerRuntimePolicyBypassScopeScopeOutput() ContainerRuntimePolicyBypassScopeScopeOutput { + return o } -// EnforcerGroupsCommandArrayInput is an input type that accepts EnforcerGroupsCommandArray and EnforcerGroupsCommandArrayOutput values. -// You can construct a concrete instance of `EnforcerGroupsCommandArrayInput` via: -// -// EnforcerGroupsCommandArray{ EnforcerGroupsCommandArgs{...} } -type EnforcerGroupsCommandArrayInput interface { - pulumi.Input +func (o ContainerRuntimePolicyBypassScopeScopeOutput) ToContainerRuntimePolicyBypassScopeScopeOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeOutput { + return o +} - ToEnforcerGroupsCommandArrayOutput() EnforcerGroupsCommandArrayOutput - ToEnforcerGroupsCommandArrayOutputWithContext(context.Context) EnforcerGroupsCommandArrayOutput +// Scope expression. +func (o ContainerRuntimePolicyBypassScopeScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBypassScopeScope) *string { return v.Expression }).(pulumi.StringPtrOutput) } -type EnforcerGroupsCommandArray []EnforcerGroupsCommandInput +// List of variables in the scope. +func (o ContainerRuntimePolicyBypassScopeScopeOutput) Variables() ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBypassScopeScope) []ContainerRuntimePolicyBypassScopeScopeVariable { + return v.Variables + }).(ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput) +} -func (EnforcerGroupsCommandArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]EnforcerGroupsCommand)(nil)).Elem() +type ContainerRuntimePolicyBypassScopeScopeArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyBypassScopeScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyBypassScopeScope)(nil)).Elem() } -func (i EnforcerGroupsCommandArray) ToEnforcerGroupsCommandArrayOutput() EnforcerGroupsCommandArrayOutput { - return i.ToEnforcerGroupsCommandArrayOutputWithContext(context.Background()) +func (o ContainerRuntimePolicyBypassScopeScopeArrayOutput) ToContainerRuntimePolicyBypassScopeScopeArrayOutput() ContainerRuntimePolicyBypassScopeScopeArrayOutput { + return o } -func (i EnforcerGroupsCommandArray) ToEnforcerGroupsCommandArrayOutputWithContext(ctx context.Context) EnforcerGroupsCommandArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsCommandArrayOutput) +func (o ContainerRuntimePolicyBypassScopeScopeArrayOutput) ToContainerRuntimePolicyBypassScopeScopeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeArrayOutput { + return o } -func (i EnforcerGroupsCommandArray) ToOutput(ctx context.Context) pulumix.Output[[]EnforcerGroupsCommand] { - return pulumix.Output[[]EnforcerGroupsCommand]{ - OutputState: i.ToEnforcerGroupsCommandArrayOutputWithContext(ctx).OutputState, - } +func (o ContainerRuntimePolicyBypassScopeScopeArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyBypassScopeScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyBypassScopeScope { + return vs[0].([]ContainerRuntimePolicyBypassScopeScope)[vs[1].(int)] + }).(ContainerRuntimePolicyBypassScopeScopeOutput) } -type EnforcerGroupsCommandOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyBypassScopeScopeVariable struct { + // Variable attribute. + Attribute *string `pulumi:"attribute"` + // Variable value. + Value *string `pulumi:"value"` +} -func (EnforcerGroupsCommandOutput) ElementType() reflect.Type { - return reflect.TypeOf((*EnforcerGroupsCommand)(nil)).Elem() +// ContainerRuntimePolicyBypassScopeScopeVariableInput is an input type that accepts ContainerRuntimePolicyBypassScopeScopeVariableArgs and ContainerRuntimePolicyBypassScopeScopeVariableOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBypassScopeScopeVariableInput` via: +// +// ContainerRuntimePolicyBypassScopeScopeVariableArgs{...} +type ContainerRuntimePolicyBypassScopeScopeVariableInput interface { + pulumi.Input + + ToContainerRuntimePolicyBypassScopeScopeVariableOutput() ContainerRuntimePolicyBypassScopeScopeVariableOutput + ToContainerRuntimePolicyBypassScopeScopeVariableOutputWithContext(context.Context) ContainerRuntimePolicyBypassScopeScopeVariableOutput } -func (o EnforcerGroupsCommandOutput) ToEnforcerGroupsCommandOutput() EnforcerGroupsCommandOutput { - return o +type ContainerRuntimePolicyBypassScopeScopeVariableArgs struct { + // Variable attribute. + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + // Variable value. + Value pulumi.StringPtrInput `pulumi:"value"` } -func (o EnforcerGroupsCommandOutput) ToEnforcerGroupsCommandOutputWithContext(ctx context.Context) EnforcerGroupsCommandOutput { - return o +func (ContainerRuntimePolicyBypassScopeScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() } -func (o EnforcerGroupsCommandOutput) ToOutput(ctx context.Context) pulumix.Output[EnforcerGroupsCommand] { - return pulumix.Output[EnforcerGroupsCommand]{ - OutputState: o.OutputState, - } +func (i ContainerRuntimePolicyBypassScopeScopeVariableArgs) ToContainerRuntimePolicyBypassScopeScopeVariableOutput() ContainerRuntimePolicyBypassScopeScopeVariableOutput { + return i.ToContainerRuntimePolicyBypassScopeScopeVariableOutputWithContext(context.Background()) } -func (o EnforcerGroupsCommandOutput) Default() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Default }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyBypassScopeScopeVariableArgs) ToContainerRuntimePolicyBypassScopeScopeVariableOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBypassScopeScopeVariableOutput) } -func (o EnforcerGroupsCommandOutput) Kubernetes() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Kubernetes }).(pulumi.StringPtrOutput) +// ContainerRuntimePolicyBypassScopeScopeVariableArrayInput is an input type that accepts ContainerRuntimePolicyBypassScopeScopeVariableArray and ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyBypassScopeScopeVariableArrayInput` via: +// +// ContainerRuntimePolicyBypassScopeScopeVariableArray{ ContainerRuntimePolicyBypassScopeScopeVariableArgs{...} } +type ContainerRuntimePolicyBypassScopeScopeVariableArrayInput interface { + pulumi.Input + + ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutput() ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput + ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(context.Context) ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput } -func (o EnforcerGroupsCommandOutput) Swarm() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Swarm }).(pulumi.StringPtrOutput) +type ContainerRuntimePolicyBypassScopeScopeVariableArray []ContainerRuntimePolicyBypassScopeScopeVariableInput + +func (ContainerRuntimePolicyBypassScopeScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() } -func (o EnforcerGroupsCommandOutput) Windows() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Windows }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyBypassScopeScopeVariableArray) ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutput() ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput { + return i.ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(context.Background()) } -type EnforcerGroupsCommandArrayOutput struct{ *pulumi.OutputState } +func (i ContainerRuntimePolicyBypassScopeScopeVariableArray) ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput) +} -func (EnforcerGroupsCommandArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]EnforcerGroupsCommand)(nil)).Elem() +type ContainerRuntimePolicyBypassScopeScopeVariableOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyBypassScopeScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() } -func (o EnforcerGroupsCommandArrayOutput) ToEnforcerGroupsCommandArrayOutput() EnforcerGroupsCommandArrayOutput { +func (o ContainerRuntimePolicyBypassScopeScopeVariableOutput) ToContainerRuntimePolicyBypassScopeScopeVariableOutput() ContainerRuntimePolicyBypassScopeScopeVariableOutput { return o } -func (o EnforcerGroupsCommandArrayOutput) ToEnforcerGroupsCommandArrayOutputWithContext(ctx context.Context) EnforcerGroupsCommandArrayOutput { +func (o ContainerRuntimePolicyBypassScopeScopeVariableOutput) ToContainerRuntimePolicyBypassScopeScopeVariableOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeVariableOutput { return o } -func (o EnforcerGroupsCommandArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]EnforcerGroupsCommand] { - return pulumix.Output[[]EnforcerGroupsCommand]{ - OutputState: o.OutputState, - } +// Variable attribute. +func (o ContainerRuntimePolicyBypassScopeScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBypassScopeScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } -func (o EnforcerGroupsCommandArrayOutput) Index(i pulumi.IntInput) EnforcerGroupsCommandOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) EnforcerGroupsCommand { - return vs[0].([]EnforcerGroupsCommand)[vs[1].(int)] - }).(EnforcerGroupsCommandOutput) +// Variable value. +func (o ContainerRuntimePolicyBypassScopeScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyBypassScopeScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type EnforcerGroupsOrchestrator struct { - Master *bool `pulumi:"master"` - // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - Namespace *string `pulumi:"namespace"` - // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - ServiceAccount *string `pulumi:"serviceAccount"` - // Enforcer Type. - Type *string `pulumi:"type"` +type ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() } -// EnforcerGroupsOrchestratorInput is an input type that accepts EnforcerGroupsOrchestratorArgs and EnforcerGroupsOrchestratorOutput values. -// You can construct a concrete instance of `EnforcerGroupsOrchestratorInput` via: +func (o ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput) ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutput() ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o +} + +func (o ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput) ToContainerRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o +} + +func (o ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyBypassScopeScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyBypassScopeScopeVariable { + return vs[0].([]ContainerRuntimePolicyBypassScopeScopeVariable)[vs[1].(int)] + }).(ContainerRuntimePolicyBypassScopeScopeVariableOutput) +} + +type ContainerRuntimePolicyContainerExec struct { + BlockContainerExec *bool `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists []string `pulumi:"containerExecProcWhiteLists"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` +} + +// ContainerRuntimePolicyContainerExecInput is an input type that accepts ContainerRuntimePolicyContainerExecArgs and ContainerRuntimePolicyContainerExecOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyContainerExecInput` via: // -// EnforcerGroupsOrchestratorArgs{...} -type EnforcerGroupsOrchestratorInput interface { +// ContainerRuntimePolicyContainerExecArgs{...} +type ContainerRuntimePolicyContainerExecInput interface { pulumi.Input - ToEnforcerGroupsOrchestratorOutput() EnforcerGroupsOrchestratorOutput - ToEnforcerGroupsOrchestratorOutputWithContext(context.Context) EnforcerGroupsOrchestratorOutput + ToContainerRuntimePolicyContainerExecOutput() ContainerRuntimePolicyContainerExecOutput + ToContainerRuntimePolicyContainerExecOutputWithContext(context.Context) ContainerRuntimePolicyContainerExecOutput } -type EnforcerGroupsOrchestratorArgs struct { - Master pulumi.BoolPtrInput `pulumi:"master"` - // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - Namespace pulumi.StringPtrInput `pulumi:"namespace"` - // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - ServiceAccount pulumi.StringPtrInput `pulumi:"serviceAccount"` - // Enforcer Type. - Type pulumi.StringPtrInput `pulumi:"type"` +type ContainerRuntimePolicyContainerExecArgs struct { + BlockContainerExec pulumi.BoolPtrInput `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists pulumi.StringArrayInput `pulumi:"containerExecProcWhiteLists"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` } -func (EnforcerGroupsOrchestratorArgs) ElementType() reflect.Type { - return reflect.TypeOf((*EnforcerGroupsOrchestrator)(nil)).Elem() +func (ContainerRuntimePolicyContainerExecArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (i EnforcerGroupsOrchestratorArgs) ToEnforcerGroupsOrchestratorOutput() EnforcerGroupsOrchestratorOutput { - return i.ToEnforcerGroupsOrchestratorOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyContainerExecArgs) ToContainerRuntimePolicyContainerExecOutput() ContainerRuntimePolicyContainerExecOutput { + return i.ToContainerRuntimePolicyContainerExecOutputWithContext(context.Background()) } -func (i EnforcerGroupsOrchestratorArgs) ToEnforcerGroupsOrchestratorOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorOutput { - return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsOrchestratorOutput) +func (i ContainerRuntimePolicyContainerExecArgs) ToContainerRuntimePolicyContainerExecOutputWithContext(ctx context.Context) ContainerRuntimePolicyContainerExecOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyContainerExecOutput) } -func (i EnforcerGroupsOrchestratorArgs) ToOutput(ctx context.Context) pulumix.Output[EnforcerGroupsOrchestrator] { - return pulumix.Output[EnforcerGroupsOrchestrator]{ - OutputState: i.ToEnforcerGroupsOrchestratorOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyContainerExecArgs) ToContainerRuntimePolicyContainerExecPtrOutput() ContainerRuntimePolicyContainerExecPtrOutput { + return i.ToContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) } -// EnforcerGroupsOrchestratorArrayInput is an input type that accepts EnforcerGroupsOrchestratorArray and EnforcerGroupsOrchestratorArrayOutput values. -// You can construct a concrete instance of `EnforcerGroupsOrchestratorArrayInput` via: +func (i ContainerRuntimePolicyContainerExecArgs) ToContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyContainerExecOutput).ToContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyContainerExecPtrInput is an input type that accepts ContainerRuntimePolicyContainerExecArgs, ContainerRuntimePolicyContainerExecPtr and ContainerRuntimePolicyContainerExecPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyContainerExecPtrInput` via: // -// EnforcerGroupsOrchestratorArray{ EnforcerGroupsOrchestratorArgs{...} } -type EnforcerGroupsOrchestratorArrayInput interface { +// ContainerRuntimePolicyContainerExecArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyContainerExecPtrInput interface { pulumi.Input - ToEnforcerGroupsOrchestratorArrayOutput() EnforcerGroupsOrchestratorArrayOutput - ToEnforcerGroupsOrchestratorArrayOutputWithContext(context.Context) EnforcerGroupsOrchestratorArrayOutput + ToContainerRuntimePolicyContainerExecPtrOutput() ContainerRuntimePolicyContainerExecPtrOutput + ToContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Context) ContainerRuntimePolicyContainerExecPtrOutput } -type EnforcerGroupsOrchestratorArray []EnforcerGroupsOrchestratorInput +type containerRuntimePolicyContainerExecPtrType ContainerRuntimePolicyContainerExecArgs -func (EnforcerGroupsOrchestratorArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]EnforcerGroupsOrchestrator)(nil)).Elem() +func ContainerRuntimePolicyContainerExecPtr(v *ContainerRuntimePolicyContainerExecArgs) ContainerRuntimePolicyContainerExecPtrInput { + return (*containerRuntimePolicyContainerExecPtrType)(v) } -func (i EnforcerGroupsOrchestratorArray) ToEnforcerGroupsOrchestratorArrayOutput() EnforcerGroupsOrchestratorArrayOutput { - return i.ToEnforcerGroupsOrchestratorArrayOutputWithContext(context.Background()) +func (*containerRuntimePolicyContainerExecPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (i EnforcerGroupsOrchestratorArray) ToEnforcerGroupsOrchestratorArrayOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsOrchestratorArrayOutput) +func (i *containerRuntimePolicyContainerExecPtrType) ToContainerRuntimePolicyContainerExecPtrOutput() ContainerRuntimePolicyContainerExecPtrOutput { + return i.ToContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) } -func (i EnforcerGroupsOrchestratorArray) ToOutput(ctx context.Context) pulumix.Output[[]EnforcerGroupsOrchestrator] { - return pulumix.Output[[]EnforcerGroupsOrchestrator]{ - OutputState: i.ToEnforcerGroupsOrchestratorArrayOutputWithContext(ctx).OutputState, - } +func (i *containerRuntimePolicyContainerExecPtrType) ToContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyContainerExecPtrOutput) } -type EnforcerGroupsOrchestratorOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyContainerExecOutput struct{ *pulumi.OutputState } -func (EnforcerGroupsOrchestratorOutput) ElementType() reflect.Type { - return reflect.TypeOf((*EnforcerGroupsOrchestrator)(nil)).Elem() +func (ContainerRuntimePolicyContainerExecOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (o EnforcerGroupsOrchestratorOutput) ToEnforcerGroupsOrchestratorOutput() EnforcerGroupsOrchestratorOutput { +func (o ContainerRuntimePolicyContainerExecOutput) ToContainerRuntimePolicyContainerExecOutput() ContainerRuntimePolicyContainerExecOutput { return o } -func (o EnforcerGroupsOrchestratorOutput) ToEnforcerGroupsOrchestratorOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorOutput { +func (o ContainerRuntimePolicyContainerExecOutput) ToContainerRuntimePolicyContainerExecOutputWithContext(ctx context.Context) ContainerRuntimePolicyContainerExecOutput { return o } -func (o EnforcerGroupsOrchestratorOutput) ToOutput(ctx context.Context) pulumix.Output[EnforcerGroupsOrchestrator] { - return pulumix.Output[EnforcerGroupsOrchestrator]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyContainerExecOutput) ToContainerRuntimePolicyContainerExecPtrOutput() ContainerRuntimePolicyContainerExecPtrOutput { + return o.ToContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) } -func (o EnforcerGroupsOrchestratorOutput) Master() pulumi.BoolPtrOutput { - return o.ApplyT(func(v EnforcerGroupsOrchestrator) *bool { return v.Master }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyContainerExecOutput) ToContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyContainerExecPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyContainerExec) *ContainerRuntimePolicyContainerExec { + return &v + }).(ContainerRuntimePolicyContainerExecPtrOutput) } -// May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). -func (o EnforcerGroupsOrchestratorOutput) Namespace() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsOrchestrator) *string { return v.Namespace }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyContainerExecOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyContainerExec) *bool { return v.BlockContainerExec }).(pulumi.BoolPtrOutput) } -// May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). -func (o EnforcerGroupsOrchestratorOutput) ServiceAccount() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsOrchestrator) *string { return v.ServiceAccount }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyContainerExecOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyContainerExec) []string { return v.ContainerExecProcWhiteLists }).(pulumi.StringArrayOutput) } -// Enforcer Type. -func (o EnforcerGroupsOrchestratorOutput) Type() pulumi.StringPtrOutput { - return o.ApplyT(func(v EnforcerGroupsOrchestrator) *string { return v.Type }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyContainerExecOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyContainerExec) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type EnforcerGroupsOrchestratorArrayOutput struct{ *pulumi.OutputState } +func (o ContainerRuntimePolicyContainerExecOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyContainerExec) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) +} -func (EnforcerGroupsOrchestratorArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]EnforcerGroupsOrchestrator)(nil)).Elem() +type ContainerRuntimePolicyContainerExecPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyContainerExecPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (o EnforcerGroupsOrchestratorArrayOutput) ToEnforcerGroupsOrchestratorArrayOutput() EnforcerGroupsOrchestratorArrayOutput { +func (o ContainerRuntimePolicyContainerExecPtrOutput) ToContainerRuntimePolicyContainerExecPtrOutput() ContainerRuntimePolicyContainerExecPtrOutput { return o } -func (o EnforcerGroupsOrchestratorArrayOutput) ToEnforcerGroupsOrchestratorArrayOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorArrayOutput { +func (o ContainerRuntimePolicyContainerExecPtrOutput) ToContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyContainerExecPtrOutput { return o } -func (o EnforcerGroupsOrchestratorArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]EnforcerGroupsOrchestrator] { - return pulumix.Output[[]EnforcerGroupsOrchestrator]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyContainerExecPtrOutput) Elem() ContainerRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyContainerExec) ContainerRuntimePolicyContainerExec { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyContainerExec + return ret + }).(ContainerRuntimePolicyContainerExecOutput) } -func (o EnforcerGroupsOrchestratorArrayOutput) Index(i pulumi.IntInput) EnforcerGroupsOrchestratorOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) EnforcerGroupsOrchestrator { - return vs[0].([]EnforcerGroupsOrchestrator)[vs[1].(int)] - }).(EnforcerGroupsOrchestratorOutput) +func (o ContainerRuntimePolicyContainerExecPtrOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.BlockContainerExec + }).(pulumi.BoolPtrOutput) } -type FirewallPolicyInboundNetwork struct { - // Indicates whether the specified resources are allowed to pass in data or requests. - Allow bool `pulumi:"allow"` - // Range of ports affected by firewall. - PortRange string `pulumi:"portRange"` - // Information of the resource. - Resource *string `pulumi:"resource"` - // Type of the resource - ResourceType string `pulumi:"resourceType"` +func (o ContainerRuntimePolicyContainerExecPtrOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ContainerExecProcWhiteLists + }).(pulumi.StringArrayOutput) } -// FirewallPolicyInboundNetworkInput is an input type that accepts FirewallPolicyInboundNetworkArgs and FirewallPolicyInboundNetworkOutput values. -// You can construct a concrete instance of `FirewallPolicyInboundNetworkInput` via: -// -// FirewallPolicyInboundNetworkArgs{...} -type FirewallPolicyInboundNetworkInput interface { - pulumi.Input +func (o ContainerRuntimePolicyContainerExecPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} - ToFirewallPolicyInboundNetworkOutput() FirewallPolicyInboundNetworkOutput - ToFirewallPolicyInboundNetworkOutputWithContext(context.Context) FirewallPolicyInboundNetworkOutput +func (o ContainerRuntimePolicyContainerExecPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) } -type FirewallPolicyInboundNetworkArgs struct { - // Indicates whether the specified resources are allowed to pass in data or requests. - Allow pulumi.BoolInput `pulumi:"allow"` - // Range of ports affected by firewall. - PortRange pulumi.StringInput `pulumi:"portRange"` - // Information of the resource. - Resource pulumi.StringPtrInput `pulumi:"resource"` - // Type of the resource - ResourceType pulumi.StringInput `pulumi:"resourceType"` +type ContainerRuntimePolicyDriftPrevention struct { + // Whether drift prevention is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown *bool `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown *bool `pulumi:"imageLockdown"` } -func (FirewallPolicyInboundNetworkArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FirewallPolicyInboundNetwork)(nil)).Elem() +// ContainerRuntimePolicyDriftPreventionInput is an input type that accepts ContainerRuntimePolicyDriftPreventionArgs and ContainerRuntimePolicyDriftPreventionOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyDriftPreventionInput` via: +// +// ContainerRuntimePolicyDriftPreventionArgs{...} +type ContainerRuntimePolicyDriftPreventionInput interface { + pulumi.Input + + ToContainerRuntimePolicyDriftPreventionOutput() ContainerRuntimePolicyDriftPreventionOutput + ToContainerRuntimePolicyDriftPreventionOutputWithContext(context.Context) ContainerRuntimePolicyDriftPreventionOutput } -func (i FirewallPolicyInboundNetworkArgs) ToFirewallPolicyInboundNetworkOutput() FirewallPolicyInboundNetworkOutput { - return i.ToFirewallPolicyInboundNetworkOutputWithContext(context.Background()) +type ContainerRuntimePolicyDriftPreventionArgs struct { + // Whether drift prevention is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown pulumi.BoolPtrInput `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists pulumi.StringArrayInput `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown pulumi.BoolPtrInput `pulumi:"imageLockdown"` } -func (i FirewallPolicyInboundNetworkArgs) ToFirewallPolicyInboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkOutput { - return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyInboundNetworkOutput) +func (ContainerRuntimePolicyDriftPreventionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyDriftPrevention)(nil)).Elem() } -func (i FirewallPolicyInboundNetworkArgs) ToOutput(ctx context.Context) pulumix.Output[FirewallPolicyInboundNetwork] { - return pulumix.Output[FirewallPolicyInboundNetwork]{ - OutputState: i.ToFirewallPolicyInboundNetworkOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyDriftPreventionArgs) ToContainerRuntimePolicyDriftPreventionOutput() ContainerRuntimePolicyDriftPreventionOutput { + return i.ToContainerRuntimePolicyDriftPreventionOutputWithContext(context.Background()) } -// FirewallPolicyInboundNetworkArrayInput is an input type that accepts FirewallPolicyInboundNetworkArray and FirewallPolicyInboundNetworkArrayOutput values. -// You can construct a concrete instance of `FirewallPolicyInboundNetworkArrayInput` via: +func (i ContainerRuntimePolicyDriftPreventionArgs) ToContainerRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) ContainerRuntimePolicyDriftPreventionOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyDriftPreventionOutput) +} + +// ContainerRuntimePolicyDriftPreventionArrayInput is an input type that accepts ContainerRuntimePolicyDriftPreventionArray and ContainerRuntimePolicyDriftPreventionArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyDriftPreventionArrayInput` via: // -// FirewallPolicyInboundNetworkArray{ FirewallPolicyInboundNetworkArgs{...} } -type FirewallPolicyInboundNetworkArrayInput interface { +// ContainerRuntimePolicyDriftPreventionArray{ ContainerRuntimePolicyDriftPreventionArgs{...} } +type ContainerRuntimePolicyDriftPreventionArrayInput interface { pulumi.Input - ToFirewallPolicyInboundNetworkArrayOutput() FirewallPolicyInboundNetworkArrayOutput - ToFirewallPolicyInboundNetworkArrayOutputWithContext(context.Context) FirewallPolicyInboundNetworkArrayOutput + ToContainerRuntimePolicyDriftPreventionArrayOutput() ContainerRuntimePolicyDriftPreventionArrayOutput + ToContainerRuntimePolicyDriftPreventionArrayOutputWithContext(context.Context) ContainerRuntimePolicyDriftPreventionArrayOutput } -type FirewallPolicyInboundNetworkArray []FirewallPolicyInboundNetworkInput - -func (FirewallPolicyInboundNetworkArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FirewallPolicyInboundNetwork)(nil)).Elem() -} +type ContainerRuntimePolicyDriftPreventionArray []ContainerRuntimePolicyDriftPreventionInput -func (i FirewallPolicyInboundNetworkArray) ToFirewallPolicyInboundNetworkArrayOutput() FirewallPolicyInboundNetworkArrayOutput { - return i.ToFirewallPolicyInboundNetworkArrayOutputWithContext(context.Background()) +func (ContainerRuntimePolicyDriftPreventionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyDriftPrevention)(nil)).Elem() } -func (i FirewallPolicyInboundNetworkArray) ToFirewallPolicyInboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyInboundNetworkArrayOutput) +func (i ContainerRuntimePolicyDriftPreventionArray) ToContainerRuntimePolicyDriftPreventionArrayOutput() ContainerRuntimePolicyDriftPreventionArrayOutput { + return i.ToContainerRuntimePolicyDriftPreventionArrayOutputWithContext(context.Background()) } -func (i FirewallPolicyInboundNetworkArray) ToOutput(ctx context.Context) pulumix.Output[[]FirewallPolicyInboundNetwork] { - return pulumix.Output[[]FirewallPolicyInboundNetwork]{ - OutputState: i.ToFirewallPolicyInboundNetworkArrayOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyDriftPreventionArray) ToContainerRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyDriftPreventionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyDriftPreventionArrayOutput) } -type FirewallPolicyInboundNetworkOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyDriftPreventionOutput struct{ *pulumi.OutputState } -func (FirewallPolicyInboundNetworkOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FirewallPolicyInboundNetwork)(nil)).Elem() +func (ContainerRuntimePolicyDriftPreventionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyDriftPrevention)(nil)).Elem() } -func (o FirewallPolicyInboundNetworkOutput) ToFirewallPolicyInboundNetworkOutput() FirewallPolicyInboundNetworkOutput { +func (o ContainerRuntimePolicyDriftPreventionOutput) ToContainerRuntimePolicyDriftPreventionOutput() ContainerRuntimePolicyDriftPreventionOutput { return o } -func (o FirewallPolicyInboundNetworkOutput) ToFirewallPolicyInboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkOutput { +func (o ContainerRuntimePolicyDriftPreventionOutput) ToContainerRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) ContainerRuntimePolicyDriftPreventionOutput { return o } -func (o FirewallPolicyInboundNetworkOutput) ToOutput(ctx context.Context) pulumix.Output[FirewallPolicyInboundNetwork] { - return pulumix.Output[FirewallPolicyInboundNetwork]{ - OutputState: o.OutputState, - } -} - -// Indicates whether the specified resources are allowed to pass in data or requests. -func (o FirewallPolicyInboundNetworkOutput) Allow() pulumi.BoolOutput { - return o.ApplyT(func(v FirewallPolicyInboundNetwork) bool { return v.Allow }).(pulumi.BoolOutput) +// Whether drift prevention is enabled. +func (o ContainerRuntimePolicyDriftPreventionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyDriftPrevention) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// Range of ports affected by firewall. -func (o FirewallPolicyInboundNetworkOutput) PortRange() pulumi.StringOutput { - return o.ApplyT(func(v FirewallPolicyInboundNetwork) string { return v.PortRange }).(pulumi.StringOutput) +// Whether to lockdown execution drift. +func (o ContainerRuntimePolicyDriftPreventionOutput) ExecLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyDriftPrevention) *bool { return v.ExecLockdown }).(pulumi.BoolPtrOutput) } -// Information of the resource. -func (o FirewallPolicyInboundNetworkOutput) Resource() pulumi.StringPtrOutput { - return o.ApplyT(func(v FirewallPolicyInboundNetwork) *string { return v.Resource }).(pulumi.StringPtrOutput) +// List of items in the execution lockdown white list. +func (o ContainerRuntimePolicyDriftPreventionOutput) ExecLockdownWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyDriftPrevention) []string { return v.ExecLockdownWhiteLists }).(pulumi.StringArrayOutput) } -// Type of the resource -func (o FirewallPolicyInboundNetworkOutput) ResourceType() pulumi.StringOutput { - return o.ApplyT(func(v FirewallPolicyInboundNetwork) string { return v.ResourceType }).(pulumi.StringOutput) +// Whether to lockdown image drift. +func (o ContainerRuntimePolicyDriftPreventionOutput) ImageLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyDriftPrevention) *bool { return v.ImageLockdown }).(pulumi.BoolPtrOutput) } -type FirewallPolicyInboundNetworkArrayOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyDriftPreventionArrayOutput struct{ *pulumi.OutputState } -func (FirewallPolicyInboundNetworkArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FirewallPolicyInboundNetwork)(nil)).Elem() +func (ContainerRuntimePolicyDriftPreventionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyDriftPrevention)(nil)).Elem() } -func (o FirewallPolicyInboundNetworkArrayOutput) ToFirewallPolicyInboundNetworkArrayOutput() FirewallPolicyInboundNetworkArrayOutput { +func (o ContainerRuntimePolicyDriftPreventionArrayOutput) ToContainerRuntimePolicyDriftPreventionArrayOutput() ContainerRuntimePolicyDriftPreventionArrayOutput { return o } -func (o FirewallPolicyInboundNetworkArrayOutput) ToFirewallPolicyInboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkArrayOutput { +func (o ContainerRuntimePolicyDriftPreventionArrayOutput) ToContainerRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyDriftPreventionArrayOutput { return o } -func (o FirewallPolicyInboundNetworkArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FirewallPolicyInboundNetwork] { - return pulumix.Output[[]FirewallPolicyInboundNetwork]{ - OutputState: o.OutputState, - } -} - -func (o FirewallPolicyInboundNetworkArrayOutput) Index(i pulumi.IntInput) FirewallPolicyInboundNetworkOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FirewallPolicyInboundNetwork { - return vs[0].([]FirewallPolicyInboundNetwork)[vs[1].(int)] - }).(FirewallPolicyInboundNetworkOutput) +func (o ContainerRuntimePolicyDriftPreventionArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyDriftPreventionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyDriftPrevention { + return vs[0].([]ContainerRuntimePolicyDriftPrevention)[vs[1].(int)] + }).(ContainerRuntimePolicyDriftPreventionOutput) } -type FirewallPolicyOutboundNetwork struct { - // Indicates whether the specified resources are allowed to receive data or requests. - Allow bool `pulumi:"allow"` - // Range of ports affected by firewall. - PortRange string `pulumi:"portRange"` - // Information of the resource. - Resource *string `pulumi:"resource"` - // Type of the resource. - ResourceType string `pulumi:"resourceType"` +type ContainerRuntimePolicyExecutableBlacklist struct { + // Whether the executable blacklist is enabled. + Enabled *bool `pulumi:"enabled"` + // List of blacklisted executables. + Executables []string `pulumi:"executables"` } -// FirewallPolicyOutboundNetworkInput is an input type that accepts FirewallPolicyOutboundNetworkArgs and FirewallPolicyOutboundNetworkOutput values. -// You can construct a concrete instance of `FirewallPolicyOutboundNetworkInput` via: +// ContainerRuntimePolicyExecutableBlacklistInput is an input type that accepts ContainerRuntimePolicyExecutableBlacklistArgs and ContainerRuntimePolicyExecutableBlacklistOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyExecutableBlacklistInput` via: // -// FirewallPolicyOutboundNetworkArgs{...} -type FirewallPolicyOutboundNetworkInput interface { +// ContainerRuntimePolicyExecutableBlacklistArgs{...} +type ContainerRuntimePolicyExecutableBlacklistInput interface { pulumi.Input - ToFirewallPolicyOutboundNetworkOutput() FirewallPolicyOutboundNetworkOutput - ToFirewallPolicyOutboundNetworkOutputWithContext(context.Context) FirewallPolicyOutboundNetworkOutput -} - -type FirewallPolicyOutboundNetworkArgs struct { - // Indicates whether the specified resources are allowed to receive data or requests. - Allow pulumi.BoolInput `pulumi:"allow"` - // Range of ports affected by firewall. - PortRange pulumi.StringInput `pulumi:"portRange"` - // Information of the resource. - Resource pulumi.StringPtrInput `pulumi:"resource"` - // Type of the resource. - ResourceType pulumi.StringInput `pulumi:"resourceType"` + ToContainerRuntimePolicyExecutableBlacklistOutput() ContainerRuntimePolicyExecutableBlacklistOutput + ToContainerRuntimePolicyExecutableBlacklistOutputWithContext(context.Context) ContainerRuntimePolicyExecutableBlacklistOutput } -func (FirewallPolicyOutboundNetworkArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FirewallPolicyOutboundNetwork)(nil)).Elem() +type ContainerRuntimePolicyExecutableBlacklistArgs struct { + // Whether the executable blacklist is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of blacklisted executables. + Executables pulumi.StringArrayInput `pulumi:"executables"` } -func (i FirewallPolicyOutboundNetworkArgs) ToFirewallPolicyOutboundNetworkOutput() FirewallPolicyOutboundNetworkOutput { - return i.ToFirewallPolicyOutboundNetworkOutputWithContext(context.Background()) +func (ContainerRuntimePolicyExecutableBlacklistArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyExecutableBlacklist)(nil)).Elem() } -func (i FirewallPolicyOutboundNetworkArgs) ToFirewallPolicyOutboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkOutput { - return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyOutboundNetworkOutput) +func (i ContainerRuntimePolicyExecutableBlacklistArgs) ToContainerRuntimePolicyExecutableBlacklistOutput() ContainerRuntimePolicyExecutableBlacklistOutput { + return i.ToContainerRuntimePolicyExecutableBlacklistOutputWithContext(context.Background()) } -func (i FirewallPolicyOutboundNetworkArgs) ToOutput(ctx context.Context) pulumix.Output[FirewallPolicyOutboundNetwork] { - return pulumix.Output[FirewallPolicyOutboundNetwork]{ - OutputState: i.ToFirewallPolicyOutboundNetworkOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyExecutableBlacklistArgs) ToContainerRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) ContainerRuntimePolicyExecutableBlacklistOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyExecutableBlacklistOutput) } -// FirewallPolicyOutboundNetworkArrayInput is an input type that accepts FirewallPolicyOutboundNetworkArray and FirewallPolicyOutboundNetworkArrayOutput values. -// You can construct a concrete instance of `FirewallPolicyOutboundNetworkArrayInput` via: +// ContainerRuntimePolicyExecutableBlacklistArrayInput is an input type that accepts ContainerRuntimePolicyExecutableBlacklistArray and ContainerRuntimePolicyExecutableBlacklistArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyExecutableBlacklistArrayInput` via: // -// FirewallPolicyOutboundNetworkArray{ FirewallPolicyOutboundNetworkArgs{...} } -type FirewallPolicyOutboundNetworkArrayInput interface { +// ContainerRuntimePolicyExecutableBlacklistArray{ ContainerRuntimePolicyExecutableBlacklistArgs{...} } +type ContainerRuntimePolicyExecutableBlacklistArrayInput interface { pulumi.Input - ToFirewallPolicyOutboundNetworkArrayOutput() FirewallPolicyOutboundNetworkArrayOutput - ToFirewallPolicyOutboundNetworkArrayOutputWithContext(context.Context) FirewallPolicyOutboundNetworkArrayOutput + ToContainerRuntimePolicyExecutableBlacklistArrayOutput() ContainerRuntimePolicyExecutableBlacklistArrayOutput + ToContainerRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Context) ContainerRuntimePolicyExecutableBlacklistArrayOutput } -type FirewallPolicyOutboundNetworkArray []FirewallPolicyOutboundNetworkInput - -func (FirewallPolicyOutboundNetworkArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FirewallPolicyOutboundNetwork)(nil)).Elem() -} +type ContainerRuntimePolicyExecutableBlacklistArray []ContainerRuntimePolicyExecutableBlacklistInput -func (i FirewallPolicyOutboundNetworkArray) ToFirewallPolicyOutboundNetworkArrayOutput() FirewallPolicyOutboundNetworkArrayOutput { - return i.ToFirewallPolicyOutboundNetworkArrayOutputWithContext(context.Background()) +func (ContainerRuntimePolicyExecutableBlacklistArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyExecutableBlacklist)(nil)).Elem() } -func (i FirewallPolicyOutboundNetworkArray) ToFirewallPolicyOutboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyOutboundNetworkArrayOutput) +func (i ContainerRuntimePolicyExecutableBlacklistArray) ToContainerRuntimePolicyExecutableBlacklistArrayOutput() ContainerRuntimePolicyExecutableBlacklistArrayOutput { + return i.ToContainerRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Background()) } -func (i FirewallPolicyOutboundNetworkArray) ToOutput(ctx context.Context) pulumix.Output[[]FirewallPolicyOutboundNetwork] { - return pulumix.Output[[]FirewallPolicyOutboundNetwork]{ - OutputState: i.ToFirewallPolicyOutboundNetworkArrayOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyExecutableBlacklistArray) ToContainerRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyExecutableBlacklistArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyExecutableBlacklistArrayOutput) } -type FirewallPolicyOutboundNetworkOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyExecutableBlacklistOutput struct{ *pulumi.OutputState } -func (FirewallPolicyOutboundNetworkOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FirewallPolicyOutboundNetwork)(nil)).Elem() +func (ContainerRuntimePolicyExecutableBlacklistOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyExecutableBlacklist)(nil)).Elem() } -func (o FirewallPolicyOutboundNetworkOutput) ToFirewallPolicyOutboundNetworkOutput() FirewallPolicyOutboundNetworkOutput { +func (o ContainerRuntimePolicyExecutableBlacklistOutput) ToContainerRuntimePolicyExecutableBlacklistOutput() ContainerRuntimePolicyExecutableBlacklistOutput { return o } -func (o FirewallPolicyOutboundNetworkOutput) ToFirewallPolicyOutboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkOutput { +func (o ContainerRuntimePolicyExecutableBlacklistOutput) ToContainerRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) ContainerRuntimePolicyExecutableBlacklistOutput { return o } -func (o FirewallPolicyOutboundNetworkOutput) ToOutput(ctx context.Context) pulumix.Output[FirewallPolicyOutboundNetwork] { - return pulumix.Output[FirewallPolicyOutboundNetwork]{ - OutputState: o.OutputState, - } +// Whether the executable blacklist is enabled. +func (o ContainerRuntimePolicyExecutableBlacklistOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyExecutableBlacklist) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// Indicates whether the specified resources are allowed to receive data or requests. -func (o FirewallPolicyOutboundNetworkOutput) Allow() pulumi.BoolOutput { - return o.ApplyT(func(v FirewallPolicyOutboundNetwork) bool { return v.Allow }).(pulumi.BoolOutput) -} - -// Range of ports affected by firewall. -func (o FirewallPolicyOutboundNetworkOutput) PortRange() pulumi.StringOutput { - return o.ApplyT(func(v FirewallPolicyOutboundNetwork) string { return v.PortRange }).(pulumi.StringOutput) -} - -// Information of the resource. -func (o FirewallPolicyOutboundNetworkOutput) Resource() pulumi.StringPtrOutput { - return o.ApplyT(func(v FirewallPolicyOutboundNetwork) *string { return v.Resource }).(pulumi.StringPtrOutput) -} - -// Type of the resource. -func (o FirewallPolicyOutboundNetworkOutput) ResourceType() pulumi.StringOutput { - return o.ApplyT(func(v FirewallPolicyOutboundNetwork) string { return v.ResourceType }).(pulumi.StringOutput) +// List of blacklisted executables. +func (o ContainerRuntimePolicyExecutableBlacklistOutput) Executables() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyExecutableBlacklist) []string { return v.Executables }).(pulumi.StringArrayOutput) } -type FirewallPolicyOutboundNetworkArrayOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyExecutableBlacklistArrayOutput struct{ *pulumi.OutputState } -func (FirewallPolicyOutboundNetworkArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FirewallPolicyOutboundNetwork)(nil)).Elem() +func (ContainerRuntimePolicyExecutableBlacklistArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyExecutableBlacklist)(nil)).Elem() } -func (o FirewallPolicyOutboundNetworkArrayOutput) ToFirewallPolicyOutboundNetworkArrayOutput() FirewallPolicyOutboundNetworkArrayOutput { +func (o ContainerRuntimePolicyExecutableBlacklistArrayOutput) ToContainerRuntimePolicyExecutableBlacklistArrayOutput() ContainerRuntimePolicyExecutableBlacklistArrayOutput { return o } -func (o FirewallPolicyOutboundNetworkArrayOutput) ToFirewallPolicyOutboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkArrayOutput { +func (o ContainerRuntimePolicyExecutableBlacklistArrayOutput) ToContainerRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyExecutableBlacklistArrayOutput { return o } -func (o FirewallPolicyOutboundNetworkArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FirewallPolicyOutboundNetwork] { - return pulumix.Output[[]FirewallPolicyOutboundNetwork]{ - OutputState: o.OutputState, - } -} - -func (o FirewallPolicyOutboundNetworkArrayOutput) Index(i pulumi.IntInput) FirewallPolicyOutboundNetworkOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FirewallPolicyOutboundNetwork { - return vs[0].([]FirewallPolicyOutboundNetwork)[vs[1].(int)] - }).(FirewallPolicyOutboundNetworkOutput) +func (o ContainerRuntimePolicyExecutableBlacklistArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyExecutableBlacklistOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyExecutableBlacklist { + return vs[0].([]ContainerRuntimePolicyExecutableBlacklist)[vs[1].(int)] + }).(ContainerRuntimePolicyExecutableBlacklistOutput) } -type FunctionAssurancePolicyAutoScanTime struct { - Iteration *int `pulumi:"iteration"` - IterationType *string `pulumi:"iterationType"` - Time *string `pulumi:"time"` - WeekDays []string `pulumi:"weekDays"` +type ContainerRuntimePolicyFailedKubernetesChecks struct { + Enabled *bool `pulumi:"enabled"` + FailedChecks []string `pulumi:"failedChecks"` } -// FunctionAssurancePolicyAutoScanTimeInput is an input type that accepts FunctionAssurancePolicyAutoScanTimeArgs and FunctionAssurancePolicyAutoScanTimeOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyAutoScanTimeInput` via: +// ContainerRuntimePolicyFailedKubernetesChecksInput is an input type that accepts ContainerRuntimePolicyFailedKubernetesChecksArgs and ContainerRuntimePolicyFailedKubernetesChecksOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyFailedKubernetesChecksInput` via: // -// FunctionAssurancePolicyAutoScanTimeArgs{...} -type FunctionAssurancePolicyAutoScanTimeInput interface { +// ContainerRuntimePolicyFailedKubernetesChecksArgs{...} +type ContainerRuntimePolicyFailedKubernetesChecksInput interface { pulumi.Input - ToFunctionAssurancePolicyAutoScanTimeOutput() FunctionAssurancePolicyAutoScanTimeOutput - ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(context.Context) FunctionAssurancePolicyAutoScanTimeOutput + ToContainerRuntimePolicyFailedKubernetesChecksOutput() ContainerRuntimePolicyFailedKubernetesChecksOutput + ToContainerRuntimePolicyFailedKubernetesChecksOutputWithContext(context.Context) ContainerRuntimePolicyFailedKubernetesChecksOutput } -type FunctionAssurancePolicyAutoScanTimeArgs struct { - Iteration pulumi.IntPtrInput `pulumi:"iteration"` - IterationType pulumi.StringPtrInput `pulumi:"iterationType"` - Time pulumi.StringPtrInput `pulumi:"time"` - WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` +type ContainerRuntimePolicyFailedKubernetesChecksArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + FailedChecks pulumi.StringArrayInput `pulumi:"failedChecks"` } -func (FunctionAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +func (ContainerRuntimePolicyFailedKubernetesChecksArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyFailedKubernetesChecks)(nil)).Elem() } -func (i FunctionAssurancePolicyAutoScanTimeArgs) ToFunctionAssurancePolicyAutoScanTimeOutput() FunctionAssurancePolicyAutoScanTimeOutput { - return i.ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyFailedKubernetesChecksArgs) ToContainerRuntimePolicyFailedKubernetesChecksOutput() ContainerRuntimePolicyFailedKubernetesChecksOutput { + return i.ToContainerRuntimePolicyFailedKubernetesChecksOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyAutoScanTimeArgs) ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyAutoScanTimeOutput) +func (i ContainerRuntimePolicyFailedKubernetesChecksArgs) ToContainerRuntimePolicyFailedKubernetesChecksOutputWithContext(ctx context.Context) ContainerRuntimePolicyFailedKubernetesChecksOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFailedKubernetesChecksOutput) } -func (i FunctionAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[FunctionAssurancePolicyAutoScanTime]{ - OutputState: i.ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyFailedKubernetesChecksArgs) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutput() ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { + return i.ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) } -// FunctionAssurancePolicyAutoScanTimeArrayInput is an input type that accepts FunctionAssurancePolicyAutoScanTimeArray and FunctionAssurancePolicyAutoScanTimeArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyAutoScanTimeArrayInput` via: +func (i ContainerRuntimePolicyFailedKubernetesChecksArgs) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFailedKubernetesChecksOutput).ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyFailedKubernetesChecksPtrInput is an input type that accepts ContainerRuntimePolicyFailedKubernetesChecksArgs, ContainerRuntimePolicyFailedKubernetesChecksPtr and ContainerRuntimePolicyFailedKubernetesChecksPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyFailedKubernetesChecksPtrInput` via: // -// FunctionAssurancePolicyAutoScanTimeArray{ FunctionAssurancePolicyAutoScanTimeArgs{...} } -type FunctionAssurancePolicyAutoScanTimeArrayInput interface { +// ContainerRuntimePolicyFailedKubernetesChecksArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyFailedKubernetesChecksPtrInput interface { pulumi.Input - ToFunctionAssurancePolicyAutoScanTimeArrayOutput() FunctionAssurancePolicyAutoScanTimeArrayOutput - ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) FunctionAssurancePolicyAutoScanTimeArrayOutput + ToContainerRuntimePolicyFailedKubernetesChecksPtrOutput() ContainerRuntimePolicyFailedKubernetesChecksPtrOutput + ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Context) ContainerRuntimePolicyFailedKubernetesChecksPtrOutput } -type FunctionAssurancePolicyAutoScanTimeArray []FunctionAssurancePolicyAutoScanTimeInput +type containerRuntimePolicyFailedKubernetesChecksPtrType ContainerRuntimePolicyFailedKubernetesChecksArgs -func (FunctionAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +func ContainerRuntimePolicyFailedKubernetesChecksPtr(v *ContainerRuntimePolicyFailedKubernetesChecksArgs) ContainerRuntimePolicyFailedKubernetesChecksPtrInput { + return (*containerRuntimePolicyFailedKubernetesChecksPtrType)(v) } -func (i FunctionAssurancePolicyAutoScanTimeArray) ToFunctionAssurancePolicyAutoScanTimeArrayOutput() FunctionAssurancePolicyAutoScanTimeArrayOutput { - return i.ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) +func (*containerRuntimePolicyFailedKubernetesChecksPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyFailedKubernetesChecks)(nil)).Elem() } -func (i FunctionAssurancePolicyAutoScanTimeArray) ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyAutoScanTimeArrayOutput) +func (i *containerRuntimePolicyFailedKubernetesChecksPtrType) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutput() ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { + return i.ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[[]FunctionAssurancePolicyAutoScanTime]{ - OutputState: i.ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } +func (i *containerRuntimePolicyFailedKubernetesChecksPtrType) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) } -type FunctionAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyFailedKubernetesChecksOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +func (ContainerRuntimePolicyFailedKubernetesChecksOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyFailedKubernetesChecks)(nil)).Elem() } -func (o FunctionAssurancePolicyAutoScanTimeOutput) ToFunctionAssurancePolicyAutoScanTimeOutput() FunctionAssurancePolicyAutoScanTimeOutput { +func (o ContainerRuntimePolicyFailedKubernetesChecksOutput) ToContainerRuntimePolicyFailedKubernetesChecksOutput() ContainerRuntimePolicyFailedKubernetesChecksOutput { return o } -func (o FunctionAssurancePolicyAutoScanTimeOutput) ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeOutput { +func (o ContainerRuntimePolicyFailedKubernetesChecksOutput) ToContainerRuntimePolicyFailedKubernetesChecksOutputWithContext(ctx context.Context) ContainerRuntimePolicyFailedKubernetesChecksOutput { return o } -func (o FunctionAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[FunctionAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - -func (o FunctionAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) +func (o ContainerRuntimePolicyFailedKubernetesChecksOutput) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutput() ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { + return o.ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFailedKubernetesChecksOutput) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyFailedKubernetesChecks) *ContainerRuntimePolicyFailedKubernetesChecks { + return &v + }).(ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) } -func (o FunctionAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFailedKubernetesChecksOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFailedKubernetesChecks) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { - return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) +func (o ContainerRuntimePolicyFailedKubernetesChecksOutput) FailedChecks() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFailedKubernetesChecks) []string { return v.FailedChecks }).(pulumi.StringArrayOutput) } -type FunctionAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyFailedKubernetesChecksPtrOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +func (ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyFailedKubernetesChecks)(nil)).Elem() } -func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) ToFunctionAssurancePolicyAutoScanTimeArrayOutput() FunctionAssurancePolicyAutoScanTimeArrayOutput { +func (o ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutput() ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { return o } -func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeArrayOutput { +func (o ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) ToContainerRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFailedKubernetesChecksPtrOutput { return o } -func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[[]FunctionAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) Elem() ContainerRuntimePolicyFailedKubernetesChecksOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFailedKubernetesChecks) ContainerRuntimePolicyFailedKubernetesChecks { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyFailedKubernetesChecks + return ret + }).(ContainerRuntimePolicyFailedKubernetesChecksOutput) } -func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyAutoScanTimeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyAutoScanTime { - return vs[0].([]FunctionAssurancePolicyAutoScanTime)[vs[1].(int)] - }).(FunctionAssurancePolicyAutoScanTimeOutput) +func (o ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFailedKubernetesChecks) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. - Author *string `pulumi:"author"` - Description *string `pulumi:"description"` - Engine *string `pulumi:"engine"` - LastModified *int `pulumi:"lastModified"` - Name *string `pulumi:"name"` - Path *string `pulumi:"path"` - ReadOnly *bool `pulumi:"readOnly"` - ScriptId *string `pulumi:"scriptId"` - Severity *string `pulumi:"severity"` - Snippet *string `pulumi:"snippet"` +func (o ContainerRuntimePolicyFailedKubernetesChecksPtrOutput) FailedChecks() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFailedKubernetesChecks) []string { + if v == nil { + return nil + } + return v.FailedChecks + }).(pulumi.StringArrayOutput) } -// FunctionAssurancePolicyCustomCheckInput is an input type that accepts FunctionAssurancePolicyCustomCheckArgs and FunctionAssurancePolicyCustomCheckOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyCustomCheckInput` via: +type ContainerRuntimePolicyFileBlock struct { + BlockFilesProcesses []string `pulumi:"blockFilesProcesses"` + BlockFilesUsers []string `pulumi:"blockFilesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockFiles []string `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses []string `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers []string `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists []string `pulumi:"filenameBlockLists"` +} + +// ContainerRuntimePolicyFileBlockInput is an input type that accepts ContainerRuntimePolicyFileBlockArgs and ContainerRuntimePolicyFileBlockOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyFileBlockInput` via: // -// FunctionAssurancePolicyCustomCheckArgs{...} -type FunctionAssurancePolicyCustomCheckInput interface { +// ContainerRuntimePolicyFileBlockArgs{...} +type ContainerRuntimePolicyFileBlockInput interface { pulumi.Input - ToFunctionAssurancePolicyCustomCheckOutput() FunctionAssurancePolicyCustomCheckOutput - ToFunctionAssurancePolicyCustomCheckOutputWithContext(context.Context) FunctionAssurancePolicyCustomCheckOutput + ToContainerRuntimePolicyFileBlockOutput() ContainerRuntimePolicyFileBlockOutput + ToContainerRuntimePolicyFileBlockOutputWithContext(context.Context) ContainerRuntimePolicyFileBlockOutput } -type FunctionAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. - Author pulumi.StringPtrInput `pulumi:"author"` - Description pulumi.StringPtrInput `pulumi:"description"` - Engine pulumi.StringPtrInput `pulumi:"engine"` - LastModified pulumi.IntPtrInput `pulumi:"lastModified"` - Name pulumi.StringPtrInput `pulumi:"name"` - Path pulumi.StringPtrInput `pulumi:"path"` - ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` - ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` - Severity pulumi.StringPtrInput `pulumi:"severity"` - Snippet pulumi.StringPtrInput `pulumi:"snippet"` +type ContainerRuntimePolicyFileBlockArgs struct { + BlockFilesProcesses pulumi.StringArrayInput `pulumi:"blockFilesProcesses"` + BlockFilesUsers pulumi.StringArrayInput `pulumi:"blockFilesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists pulumi.StringArrayInput `pulumi:"filenameBlockLists"` } -func (FunctionAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyCustomCheck)(nil)).Elem() +func (ContainerRuntimePolicyFileBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (i FunctionAssurancePolicyCustomCheckArgs) ToFunctionAssurancePolicyCustomCheckOutput() FunctionAssurancePolicyCustomCheckOutput { - return i.ToFunctionAssurancePolicyCustomCheckOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyFileBlockArgs) ToContainerRuntimePolicyFileBlockOutput() ContainerRuntimePolicyFileBlockOutput { + return i.ToContainerRuntimePolicyFileBlockOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyCustomCheckArgs) ToFunctionAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyCustomCheckOutput) +func (i ContainerRuntimePolicyFileBlockArgs) ToContainerRuntimePolicyFileBlockOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileBlockOutput) } -func (i FunctionAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyCustomCheck] { - return pulumix.Output[FunctionAssurancePolicyCustomCheck]{ - OutputState: i.ToFunctionAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyFileBlockArgs) ToContainerRuntimePolicyFileBlockPtrOutput() ContainerRuntimePolicyFileBlockPtrOutput { + return i.ToContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) } -// FunctionAssurancePolicyCustomCheckArrayInput is an input type that accepts FunctionAssurancePolicyCustomCheckArray and FunctionAssurancePolicyCustomCheckArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyCustomCheckArrayInput` via: +func (i ContainerRuntimePolicyFileBlockArgs) ToContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileBlockOutput).ToContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyFileBlockPtrInput is an input type that accepts ContainerRuntimePolicyFileBlockArgs, ContainerRuntimePolicyFileBlockPtr and ContainerRuntimePolicyFileBlockPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyFileBlockPtrInput` via: // -// FunctionAssurancePolicyCustomCheckArray{ FunctionAssurancePolicyCustomCheckArgs{...} } -type FunctionAssurancePolicyCustomCheckArrayInput interface { +// ContainerRuntimePolicyFileBlockArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyFileBlockPtrInput interface { pulumi.Input - ToFunctionAssurancePolicyCustomCheckArrayOutput() FunctionAssurancePolicyCustomCheckArrayOutput - ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) FunctionAssurancePolicyCustomCheckArrayOutput + ToContainerRuntimePolicyFileBlockPtrOutput() ContainerRuntimePolicyFileBlockPtrOutput + ToContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Context) ContainerRuntimePolicyFileBlockPtrOutput } -type FunctionAssurancePolicyCustomCheckArray []FunctionAssurancePolicyCustomCheckInput +type containerRuntimePolicyFileBlockPtrType ContainerRuntimePolicyFileBlockArgs -func (FunctionAssurancePolicyCustomCheckArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyCustomCheck)(nil)).Elem() +func ContainerRuntimePolicyFileBlockPtr(v *ContainerRuntimePolicyFileBlockArgs) ContainerRuntimePolicyFileBlockPtrInput { + return (*containerRuntimePolicyFileBlockPtrType)(v) } -func (i FunctionAssurancePolicyCustomCheckArray) ToFunctionAssurancePolicyCustomCheckArrayOutput() FunctionAssurancePolicyCustomCheckArrayOutput { - return i.ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +func (*containerRuntimePolicyFileBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (i FunctionAssurancePolicyCustomCheckArray) ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyCustomCheckArrayOutput) +func (i *containerRuntimePolicyFileBlockPtrType) ToContainerRuntimePolicyFileBlockPtrOutput() ContainerRuntimePolicyFileBlockPtrOutput { + return i.ToContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyCustomCheck] { - return pulumix.Output[[]FunctionAssurancePolicyCustomCheck]{ - OutputState: i.ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } +func (i *containerRuntimePolicyFileBlockPtrType) ToContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileBlockPtrOutput) } -type FunctionAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyFileBlockOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyCustomCheck)(nil)).Elem() +func (ContainerRuntimePolicyFileBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (o FunctionAssurancePolicyCustomCheckOutput) ToFunctionAssurancePolicyCustomCheckOutput() FunctionAssurancePolicyCustomCheckOutput { +func (o ContainerRuntimePolicyFileBlockOutput) ToContainerRuntimePolicyFileBlockOutput() ContainerRuntimePolicyFileBlockOutput { return o } -func (o FunctionAssurancePolicyCustomCheckOutput) ToFunctionAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckOutput { +func (o ContainerRuntimePolicyFileBlockOutput) ToContainerRuntimePolicyFileBlockOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileBlockOutput { return o } -func (o FunctionAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyCustomCheck] { - return pulumix.Output[FunctionAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyFileBlockOutput) ToContainerRuntimePolicyFileBlockPtrOutput() ContainerRuntimePolicyFileBlockPtrOutput { + return o.ToContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) } -// Name of user account that created the policy. -func (o FunctionAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) ToContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyFileBlock) *ContainerRuntimePolicyFileBlock { + return &v + }).(ContainerRuntimePolicyFileBlockPtrOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) []string { return v.BlockFilesProcesses }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) []string { return v.BlockFilesUsers }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFiles }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesProcesses }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesUsers }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileBlock) []string { return v.FilenameBlockLists }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +type ContainerRuntimePolicyFileBlockPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyFileBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (o FunctionAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileBlockPtrOutput) ToContainerRuntimePolicyFileBlockPtrOutput() ContainerRuntimePolicyFileBlockPtrOutput { + return o } -type FunctionAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } +func (o ContainerRuntimePolicyFileBlockPtrOutput) ToContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileBlockPtrOutput { + return o +} -func (FunctionAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyCustomCheck)(nil)).Elem() +func (o ContainerRuntimePolicyFileBlockPtrOutput) Elem() ContainerRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) ContainerRuntimePolicyFileBlock { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyFileBlock + return ret + }).(ContainerRuntimePolicyFileBlockOutput) } -func (o FunctionAssurancePolicyCustomCheckArrayOutput) ToFunctionAssurancePolicyCustomCheckArrayOutput() FunctionAssurancePolicyCustomCheckArrayOutput { - return o +func (o ContainerRuntimePolicyFileBlockPtrOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesProcesses + }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckArrayOutput) ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckArrayOutput { - return o +func (o ContainerRuntimePolicyFileBlockPtrOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesUsers + }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyCustomCheck] { - return pulumix.Output[[]FunctionAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyFileBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyCustomCheckOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyCustomCheck { - return vs[0].([]FunctionAssurancePolicyCustomCheck)[vs[1].(int)] - }).(FunctionAssurancePolicyCustomCheckOutput) +func (o ContainerRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFiles + }).(pulumi.StringArrayOutput) } -type FunctionAssurancePolicyForbiddenLabel struct { - Key *string `pulumi:"key"` - Value *string `pulumi:"value"` +func (o ContainerRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesProcesses + }).(pulumi.StringArrayOutput) } -// FunctionAssurancePolicyForbiddenLabelInput is an input type that accepts FunctionAssurancePolicyForbiddenLabelArgs and FunctionAssurancePolicyForbiddenLabelOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyForbiddenLabelInput` via: +func (o ContainerRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyFileBlockPtrOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.FilenameBlockLists + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyFileIntegrityMonitoring struct { + // If true, file integrity monitoring is enabled. + Enabled *bool `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles []string `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses []string `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers []string `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles []string `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes *bool `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate *bool `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete *bool `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify *bool `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses []string `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead *bool `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers []string `pulumi:"monitoredFilesUsers"` +} + +// ContainerRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts ContainerRuntimePolicyFileIntegrityMonitoringArgs and ContainerRuntimePolicyFileIntegrityMonitoringOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyFileIntegrityMonitoringInput` via: // -// FunctionAssurancePolicyForbiddenLabelArgs{...} -type FunctionAssurancePolicyForbiddenLabelInput interface { +// ContainerRuntimePolicyFileIntegrityMonitoringArgs{...} +type ContainerRuntimePolicyFileIntegrityMonitoringInput interface { pulumi.Input - ToFunctionAssurancePolicyForbiddenLabelOutput() FunctionAssurancePolicyForbiddenLabelOutput - ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(context.Context) FunctionAssurancePolicyForbiddenLabelOutput + ToContainerRuntimePolicyFileIntegrityMonitoringOutput() ContainerRuntimePolicyFileIntegrityMonitoringOutput + ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) ContainerRuntimePolicyFileIntegrityMonitoringOutput } -type FunctionAssurancePolicyForbiddenLabelArgs struct { - Key pulumi.StringPtrInput `pulumi:"key"` - Value pulumi.StringPtrInput `pulumi:"value"` +type ContainerRuntimePolicyFileIntegrityMonitoringArgs struct { + // If true, file integrity monitoring is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles pulumi.StringArrayInput `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes pulumi.BoolPtrInput `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate pulumi.BoolPtrInput `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete pulumi.BoolPtrInput `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify pulumi.BoolPtrInput `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead pulumi.BoolPtrInput `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers pulumi.StringArrayInput `pulumi:"monitoredFilesUsers"` } -func (FunctionAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +func (ContainerRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (i FunctionAssurancePolicyForbiddenLabelArgs) ToFunctionAssurancePolicyForbiddenLabelOutput() FunctionAssurancePolicyForbiddenLabelOutput { - return i.ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) +func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringOutput() ContainerRuntimePolicyFileIntegrityMonitoringOutput { + return i.ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyForbiddenLabelArgs) ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyForbiddenLabelOutput) +func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileIntegrityMonitoringOutput) } -func (i FunctionAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[FunctionAssurancePolicyForbiddenLabel]{ - OutputState: i.ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } +func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return i.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) } -// FunctionAssurancePolicyForbiddenLabelArrayInput is an input type that accepts FunctionAssurancePolicyForbiddenLabelArray and FunctionAssurancePolicyForbiddenLabelArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyForbiddenLabelArrayInput` via: +func (i ContainerRuntimePolicyFileIntegrityMonitoringArgs) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileIntegrityMonitoringOutput).ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyFileIntegrityMonitoringPtrInput is an input type that accepts ContainerRuntimePolicyFileIntegrityMonitoringArgs, ContainerRuntimePolicyFileIntegrityMonitoringPtr and ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyFileIntegrityMonitoringPtrInput` via: // -// FunctionAssurancePolicyForbiddenLabelArray{ FunctionAssurancePolicyForbiddenLabelArgs{...} } -type FunctionAssurancePolicyForbiddenLabelArrayInput interface { +// ContainerRuntimePolicyFileIntegrityMonitoringArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyFileIntegrityMonitoringPtrInput interface { pulumi.Input - ToFunctionAssurancePolicyForbiddenLabelArrayOutput() FunctionAssurancePolicyForbiddenLabelArrayOutput - ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) FunctionAssurancePolicyForbiddenLabelArrayOutput + ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput + ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput } -type FunctionAssurancePolicyForbiddenLabelArray []FunctionAssurancePolicyForbiddenLabelInput +type containerRuntimePolicyFileIntegrityMonitoringPtrType ContainerRuntimePolicyFileIntegrityMonitoringArgs -func (FunctionAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +func ContainerRuntimePolicyFileIntegrityMonitoringPtr(v *ContainerRuntimePolicyFileIntegrityMonitoringArgs) ContainerRuntimePolicyFileIntegrityMonitoringPtrInput { + return (*containerRuntimePolicyFileIntegrityMonitoringPtrType)(v) } -func (i FunctionAssurancePolicyForbiddenLabelArray) ToFunctionAssurancePolicyForbiddenLabelArrayOutput() FunctionAssurancePolicyForbiddenLabelArrayOutput { - return i.ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) +func (*containerRuntimePolicyFileIntegrityMonitoringPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (i FunctionAssurancePolicyForbiddenLabelArray) ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyForbiddenLabelArrayOutput) +func (i *containerRuntimePolicyFileIntegrityMonitoringPtrType) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return i.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]FunctionAssurancePolicyForbiddenLabel]{ - OutputState: i.ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } +func (i *containerRuntimePolicyFileIntegrityMonitoringPtrType) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) } -type FunctionAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +func (ContainerRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (o FunctionAssurancePolicyForbiddenLabelOutput) ToFunctionAssurancePolicyForbiddenLabelOutput() FunctionAssurancePolicyForbiddenLabelOutput { +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringOutput() ContainerRuntimePolicyFileIntegrityMonitoringOutput { return o } -func (o FunctionAssurancePolicyForbiddenLabelOutput) ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelOutput { +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringOutput { return o } -func (o FunctionAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[FunctionAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o.ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyFileIntegrityMonitoring) *ContainerRuntimePolicyFileIntegrityMonitoring { + return &v + }).(ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) } -func (o FunctionAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +// If true, file integrity monitoring is enabled. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } +// List of paths to be excluded from monitoring. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFiles }).(pulumi.StringArrayOutput) +} -func (FunctionAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +// List of processes to be excluded from monitoring. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { + return v.ExceptionalMonitoredFilesProcesses + }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) ToFunctionAssurancePolicyForbiddenLabelArrayOutput() FunctionAssurancePolicyForbiddenLabelArrayOutput { - return o +// List of users to be excluded from monitoring. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { + return v.ExceptionalMonitoredFilesUsers + }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelArrayOutput { - return o +// List of paths to be monitored. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFiles }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]FunctionAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } +// Whether to monitor file attribute operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesAttributes }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyForbiddenLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyForbiddenLabel { - return vs[0].([]FunctionAssurancePolicyForbiddenLabel)[vs[1].(int)] - }).(FunctionAssurancePolicyForbiddenLabelOutput) +// Whether to monitor file create operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesCreate }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyPackagesBlackList struct { - Arch *string `pulumi:"arch"` - Display *string `pulumi:"display"` - Epoch *string `pulumi:"epoch"` - Format *string `pulumi:"format"` - License *string `pulumi:"license"` - Name *string `pulumi:"name"` - Release *string `pulumi:"release"` - Version *string `pulumi:"version"` - VersionRange *string `pulumi:"versionRange"` +// Whether to monitor file delete operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesDelete }).(pulumi.BoolPtrOutput) } -// FunctionAssurancePolicyPackagesBlackListInput is an input type that accepts FunctionAssurancePolicyPackagesBlackListArgs and FunctionAssurancePolicyPackagesBlackListOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyPackagesBlackListInput` via: -// -// FunctionAssurancePolicyPackagesBlackListArgs{...} -type FunctionAssurancePolicyPackagesBlackListInput interface { - pulumi.Input +// Whether to monitor file modify operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesModify }).(pulumi.BoolPtrOutput) +} - ToFunctionAssurancePolicyPackagesBlackListOutput() FunctionAssurancePolicyPackagesBlackListOutput - ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(context.Context) FunctionAssurancePolicyPackagesBlackListOutput +// List of processes associated with monitored files. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesProcesses }).(pulumi.StringArrayOutput) } -type FunctionAssurancePolicyPackagesBlackListArgs struct { - Arch pulumi.StringPtrInput `pulumi:"arch"` - Display pulumi.StringPtrInput `pulumi:"display"` - Epoch pulumi.StringPtrInput `pulumi:"epoch"` - Format pulumi.StringPtrInput `pulumi:"format"` - License pulumi.StringPtrInput `pulumi:"license"` - Name pulumi.StringPtrInput `pulumi:"name"` - Release pulumi.StringPtrInput `pulumi:"release"` - Version pulumi.StringPtrInput `pulumi:"version"` - VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +// Whether to monitor file read operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesRead }).(pulumi.BoolPtrOutput) } -func (FunctionAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +// List of users associated with monitored files. +func (o ContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesUsers }).(pulumi.StringArrayOutput) } -func (i FunctionAssurancePolicyPackagesBlackListArgs) ToFunctionAssurancePolicyPackagesBlackListOutput() FunctionAssurancePolicyPackagesBlackListOutput { - return i.ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) +type ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (i FunctionAssurancePolicyPackagesBlackListArgs) ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesBlackListOutput) +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutput() ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o } -func (i FunctionAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[FunctionAssurancePolicyPackagesBlackList]{ - OutputState: i.ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ToContainerRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o } -// FunctionAssurancePolicyPackagesBlackListArrayInput is an input type that accepts FunctionAssurancePolicyPackagesBlackListArray and FunctionAssurancePolicyPackagesBlackListArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyPackagesBlackListArrayInput` via: -// -// FunctionAssurancePolicyPackagesBlackListArray{ FunctionAssurancePolicyPackagesBlackListArgs{...} } -type FunctionAssurancePolicyPackagesBlackListArrayInput interface { - pulumi.Input +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) Elem() ContainerRuntimePolicyFileIntegrityMonitoringOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) ContainerRuntimePolicyFileIntegrityMonitoring { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyFileIntegrityMonitoring + return ret + }).(ContainerRuntimePolicyFileIntegrityMonitoringOutput) +} - ToFunctionAssurancePolicyPackagesBlackListArrayOutput() FunctionAssurancePolicyPackagesBlackListArrayOutput - ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) FunctionAssurancePolicyPackagesBlackListArrayOutput +// If true, file integrity monitoring is enabled. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyPackagesBlackListArray []FunctionAssurancePolicyPackagesBlackListInput +// List of paths to be excluded from monitoring. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredFiles + }).(pulumi.StringArrayOutput) +} -func (FunctionAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +// List of processes to be excluded from monitoring. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredFilesProcesses + }).(pulumi.StringArrayOutput) } -func (i FunctionAssurancePolicyPackagesBlackListArray) ToFunctionAssurancePolicyPackagesBlackListArrayOutput() FunctionAssurancePolicyPackagesBlackListArrayOutput { - return i.ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) +// List of users to be excluded from monitoring. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredFilesUsers + }).(pulumi.StringArrayOutput) } -func (i FunctionAssurancePolicyPackagesBlackListArray) ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesBlackListArrayOutput) +// List of paths to be monitored. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredFiles + }).(pulumi.StringArrayOutput) } -func (i FunctionAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]FunctionAssurancePolicyPackagesBlackList]{ - OutputState: i.ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } +// Whether to monitor file attribute operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesAttributes + }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } +// Whether to monitor file create operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesCreate + }).(pulumi.BoolPtrOutput) +} -func (FunctionAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +// Whether to monitor file delete operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesDelete + }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) ToFunctionAssurancePolicyPackagesBlackListOutput() FunctionAssurancePolicyPackagesBlackListOutput { - return o +// Whether to monitor file modify operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesModify + }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListOutput { - return o +// List of processes associated with monitored files. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredFilesProcesses + }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[FunctionAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } +// Whether to monitor file read operations. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesRead + }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) +// List of users associated with monitored files. +func (o ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredFilesUsers + }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) +type ContainerRuntimePolicyLimitContainerPrivilege struct { + // Whether to block adding capabilities. + BlockAddCapabilities *bool `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode *bool `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode *bool `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode *bool `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding *bool `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser *bool `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged *bool `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser *bool `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode *bool `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode *bool `pulumi:"utsmode"` +} + +// ContainerRuntimePolicyLimitContainerPrivilegeInput is an input type that accepts ContainerRuntimePolicyLimitContainerPrivilegeArgs and ContainerRuntimePolicyLimitContainerPrivilegeOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyLimitContainerPrivilegeInput` via: +// +// ContainerRuntimePolicyLimitContainerPrivilegeArgs{...} +type ContainerRuntimePolicyLimitContainerPrivilegeInput interface { + pulumi.Input + + ToContainerRuntimePolicyLimitContainerPrivilegeOutput() ContainerRuntimePolicyLimitContainerPrivilegeOutput + ToContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Context) ContainerRuntimePolicyLimitContainerPrivilegeOutput +} + +type ContainerRuntimePolicyLimitContainerPrivilegeArgs struct { + // Whether to block adding capabilities. + BlockAddCapabilities pulumi.BoolPtrInput `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode pulumi.BoolPtrInput `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode pulumi.BoolPtrInput `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode pulumi.BoolPtrInput `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding pulumi.BoolPtrInput `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser pulumi.BoolPtrInput `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged pulumi.BoolPtrInput `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser pulumi.BoolPtrInput `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode pulumi.BoolPtrInput `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode pulumi.BoolPtrInput `pulumi:"utsmode"` } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (ContainerRuntimePolicyLimitContainerPrivilegeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLimitContainerPrivilegeArgs) ToContainerRuntimePolicyLimitContainerPrivilegeOutput() ContainerRuntimePolicyLimitContainerPrivilegeOutput { + return i.ToContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLimitContainerPrivilegeArgs) ToContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) ContainerRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyLimitContainerPrivilegeOutput) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) +// ContainerRuntimePolicyLimitContainerPrivilegeArrayInput is an input type that accepts ContainerRuntimePolicyLimitContainerPrivilegeArray and ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyLimitContainerPrivilegeArrayInput` via: +// +// ContainerRuntimePolicyLimitContainerPrivilegeArray{ ContainerRuntimePolicyLimitContainerPrivilegeArgs{...} } +type ContainerRuntimePolicyLimitContainerPrivilegeArrayInput interface { + pulumi.Input + + ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutput() ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput + ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Context) ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) +type ContainerRuntimePolicyLimitContainerPrivilegeArray []ContainerRuntimePolicyLimitContainerPrivilegeInput + +func (ContainerRuntimePolicyLimitContainerPrivilegeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -func (o FunctionAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLimitContainerPrivilegeArray) ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutput() ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return i.ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLimitContainerPrivilegeArray) ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) } -type FunctionAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyLimitContainerPrivilegeOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +func (ContainerRuntimePolicyLimitContainerPrivilegeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) ToFunctionAssurancePolicyPackagesBlackListArrayOutput() FunctionAssurancePolicyPackagesBlackListArrayOutput { +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) ToContainerRuntimePolicyLimitContainerPrivilegeOutput() ContainerRuntimePolicyLimitContainerPrivilegeOutput { return o } -func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListArrayOutput { +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) ToContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) ContainerRuntimePolicyLimitContainerPrivilegeOutput { return o } -func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]FunctionAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } +// Whether to block adding capabilities. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) BlockAddCapabilities() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.BlockAddCapabilities }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyPackagesBlackListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyPackagesBlackList { - return vs[0].([]FunctionAssurancePolicyPackagesBlackList)[vs[1].(int)] - }).(FunctionAssurancePolicyPackagesBlackListOutput) +// Whether container privilege limitations are enabled. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyPackagesWhiteList struct { - Arch *string `pulumi:"arch"` - Display *string `pulumi:"display"` - Epoch *string `pulumi:"epoch"` - Format *string `pulumi:"format"` - License *string `pulumi:"license"` - Name *string `pulumi:"name"` - Release *string `pulumi:"release"` - Version *string `pulumi:"version"` - VersionRange *string `pulumi:"versionRange"` +// Whether to limit IPC-related capabilities. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Ipcmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Ipcmode }).(pulumi.BoolPtrOutput) } -// FunctionAssurancePolicyPackagesWhiteListInput is an input type that accepts FunctionAssurancePolicyPackagesWhiteListArgs and FunctionAssurancePolicyPackagesWhiteListOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyPackagesWhiteListInput` via: -// -// FunctionAssurancePolicyPackagesWhiteListArgs{...} -type FunctionAssurancePolicyPackagesWhiteListInput interface { - pulumi.Input - - ToFunctionAssurancePolicyPackagesWhiteListOutput() FunctionAssurancePolicyPackagesWhiteListOutput - ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) FunctionAssurancePolicyPackagesWhiteListOutput +// Whether to limit network-related capabilities. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Netmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Netmode }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyPackagesWhiteListArgs struct { - Arch pulumi.StringPtrInput `pulumi:"arch"` - Display pulumi.StringPtrInput `pulumi:"display"` - Epoch pulumi.StringPtrInput `pulumi:"epoch"` - Format pulumi.StringPtrInput `pulumi:"format"` - License pulumi.StringPtrInput `pulumi:"license"` - Name pulumi.StringPtrInput `pulumi:"name"` - Release pulumi.StringPtrInput `pulumi:"release"` - Version pulumi.StringPtrInput `pulumi:"version"` - VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +// Whether to limit process-related capabilities. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Pidmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Pidmode }).(pulumi.BoolPtrOutput) } -func (FunctionAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +// Whether to prevent low port binding. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) PreventLowPortBinding() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventLowPortBinding }).(pulumi.BoolPtrOutput) } -func (i FunctionAssurancePolicyPackagesWhiteListArgs) ToFunctionAssurancePolicyPackagesWhiteListOutput() FunctionAssurancePolicyPackagesWhiteListOutput { - return i.ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) +// Whether to prevent the use of the root user. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) PreventRootUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventRootUser }).(pulumi.BoolPtrOutput) } -func (i FunctionAssurancePolicyPackagesWhiteListArgs) ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesWhiteListOutput) +// Whether the container is run in privileged mode. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Privileged() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Privileged }).(pulumi.BoolPtrOutput) } -func (i FunctionAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[FunctionAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } +// Whether to use the host user. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) UseHostUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.UseHostUser }).(pulumi.BoolPtrOutput) } -// FunctionAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts FunctionAssurancePolicyPackagesWhiteListArray and FunctionAssurancePolicyPackagesWhiteListArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyPackagesWhiteListArrayInput` via: -// -// FunctionAssurancePolicyPackagesWhiteListArray{ FunctionAssurancePolicyPackagesWhiteListArgs{...} } -type FunctionAssurancePolicyPackagesWhiteListArrayInput interface { - pulumi.Input +// Whether to limit user-related capabilities. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Usermode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Usermode }).(pulumi.BoolPtrOutput) +} - ToFunctionAssurancePolicyPackagesWhiteListArrayOutput() FunctionAssurancePolicyPackagesWhiteListArrayOutput - ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) FunctionAssurancePolicyPackagesWhiteListArrayOutput +// Whether to limit UTS-related capabilities. +func (o ContainerRuntimePolicyLimitContainerPrivilegeOutput) Utsmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Utsmode }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyPackagesWhiteListArray []FunctionAssurancePolicyPackagesWhiteListInput +type ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -func (i FunctionAssurancePolicyPackagesWhiteListArray) ToFunctionAssurancePolicyPackagesWhiteListArrayOutput() FunctionAssurancePolicyPackagesWhiteListArrayOutput { - return i.ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) +func (o ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutput() ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o } -func (i FunctionAssurancePolicyPackagesWhiteListArray) ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesWhiteListArrayOutput) +func (o ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) ToContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o } -func (i FunctionAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]FunctionAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } +func (o ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyLimitContainerPrivilege { + return vs[0].([]ContainerRuntimePolicyLimitContainerPrivilege)[vs[1].(int)] + }).(ContainerRuntimePolicyLimitContainerPrivilegeOutput) } -type FunctionAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } - -func (FunctionAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +type ContainerRuntimePolicyLinuxCapabilities struct { + Enabled *bool `pulumi:"enabled"` + RemoveLinuxCapabilities []string `pulumi:"removeLinuxCapabilities"` } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) ToFunctionAssurancePolicyPackagesWhiteListOutput() FunctionAssurancePolicyPackagesWhiteListOutput { - return o +// ContainerRuntimePolicyLinuxCapabilitiesInput is an input type that accepts ContainerRuntimePolicyLinuxCapabilitiesArgs and ContainerRuntimePolicyLinuxCapabilitiesOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyLinuxCapabilitiesInput` via: +// +// ContainerRuntimePolicyLinuxCapabilitiesArgs{...} +type ContainerRuntimePolicyLinuxCapabilitiesInput interface { + pulumi.Input + + ToContainerRuntimePolicyLinuxCapabilitiesOutput() ContainerRuntimePolicyLinuxCapabilitiesOutput + ToContainerRuntimePolicyLinuxCapabilitiesOutputWithContext(context.Context) ContainerRuntimePolicyLinuxCapabilitiesOutput } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListOutput { - return o +type ContainerRuntimePolicyLinuxCapabilitiesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + RemoveLinuxCapabilities pulumi.StringArrayInput `pulumi:"removeLinuxCapabilities"` } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[FunctionAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (ContainerRuntimePolicyLinuxCapabilitiesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyLinuxCapabilities)(nil)).Elem() } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLinuxCapabilitiesArgs) ToContainerRuntimePolicyLinuxCapabilitiesOutput() ContainerRuntimePolicyLinuxCapabilitiesOutput { + return i.ToContainerRuntimePolicyLinuxCapabilitiesOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLinuxCapabilitiesArgs) ToContainerRuntimePolicyLinuxCapabilitiesOutputWithContext(ctx context.Context) ContainerRuntimePolicyLinuxCapabilitiesOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyLinuxCapabilitiesOutput) } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLinuxCapabilitiesArgs) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutput() ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return i.ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (i ContainerRuntimePolicyLinuxCapabilitiesArgs) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyLinuxCapabilitiesOutput).ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx) } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) +// ContainerRuntimePolicyLinuxCapabilitiesPtrInput is an input type that accepts ContainerRuntimePolicyLinuxCapabilitiesArgs, ContainerRuntimePolicyLinuxCapabilitiesPtr and ContainerRuntimePolicyLinuxCapabilitiesPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyLinuxCapabilitiesPtrInput` via: +// +// ContainerRuntimePolicyLinuxCapabilitiesArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyLinuxCapabilitiesPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyLinuxCapabilitiesPtrOutput() ContainerRuntimePolicyLinuxCapabilitiesPtrOutput + ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Context) ContainerRuntimePolicyLinuxCapabilitiesPtrOutput } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) +type containerRuntimePolicyLinuxCapabilitiesPtrType ContainerRuntimePolicyLinuxCapabilitiesArgs + +func ContainerRuntimePolicyLinuxCapabilitiesPtr(v *ContainerRuntimePolicyLinuxCapabilitiesArgs) ContainerRuntimePolicyLinuxCapabilitiesPtrInput { + return (*containerRuntimePolicyLinuxCapabilitiesPtrType)(v) } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +func (*containerRuntimePolicyLinuxCapabilitiesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyLinuxCapabilities)(nil)).Elem() } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (i *containerRuntimePolicyLinuxCapabilitiesPtrType) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutput() ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return i.ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (i *containerRuntimePolicyLinuxCapabilitiesPtrType) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) } -type FunctionAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } +type ContainerRuntimePolicyLinuxCapabilitiesOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (ContainerRuntimePolicyLinuxCapabilitiesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyLinuxCapabilities)(nil)).Elem() } -func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) ToFunctionAssurancePolicyPackagesWhiteListArrayOutput() FunctionAssurancePolicyPackagesWhiteListArrayOutput { +func (o ContainerRuntimePolicyLinuxCapabilitiesOutput) ToContainerRuntimePolicyLinuxCapabilitiesOutput() ContainerRuntimePolicyLinuxCapabilitiesOutput { return o } -func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListArrayOutput { +func (o ContainerRuntimePolicyLinuxCapabilitiesOutput) ToContainerRuntimePolicyLinuxCapabilitiesOutputWithContext(ctx context.Context) ContainerRuntimePolicyLinuxCapabilitiesOutput { return o } -func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]FunctionAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (o ContainerRuntimePolicyLinuxCapabilitiesOutput) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutput() ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return o.ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyPackagesWhiteListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyPackagesWhiteList { - return vs[0].([]FunctionAssurancePolicyPackagesWhiteList)[vs[1].(int)] +func (o ContainerRuntimePolicyLinuxCapabilitiesOutput) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyLinuxCapabilities) *ContainerRuntimePolicyLinuxCapabilities { + return &v + }).(ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLinuxCapabilities) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesOutput) RemoveLinuxCapabilities() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyLinuxCapabilities) []string { return v.RemoveLinuxCapabilities }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyLinuxCapabilitiesPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutput() ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return o +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) ToContainerRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyLinuxCapabilitiesPtrOutput { + return o +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) Elem() ContainerRuntimePolicyLinuxCapabilitiesOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyLinuxCapabilities) ContainerRuntimePolicyLinuxCapabilities { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyLinuxCapabilities + return ret + }).(ContainerRuntimePolicyLinuxCapabilitiesOutput) +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyLinuxCapabilities) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyLinuxCapabilitiesPtrOutput) RemoveLinuxCapabilities() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyLinuxCapabilities) []string { + if v == nil { + return nil + } + return v.RemoveLinuxCapabilities + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyMalwareScanOptions struct { + // Set Action, Defaults to 'Alert' when empty + Action *string `pulumi:"action"` + // Defines if enabled or not + Enabled *bool `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories []string `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses []string `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories []string `pulumi:"includeDirectories"` +} + +// ContainerRuntimePolicyMalwareScanOptionsInput is an input type that accepts ContainerRuntimePolicyMalwareScanOptionsArgs and ContainerRuntimePolicyMalwareScanOptionsOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyMalwareScanOptionsInput` via: +// +// ContainerRuntimePolicyMalwareScanOptionsArgs{...} +type ContainerRuntimePolicyMalwareScanOptionsInput interface { + pulumi.Input + + ToContainerRuntimePolicyMalwareScanOptionsOutput() ContainerRuntimePolicyMalwareScanOptionsOutput + ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(context.Context) ContainerRuntimePolicyMalwareScanOptionsOutput +} + +type ContainerRuntimePolicyMalwareScanOptionsArgs struct { + // Set Action, Defaults to 'Alert' when empty + Action pulumi.StringPtrInput `pulumi:"action"` + // Defines if enabled or not + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories pulumi.StringArrayInput `pulumi:"includeDirectories"` +} + +func (ContainerRuntimePolicyMalwareScanOptionsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsOutput() ContainerRuntimePolicyMalwareScanOptionsOutput { + return i.ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMalwareScanOptionsOutput) +} + +func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return i.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyMalwareScanOptionsArgs) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMalwareScanOptionsOutput).ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyMalwareScanOptionsPtrInput is an input type that accepts ContainerRuntimePolicyMalwareScanOptionsArgs, ContainerRuntimePolicyMalwareScanOptionsPtr and ContainerRuntimePolicyMalwareScanOptionsPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyMalwareScanOptionsPtrInput` via: +// +// ContainerRuntimePolicyMalwareScanOptionsArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyMalwareScanOptionsPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput + ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput +} + +type containerRuntimePolicyMalwareScanOptionsPtrType ContainerRuntimePolicyMalwareScanOptionsArgs + +func ContainerRuntimePolicyMalwareScanOptionsPtr(v *ContainerRuntimePolicyMalwareScanOptionsArgs) ContainerRuntimePolicyMalwareScanOptionsPtrInput { + return (*containerRuntimePolicyMalwareScanOptionsPtrType)(v) +} + +func (*containerRuntimePolicyMalwareScanOptionsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (i *containerRuntimePolicyMalwareScanOptionsPtrType) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return i.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyMalwareScanOptionsPtrType) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyMalwareScanOptionsPtrOutput) +} + +type ContainerRuntimePolicyMalwareScanOptionsOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyMalwareScanOptionsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsOutput() ContainerRuntimePolicyMalwareScanOptionsOutput { + return o +} + +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsOutput { + return o +} + +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyMalwareScanOptions) *ContainerRuntimePolicyMalwareScanOptions { + return &v + }).(ContainerRuntimePolicyMalwareScanOptionsPtrOutput) +} + +// Set Action, Defaults to 'Alert' when empty +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) *string { return v.Action }).(pulumi.StringPtrOutput) +} + +// Defines if enabled or not +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of registry paths to be excluded from being protected. +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) +} + +// List of registry processes to be excluded from being protected. +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +} + +// List of registry paths to be excluded from being protected. +func (o ContainerRuntimePolicyMalwareScanOptionsOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyMalwareScanOptions) []string { return v.IncludeDirectories }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyMalwareScanOptionsPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutput() ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return o +} + +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ToContainerRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyMalwareScanOptionsPtrOutput { + return o +} + +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Elem() ContainerRuntimePolicyMalwareScanOptionsOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) ContainerRuntimePolicyMalwareScanOptions { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyMalwareScanOptions + return ret + }).(ContainerRuntimePolicyMalwareScanOptionsOutput) +} + +// Set Action, Defaults to 'Alert' when empty +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) *string { + if v == nil { + return nil + } + return v.Action + }).(pulumi.StringPtrOutput) +} + +// Defines if enabled or not +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// List of registry paths to be excluded from being protected. +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.ExcludeDirectories + }).(pulumi.StringArrayOutput) +} + +// List of registry processes to be excluded from being protected. +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.ExcludeProcesses + }).(pulumi.StringArrayOutput) +} + +// List of registry paths to be excluded from being protected. +func (o ContainerRuntimePolicyMalwareScanOptionsPtrOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.IncludeDirectories + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyPackageBlock struct { + BlockPackagesProcesses []string `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers []string `pulumi:"blockPackagesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockPackagesFiles []string `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses []string `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers []string `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists []string `pulumi:"packagesBlackLists"` +} + +// ContainerRuntimePolicyPackageBlockInput is an input type that accepts ContainerRuntimePolicyPackageBlockArgs and ContainerRuntimePolicyPackageBlockOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyPackageBlockInput` via: +// +// ContainerRuntimePolicyPackageBlockArgs{...} +type ContainerRuntimePolicyPackageBlockInput interface { + pulumi.Input + + ToContainerRuntimePolicyPackageBlockOutput() ContainerRuntimePolicyPackageBlockOutput + ToContainerRuntimePolicyPackageBlockOutputWithContext(context.Context) ContainerRuntimePolicyPackageBlockOutput +} + +type ContainerRuntimePolicyPackageBlockArgs struct { + BlockPackagesProcesses pulumi.StringArrayInput `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers pulumi.StringArrayInput `pulumi:"blockPackagesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockPackagesFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists pulumi.StringArrayInput `pulumi:"packagesBlackLists"` +} + +func (ContainerRuntimePolicyPackageBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i ContainerRuntimePolicyPackageBlockArgs) ToContainerRuntimePolicyPackageBlockOutput() ContainerRuntimePolicyPackageBlockOutput { + return i.ToContainerRuntimePolicyPackageBlockOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyPackageBlockArgs) ToContainerRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) ContainerRuntimePolicyPackageBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyPackageBlockOutput) +} + +func (i ContainerRuntimePolicyPackageBlockArgs) ToContainerRuntimePolicyPackageBlockPtrOutput() ContainerRuntimePolicyPackageBlockPtrOutput { + return i.ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyPackageBlockArgs) ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPackageBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyPackageBlockOutput).ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyPackageBlockPtrInput is an input type that accepts ContainerRuntimePolicyPackageBlockArgs, ContainerRuntimePolicyPackageBlockPtr and ContainerRuntimePolicyPackageBlockPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyPackageBlockPtrInput` via: +// +// ContainerRuntimePolicyPackageBlockArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyPackageBlockPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyPackageBlockPtrOutput() ContainerRuntimePolicyPackageBlockPtrOutput + ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(context.Context) ContainerRuntimePolicyPackageBlockPtrOutput +} + +type containerRuntimePolicyPackageBlockPtrType ContainerRuntimePolicyPackageBlockArgs + +func ContainerRuntimePolicyPackageBlockPtr(v *ContainerRuntimePolicyPackageBlockArgs) ContainerRuntimePolicyPackageBlockPtrInput { + return (*containerRuntimePolicyPackageBlockPtrType)(v) +} + +func (*containerRuntimePolicyPackageBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i *containerRuntimePolicyPackageBlockPtrType) ToContainerRuntimePolicyPackageBlockPtrOutput() ContainerRuntimePolicyPackageBlockPtrOutput { + return i.ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyPackageBlockPtrType) ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPackageBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyPackageBlockPtrOutput) +} + +type ContainerRuntimePolicyPackageBlockOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyPackageBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ToContainerRuntimePolicyPackageBlockOutput() ContainerRuntimePolicyPackageBlockOutput { + return o +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ToContainerRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) ContainerRuntimePolicyPackageBlockOutput { + return o +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ToContainerRuntimePolicyPackageBlockPtrOutput() ContainerRuntimePolicyPackageBlockPtrOutput { + return o.ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPackageBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyPackageBlock) *ContainerRuntimePolicyPackageBlock { + return &v + }).(ContainerRuntimePolicyPackageBlockPtrOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) BlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) []string { return v.BlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) BlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) []string { return v.BlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesFiles }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockOutput) PackagesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPackageBlock) []string { return v.PackagesBlackLists }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyPackageBlockPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyPackageBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) ToContainerRuntimePolicyPackageBlockPtrOutput() ContainerRuntimePolicyPackageBlockPtrOutput { + return o +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) ToContainerRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPackageBlockPtrOutput { + return o +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) Elem() ContainerRuntimePolicyPackageBlockOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) ContainerRuntimePolicyPackageBlock { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyPackageBlock + return ret + }).(ContainerRuntimePolicyPackageBlockOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) BlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.BlockPackagesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) BlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.BlockPackagesUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) ExceptionalBlockPackagesFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockPackagesFiles + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) ExceptionalBlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockPackagesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) ExceptionalBlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockPackagesUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPackageBlockPtrOutput) PackagesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.PackagesBlackLists + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyPortBlock struct { + BlockInboundPorts []string `pulumi:"blockInboundPorts"` + BlockOutboundPorts []string `pulumi:"blockOutboundPorts"` + Enabled *bool `pulumi:"enabled"` +} + +// ContainerRuntimePolicyPortBlockInput is an input type that accepts ContainerRuntimePolicyPortBlockArgs and ContainerRuntimePolicyPortBlockOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyPortBlockInput` via: +// +// ContainerRuntimePolicyPortBlockArgs{...} +type ContainerRuntimePolicyPortBlockInput interface { + pulumi.Input + + ToContainerRuntimePolicyPortBlockOutput() ContainerRuntimePolicyPortBlockOutput + ToContainerRuntimePolicyPortBlockOutputWithContext(context.Context) ContainerRuntimePolicyPortBlockOutput +} + +type ContainerRuntimePolicyPortBlockArgs struct { + BlockInboundPorts pulumi.StringArrayInput `pulumi:"blockInboundPorts"` + BlockOutboundPorts pulumi.StringArrayInput `pulumi:"blockOutboundPorts"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (ContainerRuntimePolicyPortBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyPortBlock)(nil)).Elem() +} + +func (i ContainerRuntimePolicyPortBlockArgs) ToContainerRuntimePolicyPortBlockOutput() ContainerRuntimePolicyPortBlockOutput { + return i.ToContainerRuntimePolicyPortBlockOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyPortBlockArgs) ToContainerRuntimePolicyPortBlockOutputWithContext(ctx context.Context) ContainerRuntimePolicyPortBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyPortBlockOutput) +} + +func (i ContainerRuntimePolicyPortBlockArgs) ToContainerRuntimePolicyPortBlockPtrOutput() ContainerRuntimePolicyPortBlockPtrOutput { + return i.ToContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyPortBlockArgs) ToContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyPortBlockOutput).ToContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyPortBlockPtrInput is an input type that accepts ContainerRuntimePolicyPortBlockArgs, ContainerRuntimePolicyPortBlockPtr and ContainerRuntimePolicyPortBlockPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyPortBlockPtrInput` via: +// +// ContainerRuntimePolicyPortBlockArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyPortBlockPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyPortBlockPtrOutput() ContainerRuntimePolicyPortBlockPtrOutput + ToContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Context) ContainerRuntimePolicyPortBlockPtrOutput +} + +type containerRuntimePolicyPortBlockPtrType ContainerRuntimePolicyPortBlockArgs + +func ContainerRuntimePolicyPortBlockPtr(v *ContainerRuntimePolicyPortBlockArgs) ContainerRuntimePolicyPortBlockPtrInput { + return (*containerRuntimePolicyPortBlockPtrType)(v) +} + +func (*containerRuntimePolicyPortBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyPortBlock)(nil)).Elem() +} + +func (i *containerRuntimePolicyPortBlockPtrType) ToContainerRuntimePolicyPortBlockPtrOutput() ContainerRuntimePolicyPortBlockPtrOutput { + return i.ToContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyPortBlockPtrType) ToContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyPortBlockPtrOutput) +} + +type ContainerRuntimePolicyPortBlockOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyPortBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyPortBlock)(nil)).Elem() +} + +func (o ContainerRuntimePolicyPortBlockOutput) ToContainerRuntimePolicyPortBlockOutput() ContainerRuntimePolicyPortBlockOutput { + return o +} + +func (o ContainerRuntimePolicyPortBlockOutput) ToContainerRuntimePolicyPortBlockOutputWithContext(ctx context.Context) ContainerRuntimePolicyPortBlockOutput { + return o +} + +func (o ContainerRuntimePolicyPortBlockOutput) ToContainerRuntimePolicyPortBlockPtrOutput() ContainerRuntimePolicyPortBlockPtrOutput { + return o.ToContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyPortBlockOutput) ToContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPortBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyPortBlock) *ContainerRuntimePolicyPortBlock { + return &v + }).(ContainerRuntimePolicyPortBlockPtrOutput) +} + +func (o ContainerRuntimePolicyPortBlockOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPortBlock) []string { return v.BlockInboundPorts }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPortBlockOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPortBlock) []string { return v.BlockOutboundPorts }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPortBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyPortBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type ContainerRuntimePolicyPortBlockPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyPortBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyPortBlock)(nil)).Elem() +} + +func (o ContainerRuntimePolicyPortBlockPtrOutput) ToContainerRuntimePolicyPortBlockPtrOutput() ContainerRuntimePolicyPortBlockPtrOutput { + return o +} + +func (o ContainerRuntimePolicyPortBlockPtrOutput) ToContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyPortBlockPtrOutput { + return o +} + +func (o ContainerRuntimePolicyPortBlockPtrOutput) Elem() ContainerRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPortBlock) ContainerRuntimePolicyPortBlock { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyPortBlock + return ret + }).(ContainerRuntimePolicyPortBlockOutput) +} + +func (o ContainerRuntimePolicyPortBlockPtrOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockInboundPorts + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPortBlockPtrOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockOutboundPorts + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyPortBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyPortBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type ContainerRuntimePolicyReadonlyFiles struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyFiles []string `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses []string `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers []string `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles []string `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses []string `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers []string `pulumi:"readonlyFilesUsers"` +} + +// ContainerRuntimePolicyReadonlyFilesInput is an input type that accepts ContainerRuntimePolicyReadonlyFilesArgs and ContainerRuntimePolicyReadonlyFilesOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyReadonlyFilesInput` via: +// +// ContainerRuntimePolicyReadonlyFilesArgs{...} +type ContainerRuntimePolicyReadonlyFilesInput interface { + pulumi.Input + + ToContainerRuntimePolicyReadonlyFilesOutput() ContainerRuntimePolicyReadonlyFilesOutput + ToContainerRuntimePolicyReadonlyFilesOutputWithContext(context.Context) ContainerRuntimePolicyReadonlyFilesOutput +} + +type ContainerRuntimePolicyReadonlyFilesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyFiles pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles pulumi.StringArrayInput `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"readonlyFilesUsers"` +} + +func (ContainerRuntimePolicyReadonlyFilesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (i ContainerRuntimePolicyReadonlyFilesArgs) ToContainerRuntimePolicyReadonlyFilesOutput() ContainerRuntimePolicyReadonlyFilesOutput { + return i.ToContainerRuntimePolicyReadonlyFilesOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyReadonlyFilesArgs) ToContainerRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyFilesOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReadonlyFilesOutput) +} + +func (i ContainerRuntimePolicyReadonlyFilesArgs) ToContainerRuntimePolicyReadonlyFilesPtrOutput() ContainerRuntimePolicyReadonlyFilesPtrOutput { + return i.ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyReadonlyFilesArgs) ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReadonlyFilesOutput).ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyReadonlyFilesPtrInput is an input type that accepts ContainerRuntimePolicyReadonlyFilesArgs, ContainerRuntimePolicyReadonlyFilesPtr and ContainerRuntimePolicyReadonlyFilesPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyReadonlyFilesPtrInput` via: +// +// ContainerRuntimePolicyReadonlyFilesArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyReadonlyFilesPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyReadonlyFilesPtrOutput() ContainerRuntimePolicyReadonlyFilesPtrOutput + ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Context) ContainerRuntimePolicyReadonlyFilesPtrOutput +} + +type containerRuntimePolicyReadonlyFilesPtrType ContainerRuntimePolicyReadonlyFilesArgs + +func ContainerRuntimePolicyReadonlyFilesPtr(v *ContainerRuntimePolicyReadonlyFilesArgs) ContainerRuntimePolicyReadonlyFilesPtrInput { + return (*containerRuntimePolicyReadonlyFilesPtrType)(v) +} + +func (*containerRuntimePolicyReadonlyFilesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (i *containerRuntimePolicyReadonlyFilesPtrType) ToContainerRuntimePolicyReadonlyFilesPtrOutput() ContainerRuntimePolicyReadonlyFilesPtrOutput { + return i.ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyReadonlyFilesPtrType) ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReadonlyFilesPtrOutput) +} + +type ContainerRuntimePolicyReadonlyFilesOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyReadonlyFilesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ToContainerRuntimePolicyReadonlyFilesOutput() ContainerRuntimePolicyReadonlyFilesOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ToContainerRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyFilesOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ToContainerRuntimePolicyReadonlyFilesPtrOutput() ContainerRuntimePolicyReadonlyFilesPtrOutput { + return o.ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyFilesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyReadonlyFiles) *ContainerRuntimePolicyReadonlyFiles { + return &v + }).(ContainerRuntimePolicyReadonlyFilesPtrOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFiles }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFiles }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesUsers }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyReadonlyFilesPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyReadonlyFilesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ToContainerRuntimePolicyReadonlyFilesPtrOutput() ContainerRuntimePolicyReadonlyFilesPtrOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ToContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyFilesPtrOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) Elem() ContainerRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) ContainerRuntimePolicyReadonlyFiles { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyReadonlyFiles + return ret + }).(ContainerRuntimePolicyReadonlyFilesOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFiles + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFiles + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesUsers + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyReadonlyRegistry struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyRegistryPaths []string `pulumi:"exceptionalReadonlyRegistryPaths"` + ExceptionalReadonlyRegistryProcesses []string `pulumi:"exceptionalReadonlyRegistryProcesses"` + ExceptionalReadonlyRegistryUsers []string `pulumi:"exceptionalReadonlyRegistryUsers"` + ReadonlyRegistryPaths []string `pulumi:"readonlyRegistryPaths"` + ReadonlyRegistryProcesses []string `pulumi:"readonlyRegistryProcesses"` + ReadonlyRegistryUsers []string `pulumi:"readonlyRegistryUsers"` +} + +// ContainerRuntimePolicyReadonlyRegistryInput is an input type that accepts ContainerRuntimePolicyReadonlyRegistryArgs and ContainerRuntimePolicyReadonlyRegistryOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyReadonlyRegistryInput` via: +// +// ContainerRuntimePolicyReadonlyRegistryArgs{...} +type ContainerRuntimePolicyReadonlyRegistryInput interface { + pulumi.Input + + ToContainerRuntimePolicyReadonlyRegistryOutput() ContainerRuntimePolicyReadonlyRegistryOutput + ToContainerRuntimePolicyReadonlyRegistryOutputWithContext(context.Context) ContainerRuntimePolicyReadonlyRegistryOutput +} + +type ContainerRuntimePolicyReadonlyRegistryArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyRegistryPaths pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryPaths"` + ExceptionalReadonlyRegistryProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryProcesses"` + ExceptionalReadonlyRegistryUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryUsers"` + ReadonlyRegistryPaths pulumi.StringArrayInput `pulumi:"readonlyRegistryPaths"` + ReadonlyRegistryProcesses pulumi.StringArrayInput `pulumi:"readonlyRegistryProcesses"` + ReadonlyRegistryUsers pulumi.StringArrayInput `pulumi:"readonlyRegistryUsers"` +} + +func (ContainerRuntimePolicyReadonlyRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (i ContainerRuntimePolicyReadonlyRegistryArgs) ToContainerRuntimePolicyReadonlyRegistryOutput() ContainerRuntimePolicyReadonlyRegistryOutput { + return i.ToContainerRuntimePolicyReadonlyRegistryOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyReadonlyRegistryArgs) ToContainerRuntimePolicyReadonlyRegistryOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReadonlyRegistryOutput) +} + +func (i ContainerRuntimePolicyReadonlyRegistryArgs) ToContainerRuntimePolicyReadonlyRegistryPtrOutput() ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return i.ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyReadonlyRegistryArgs) ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReadonlyRegistryOutput).ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyReadonlyRegistryPtrInput is an input type that accepts ContainerRuntimePolicyReadonlyRegistryArgs, ContainerRuntimePolicyReadonlyRegistryPtr and ContainerRuntimePolicyReadonlyRegistryPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyReadonlyRegistryPtrInput` via: +// +// ContainerRuntimePolicyReadonlyRegistryArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyReadonlyRegistryPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyReadonlyRegistryPtrOutput() ContainerRuntimePolicyReadonlyRegistryPtrOutput + ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Context) ContainerRuntimePolicyReadonlyRegistryPtrOutput +} + +type containerRuntimePolicyReadonlyRegistryPtrType ContainerRuntimePolicyReadonlyRegistryArgs + +func ContainerRuntimePolicyReadonlyRegistryPtr(v *ContainerRuntimePolicyReadonlyRegistryArgs) ContainerRuntimePolicyReadonlyRegistryPtrInput { + return (*containerRuntimePolicyReadonlyRegistryPtrType)(v) +} + +func (*containerRuntimePolicyReadonlyRegistryPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (i *containerRuntimePolicyReadonlyRegistryPtrType) ToContainerRuntimePolicyReadonlyRegistryPtrOutput() ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return i.ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyReadonlyRegistryPtrType) ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReadonlyRegistryPtrOutput) +} + +type ContainerRuntimePolicyReadonlyRegistryOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyReadonlyRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ToContainerRuntimePolicyReadonlyRegistryOutput() ContainerRuntimePolicyReadonlyRegistryOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ToContainerRuntimePolicyReadonlyRegistryOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyRegistryOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ToContainerRuntimePolicyReadonlyRegistryPtrOutput() ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return o.ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyReadonlyRegistry) *ContainerRuntimePolicyReadonlyRegistry { + return &v + }).(ContainerRuntimePolicyReadonlyRegistryPtrOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryUsers }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryUsers }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyReadonlyRegistryPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyReadonlyRegistryPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ToContainerRuntimePolicyReadonlyRegistryPtrOutput() ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ToContainerRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReadonlyRegistryPtrOutput { + return o +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) Elem() ContainerRuntimePolicyReadonlyRegistryOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) ContainerRuntimePolicyReadonlyRegistry { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyReadonlyRegistry + return ret + }).(ContainerRuntimePolicyReadonlyRegistryOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryUsers + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyRegistryAccessMonitoring struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalMonitoredRegistryPaths []string `pulumi:"exceptionalMonitoredRegistryPaths"` + ExceptionalMonitoredRegistryProcesses []string `pulumi:"exceptionalMonitoredRegistryProcesses"` + ExceptionalMonitoredRegistryUsers []string `pulumi:"exceptionalMonitoredRegistryUsers"` + MonitoredRegistryAttributes *bool `pulumi:"monitoredRegistryAttributes"` + MonitoredRegistryCreate *bool `pulumi:"monitoredRegistryCreate"` + MonitoredRegistryDelete *bool `pulumi:"monitoredRegistryDelete"` + MonitoredRegistryModify *bool `pulumi:"monitoredRegistryModify"` + MonitoredRegistryPaths []string `pulumi:"monitoredRegistryPaths"` + MonitoredRegistryProcesses []string `pulumi:"monitoredRegistryProcesses"` + MonitoredRegistryRead *bool `pulumi:"monitoredRegistryRead"` + MonitoredRegistryUsers []string `pulumi:"monitoredRegistryUsers"` +} + +// ContainerRuntimePolicyRegistryAccessMonitoringInput is an input type that accepts ContainerRuntimePolicyRegistryAccessMonitoringArgs and ContainerRuntimePolicyRegistryAccessMonitoringOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyRegistryAccessMonitoringInput` via: +// +// ContainerRuntimePolicyRegistryAccessMonitoringArgs{...} +type ContainerRuntimePolicyRegistryAccessMonitoringInput interface { + pulumi.Input + + ToContainerRuntimePolicyRegistryAccessMonitoringOutput() ContainerRuntimePolicyRegistryAccessMonitoringOutput + ToContainerRuntimePolicyRegistryAccessMonitoringOutputWithContext(context.Context) ContainerRuntimePolicyRegistryAccessMonitoringOutput +} + +type ContainerRuntimePolicyRegistryAccessMonitoringArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalMonitoredRegistryPaths pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryPaths"` + ExceptionalMonitoredRegistryProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryProcesses"` + ExceptionalMonitoredRegistryUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryUsers"` + MonitoredRegistryAttributes pulumi.BoolPtrInput `pulumi:"monitoredRegistryAttributes"` + MonitoredRegistryCreate pulumi.BoolPtrInput `pulumi:"monitoredRegistryCreate"` + MonitoredRegistryDelete pulumi.BoolPtrInput `pulumi:"monitoredRegistryDelete"` + MonitoredRegistryModify pulumi.BoolPtrInput `pulumi:"monitoredRegistryModify"` + MonitoredRegistryPaths pulumi.StringArrayInput `pulumi:"monitoredRegistryPaths"` + MonitoredRegistryProcesses pulumi.StringArrayInput `pulumi:"monitoredRegistryProcesses"` + MonitoredRegistryRead pulumi.BoolPtrInput `pulumi:"monitoredRegistryRead"` + MonitoredRegistryUsers pulumi.StringArrayInput `pulumi:"monitoredRegistryUsers"` +} + +func (ContainerRuntimePolicyRegistryAccessMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (i ContainerRuntimePolicyRegistryAccessMonitoringArgs) ToContainerRuntimePolicyRegistryAccessMonitoringOutput() ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return i.ToContainerRuntimePolicyRegistryAccessMonitoringOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyRegistryAccessMonitoringArgs) ToContainerRuntimePolicyRegistryAccessMonitoringOutputWithContext(ctx context.Context) ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (i ContainerRuntimePolicyRegistryAccessMonitoringArgs) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutput() ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return i.ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyRegistryAccessMonitoringArgs) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyRegistryAccessMonitoringOutput).ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyRegistryAccessMonitoringPtrInput is an input type that accepts ContainerRuntimePolicyRegistryAccessMonitoringArgs, ContainerRuntimePolicyRegistryAccessMonitoringPtr and ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyRegistryAccessMonitoringPtrInput` via: +// +// ContainerRuntimePolicyRegistryAccessMonitoringArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyRegistryAccessMonitoringPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutput() ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput + ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Context) ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput +} + +type containerRuntimePolicyRegistryAccessMonitoringPtrType ContainerRuntimePolicyRegistryAccessMonitoringArgs + +func ContainerRuntimePolicyRegistryAccessMonitoringPtr(v *ContainerRuntimePolicyRegistryAccessMonitoringArgs) ContainerRuntimePolicyRegistryAccessMonitoringPtrInput { + return (*containerRuntimePolicyRegistryAccessMonitoringPtrType)(v) +} + +func (*containerRuntimePolicyRegistryAccessMonitoringPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (i *containerRuntimePolicyRegistryAccessMonitoringPtrType) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutput() ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return i.ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyRegistryAccessMonitoringPtrType) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) +} + +type ContainerRuntimePolicyRegistryAccessMonitoringOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyRegistryAccessMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ToContainerRuntimePolicyRegistryAccessMonitoringOutput() ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return o +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ToContainerRuntimePolicyRegistryAccessMonitoringOutputWithContext(ctx context.Context) ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return o +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutput() ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o.ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyRegistryAccessMonitoring) *ContainerRuntimePolicyRegistryAccessMonitoring { + return &v + }).(ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryAttributes }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryCreate }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryDelete }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryModify }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryRead }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryUsers }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutput() ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) ToContainerRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) Elem() ContainerRuntimePolicyRegistryAccessMonitoringOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) ContainerRuntimePolicyRegistryAccessMonitoring { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyRegistryAccessMonitoring + return ret + }).(ContainerRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryAttributes + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryCreate + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryDelete + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryModify + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryRead + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyRestrictedVolume struct { + // Whether restricted volumes are enabled. + Enabled *bool `pulumi:"enabled"` + // List of restricted volumes. + Volumes []string `pulumi:"volumes"` +} + +// ContainerRuntimePolicyRestrictedVolumeInput is an input type that accepts ContainerRuntimePolicyRestrictedVolumeArgs and ContainerRuntimePolicyRestrictedVolumeOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyRestrictedVolumeInput` via: +// +// ContainerRuntimePolicyRestrictedVolumeArgs{...} +type ContainerRuntimePolicyRestrictedVolumeInput interface { + pulumi.Input + + ToContainerRuntimePolicyRestrictedVolumeOutput() ContainerRuntimePolicyRestrictedVolumeOutput + ToContainerRuntimePolicyRestrictedVolumeOutputWithContext(context.Context) ContainerRuntimePolicyRestrictedVolumeOutput +} + +type ContainerRuntimePolicyRestrictedVolumeArgs struct { + // Whether restricted volumes are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of restricted volumes. + Volumes pulumi.StringArrayInput `pulumi:"volumes"` +} + +func (ContainerRuntimePolicyRestrictedVolumeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (i ContainerRuntimePolicyRestrictedVolumeArgs) ToContainerRuntimePolicyRestrictedVolumeOutput() ContainerRuntimePolicyRestrictedVolumeOutput { + return i.ToContainerRuntimePolicyRestrictedVolumeOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyRestrictedVolumeArgs) ToContainerRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) ContainerRuntimePolicyRestrictedVolumeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyRestrictedVolumeOutput) +} + +// ContainerRuntimePolicyRestrictedVolumeArrayInput is an input type that accepts ContainerRuntimePolicyRestrictedVolumeArray and ContainerRuntimePolicyRestrictedVolumeArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyRestrictedVolumeArrayInput` via: +// +// ContainerRuntimePolicyRestrictedVolumeArray{ ContainerRuntimePolicyRestrictedVolumeArgs{...} } +type ContainerRuntimePolicyRestrictedVolumeArrayInput interface { + pulumi.Input + + ToContainerRuntimePolicyRestrictedVolumeArrayOutput() ContainerRuntimePolicyRestrictedVolumeArrayOutput + ToContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Context) ContainerRuntimePolicyRestrictedVolumeArrayOutput +} + +type ContainerRuntimePolicyRestrictedVolumeArray []ContainerRuntimePolicyRestrictedVolumeInput + +func (ContainerRuntimePolicyRestrictedVolumeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (i ContainerRuntimePolicyRestrictedVolumeArray) ToContainerRuntimePolicyRestrictedVolumeArrayOutput() ContainerRuntimePolicyRestrictedVolumeArrayOutput { + return i.ToContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyRestrictedVolumeArray) ToContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyRestrictedVolumeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyRestrictedVolumeArrayOutput) +} + +type ContainerRuntimePolicyRestrictedVolumeOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyRestrictedVolumeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (o ContainerRuntimePolicyRestrictedVolumeOutput) ToContainerRuntimePolicyRestrictedVolumeOutput() ContainerRuntimePolicyRestrictedVolumeOutput { + return o +} + +func (o ContainerRuntimePolicyRestrictedVolumeOutput) ToContainerRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) ContainerRuntimePolicyRestrictedVolumeOutput { + return o +} + +// Whether restricted volumes are enabled. +func (o ContainerRuntimePolicyRestrictedVolumeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRestrictedVolume) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of restricted volumes. +func (o ContainerRuntimePolicyRestrictedVolumeOutput) Volumes() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyRestrictedVolume) []string { return v.Volumes }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyRestrictedVolumeArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyRestrictedVolumeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (o ContainerRuntimePolicyRestrictedVolumeArrayOutput) ToContainerRuntimePolicyRestrictedVolumeArrayOutput() ContainerRuntimePolicyRestrictedVolumeArrayOutput { + return o +} + +func (o ContainerRuntimePolicyRestrictedVolumeArrayOutput) ToContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyRestrictedVolumeArrayOutput { + return o +} + +func (o ContainerRuntimePolicyRestrictedVolumeArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyRestrictedVolumeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyRestrictedVolume { + return vs[0].([]ContainerRuntimePolicyRestrictedVolume)[vs[1].(int)] + }).(ContainerRuntimePolicyRestrictedVolumeOutput) +} + +type ContainerRuntimePolicyReverseShell struct { + BlockReverseShell *bool `pulumi:"blockReverseShell"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` + ReverseShellProcWhiteLists []string `pulumi:"reverseShellProcWhiteLists"` +} + +// ContainerRuntimePolicyReverseShellInput is an input type that accepts ContainerRuntimePolicyReverseShellArgs and ContainerRuntimePolicyReverseShellOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyReverseShellInput` via: +// +// ContainerRuntimePolicyReverseShellArgs{...} +type ContainerRuntimePolicyReverseShellInput interface { + pulumi.Input + + ToContainerRuntimePolicyReverseShellOutput() ContainerRuntimePolicyReverseShellOutput + ToContainerRuntimePolicyReverseShellOutputWithContext(context.Context) ContainerRuntimePolicyReverseShellOutput +} + +type ContainerRuntimePolicyReverseShellArgs struct { + BlockReverseShell pulumi.BoolPtrInput `pulumi:"blockReverseShell"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` + ReverseShellProcWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellProcWhiteLists"` +} + +func (ContainerRuntimePolicyReverseShellArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyReverseShell)(nil)).Elem() +} + +func (i ContainerRuntimePolicyReverseShellArgs) ToContainerRuntimePolicyReverseShellOutput() ContainerRuntimePolicyReverseShellOutput { + return i.ToContainerRuntimePolicyReverseShellOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyReverseShellArgs) ToContainerRuntimePolicyReverseShellOutputWithContext(ctx context.Context) ContainerRuntimePolicyReverseShellOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReverseShellOutput) +} + +func (i ContainerRuntimePolicyReverseShellArgs) ToContainerRuntimePolicyReverseShellPtrOutput() ContainerRuntimePolicyReverseShellPtrOutput { + return i.ToContainerRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyReverseShellArgs) ToContainerRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReverseShellPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReverseShellOutput).ToContainerRuntimePolicyReverseShellPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyReverseShellPtrInput is an input type that accepts ContainerRuntimePolicyReverseShellArgs, ContainerRuntimePolicyReverseShellPtr and ContainerRuntimePolicyReverseShellPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyReverseShellPtrInput` via: +// +// ContainerRuntimePolicyReverseShellArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyReverseShellPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyReverseShellPtrOutput() ContainerRuntimePolicyReverseShellPtrOutput + ToContainerRuntimePolicyReverseShellPtrOutputWithContext(context.Context) ContainerRuntimePolicyReverseShellPtrOutput +} + +type containerRuntimePolicyReverseShellPtrType ContainerRuntimePolicyReverseShellArgs + +func ContainerRuntimePolicyReverseShellPtr(v *ContainerRuntimePolicyReverseShellArgs) ContainerRuntimePolicyReverseShellPtrInput { + return (*containerRuntimePolicyReverseShellPtrType)(v) +} + +func (*containerRuntimePolicyReverseShellPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyReverseShell)(nil)).Elem() +} + +func (i *containerRuntimePolicyReverseShellPtrType) ToContainerRuntimePolicyReverseShellPtrOutput() ContainerRuntimePolicyReverseShellPtrOutput { + return i.ToContainerRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyReverseShellPtrType) ToContainerRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReverseShellPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyReverseShellPtrOutput) +} + +type ContainerRuntimePolicyReverseShellOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyReverseShellOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyReverseShell)(nil)).Elem() +} + +func (o ContainerRuntimePolicyReverseShellOutput) ToContainerRuntimePolicyReverseShellOutput() ContainerRuntimePolicyReverseShellOutput { + return o +} + +func (o ContainerRuntimePolicyReverseShellOutput) ToContainerRuntimePolicyReverseShellOutputWithContext(ctx context.Context) ContainerRuntimePolicyReverseShellOutput { + return o +} + +func (o ContainerRuntimePolicyReverseShellOutput) ToContainerRuntimePolicyReverseShellPtrOutput() ContainerRuntimePolicyReverseShellPtrOutput { + return o.ToContainerRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyReverseShellOutput) ToContainerRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReverseShellPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyReverseShell) *ContainerRuntimePolicyReverseShell { + return &v + }).(ContainerRuntimePolicyReverseShellPtrOutput) +} + +func (o ContainerRuntimePolicyReverseShellOutput) BlockReverseShell() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReverseShell) *bool { return v.BlockReverseShell }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReverseShellOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReverseShell) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReverseShellOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReverseShell) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReverseShellOutput) ReverseShellProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyReverseShell) []string { return v.ReverseShellProcWhiteLists }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyReverseShellPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyReverseShellPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyReverseShell)(nil)).Elem() +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) ToContainerRuntimePolicyReverseShellPtrOutput() ContainerRuntimePolicyReverseShellPtrOutput { + return o +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) ToContainerRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyReverseShellPtrOutput { + return o +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) Elem() ContainerRuntimePolicyReverseShellOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReverseShell) ContainerRuntimePolicyReverseShell { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyReverseShell + return ret + }).(ContainerRuntimePolicyReverseShellOutput) +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) BlockReverseShell() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReverseShell) *bool { + if v == nil { + return nil + } + return v.BlockReverseShell + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReverseShell) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReverseShell) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyReverseShellPtrOutput) ReverseShellProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyReverseShell) []string { + if v == nil { + return nil + } + return v.ReverseShellProcWhiteLists + }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyScope struct { + // Scope expression. + Expression string `pulumi:"expression"` + // List of variables in the scope. + Variables []ContainerRuntimePolicyScopeVariable `pulumi:"variables"` +} + +// ContainerRuntimePolicyScopeInput is an input type that accepts ContainerRuntimePolicyScopeArgs and ContainerRuntimePolicyScopeOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyScopeInput` via: +// +// ContainerRuntimePolicyScopeArgs{...} +type ContainerRuntimePolicyScopeInput interface { + pulumi.Input + + ToContainerRuntimePolicyScopeOutput() ContainerRuntimePolicyScopeOutput + ToContainerRuntimePolicyScopeOutputWithContext(context.Context) ContainerRuntimePolicyScopeOutput +} + +type ContainerRuntimePolicyScopeArgs struct { + // Scope expression. + Expression pulumi.StringInput `pulumi:"expression"` + // List of variables in the scope. + Variables ContainerRuntimePolicyScopeVariableArrayInput `pulumi:"variables"` +} + +func (ContainerRuntimePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyScope)(nil)).Elem() +} + +func (i ContainerRuntimePolicyScopeArgs) ToContainerRuntimePolicyScopeOutput() ContainerRuntimePolicyScopeOutput { + return i.ToContainerRuntimePolicyScopeOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyScopeArgs) ToContainerRuntimePolicyScopeOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyScopeOutput) +} + +// ContainerRuntimePolicyScopeArrayInput is an input type that accepts ContainerRuntimePolicyScopeArray and ContainerRuntimePolicyScopeArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyScopeArrayInput` via: +// +// ContainerRuntimePolicyScopeArray{ ContainerRuntimePolicyScopeArgs{...} } +type ContainerRuntimePolicyScopeArrayInput interface { + pulumi.Input + + ToContainerRuntimePolicyScopeArrayOutput() ContainerRuntimePolicyScopeArrayOutput + ToContainerRuntimePolicyScopeArrayOutputWithContext(context.Context) ContainerRuntimePolicyScopeArrayOutput +} + +type ContainerRuntimePolicyScopeArray []ContainerRuntimePolicyScopeInput + +func (ContainerRuntimePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyScope)(nil)).Elem() +} + +func (i ContainerRuntimePolicyScopeArray) ToContainerRuntimePolicyScopeArrayOutput() ContainerRuntimePolicyScopeArrayOutput { + return i.ToContainerRuntimePolicyScopeArrayOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyScopeArray) ToContainerRuntimePolicyScopeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyScopeArrayOutput) +} + +type ContainerRuntimePolicyScopeOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyScope)(nil)).Elem() +} + +func (o ContainerRuntimePolicyScopeOutput) ToContainerRuntimePolicyScopeOutput() ContainerRuntimePolicyScopeOutput { + return o +} + +func (o ContainerRuntimePolicyScopeOutput) ToContainerRuntimePolicyScopeOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeOutput { + return o +} + +// Scope expression. +func (o ContainerRuntimePolicyScopeOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v ContainerRuntimePolicyScope) string { return v.Expression }).(pulumi.StringOutput) +} + +// List of variables in the scope. +func (o ContainerRuntimePolicyScopeOutput) Variables() ContainerRuntimePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyScope) []ContainerRuntimePolicyScopeVariable { return v.Variables }).(ContainerRuntimePolicyScopeVariableArrayOutput) +} + +type ContainerRuntimePolicyScopeArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyScope)(nil)).Elem() +} + +func (o ContainerRuntimePolicyScopeArrayOutput) ToContainerRuntimePolicyScopeArrayOutput() ContainerRuntimePolicyScopeArrayOutput { + return o +} + +func (o ContainerRuntimePolicyScopeArrayOutput) ToContainerRuntimePolicyScopeArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeArrayOutput { + return o +} + +func (o ContainerRuntimePolicyScopeArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyScope { + return vs[0].([]ContainerRuntimePolicyScope)[vs[1].(int)] + }).(ContainerRuntimePolicyScopeOutput) +} + +type ContainerRuntimePolicyScopeVariable struct { + // Class of supported scope. + Attribute string `pulumi:"attribute"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + // Value assigned to the attribute. + Value string `pulumi:"value"` +} + +// ContainerRuntimePolicyScopeVariableInput is an input type that accepts ContainerRuntimePolicyScopeVariableArgs and ContainerRuntimePolicyScopeVariableOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyScopeVariableInput` via: +// +// ContainerRuntimePolicyScopeVariableArgs{...} +type ContainerRuntimePolicyScopeVariableInput interface { + pulumi.Input + + ToContainerRuntimePolicyScopeVariableOutput() ContainerRuntimePolicyScopeVariableOutput + ToContainerRuntimePolicyScopeVariableOutputWithContext(context.Context) ContainerRuntimePolicyScopeVariableOutput +} + +type ContainerRuntimePolicyScopeVariableArgs struct { + // Class of supported scope. + Attribute pulumi.StringInput `pulumi:"attribute"` + // Name assigned to the attribute. + Name pulumi.StringPtrInput `pulumi:"name"` + // Value assigned to the attribute. + Value pulumi.StringInput `pulumi:"value"` +} + +func (ContainerRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (i ContainerRuntimePolicyScopeVariableArgs) ToContainerRuntimePolicyScopeVariableOutput() ContainerRuntimePolicyScopeVariableOutput { + return i.ToContainerRuntimePolicyScopeVariableOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyScopeVariableArgs) ToContainerRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyScopeVariableOutput) +} + +// ContainerRuntimePolicyScopeVariableArrayInput is an input type that accepts ContainerRuntimePolicyScopeVariableArray and ContainerRuntimePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyScopeVariableArrayInput` via: +// +// ContainerRuntimePolicyScopeVariableArray{ ContainerRuntimePolicyScopeVariableArgs{...} } +type ContainerRuntimePolicyScopeVariableArrayInput interface { + pulumi.Input + + ToContainerRuntimePolicyScopeVariableArrayOutput() ContainerRuntimePolicyScopeVariableArrayOutput + ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(context.Context) ContainerRuntimePolicyScopeVariableArrayOutput +} + +type ContainerRuntimePolicyScopeVariableArray []ContainerRuntimePolicyScopeVariableInput + +func (ContainerRuntimePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (i ContainerRuntimePolicyScopeVariableArray) ToContainerRuntimePolicyScopeVariableArrayOutput() ContainerRuntimePolicyScopeVariableArrayOutput { + return i.ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyScopeVariableArray) ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyScopeVariableArrayOutput) +} + +type ContainerRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (o ContainerRuntimePolicyScopeVariableOutput) ToContainerRuntimePolicyScopeVariableOutput() ContainerRuntimePolicyScopeVariableOutput { + return o +} + +func (o ContainerRuntimePolicyScopeVariableOutput) ToContainerRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableOutput { + return o +} + +// Class of supported scope. +func (o ContainerRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v ContainerRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +} + +// Name assigned to the attribute. +func (o ContainerRuntimePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +// Value assigned to the attribute. +func (o ContainerRuntimePolicyScopeVariableOutput) Value() pulumi.StringOutput { + return o.ApplyT(func(v ContainerRuntimePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +} + +type ContainerRuntimePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ContainerRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (o ContainerRuntimePolicyScopeVariableArrayOutput) ToContainerRuntimePolicyScopeVariableArrayOutput() ContainerRuntimePolicyScopeVariableArrayOutput { + return o +} + +func (o ContainerRuntimePolicyScopeVariableArrayOutput) ToContainerRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ContainerRuntimePolicyScopeVariableArrayOutput { + return o +} + +func (o ContainerRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) ContainerRuntimePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ContainerRuntimePolicyScopeVariable { + return vs[0].([]ContainerRuntimePolicyScopeVariable)[vs[1].(int)] + }).(ContainerRuntimePolicyScopeVariableOutput) +} + +type ContainerRuntimePolicySystemIntegrityProtection struct { + AuditSystemtimeChange *bool `pulumi:"auditSystemtimeChange"` + Enabled *bool `pulumi:"enabled"` + MonitorAuditLogIntegrity *bool `pulumi:"monitorAuditLogIntegrity"` + WindowsServicesMonitoring *bool `pulumi:"windowsServicesMonitoring"` +} + +// ContainerRuntimePolicySystemIntegrityProtectionInput is an input type that accepts ContainerRuntimePolicySystemIntegrityProtectionArgs and ContainerRuntimePolicySystemIntegrityProtectionOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicySystemIntegrityProtectionInput` via: +// +// ContainerRuntimePolicySystemIntegrityProtectionArgs{...} +type ContainerRuntimePolicySystemIntegrityProtectionInput interface { + pulumi.Input + + ToContainerRuntimePolicySystemIntegrityProtectionOutput() ContainerRuntimePolicySystemIntegrityProtectionOutput + ToContainerRuntimePolicySystemIntegrityProtectionOutputWithContext(context.Context) ContainerRuntimePolicySystemIntegrityProtectionOutput +} + +type ContainerRuntimePolicySystemIntegrityProtectionArgs struct { + AuditSystemtimeChange pulumi.BoolPtrInput `pulumi:"auditSystemtimeChange"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + MonitorAuditLogIntegrity pulumi.BoolPtrInput `pulumi:"monitorAuditLogIntegrity"` + WindowsServicesMonitoring pulumi.BoolPtrInput `pulumi:"windowsServicesMonitoring"` +} + +func (ContainerRuntimePolicySystemIntegrityProtectionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (i ContainerRuntimePolicySystemIntegrityProtectionArgs) ToContainerRuntimePolicySystemIntegrityProtectionOutput() ContainerRuntimePolicySystemIntegrityProtectionOutput { + return i.ToContainerRuntimePolicySystemIntegrityProtectionOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicySystemIntegrityProtectionArgs) ToContainerRuntimePolicySystemIntegrityProtectionOutputWithContext(ctx context.Context) ContainerRuntimePolicySystemIntegrityProtectionOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicySystemIntegrityProtectionOutput) +} + +func (i ContainerRuntimePolicySystemIntegrityProtectionArgs) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutput() ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return i.ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicySystemIntegrityProtectionArgs) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicySystemIntegrityProtectionOutput).ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicySystemIntegrityProtectionPtrInput is an input type that accepts ContainerRuntimePolicySystemIntegrityProtectionArgs, ContainerRuntimePolicySystemIntegrityProtectionPtr and ContainerRuntimePolicySystemIntegrityProtectionPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicySystemIntegrityProtectionPtrInput` via: +// +// ContainerRuntimePolicySystemIntegrityProtectionArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicySystemIntegrityProtectionPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicySystemIntegrityProtectionPtrOutput() ContainerRuntimePolicySystemIntegrityProtectionPtrOutput + ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Context) ContainerRuntimePolicySystemIntegrityProtectionPtrOutput +} + +type containerRuntimePolicySystemIntegrityProtectionPtrType ContainerRuntimePolicySystemIntegrityProtectionArgs + +func ContainerRuntimePolicySystemIntegrityProtectionPtr(v *ContainerRuntimePolicySystemIntegrityProtectionArgs) ContainerRuntimePolicySystemIntegrityProtectionPtrInput { + return (*containerRuntimePolicySystemIntegrityProtectionPtrType)(v) +} + +func (*containerRuntimePolicySystemIntegrityProtectionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (i *containerRuntimePolicySystemIntegrityProtectionPtrType) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutput() ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return i.ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicySystemIntegrityProtectionPtrType) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) +} + +type ContainerRuntimePolicySystemIntegrityProtectionOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicySystemIntegrityProtectionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) ToContainerRuntimePolicySystemIntegrityProtectionOutput() ContainerRuntimePolicySystemIntegrityProtectionOutput { + return o +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) ToContainerRuntimePolicySystemIntegrityProtectionOutputWithContext(ctx context.Context) ContainerRuntimePolicySystemIntegrityProtectionOutput { + return o +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutput() ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return o.ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicySystemIntegrityProtection) *ContainerRuntimePolicySystemIntegrityProtection { + return &v + }).(ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) AuditSystemtimeChange() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicySystemIntegrityProtection) *bool { return v.AuditSystemtimeChange }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicySystemIntegrityProtection) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) MonitorAuditLogIntegrity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicySystemIntegrityProtection) *bool { return v.MonitorAuditLogIntegrity }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionOutput) WindowsServicesMonitoring() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicySystemIntegrityProtection) *bool { return v.WindowsServicesMonitoring }).(pulumi.BoolPtrOutput) +} + +type ContainerRuntimePolicySystemIntegrityProtectionPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutput() ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return o +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) ToContainerRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicySystemIntegrityProtectionPtrOutput { + return o +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) Elem() ContainerRuntimePolicySystemIntegrityProtectionOutput { + return o.ApplyT(func(v *ContainerRuntimePolicySystemIntegrityProtection) ContainerRuntimePolicySystemIntegrityProtection { + if v != nil { + return *v + } + var ret ContainerRuntimePolicySystemIntegrityProtection + return ret + }).(ContainerRuntimePolicySystemIntegrityProtectionOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) AuditSystemtimeChange() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.AuditSystemtimeChange + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) MonitorAuditLogIntegrity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.MonitorAuditLogIntegrity + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicySystemIntegrityProtectionPtrOutput) WindowsServicesMonitoring() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.WindowsServicesMonitoring + }).(pulumi.BoolPtrOutput) +} + +type ContainerRuntimePolicyTripwire struct { + ApplyOns []string `pulumi:"applyOns"` + Enabled *bool `pulumi:"enabled"` + ServerlessApp *string `pulumi:"serverlessApp"` + UserId *string `pulumi:"userId"` + UserPassword *string `pulumi:"userPassword"` +} + +// ContainerRuntimePolicyTripwireInput is an input type that accepts ContainerRuntimePolicyTripwireArgs and ContainerRuntimePolicyTripwireOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyTripwireInput` via: +// +// ContainerRuntimePolicyTripwireArgs{...} +type ContainerRuntimePolicyTripwireInput interface { + pulumi.Input + + ToContainerRuntimePolicyTripwireOutput() ContainerRuntimePolicyTripwireOutput + ToContainerRuntimePolicyTripwireOutputWithContext(context.Context) ContainerRuntimePolicyTripwireOutput +} + +type ContainerRuntimePolicyTripwireArgs struct { + ApplyOns pulumi.StringArrayInput `pulumi:"applyOns"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ServerlessApp pulumi.StringPtrInput `pulumi:"serverlessApp"` + UserId pulumi.StringPtrInput `pulumi:"userId"` + UserPassword pulumi.StringPtrInput `pulumi:"userPassword"` +} + +func (ContainerRuntimePolicyTripwireArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyTripwire)(nil)).Elem() +} + +func (i ContainerRuntimePolicyTripwireArgs) ToContainerRuntimePolicyTripwireOutput() ContainerRuntimePolicyTripwireOutput { + return i.ToContainerRuntimePolicyTripwireOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyTripwireArgs) ToContainerRuntimePolicyTripwireOutputWithContext(ctx context.Context) ContainerRuntimePolicyTripwireOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyTripwireOutput) +} + +func (i ContainerRuntimePolicyTripwireArgs) ToContainerRuntimePolicyTripwirePtrOutput() ContainerRuntimePolicyTripwirePtrOutput { + return i.ToContainerRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyTripwireArgs) ToContainerRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyTripwirePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyTripwireOutput).ToContainerRuntimePolicyTripwirePtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyTripwirePtrInput is an input type that accepts ContainerRuntimePolicyTripwireArgs, ContainerRuntimePolicyTripwirePtr and ContainerRuntimePolicyTripwirePtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyTripwirePtrInput` via: +// +// ContainerRuntimePolicyTripwireArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyTripwirePtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyTripwirePtrOutput() ContainerRuntimePolicyTripwirePtrOutput + ToContainerRuntimePolicyTripwirePtrOutputWithContext(context.Context) ContainerRuntimePolicyTripwirePtrOutput +} + +type containerRuntimePolicyTripwirePtrType ContainerRuntimePolicyTripwireArgs + +func ContainerRuntimePolicyTripwirePtr(v *ContainerRuntimePolicyTripwireArgs) ContainerRuntimePolicyTripwirePtrInput { + return (*containerRuntimePolicyTripwirePtrType)(v) +} + +func (*containerRuntimePolicyTripwirePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyTripwire)(nil)).Elem() +} + +func (i *containerRuntimePolicyTripwirePtrType) ToContainerRuntimePolicyTripwirePtrOutput() ContainerRuntimePolicyTripwirePtrOutput { + return i.ToContainerRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyTripwirePtrType) ToContainerRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyTripwirePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyTripwirePtrOutput) +} + +type ContainerRuntimePolicyTripwireOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyTripwireOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyTripwire)(nil)).Elem() +} + +func (o ContainerRuntimePolicyTripwireOutput) ToContainerRuntimePolicyTripwireOutput() ContainerRuntimePolicyTripwireOutput { + return o +} + +func (o ContainerRuntimePolicyTripwireOutput) ToContainerRuntimePolicyTripwireOutputWithContext(ctx context.Context) ContainerRuntimePolicyTripwireOutput { + return o +} + +func (o ContainerRuntimePolicyTripwireOutput) ToContainerRuntimePolicyTripwirePtrOutput() ContainerRuntimePolicyTripwirePtrOutput { + return o.ToContainerRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyTripwireOutput) ToContainerRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyTripwirePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyTripwire) *ContainerRuntimePolicyTripwire { + return &v + }).(ContainerRuntimePolicyTripwirePtrOutput) +} + +func (o ContainerRuntimePolicyTripwireOutput) ApplyOns() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyTripwire) []string { return v.ApplyOns }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyTripwireOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyTripwire) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyTripwireOutput) ServerlessApp() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyTripwire) *string { return v.ServerlessApp }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyTripwireOutput) UserId() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyTripwire) *string { return v.UserId }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyTripwireOutput) UserPassword() pulumi.StringPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyTripwire) *string { return v.UserPassword }).(pulumi.StringPtrOutput) +} + +type ContainerRuntimePolicyTripwirePtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyTripwirePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyTripwire)(nil)).Elem() +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) ToContainerRuntimePolicyTripwirePtrOutput() ContainerRuntimePolicyTripwirePtrOutput { + return o +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) ToContainerRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyTripwirePtrOutput { + return o +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) Elem() ContainerRuntimePolicyTripwireOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyTripwire) ContainerRuntimePolicyTripwire { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyTripwire + return ret + }).(ContainerRuntimePolicyTripwireOutput) +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) ApplyOns() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyTripwire) []string { + if v == nil { + return nil + } + return v.ApplyOns + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyTripwire) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) ServerlessApp() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.ServerlessApp + }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) UserId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.UserId + }).(pulumi.StringPtrOutput) +} + +func (o ContainerRuntimePolicyTripwirePtrOutput) UserPassword() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.UserPassword + }).(pulumi.StringPtrOutput) +} + +type ContainerRuntimePolicyWhitelistedOsUsers struct { + Enabled *bool `pulumi:"enabled"` + GroupWhiteLists []string `pulumi:"groupWhiteLists"` + UserWhiteLists []string `pulumi:"userWhiteLists"` +} + +// ContainerRuntimePolicyWhitelistedOsUsersInput is an input type that accepts ContainerRuntimePolicyWhitelistedOsUsersArgs and ContainerRuntimePolicyWhitelistedOsUsersOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyWhitelistedOsUsersInput` via: +// +// ContainerRuntimePolicyWhitelistedOsUsersArgs{...} +type ContainerRuntimePolicyWhitelistedOsUsersInput interface { + pulumi.Input + + ToContainerRuntimePolicyWhitelistedOsUsersOutput() ContainerRuntimePolicyWhitelistedOsUsersOutput + ToContainerRuntimePolicyWhitelistedOsUsersOutputWithContext(context.Context) ContainerRuntimePolicyWhitelistedOsUsersOutput +} + +type ContainerRuntimePolicyWhitelistedOsUsersArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + GroupWhiteLists pulumi.StringArrayInput `pulumi:"groupWhiteLists"` + UserWhiteLists pulumi.StringArrayInput `pulumi:"userWhiteLists"` +} + +func (ContainerRuntimePolicyWhitelistedOsUsersArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (i ContainerRuntimePolicyWhitelistedOsUsersArgs) ToContainerRuntimePolicyWhitelistedOsUsersOutput() ContainerRuntimePolicyWhitelistedOsUsersOutput { + return i.ToContainerRuntimePolicyWhitelistedOsUsersOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyWhitelistedOsUsersArgs) ToContainerRuntimePolicyWhitelistedOsUsersOutputWithContext(ctx context.Context) ContainerRuntimePolicyWhitelistedOsUsersOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyWhitelistedOsUsersOutput) +} + +func (i ContainerRuntimePolicyWhitelistedOsUsersArgs) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutput() ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return i.ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i ContainerRuntimePolicyWhitelistedOsUsersArgs) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyWhitelistedOsUsersOutput).ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx) +} + +// ContainerRuntimePolicyWhitelistedOsUsersPtrInput is an input type that accepts ContainerRuntimePolicyWhitelistedOsUsersArgs, ContainerRuntimePolicyWhitelistedOsUsersPtr and ContainerRuntimePolicyWhitelistedOsUsersPtrOutput values. +// You can construct a concrete instance of `ContainerRuntimePolicyWhitelistedOsUsersPtrInput` via: +// +// ContainerRuntimePolicyWhitelistedOsUsersArgs{...} +// +// or: +// +// nil +type ContainerRuntimePolicyWhitelistedOsUsersPtrInput interface { + pulumi.Input + + ToContainerRuntimePolicyWhitelistedOsUsersPtrOutput() ContainerRuntimePolicyWhitelistedOsUsersPtrOutput + ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Context) ContainerRuntimePolicyWhitelistedOsUsersPtrOutput +} + +type containerRuntimePolicyWhitelistedOsUsersPtrType ContainerRuntimePolicyWhitelistedOsUsersArgs + +func ContainerRuntimePolicyWhitelistedOsUsersPtr(v *ContainerRuntimePolicyWhitelistedOsUsersArgs) ContainerRuntimePolicyWhitelistedOsUsersPtrInput { + return (*containerRuntimePolicyWhitelistedOsUsersPtrType)(v) +} + +func (*containerRuntimePolicyWhitelistedOsUsersPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (i *containerRuntimePolicyWhitelistedOsUsersPtrType) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutput() ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return i.ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i *containerRuntimePolicyWhitelistedOsUsersPtrType) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) +} + +type ContainerRuntimePolicyWhitelistedOsUsersOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyWhitelistedOsUsersOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ContainerRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) ToContainerRuntimePolicyWhitelistedOsUsersOutput() ContainerRuntimePolicyWhitelistedOsUsersOutput { + return o +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) ToContainerRuntimePolicyWhitelistedOsUsersOutputWithContext(ctx context.Context) ContainerRuntimePolicyWhitelistedOsUsersOutput { + return o +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutput() ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return o.ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ContainerRuntimePolicyWhitelistedOsUsers) *ContainerRuntimePolicyWhitelistedOsUsers { + return &v + }).(ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ContainerRuntimePolicyWhitelistedOsUsers) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) GroupWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyWhitelistedOsUsers) []string { return v.GroupWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersOutput) UserWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v ContainerRuntimePolicyWhitelistedOsUsers) []string { return v.UserWhiteLists }).(pulumi.StringArrayOutput) +} + +type ContainerRuntimePolicyWhitelistedOsUsersPtrOutput struct{ *pulumi.OutputState } + +func (ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ContainerRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutput() ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return o +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) ToContainerRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) ContainerRuntimePolicyWhitelistedOsUsersPtrOutput { + return o +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) Elem() ContainerRuntimePolicyWhitelistedOsUsersOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyWhitelistedOsUsers) ContainerRuntimePolicyWhitelistedOsUsers { + if v != nil { + return *v + } + var ret ContainerRuntimePolicyWhitelistedOsUsers + return ret + }).(ContainerRuntimePolicyWhitelistedOsUsersOutput) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyWhitelistedOsUsers) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) GroupWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyWhitelistedOsUsers) []string { + if v == nil { + return nil + } + return v.GroupWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o ContainerRuntimePolicyWhitelistedOsUsersPtrOutput) UserWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ContainerRuntimePolicyWhitelistedOsUsers) []string { + if v == nil { + return nil + } + return v.UserWhiteLists + }).(pulumi.StringArrayOutput) +} + +type EnforcerGroupsCommand struct { + Default *string `pulumi:"default"` + Kubernetes *string `pulumi:"kubernetes"` + Swarm *string `pulumi:"swarm"` + Windows *string `pulumi:"windows"` +} + +// EnforcerGroupsCommandInput is an input type that accepts EnforcerGroupsCommandArgs and EnforcerGroupsCommandOutput values. +// You can construct a concrete instance of `EnforcerGroupsCommandInput` via: +// +// EnforcerGroupsCommandArgs{...} +type EnforcerGroupsCommandInput interface { + pulumi.Input + + ToEnforcerGroupsCommandOutput() EnforcerGroupsCommandOutput + ToEnforcerGroupsCommandOutputWithContext(context.Context) EnforcerGroupsCommandOutput +} + +type EnforcerGroupsCommandArgs struct { + Default pulumi.StringPtrInput `pulumi:"default"` + Kubernetes pulumi.StringPtrInput `pulumi:"kubernetes"` + Swarm pulumi.StringPtrInput `pulumi:"swarm"` + Windows pulumi.StringPtrInput `pulumi:"windows"` +} + +func (EnforcerGroupsCommandArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EnforcerGroupsCommand)(nil)).Elem() +} + +func (i EnforcerGroupsCommandArgs) ToEnforcerGroupsCommandOutput() EnforcerGroupsCommandOutput { + return i.ToEnforcerGroupsCommandOutputWithContext(context.Background()) +} + +func (i EnforcerGroupsCommandArgs) ToEnforcerGroupsCommandOutputWithContext(ctx context.Context) EnforcerGroupsCommandOutput { + return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsCommandOutput) +} + +// EnforcerGroupsCommandArrayInput is an input type that accepts EnforcerGroupsCommandArray and EnforcerGroupsCommandArrayOutput values. +// You can construct a concrete instance of `EnforcerGroupsCommandArrayInput` via: +// +// EnforcerGroupsCommandArray{ EnforcerGroupsCommandArgs{...} } +type EnforcerGroupsCommandArrayInput interface { + pulumi.Input + + ToEnforcerGroupsCommandArrayOutput() EnforcerGroupsCommandArrayOutput + ToEnforcerGroupsCommandArrayOutputWithContext(context.Context) EnforcerGroupsCommandArrayOutput +} + +type EnforcerGroupsCommandArray []EnforcerGroupsCommandInput + +func (EnforcerGroupsCommandArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]EnforcerGroupsCommand)(nil)).Elem() +} + +func (i EnforcerGroupsCommandArray) ToEnforcerGroupsCommandArrayOutput() EnforcerGroupsCommandArrayOutput { + return i.ToEnforcerGroupsCommandArrayOutputWithContext(context.Background()) +} + +func (i EnforcerGroupsCommandArray) ToEnforcerGroupsCommandArrayOutputWithContext(ctx context.Context) EnforcerGroupsCommandArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsCommandArrayOutput) +} + +type EnforcerGroupsCommandOutput struct{ *pulumi.OutputState } + +func (EnforcerGroupsCommandOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EnforcerGroupsCommand)(nil)).Elem() +} + +func (o EnforcerGroupsCommandOutput) ToEnforcerGroupsCommandOutput() EnforcerGroupsCommandOutput { + return o +} + +func (o EnforcerGroupsCommandOutput) ToEnforcerGroupsCommandOutputWithContext(ctx context.Context) EnforcerGroupsCommandOutput { + return o +} + +func (o EnforcerGroupsCommandOutput) Default() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Default }).(pulumi.StringPtrOutput) +} + +func (o EnforcerGroupsCommandOutput) Kubernetes() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Kubernetes }).(pulumi.StringPtrOutput) +} + +func (o EnforcerGroupsCommandOutput) Swarm() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Swarm }).(pulumi.StringPtrOutput) +} + +func (o EnforcerGroupsCommandOutput) Windows() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsCommand) *string { return v.Windows }).(pulumi.StringPtrOutput) +} + +type EnforcerGroupsCommandArrayOutput struct{ *pulumi.OutputState } + +func (EnforcerGroupsCommandArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]EnforcerGroupsCommand)(nil)).Elem() +} + +func (o EnforcerGroupsCommandArrayOutput) ToEnforcerGroupsCommandArrayOutput() EnforcerGroupsCommandArrayOutput { + return o +} + +func (o EnforcerGroupsCommandArrayOutput) ToEnforcerGroupsCommandArrayOutputWithContext(ctx context.Context) EnforcerGroupsCommandArrayOutput { + return o +} + +func (o EnforcerGroupsCommandArrayOutput) Index(i pulumi.IntInput) EnforcerGroupsCommandOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) EnforcerGroupsCommand { + return vs[0].([]EnforcerGroupsCommand)[vs[1].(int)] + }).(EnforcerGroupsCommandOutput) +} + +type EnforcerGroupsOrchestrator struct { + Master *bool `pulumi:"master"` + // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + Namespace *string `pulumi:"namespace"` + // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + ServiceAccount *string `pulumi:"serviceAccount"` + Type *string `pulumi:"type"` +} + +// EnforcerGroupsOrchestratorInput is an input type that accepts EnforcerGroupsOrchestratorArgs and EnforcerGroupsOrchestratorOutput values. +// You can construct a concrete instance of `EnforcerGroupsOrchestratorInput` via: +// +// EnforcerGroupsOrchestratorArgs{...} +type EnforcerGroupsOrchestratorInput interface { + pulumi.Input + + ToEnforcerGroupsOrchestratorOutput() EnforcerGroupsOrchestratorOutput + ToEnforcerGroupsOrchestratorOutputWithContext(context.Context) EnforcerGroupsOrchestratorOutput +} + +type EnforcerGroupsOrchestratorArgs struct { + Master pulumi.BoolPtrInput `pulumi:"master"` + // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + Namespace pulumi.StringPtrInput `pulumi:"namespace"` + // May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + ServiceAccount pulumi.StringPtrInput `pulumi:"serviceAccount"` + Type pulumi.StringPtrInput `pulumi:"type"` +} + +func (EnforcerGroupsOrchestratorArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EnforcerGroupsOrchestrator)(nil)).Elem() +} + +func (i EnforcerGroupsOrchestratorArgs) ToEnforcerGroupsOrchestratorOutput() EnforcerGroupsOrchestratorOutput { + return i.ToEnforcerGroupsOrchestratorOutputWithContext(context.Background()) +} + +func (i EnforcerGroupsOrchestratorArgs) ToEnforcerGroupsOrchestratorOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorOutput { + return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsOrchestratorOutput) +} + +// EnforcerGroupsOrchestratorArrayInput is an input type that accepts EnforcerGroupsOrchestratorArray and EnforcerGroupsOrchestratorArrayOutput values. +// You can construct a concrete instance of `EnforcerGroupsOrchestratorArrayInput` via: +// +// EnforcerGroupsOrchestratorArray{ EnforcerGroupsOrchestratorArgs{...} } +type EnforcerGroupsOrchestratorArrayInput interface { + pulumi.Input + + ToEnforcerGroupsOrchestratorArrayOutput() EnforcerGroupsOrchestratorArrayOutput + ToEnforcerGroupsOrchestratorArrayOutputWithContext(context.Context) EnforcerGroupsOrchestratorArrayOutput +} + +type EnforcerGroupsOrchestratorArray []EnforcerGroupsOrchestratorInput + +func (EnforcerGroupsOrchestratorArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]EnforcerGroupsOrchestrator)(nil)).Elem() +} + +func (i EnforcerGroupsOrchestratorArray) ToEnforcerGroupsOrchestratorArrayOutput() EnforcerGroupsOrchestratorArrayOutput { + return i.ToEnforcerGroupsOrchestratorArrayOutputWithContext(context.Background()) +} + +func (i EnforcerGroupsOrchestratorArray) ToEnforcerGroupsOrchestratorArrayOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(EnforcerGroupsOrchestratorArrayOutput) +} + +type EnforcerGroupsOrchestratorOutput struct{ *pulumi.OutputState } + +func (EnforcerGroupsOrchestratorOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EnforcerGroupsOrchestrator)(nil)).Elem() +} + +func (o EnforcerGroupsOrchestratorOutput) ToEnforcerGroupsOrchestratorOutput() EnforcerGroupsOrchestratorOutput { + return o +} + +func (o EnforcerGroupsOrchestratorOutput) ToEnforcerGroupsOrchestratorOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorOutput { + return o +} + +func (o EnforcerGroupsOrchestratorOutput) Master() pulumi.BoolPtrOutput { + return o.ApplyT(func(v EnforcerGroupsOrchestrator) *bool { return v.Master }).(pulumi.BoolPtrOutput) +} + +// May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). +func (o EnforcerGroupsOrchestratorOutput) Namespace() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsOrchestrator) *string { return v.Namespace }).(pulumi.StringPtrOutput) +} + +// May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). +func (o EnforcerGroupsOrchestratorOutput) ServiceAccount() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsOrchestrator) *string { return v.ServiceAccount }).(pulumi.StringPtrOutput) +} + +func (o EnforcerGroupsOrchestratorOutput) Type() pulumi.StringPtrOutput { + return o.ApplyT(func(v EnforcerGroupsOrchestrator) *string { return v.Type }).(pulumi.StringPtrOutput) +} + +type EnforcerGroupsOrchestratorArrayOutput struct{ *pulumi.OutputState } + +func (EnforcerGroupsOrchestratorArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]EnforcerGroupsOrchestrator)(nil)).Elem() +} + +func (o EnforcerGroupsOrchestratorArrayOutput) ToEnforcerGroupsOrchestratorArrayOutput() EnforcerGroupsOrchestratorArrayOutput { + return o +} + +func (o EnforcerGroupsOrchestratorArrayOutput) ToEnforcerGroupsOrchestratorArrayOutputWithContext(ctx context.Context) EnforcerGroupsOrchestratorArrayOutput { + return o +} + +func (o EnforcerGroupsOrchestratorArrayOutput) Index(i pulumi.IntInput) EnforcerGroupsOrchestratorOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) EnforcerGroupsOrchestrator { + return vs[0].([]EnforcerGroupsOrchestrator)[vs[1].(int)] + }).(EnforcerGroupsOrchestratorOutput) +} + +type FirewallPolicyInboundNetwork struct { + // Indicates whether the specified resources are allowed to pass in data or requests. + Allow bool `pulumi:"allow"` + // Range of ports affected by firewall. + PortRange string `pulumi:"portRange"` + // Information of the resource. + Resource *string `pulumi:"resource"` + // Type of the resource + ResourceType string `pulumi:"resourceType"` +} + +// FirewallPolicyInboundNetworkInput is an input type that accepts FirewallPolicyInboundNetworkArgs and FirewallPolicyInboundNetworkOutput values. +// You can construct a concrete instance of `FirewallPolicyInboundNetworkInput` via: +// +// FirewallPolicyInboundNetworkArgs{...} +type FirewallPolicyInboundNetworkInput interface { + pulumi.Input + + ToFirewallPolicyInboundNetworkOutput() FirewallPolicyInboundNetworkOutput + ToFirewallPolicyInboundNetworkOutputWithContext(context.Context) FirewallPolicyInboundNetworkOutput +} + +type FirewallPolicyInboundNetworkArgs struct { + // Indicates whether the specified resources are allowed to pass in data or requests. + Allow pulumi.BoolInput `pulumi:"allow"` + // Range of ports affected by firewall. + PortRange pulumi.StringInput `pulumi:"portRange"` + // Information of the resource. + Resource pulumi.StringPtrInput `pulumi:"resource"` + // Type of the resource + ResourceType pulumi.StringInput `pulumi:"resourceType"` +} + +func (FirewallPolicyInboundNetworkArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FirewallPolicyInboundNetwork)(nil)).Elem() +} + +func (i FirewallPolicyInboundNetworkArgs) ToFirewallPolicyInboundNetworkOutput() FirewallPolicyInboundNetworkOutput { + return i.ToFirewallPolicyInboundNetworkOutputWithContext(context.Background()) +} + +func (i FirewallPolicyInboundNetworkArgs) ToFirewallPolicyInboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkOutput { + return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyInboundNetworkOutput) +} + +// FirewallPolicyInboundNetworkArrayInput is an input type that accepts FirewallPolicyInboundNetworkArray and FirewallPolicyInboundNetworkArrayOutput values. +// You can construct a concrete instance of `FirewallPolicyInboundNetworkArrayInput` via: +// +// FirewallPolicyInboundNetworkArray{ FirewallPolicyInboundNetworkArgs{...} } +type FirewallPolicyInboundNetworkArrayInput interface { + pulumi.Input + + ToFirewallPolicyInboundNetworkArrayOutput() FirewallPolicyInboundNetworkArrayOutput + ToFirewallPolicyInboundNetworkArrayOutputWithContext(context.Context) FirewallPolicyInboundNetworkArrayOutput +} + +type FirewallPolicyInboundNetworkArray []FirewallPolicyInboundNetworkInput + +func (FirewallPolicyInboundNetworkArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FirewallPolicyInboundNetwork)(nil)).Elem() +} + +func (i FirewallPolicyInboundNetworkArray) ToFirewallPolicyInboundNetworkArrayOutput() FirewallPolicyInboundNetworkArrayOutput { + return i.ToFirewallPolicyInboundNetworkArrayOutputWithContext(context.Background()) +} + +func (i FirewallPolicyInboundNetworkArray) ToFirewallPolicyInboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyInboundNetworkArrayOutput) +} + +type FirewallPolicyInboundNetworkOutput struct{ *pulumi.OutputState } + +func (FirewallPolicyInboundNetworkOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FirewallPolicyInboundNetwork)(nil)).Elem() +} + +func (o FirewallPolicyInboundNetworkOutput) ToFirewallPolicyInboundNetworkOutput() FirewallPolicyInboundNetworkOutput { + return o +} + +func (o FirewallPolicyInboundNetworkOutput) ToFirewallPolicyInboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkOutput { + return o +} + +// Indicates whether the specified resources are allowed to pass in data or requests. +func (o FirewallPolicyInboundNetworkOutput) Allow() pulumi.BoolOutput { + return o.ApplyT(func(v FirewallPolicyInboundNetwork) bool { return v.Allow }).(pulumi.BoolOutput) +} + +// Range of ports affected by firewall. +func (o FirewallPolicyInboundNetworkOutput) PortRange() pulumi.StringOutput { + return o.ApplyT(func(v FirewallPolicyInboundNetwork) string { return v.PortRange }).(pulumi.StringOutput) +} + +// Information of the resource. +func (o FirewallPolicyInboundNetworkOutput) Resource() pulumi.StringPtrOutput { + return o.ApplyT(func(v FirewallPolicyInboundNetwork) *string { return v.Resource }).(pulumi.StringPtrOutput) +} + +// Type of the resource +func (o FirewallPolicyInboundNetworkOutput) ResourceType() pulumi.StringOutput { + return o.ApplyT(func(v FirewallPolicyInboundNetwork) string { return v.ResourceType }).(pulumi.StringOutput) +} + +type FirewallPolicyInboundNetworkArrayOutput struct{ *pulumi.OutputState } + +func (FirewallPolicyInboundNetworkArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FirewallPolicyInboundNetwork)(nil)).Elem() +} + +func (o FirewallPolicyInboundNetworkArrayOutput) ToFirewallPolicyInboundNetworkArrayOutput() FirewallPolicyInboundNetworkArrayOutput { + return o +} + +func (o FirewallPolicyInboundNetworkArrayOutput) ToFirewallPolicyInboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyInboundNetworkArrayOutput { + return o +} + +func (o FirewallPolicyInboundNetworkArrayOutput) Index(i pulumi.IntInput) FirewallPolicyInboundNetworkOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FirewallPolicyInboundNetwork { + return vs[0].([]FirewallPolicyInboundNetwork)[vs[1].(int)] + }).(FirewallPolicyInboundNetworkOutput) +} + +type FirewallPolicyOutboundNetwork struct { + // Indicates whether the specified resources are allowed to receive data or requests. + Allow bool `pulumi:"allow"` + // Range of ports affected by firewall. + PortRange string `pulumi:"portRange"` + // Information of the resource. + Resource *string `pulumi:"resource"` + // Type of the resource. + ResourceType string `pulumi:"resourceType"` +} + +// FirewallPolicyOutboundNetworkInput is an input type that accepts FirewallPolicyOutboundNetworkArgs and FirewallPolicyOutboundNetworkOutput values. +// You can construct a concrete instance of `FirewallPolicyOutboundNetworkInput` via: +// +// FirewallPolicyOutboundNetworkArgs{...} +type FirewallPolicyOutboundNetworkInput interface { + pulumi.Input + + ToFirewallPolicyOutboundNetworkOutput() FirewallPolicyOutboundNetworkOutput + ToFirewallPolicyOutboundNetworkOutputWithContext(context.Context) FirewallPolicyOutboundNetworkOutput +} + +type FirewallPolicyOutboundNetworkArgs struct { + // Indicates whether the specified resources are allowed to receive data or requests. + Allow pulumi.BoolInput `pulumi:"allow"` + // Range of ports affected by firewall. + PortRange pulumi.StringInput `pulumi:"portRange"` + // Information of the resource. + Resource pulumi.StringPtrInput `pulumi:"resource"` + // Type of the resource. + ResourceType pulumi.StringInput `pulumi:"resourceType"` +} + +func (FirewallPolicyOutboundNetworkArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FirewallPolicyOutboundNetwork)(nil)).Elem() +} + +func (i FirewallPolicyOutboundNetworkArgs) ToFirewallPolicyOutboundNetworkOutput() FirewallPolicyOutboundNetworkOutput { + return i.ToFirewallPolicyOutboundNetworkOutputWithContext(context.Background()) +} + +func (i FirewallPolicyOutboundNetworkArgs) ToFirewallPolicyOutboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkOutput { + return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyOutboundNetworkOutput) +} + +// FirewallPolicyOutboundNetworkArrayInput is an input type that accepts FirewallPolicyOutboundNetworkArray and FirewallPolicyOutboundNetworkArrayOutput values. +// You can construct a concrete instance of `FirewallPolicyOutboundNetworkArrayInput` via: +// +// FirewallPolicyOutboundNetworkArray{ FirewallPolicyOutboundNetworkArgs{...} } +type FirewallPolicyOutboundNetworkArrayInput interface { + pulumi.Input + + ToFirewallPolicyOutboundNetworkArrayOutput() FirewallPolicyOutboundNetworkArrayOutput + ToFirewallPolicyOutboundNetworkArrayOutputWithContext(context.Context) FirewallPolicyOutboundNetworkArrayOutput +} + +type FirewallPolicyOutboundNetworkArray []FirewallPolicyOutboundNetworkInput + +func (FirewallPolicyOutboundNetworkArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FirewallPolicyOutboundNetwork)(nil)).Elem() +} + +func (i FirewallPolicyOutboundNetworkArray) ToFirewallPolicyOutboundNetworkArrayOutput() FirewallPolicyOutboundNetworkArrayOutput { + return i.ToFirewallPolicyOutboundNetworkArrayOutputWithContext(context.Background()) +} + +func (i FirewallPolicyOutboundNetworkArray) ToFirewallPolicyOutboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyOutboundNetworkArrayOutput) +} + +type FirewallPolicyOutboundNetworkOutput struct{ *pulumi.OutputState } + +func (FirewallPolicyOutboundNetworkOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FirewallPolicyOutboundNetwork)(nil)).Elem() +} + +func (o FirewallPolicyOutboundNetworkOutput) ToFirewallPolicyOutboundNetworkOutput() FirewallPolicyOutboundNetworkOutput { + return o +} + +func (o FirewallPolicyOutboundNetworkOutput) ToFirewallPolicyOutboundNetworkOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkOutput { + return o +} + +// Indicates whether the specified resources are allowed to receive data or requests. +func (o FirewallPolicyOutboundNetworkOutput) Allow() pulumi.BoolOutput { + return o.ApplyT(func(v FirewallPolicyOutboundNetwork) bool { return v.Allow }).(pulumi.BoolOutput) +} + +// Range of ports affected by firewall. +func (o FirewallPolicyOutboundNetworkOutput) PortRange() pulumi.StringOutput { + return o.ApplyT(func(v FirewallPolicyOutboundNetwork) string { return v.PortRange }).(pulumi.StringOutput) +} + +// Information of the resource. +func (o FirewallPolicyOutboundNetworkOutput) Resource() pulumi.StringPtrOutput { + return o.ApplyT(func(v FirewallPolicyOutboundNetwork) *string { return v.Resource }).(pulumi.StringPtrOutput) +} + +// Type of the resource. +func (o FirewallPolicyOutboundNetworkOutput) ResourceType() pulumi.StringOutput { + return o.ApplyT(func(v FirewallPolicyOutboundNetwork) string { return v.ResourceType }).(pulumi.StringOutput) +} + +type FirewallPolicyOutboundNetworkArrayOutput struct{ *pulumi.OutputState } + +func (FirewallPolicyOutboundNetworkArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FirewallPolicyOutboundNetwork)(nil)).Elem() +} + +func (o FirewallPolicyOutboundNetworkArrayOutput) ToFirewallPolicyOutboundNetworkArrayOutput() FirewallPolicyOutboundNetworkArrayOutput { + return o +} + +func (o FirewallPolicyOutboundNetworkArrayOutput) ToFirewallPolicyOutboundNetworkArrayOutputWithContext(ctx context.Context) FirewallPolicyOutboundNetworkArrayOutput { + return o +} + +func (o FirewallPolicyOutboundNetworkArrayOutput) Index(i pulumi.IntInput) FirewallPolicyOutboundNetworkOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FirewallPolicyOutboundNetwork { + return vs[0].([]FirewallPolicyOutboundNetwork)[vs[1].(int)] + }).(FirewallPolicyOutboundNetworkOutput) +} + +type FunctionAssurancePolicyAutoScanTime struct { + Iteration *int `pulumi:"iteration"` + IterationType *string `pulumi:"iterationType"` + Time *string `pulumi:"time"` + WeekDays []string `pulumi:"weekDays"` +} + +// FunctionAssurancePolicyAutoScanTimeInput is an input type that accepts FunctionAssurancePolicyAutoScanTimeArgs and FunctionAssurancePolicyAutoScanTimeOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyAutoScanTimeInput` via: +// +// FunctionAssurancePolicyAutoScanTimeArgs{...} +type FunctionAssurancePolicyAutoScanTimeInput interface { + pulumi.Input + + ToFunctionAssurancePolicyAutoScanTimeOutput() FunctionAssurancePolicyAutoScanTimeOutput + ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(context.Context) FunctionAssurancePolicyAutoScanTimeOutput +} + +type FunctionAssurancePolicyAutoScanTimeArgs struct { + Iteration pulumi.IntPtrInput `pulumi:"iteration"` + IterationType pulumi.StringPtrInput `pulumi:"iterationType"` + Time pulumi.StringPtrInput `pulumi:"time"` + WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` +} + +func (FunctionAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (i FunctionAssurancePolicyAutoScanTimeArgs) ToFunctionAssurancePolicyAutoScanTimeOutput() FunctionAssurancePolicyAutoScanTimeOutput { + return i.ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyAutoScanTimeArgs) ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyAutoScanTimeOutput) +} + +// FunctionAssurancePolicyAutoScanTimeArrayInput is an input type that accepts FunctionAssurancePolicyAutoScanTimeArray and FunctionAssurancePolicyAutoScanTimeArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyAutoScanTimeArrayInput` via: +// +// FunctionAssurancePolicyAutoScanTimeArray{ FunctionAssurancePolicyAutoScanTimeArgs{...} } +type FunctionAssurancePolicyAutoScanTimeArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyAutoScanTimeArrayOutput() FunctionAssurancePolicyAutoScanTimeArrayOutput + ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) FunctionAssurancePolicyAutoScanTimeArrayOutput +} + +type FunctionAssurancePolicyAutoScanTimeArray []FunctionAssurancePolicyAutoScanTimeInput + +func (FunctionAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (i FunctionAssurancePolicyAutoScanTimeArray) ToFunctionAssurancePolicyAutoScanTimeArrayOutput() FunctionAssurancePolicyAutoScanTimeArrayOutput { + return i.ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyAutoScanTimeArray) ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyAutoScanTimeArrayOutput) +} + +type FunctionAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (o FunctionAssurancePolicyAutoScanTimeOutput) ToFunctionAssurancePolicyAutoScanTimeOutput() FunctionAssurancePolicyAutoScanTimeOutput { + return o +} + +func (o FunctionAssurancePolicyAutoScanTimeOutput) ToFunctionAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeOutput { + return o +} + +func (o FunctionAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) +} + +func (o FunctionAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) +} + +type FunctionAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) ToFunctionAssurancePolicyAutoScanTimeArrayOutput() FunctionAssurancePolicyAutoScanTimeArrayOutput { + return o +} + +func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) ToFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyAutoScanTimeArrayOutput { + return o +} + +func (o FunctionAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyAutoScanTimeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyAutoScanTime { + return vs[0].([]FunctionAssurancePolicyAutoScanTime)[vs[1].(int)] + }).(FunctionAssurancePolicyAutoScanTimeOutput) +} + +type FunctionAssurancePolicyCustomCheck struct { + // Name of user account that created the policy. + Author *string `pulumi:"author"` + Description *string `pulumi:"description"` + Engine *string `pulumi:"engine"` + LastModified *int `pulumi:"lastModified"` + Name *string `pulumi:"name"` + Path *string `pulumi:"path"` + ReadOnly *bool `pulumi:"readOnly"` + ScriptId *string `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` + Snippet *string `pulumi:"snippet"` +} + +// FunctionAssurancePolicyCustomCheckInput is an input type that accepts FunctionAssurancePolicyCustomCheckArgs and FunctionAssurancePolicyCustomCheckOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyCustomCheckInput` via: +// +// FunctionAssurancePolicyCustomCheckArgs{...} +type FunctionAssurancePolicyCustomCheckInput interface { + pulumi.Input + + ToFunctionAssurancePolicyCustomCheckOutput() FunctionAssurancePolicyCustomCheckOutput + ToFunctionAssurancePolicyCustomCheckOutputWithContext(context.Context) FunctionAssurancePolicyCustomCheckOutput +} + +type FunctionAssurancePolicyCustomCheckArgs struct { + // Name of user account that created the policy. + Author pulumi.StringPtrInput `pulumi:"author"` + Description pulumi.StringPtrInput `pulumi:"description"` + Engine pulumi.StringPtrInput `pulumi:"engine"` + LastModified pulumi.IntPtrInput `pulumi:"lastModified"` + Name pulumi.StringPtrInput `pulumi:"name"` + Path pulumi.StringPtrInput `pulumi:"path"` + ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` + ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` + Snippet pulumi.StringPtrInput `pulumi:"snippet"` +} + +func (FunctionAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (i FunctionAssurancePolicyCustomCheckArgs) ToFunctionAssurancePolicyCustomCheckOutput() FunctionAssurancePolicyCustomCheckOutput { + return i.ToFunctionAssurancePolicyCustomCheckOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyCustomCheckArgs) ToFunctionAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyCustomCheckOutput) +} + +// FunctionAssurancePolicyCustomCheckArrayInput is an input type that accepts FunctionAssurancePolicyCustomCheckArray and FunctionAssurancePolicyCustomCheckArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyCustomCheckArrayInput` via: +// +// FunctionAssurancePolicyCustomCheckArray{ FunctionAssurancePolicyCustomCheckArgs{...} } +type FunctionAssurancePolicyCustomCheckArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyCustomCheckArrayOutput() FunctionAssurancePolicyCustomCheckArrayOutput + ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) FunctionAssurancePolicyCustomCheckArrayOutput +} + +type FunctionAssurancePolicyCustomCheckArray []FunctionAssurancePolicyCustomCheckInput + +func (FunctionAssurancePolicyCustomCheckArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (i FunctionAssurancePolicyCustomCheckArray) ToFunctionAssurancePolicyCustomCheckArrayOutput() FunctionAssurancePolicyCustomCheckArrayOutput { + return i.ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyCustomCheckArray) ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyCustomCheckArrayOutput) +} + +type FunctionAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (o FunctionAssurancePolicyCustomCheckOutput) ToFunctionAssurancePolicyCustomCheckOutput() FunctionAssurancePolicyCustomCheckOutput { + return o +} + +func (o FunctionAssurancePolicyCustomCheckOutput) ToFunctionAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckOutput { + return o +} + +// Name of user account that created the policy. +func (o FunctionAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (o FunctionAssurancePolicyCustomCheckArrayOutput) ToFunctionAssurancePolicyCustomCheckArrayOutput() FunctionAssurancePolicyCustomCheckArrayOutput { + return o +} + +func (o FunctionAssurancePolicyCustomCheckArrayOutput) ToFunctionAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyCustomCheckArrayOutput { + return o +} + +func (o FunctionAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyCustomCheckOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyCustomCheck { + return vs[0].([]FunctionAssurancePolicyCustomCheck)[vs[1].(int)] + }).(FunctionAssurancePolicyCustomCheckOutput) +} + +type FunctionAssurancePolicyForbiddenLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` +} + +// FunctionAssurancePolicyForbiddenLabelInput is an input type that accepts FunctionAssurancePolicyForbiddenLabelArgs and FunctionAssurancePolicyForbiddenLabelOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyForbiddenLabelInput` via: +// +// FunctionAssurancePolicyForbiddenLabelArgs{...} +type FunctionAssurancePolicyForbiddenLabelInput interface { + pulumi.Input + + ToFunctionAssurancePolicyForbiddenLabelOutput() FunctionAssurancePolicyForbiddenLabelOutput + ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(context.Context) FunctionAssurancePolicyForbiddenLabelOutput +} + +type FunctionAssurancePolicyForbiddenLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (FunctionAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (i FunctionAssurancePolicyForbiddenLabelArgs) ToFunctionAssurancePolicyForbiddenLabelOutput() FunctionAssurancePolicyForbiddenLabelOutput { + return i.ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyForbiddenLabelArgs) ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyForbiddenLabelOutput) +} + +// FunctionAssurancePolicyForbiddenLabelArrayInput is an input type that accepts FunctionAssurancePolicyForbiddenLabelArray and FunctionAssurancePolicyForbiddenLabelArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyForbiddenLabelArrayInput` via: +// +// FunctionAssurancePolicyForbiddenLabelArray{ FunctionAssurancePolicyForbiddenLabelArgs{...} } +type FunctionAssurancePolicyForbiddenLabelArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyForbiddenLabelArrayOutput() FunctionAssurancePolicyForbiddenLabelArrayOutput + ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) FunctionAssurancePolicyForbiddenLabelArrayOutput +} + +type FunctionAssurancePolicyForbiddenLabelArray []FunctionAssurancePolicyForbiddenLabelInput + +func (FunctionAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (i FunctionAssurancePolicyForbiddenLabelArray) ToFunctionAssurancePolicyForbiddenLabelArrayOutput() FunctionAssurancePolicyForbiddenLabelArrayOutput { + return i.ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyForbiddenLabelArray) ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyForbiddenLabelArrayOutput) +} + +type FunctionAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (o FunctionAssurancePolicyForbiddenLabelOutput) ToFunctionAssurancePolicyForbiddenLabelOutput() FunctionAssurancePolicyForbiddenLabelOutput { + return o +} + +func (o FunctionAssurancePolicyForbiddenLabelOutput) ToFunctionAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelOutput { + return o +} + +func (o FunctionAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) ToFunctionAssurancePolicyForbiddenLabelArrayOutput() FunctionAssurancePolicyForbiddenLabelArrayOutput { + return o +} + +func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) ToFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyForbiddenLabelArrayOutput { + return o +} + +func (o FunctionAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyForbiddenLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyForbiddenLabel { + return vs[0].([]FunctionAssurancePolicyForbiddenLabel)[vs[1].(int)] + }).(FunctionAssurancePolicyForbiddenLabelOutput) +} + +type FunctionAssurancePolicyKubernetesControl struct { + AvdId *string `pulumi:"avdId"` + Description *string `pulumi:"description"` + Enabled *bool `pulumi:"enabled"` + Kind *string `pulumi:"kind"` + Name *string `pulumi:"name"` + Ootb *bool `pulumi:"ootb"` + ScriptId *int `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` +} + +// FunctionAssurancePolicyKubernetesControlInput is an input type that accepts FunctionAssurancePolicyKubernetesControlArgs and FunctionAssurancePolicyKubernetesControlOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyKubernetesControlInput` via: +// +// FunctionAssurancePolicyKubernetesControlArgs{...} +type FunctionAssurancePolicyKubernetesControlInput interface { + pulumi.Input + + ToFunctionAssurancePolicyKubernetesControlOutput() FunctionAssurancePolicyKubernetesControlOutput + ToFunctionAssurancePolicyKubernetesControlOutputWithContext(context.Context) FunctionAssurancePolicyKubernetesControlOutput +} + +type FunctionAssurancePolicyKubernetesControlArgs struct { + AvdId pulumi.StringPtrInput `pulumi:"avdId"` + Description pulumi.StringPtrInput `pulumi:"description"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + Kind pulumi.StringPtrInput `pulumi:"kind"` + Name pulumi.StringPtrInput `pulumi:"name"` + Ootb pulumi.BoolPtrInput `pulumi:"ootb"` + ScriptId pulumi.IntPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` +} + +func (FunctionAssurancePolicyKubernetesControlArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyKubernetesControl)(nil)).Elem() +} + +func (i FunctionAssurancePolicyKubernetesControlArgs) ToFunctionAssurancePolicyKubernetesControlOutput() FunctionAssurancePolicyKubernetesControlOutput { + return i.ToFunctionAssurancePolicyKubernetesControlOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyKubernetesControlArgs) ToFunctionAssurancePolicyKubernetesControlOutputWithContext(ctx context.Context) FunctionAssurancePolicyKubernetesControlOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyKubernetesControlOutput) +} + +// FunctionAssurancePolicyKubernetesControlArrayInput is an input type that accepts FunctionAssurancePolicyKubernetesControlArray and FunctionAssurancePolicyKubernetesControlArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyKubernetesControlArrayInput` via: +// +// FunctionAssurancePolicyKubernetesControlArray{ FunctionAssurancePolicyKubernetesControlArgs{...} } +type FunctionAssurancePolicyKubernetesControlArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyKubernetesControlArrayOutput() FunctionAssurancePolicyKubernetesControlArrayOutput + ToFunctionAssurancePolicyKubernetesControlArrayOutputWithContext(context.Context) FunctionAssurancePolicyKubernetesControlArrayOutput +} + +type FunctionAssurancePolicyKubernetesControlArray []FunctionAssurancePolicyKubernetesControlInput + +func (FunctionAssurancePolicyKubernetesControlArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyKubernetesControl)(nil)).Elem() +} + +func (i FunctionAssurancePolicyKubernetesControlArray) ToFunctionAssurancePolicyKubernetesControlArrayOutput() FunctionAssurancePolicyKubernetesControlArrayOutput { + return i.ToFunctionAssurancePolicyKubernetesControlArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyKubernetesControlArray) ToFunctionAssurancePolicyKubernetesControlArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyKubernetesControlArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyKubernetesControlArrayOutput) +} + +type FunctionAssurancePolicyKubernetesControlOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyKubernetesControlOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyKubernetesControl)(nil)).Elem() +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) ToFunctionAssurancePolicyKubernetesControlOutput() FunctionAssurancePolicyKubernetesControlOutput { + return o +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) ToFunctionAssurancePolicyKubernetesControlOutputWithContext(ctx context.Context) FunctionAssurancePolicyKubernetesControlOutput { + return o +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) AvdId() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *string { return v.AvdId }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) Kind() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *string { return v.Kind }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) Ootb() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *bool { return v.Ootb }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) ScriptId() pulumi.IntPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *int { return v.ScriptId }).(pulumi.IntPtrOutput) +} + +func (o FunctionAssurancePolicyKubernetesControlOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyKubernetesControl) *string { return v.Severity }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyKubernetesControlArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyKubernetesControlArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyKubernetesControl)(nil)).Elem() +} + +func (o FunctionAssurancePolicyKubernetesControlArrayOutput) ToFunctionAssurancePolicyKubernetesControlArrayOutput() FunctionAssurancePolicyKubernetesControlArrayOutput { + return o +} + +func (o FunctionAssurancePolicyKubernetesControlArrayOutput) ToFunctionAssurancePolicyKubernetesControlArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyKubernetesControlArrayOutput { + return o +} + +func (o FunctionAssurancePolicyKubernetesControlArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyKubernetesControlOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyKubernetesControl { + return vs[0].([]FunctionAssurancePolicyKubernetesControl)[vs[1].(int)] + }).(FunctionAssurancePolicyKubernetesControlOutput) +} + +type FunctionAssurancePolicyPackagesBlackList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` +} + +// FunctionAssurancePolicyPackagesBlackListInput is an input type that accepts FunctionAssurancePolicyPackagesBlackListArgs and FunctionAssurancePolicyPackagesBlackListOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyPackagesBlackListInput` via: +// +// FunctionAssurancePolicyPackagesBlackListArgs{...} +type FunctionAssurancePolicyPackagesBlackListInput interface { + pulumi.Input + + ToFunctionAssurancePolicyPackagesBlackListOutput() FunctionAssurancePolicyPackagesBlackListOutput + ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(context.Context) FunctionAssurancePolicyPackagesBlackListOutput +} + +type FunctionAssurancePolicyPackagesBlackListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +} + +func (FunctionAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (i FunctionAssurancePolicyPackagesBlackListArgs) ToFunctionAssurancePolicyPackagesBlackListOutput() FunctionAssurancePolicyPackagesBlackListOutput { + return i.ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyPackagesBlackListArgs) ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesBlackListOutput) +} + +// FunctionAssurancePolicyPackagesBlackListArrayInput is an input type that accepts FunctionAssurancePolicyPackagesBlackListArray and FunctionAssurancePolicyPackagesBlackListArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyPackagesBlackListArrayInput` via: +// +// FunctionAssurancePolicyPackagesBlackListArray{ FunctionAssurancePolicyPackagesBlackListArgs{...} } +type FunctionAssurancePolicyPackagesBlackListArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyPackagesBlackListArrayOutput() FunctionAssurancePolicyPackagesBlackListArrayOutput + ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) FunctionAssurancePolicyPackagesBlackListArrayOutput +} + +type FunctionAssurancePolicyPackagesBlackListArray []FunctionAssurancePolicyPackagesBlackListInput + +func (FunctionAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (i FunctionAssurancePolicyPackagesBlackListArray) ToFunctionAssurancePolicyPackagesBlackListArrayOutput() FunctionAssurancePolicyPackagesBlackListArrayOutput { + return i.ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyPackagesBlackListArray) ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesBlackListArrayOutput) +} + +type FunctionAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) ToFunctionAssurancePolicyPackagesBlackListOutput() FunctionAssurancePolicyPackagesBlackListOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) ToFunctionAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) ToFunctionAssurancePolicyPackagesBlackListArrayOutput() FunctionAssurancePolicyPackagesBlackListArrayOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) ToFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesBlackListArrayOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyPackagesBlackListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyPackagesBlackList { + return vs[0].([]FunctionAssurancePolicyPackagesBlackList)[vs[1].(int)] + }).(FunctionAssurancePolicyPackagesBlackListOutput) +} + +type FunctionAssurancePolicyPackagesWhiteList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` +} + +// FunctionAssurancePolicyPackagesWhiteListInput is an input type that accepts FunctionAssurancePolicyPackagesWhiteListArgs and FunctionAssurancePolicyPackagesWhiteListOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyPackagesWhiteListInput` via: +// +// FunctionAssurancePolicyPackagesWhiteListArgs{...} +type FunctionAssurancePolicyPackagesWhiteListInput interface { + pulumi.Input + + ToFunctionAssurancePolicyPackagesWhiteListOutput() FunctionAssurancePolicyPackagesWhiteListOutput + ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) FunctionAssurancePolicyPackagesWhiteListOutput +} + +type FunctionAssurancePolicyPackagesWhiteListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +} + +func (FunctionAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (i FunctionAssurancePolicyPackagesWhiteListArgs) ToFunctionAssurancePolicyPackagesWhiteListOutput() FunctionAssurancePolicyPackagesWhiteListOutput { + return i.ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyPackagesWhiteListArgs) ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesWhiteListOutput) +} + +// FunctionAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts FunctionAssurancePolicyPackagesWhiteListArray and FunctionAssurancePolicyPackagesWhiteListArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyPackagesWhiteListArrayInput` via: +// +// FunctionAssurancePolicyPackagesWhiteListArray{ FunctionAssurancePolicyPackagesWhiteListArgs{...} } +type FunctionAssurancePolicyPackagesWhiteListArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyPackagesWhiteListArrayOutput() FunctionAssurancePolicyPackagesWhiteListArrayOutput + ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) FunctionAssurancePolicyPackagesWhiteListArrayOutput +} + +type FunctionAssurancePolicyPackagesWhiteListArray []FunctionAssurancePolicyPackagesWhiteListInput + +func (FunctionAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (i FunctionAssurancePolicyPackagesWhiteListArray) ToFunctionAssurancePolicyPackagesWhiteListArrayOutput() FunctionAssurancePolicyPackagesWhiteListArrayOutput { + return i.ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyPackagesWhiteListArray) ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPackagesWhiteListArrayOutput) +} + +type FunctionAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) ToFunctionAssurancePolicyPackagesWhiteListOutput() FunctionAssurancePolicyPackagesWhiteListOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) ToFunctionAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) ToFunctionAssurancePolicyPackagesWhiteListArrayOutput() FunctionAssurancePolicyPackagesWhiteListArrayOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) ToFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyPackagesWhiteListArrayOutput { + return o +} + +func (o FunctionAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyPackagesWhiteListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyPackagesWhiteList { + return vs[0].([]FunctionAssurancePolicyPackagesWhiteList)[vs[1].(int)] }).(FunctionAssurancePolicyPackagesWhiteListOutput) } -type FunctionAssurancePolicyRequiredLabel struct { - Key *string `pulumi:"key"` - Value *string `pulumi:"value"` +type FunctionAssurancePolicyPolicySettings struct { + Enforce *bool `pulumi:"enforce"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + Warn *bool `pulumi:"warn"` + WarningMessage *string `pulumi:"warningMessage"` +} + +// FunctionAssurancePolicyPolicySettingsInput is an input type that accepts FunctionAssurancePolicyPolicySettingsArgs and FunctionAssurancePolicyPolicySettingsOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyPolicySettingsInput` via: +// +// FunctionAssurancePolicyPolicySettingsArgs{...} +type FunctionAssurancePolicyPolicySettingsInput interface { + pulumi.Input + + ToFunctionAssurancePolicyPolicySettingsOutput() FunctionAssurancePolicyPolicySettingsOutput + ToFunctionAssurancePolicyPolicySettingsOutputWithContext(context.Context) FunctionAssurancePolicyPolicySettingsOutput +} + +type FunctionAssurancePolicyPolicySettingsArgs struct { + Enforce pulumi.BoolPtrInput `pulumi:"enforce"` + IsAuditChecked pulumi.BoolPtrInput `pulumi:"isAuditChecked"` + Warn pulumi.BoolPtrInput `pulumi:"warn"` + WarningMessage pulumi.StringPtrInput `pulumi:"warningMessage"` +} + +func (FunctionAssurancePolicyPolicySettingsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (i FunctionAssurancePolicyPolicySettingsArgs) ToFunctionAssurancePolicyPolicySettingsOutput() FunctionAssurancePolicyPolicySettingsOutput { + return i.ToFunctionAssurancePolicyPolicySettingsOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyPolicySettingsArgs) ToFunctionAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) FunctionAssurancePolicyPolicySettingsOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPolicySettingsOutput) +} + +func (i FunctionAssurancePolicyPolicySettingsArgs) ToFunctionAssurancePolicyPolicySettingsPtrOutput() FunctionAssurancePolicyPolicySettingsPtrOutput { + return i.ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyPolicySettingsArgs) ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) FunctionAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPolicySettingsOutput).ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(ctx) +} + +// FunctionAssurancePolicyPolicySettingsPtrInput is an input type that accepts FunctionAssurancePolicyPolicySettingsArgs, FunctionAssurancePolicyPolicySettingsPtr and FunctionAssurancePolicyPolicySettingsPtrOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyPolicySettingsPtrInput` via: +// +// FunctionAssurancePolicyPolicySettingsArgs{...} +// +// or: +// +// nil +type FunctionAssurancePolicyPolicySettingsPtrInput interface { + pulumi.Input + + ToFunctionAssurancePolicyPolicySettingsPtrOutput() FunctionAssurancePolicyPolicySettingsPtrOutput + ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(context.Context) FunctionAssurancePolicyPolicySettingsPtrOutput +} + +type functionAssurancePolicyPolicySettingsPtrType FunctionAssurancePolicyPolicySettingsArgs + +func FunctionAssurancePolicyPolicySettingsPtr(v *FunctionAssurancePolicyPolicySettingsArgs) FunctionAssurancePolicyPolicySettingsPtrInput { + return (*functionAssurancePolicyPolicySettingsPtrType)(v) +} + +func (*functionAssurancePolicyPolicySettingsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (i *functionAssurancePolicyPolicySettingsPtrType) ToFunctionAssurancePolicyPolicySettingsPtrOutput() FunctionAssurancePolicyPolicySettingsPtrOutput { + return i.ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) +} + +func (i *functionAssurancePolicyPolicySettingsPtrType) ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) FunctionAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyPolicySettingsPtrOutput) +} + +type FunctionAssurancePolicyPolicySettingsOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyPolicySettingsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) ToFunctionAssurancePolicyPolicySettingsOutput() FunctionAssurancePolicyPolicySettingsOutput { + return o +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) ToFunctionAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) FunctionAssurancePolicyPolicySettingsOutput { + return o +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) ToFunctionAssurancePolicyPolicySettingsPtrOutput() FunctionAssurancePolicyPolicySettingsPtrOutput { + return o.ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) FunctionAssurancePolicyPolicySettingsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionAssurancePolicyPolicySettings) *FunctionAssurancePolicyPolicySettings { + return &v + }).(FunctionAssurancePolicyPolicySettingsPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPolicySettings) *bool { return v.Enforce }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPolicySettings) *bool { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPolicySettings) *bool { return v.Warn }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyPolicySettings) *string { return v.WarningMessage }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyPolicySettingsPtrOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyPolicySettingsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) ToFunctionAssurancePolicyPolicySettingsPtrOutput() FunctionAssurancePolicyPolicySettingsPtrOutput { + return o +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) ToFunctionAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) FunctionAssurancePolicyPolicySettingsPtrOutput { + return o +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) Elem() FunctionAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *FunctionAssurancePolicyPolicySettings) FunctionAssurancePolicyPolicySettings { + if v != nil { + return *v + } + var ret FunctionAssurancePolicyPolicySettings + return ret + }).(FunctionAssurancePolicyPolicySettingsOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Enforce + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.IsAuditChecked + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Warn + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionAssurancePolicyPolicySettingsPtrOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionAssurancePolicyPolicySettings) *string { + if v == nil { + return nil + } + return v.WarningMessage + }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyRequiredLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` +} + +// FunctionAssurancePolicyRequiredLabelInput is an input type that accepts FunctionAssurancePolicyRequiredLabelArgs and FunctionAssurancePolicyRequiredLabelOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyRequiredLabelInput` via: +// +// FunctionAssurancePolicyRequiredLabelArgs{...} +type FunctionAssurancePolicyRequiredLabelInput interface { + pulumi.Input + + ToFunctionAssurancePolicyRequiredLabelOutput() FunctionAssurancePolicyRequiredLabelOutput + ToFunctionAssurancePolicyRequiredLabelOutputWithContext(context.Context) FunctionAssurancePolicyRequiredLabelOutput +} + +type FunctionAssurancePolicyRequiredLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (FunctionAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (i FunctionAssurancePolicyRequiredLabelArgs) ToFunctionAssurancePolicyRequiredLabelOutput() FunctionAssurancePolicyRequiredLabelOutput { + return i.ToFunctionAssurancePolicyRequiredLabelOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyRequiredLabelArgs) ToFunctionAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyRequiredLabelOutput) +} + +// FunctionAssurancePolicyRequiredLabelArrayInput is an input type that accepts FunctionAssurancePolicyRequiredLabelArray and FunctionAssurancePolicyRequiredLabelArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyRequiredLabelArrayInput` via: +// +// FunctionAssurancePolicyRequiredLabelArray{ FunctionAssurancePolicyRequiredLabelArgs{...} } +type FunctionAssurancePolicyRequiredLabelArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyRequiredLabelArrayOutput() FunctionAssurancePolicyRequiredLabelArrayOutput + ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) FunctionAssurancePolicyRequiredLabelArrayOutput +} + +type FunctionAssurancePolicyRequiredLabelArray []FunctionAssurancePolicyRequiredLabelInput + +func (FunctionAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (i FunctionAssurancePolicyRequiredLabelArray) ToFunctionAssurancePolicyRequiredLabelArrayOutput() FunctionAssurancePolicyRequiredLabelArrayOutput { + return i.ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyRequiredLabelArray) ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyRequiredLabelArrayOutput) +} + +type FunctionAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o FunctionAssurancePolicyRequiredLabelOutput) ToFunctionAssurancePolicyRequiredLabelOutput() FunctionAssurancePolicyRequiredLabelOutput { + return o +} + +func (o FunctionAssurancePolicyRequiredLabelOutput) ToFunctionAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelOutput { + return o +} + +func (o FunctionAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o FunctionAssurancePolicyRequiredLabelArrayOutput) ToFunctionAssurancePolicyRequiredLabelArrayOutput() FunctionAssurancePolicyRequiredLabelArrayOutput { + return o +} + +func (o FunctionAssurancePolicyRequiredLabelArrayOutput) ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelArrayOutput { + return o +} + +func (o FunctionAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyRequiredLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyRequiredLabel { + return vs[0].([]FunctionAssurancePolicyRequiredLabel)[vs[1].(int)] + }).(FunctionAssurancePolicyRequiredLabelOutput) +} + +type FunctionAssurancePolicyScope struct { + Expression *string `pulumi:"expression"` + Variables []FunctionAssurancePolicyScopeVariable `pulumi:"variables"` +} + +// FunctionAssurancePolicyScopeInput is an input type that accepts FunctionAssurancePolicyScopeArgs and FunctionAssurancePolicyScopeOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyScopeInput` via: +// +// FunctionAssurancePolicyScopeArgs{...} +type FunctionAssurancePolicyScopeInput interface { + pulumi.Input + + ToFunctionAssurancePolicyScopeOutput() FunctionAssurancePolicyScopeOutput + ToFunctionAssurancePolicyScopeOutputWithContext(context.Context) FunctionAssurancePolicyScopeOutput +} + +type FunctionAssurancePolicyScopeArgs struct { + Expression pulumi.StringPtrInput `pulumi:"expression"` + Variables FunctionAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` +} + +func (FunctionAssurancePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyScope)(nil)).Elem() +} + +func (i FunctionAssurancePolicyScopeArgs) ToFunctionAssurancePolicyScopeOutput() FunctionAssurancePolicyScopeOutput { + return i.ToFunctionAssurancePolicyScopeOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyScopeArgs) ToFunctionAssurancePolicyScopeOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeOutput) +} + +// FunctionAssurancePolicyScopeArrayInput is an input type that accepts FunctionAssurancePolicyScopeArray and FunctionAssurancePolicyScopeArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyScopeArrayInput` via: +// +// FunctionAssurancePolicyScopeArray{ FunctionAssurancePolicyScopeArgs{...} } +type FunctionAssurancePolicyScopeArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyScopeArrayOutput() FunctionAssurancePolicyScopeArrayOutput + ToFunctionAssurancePolicyScopeArrayOutputWithContext(context.Context) FunctionAssurancePolicyScopeArrayOutput +} + +type FunctionAssurancePolicyScopeArray []FunctionAssurancePolicyScopeInput + +func (FunctionAssurancePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyScope)(nil)).Elem() +} + +func (i FunctionAssurancePolicyScopeArray) ToFunctionAssurancePolicyScopeArrayOutput() FunctionAssurancePolicyScopeArrayOutput { + return i.ToFunctionAssurancePolicyScopeArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyScopeArray) ToFunctionAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeArrayOutput) +} + +type FunctionAssurancePolicyScopeOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyScope)(nil)).Elem() +} + +func (o FunctionAssurancePolicyScopeOutput) ToFunctionAssurancePolicyScopeOutput() FunctionAssurancePolicyScopeOutput { + return o +} + +func (o FunctionAssurancePolicyScopeOutput) ToFunctionAssurancePolicyScopeOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeOutput { + return o +} + +func (o FunctionAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyScopeOutput) Variables() FunctionAssurancePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v FunctionAssurancePolicyScope) []FunctionAssurancePolicyScopeVariable { return v.Variables }).(FunctionAssurancePolicyScopeVariableArrayOutput) +} + +type FunctionAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyScope)(nil)).Elem() +} + +func (o FunctionAssurancePolicyScopeArrayOutput) ToFunctionAssurancePolicyScopeArrayOutput() FunctionAssurancePolicyScopeArrayOutput { + return o +} + +func (o FunctionAssurancePolicyScopeArrayOutput) ToFunctionAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeArrayOutput { + return o +} + +func (o FunctionAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyScope { + return vs[0].([]FunctionAssurancePolicyScope)[vs[1].(int)] + }).(FunctionAssurancePolicyScopeOutput) +} + +type FunctionAssurancePolicyScopeVariable struct { + Attribute *string `pulumi:"attribute"` + Name *string `pulumi:"name"` + Value *string `pulumi:"value"` +} + +// FunctionAssurancePolicyScopeVariableInput is an input type that accepts FunctionAssurancePolicyScopeVariableArgs and FunctionAssurancePolicyScopeVariableOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyScopeVariableInput` via: +// +// FunctionAssurancePolicyScopeVariableArgs{...} +type FunctionAssurancePolicyScopeVariableInput interface { + pulumi.Input + + ToFunctionAssurancePolicyScopeVariableOutput() FunctionAssurancePolicyScopeVariableOutput + ToFunctionAssurancePolicyScopeVariableOutputWithContext(context.Context) FunctionAssurancePolicyScopeVariableOutput +} + +type FunctionAssurancePolicyScopeVariableArgs struct { + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + Name pulumi.StringPtrInput `pulumi:"name"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (FunctionAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (i FunctionAssurancePolicyScopeVariableArgs) ToFunctionAssurancePolicyScopeVariableOutput() FunctionAssurancePolicyScopeVariableOutput { + return i.ToFunctionAssurancePolicyScopeVariableOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyScopeVariableArgs) ToFunctionAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeVariableOutput) +} + +// FunctionAssurancePolicyScopeVariableArrayInput is an input type that accepts FunctionAssurancePolicyScopeVariableArray and FunctionAssurancePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyScopeVariableArrayInput` via: +// +// FunctionAssurancePolicyScopeVariableArray{ FunctionAssurancePolicyScopeVariableArgs{...} } +type FunctionAssurancePolicyScopeVariableArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyScopeVariableArrayOutput() FunctionAssurancePolicyScopeVariableArrayOutput + ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) FunctionAssurancePolicyScopeVariableArrayOutput +} + +type FunctionAssurancePolicyScopeVariableArray []FunctionAssurancePolicyScopeVariableInput + +func (FunctionAssurancePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (i FunctionAssurancePolicyScopeVariableArray) ToFunctionAssurancePolicyScopeVariableArrayOutput() FunctionAssurancePolicyScopeVariableArrayOutput { + return i.ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyScopeVariableArray) ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeVariableArrayOutput) +} + +type FunctionAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (o FunctionAssurancePolicyScopeVariableOutput) ToFunctionAssurancePolicyScopeVariableOutput() FunctionAssurancePolicyScopeVariableOutput { + return o +} + +func (o FunctionAssurancePolicyScopeVariableOutput) ToFunctionAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableOutput { + return o +} + +func (o FunctionAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (o FunctionAssurancePolicyScopeVariableArrayOutput) ToFunctionAssurancePolicyScopeVariableArrayOutput() FunctionAssurancePolicyScopeVariableArrayOutput { + return o +} + +func (o FunctionAssurancePolicyScopeVariableArrayOutput) ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableArrayOutput { + return o +} + +func (o FunctionAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyScopeVariable { + return vs[0].([]FunctionAssurancePolicyScopeVariable)[vs[1].(int)] + }).(FunctionAssurancePolicyScopeVariableOutput) +} + +type FunctionAssurancePolicyTrustedBaseImage struct { + Imagename *string `pulumi:"imagename"` + Registry *string `pulumi:"registry"` +} + +// FunctionAssurancePolicyTrustedBaseImageInput is an input type that accepts FunctionAssurancePolicyTrustedBaseImageArgs and FunctionAssurancePolicyTrustedBaseImageOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyTrustedBaseImageInput` via: +// +// FunctionAssurancePolicyTrustedBaseImageArgs{...} +type FunctionAssurancePolicyTrustedBaseImageInput interface { + pulumi.Input + + ToFunctionAssurancePolicyTrustedBaseImageOutput() FunctionAssurancePolicyTrustedBaseImageOutput + ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) FunctionAssurancePolicyTrustedBaseImageOutput +} + +type FunctionAssurancePolicyTrustedBaseImageArgs struct { + Imagename pulumi.StringPtrInput `pulumi:"imagename"` + Registry pulumi.StringPtrInput `pulumi:"registry"` +} + +func (FunctionAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (i FunctionAssurancePolicyTrustedBaseImageArgs) ToFunctionAssurancePolicyTrustedBaseImageOutput() FunctionAssurancePolicyTrustedBaseImageOutput { + return i.ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyTrustedBaseImageArgs) ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyTrustedBaseImageOutput) +} + +// FunctionAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts FunctionAssurancePolicyTrustedBaseImageArray and FunctionAssurancePolicyTrustedBaseImageArrayOutput values. +// You can construct a concrete instance of `FunctionAssurancePolicyTrustedBaseImageArrayInput` via: +// +// FunctionAssurancePolicyTrustedBaseImageArray{ FunctionAssurancePolicyTrustedBaseImageArgs{...} } +type FunctionAssurancePolicyTrustedBaseImageArrayInput interface { + pulumi.Input + + ToFunctionAssurancePolicyTrustedBaseImageArrayOutput() FunctionAssurancePolicyTrustedBaseImageArrayOutput + ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) FunctionAssurancePolicyTrustedBaseImageArrayOutput +} + +type FunctionAssurancePolicyTrustedBaseImageArray []FunctionAssurancePolicyTrustedBaseImageInput + +func (FunctionAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (i FunctionAssurancePolicyTrustedBaseImageArray) ToFunctionAssurancePolicyTrustedBaseImageArrayOutput() FunctionAssurancePolicyTrustedBaseImageArrayOutput { + return i.ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +} + +func (i FunctionAssurancePolicyTrustedBaseImageArray) ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyTrustedBaseImageArrayOutput) +} + +type FunctionAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o FunctionAssurancePolicyTrustedBaseImageOutput) ToFunctionAssurancePolicyTrustedBaseImageOutput() FunctionAssurancePolicyTrustedBaseImageOutput { + return o +} + +func (o FunctionAssurancePolicyTrustedBaseImageOutput) ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageOutput { + return o +} + +func (o FunctionAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +} + +func (o FunctionAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +} + +type FunctionAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } + +func (FunctionAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) ToFunctionAssurancePolicyTrustedBaseImageArrayOutput() FunctionAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyTrustedBaseImage { + return vs[0].([]FunctionAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(FunctionAssurancePolicyTrustedBaseImageOutput) +} + +type FunctionRuntimePolicyAllowedExecutable struct { + // List of allowed executables. + AllowExecutables []string `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables []string `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables *bool `pulumi:"separateExecutables"` +} + +// FunctionRuntimePolicyAllowedExecutableInput is an input type that accepts FunctionRuntimePolicyAllowedExecutableArgs and FunctionRuntimePolicyAllowedExecutableOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyAllowedExecutableInput` via: +// +// FunctionRuntimePolicyAllowedExecutableArgs{...} +type FunctionRuntimePolicyAllowedExecutableInput interface { + pulumi.Input + + ToFunctionRuntimePolicyAllowedExecutableOutput() FunctionRuntimePolicyAllowedExecutableOutput + ToFunctionRuntimePolicyAllowedExecutableOutputWithContext(context.Context) FunctionRuntimePolicyAllowedExecutableOutput +} + +type FunctionRuntimePolicyAllowedExecutableArgs struct { + // List of allowed executables. + AllowExecutables pulumi.StringArrayInput `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables pulumi.StringArrayInput `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables pulumi.BoolPtrInput `pulumi:"separateExecutables"` +} + +func (FunctionRuntimePolicyAllowedExecutableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (i FunctionRuntimePolicyAllowedExecutableArgs) ToFunctionRuntimePolicyAllowedExecutableOutput() FunctionRuntimePolicyAllowedExecutableOutput { + return i.ToFunctionRuntimePolicyAllowedExecutableOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyAllowedExecutableArgs) ToFunctionRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedExecutableOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAllowedExecutableOutput) +} + +// FunctionRuntimePolicyAllowedExecutableArrayInput is an input type that accepts FunctionRuntimePolicyAllowedExecutableArray and FunctionRuntimePolicyAllowedExecutableArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyAllowedExecutableArrayInput` via: +// +// FunctionRuntimePolicyAllowedExecutableArray{ FunctionRuntimePolicyAllowedExecutableArgs{...} } +type FunctionRuntimePolicyAllowedExecutableArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyAllowedExecutableArrayOutput() FunctionRuntimePolicyAllowedExecutableArrayOutput + ToFunctionRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Context) FunctionRuntimePolicyAllowedExecutableArrayOutput +} + +type FunctionRuntimePolicyAllowedExecutableArray []FunctionRuntimePolicyAllowedExecutableInput + +func (FunctionRuntimePolicyAllowedExecutableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (i FunctionRuntimePolicyAllowedExecutableArray) ToFunctionRuntimePolicyAllowedExecutableArrayOutput() FunctionRuntimePolicyAllowedExecutableArrayOutput { + return i.ToFunctionRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyAllowedExecutableArray) ToFunctionRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedExecutableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAllowedExecutableArrayOutput) +} + +type FunctionRuntimePolicyAllowedExecutableOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyAllowedExecutableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (o FunctionRuntimePolicyAllowedExecutableOutput) ToFunctionRuntimePolicyAllowedExecutableOutput() FunctionRuntimePolicyAllowedExecutableOutput { + return o +} + +func (o FunctionRuntimePolicyAllowedExecutableOutput) ToFunctionRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedExecutableOutput { + return o +} + +// List of allowed executables. +func (o FunctionRuntimePolicyAllowedExecutableOutput) AllowExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAllowedExecutable) []string { return v.AllowExecutables }).(pulumi.StringArrayOutput) +} + +// List of allowed root executables. +func (o FunctionRuntimePolicyAllowedExecutableOutput) AllowRootExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAllowedExecutable) []string { return v.AllowRootExecutables }).(pulumi.StringArrayOutput) +} + +// Whether allowed executables configuration is enabled. +func (o FunctionRuntimePolicyAllowedExecutableOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAllowedExecutable) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to treat executables separately. +func (o FunctionRuntimePolicyAllowedExecutableOutput) SeparateExecutables() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAllowedExecutable) *bool { return v.SeparateExecutables }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyAllowedExecutableArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyAllowedExecutableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (o FunctionRuntimePolicyAllowedExecutableArrayOutput) ToFunctionRuntimePolicyAllowedExecutableArrayOutput() FunctionRuntimePolicyAllowedExecutableArrayOutput { + return o +} + +func (o FunctionRuntimePolicyAllowedExecutableArrayOutput) ToFunctionRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedExecutableArrayOutput { + return o +} + +func (o FunctionRuntimePolicyAllowedExecutableArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyAllowedExecutableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyAllowedExecutable { + return vs[0].([]FunctionRuntimePolicyAllowedExecutable)[vs[1].(int)] + }).(FunctionRuntimePolicyAllowedExecutableOutput) +} + +type FunctionRuntimePolicyAllowedRegistry struct { + // List of allowed registries. + AllowedRegistries []string `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled *bool `pulumi:"enabled"` +} + +// FunctionRuntimePolicyAllowedRegistryInput is an input type that accepts FunctionRuntimePolicyAllowedRegistryArgs and FunctionRuntimePolicyAllowedRegistryOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyAllowedRegistryInput` via: +// +// FunctionRuntimePolicyAllowedRegistryArgs{...} +type FunctionRuntimePolicyAllowedRegistryInput interface { + pulumi.Input + + ToFunctionRuntimePolicyAllowedRegistryOutput() FunctionRuntimePolicyAllowedRegistryOutput + ToFunctionRuntimePolicyAllowedRegistryOutputWithContext(context.Context) FunctionRuntimePolicyAllowedRegistryOutput +} + +type FunctionRuntimePolicyAllowedRegistryArgs struct { + // List of allowed registries. + AllowedRegistries pulumi.StringArrayInput `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (FunctionRuntimePolicyAllowedRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (i FunctionRuntimePolicyAllowedRegistryArgs) ToFunctionRuntimePolicyAllowedRegistryOutput() FunctionRuntimePolicyAllowedRegistryOutput { + return i.ToFunctionRuntimePolicyAllowedRegistryOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyAllowedRegistryArgs) ToFunctionRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAllowedRegistryOutput) +} + +// FunctionRuntimePolicyAllowedRegistryArrayInput is an input type that accepts FunctionRuntimePolicyAllowedRegistryArray and FunctionRuntimePolicyAllowedRegistryArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyAllowedRegistryArrayInput` via: +// +// FunctionRuntimePolicyAllowedRegistryArray{ FunctionRuntimePolicyAllowedRegistryArgs{...} } +type FunctionRuntimePolicyAllowedRegistryArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyAllowedRegistryArrayOutput() FunctionRuntimePolicyAllowedRegistryArrayOutput + ToFunctionRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Context) FunctionRuntimePolicyAllowedRegistryArrayOutput +} + +type FunctionRuntimePolicyAllowedRegistryArray []FunctionRuntimePolicyAllowedRegistryInput + +func (FunctionRuntimePolicyAllowedRegistryArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (i FunctionRuntimePolicyAllowedRegistryArray) ToFunctionRuntimePolicyAllowedRegistryArrayOutput() FunctionRuntimePolicyAllowedRegistryArrayOutput { + return i.ToFunctionRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyAllowedRegistryArray) ToFunctionRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedRegistryArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAllowedRegistryArrayOutput) +} + +type FunctionRuntimePolicyAllowedRegistryOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyAllowedRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (o FunctionRuntimePolicyAllowedRegistryOutput) ToFunctionRuntimePolicyAllowedRegistryOutput() FunctionRuntimePolicyAllowedRegistryOutput { + return o +} + +func (o FunctionRuntimePolicyAllowedRegistryOutput) ToFunctionRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedRegistryOutput { + return o +} + +// List of allowed registries. +func (o FunctionRuntimePolicyAllowedRegistryOutput) AllowedRegistries() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAllowedRegistry) []string { return v.AllowedRegistries }).(pulumi.StringArrayOutput) +} + +// Whether allowed registries are enabled. +func (o FunctionRuntimePolicyAllowedRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAllowedRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyAllowedRegistryArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyAllowedRegistryArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (o FunctionRuntimePolicyAllowedRegistryArrayOutput) ToFunctionRuntimePolicyAllowedRegistryArrayOutput() FunctionRuntimePolicyAllowedRegistryArrayOutput { + return o +} + +func (o FunctionRuntimePolicyAllowedRegistryArrayOutput) ToFunctionRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyAllowedRegistryArrayOutput { + return o +} + +func (o FunctionRuntimePolicyAllowedRegistryArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyAllowedRegistryOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyAllowedRegistry { + return vs[0].([]FunctionRuntimePolicyAllowedRegistry)[vs[1].(int)] + }).(FunctionRuntimePolicyAllowedRegistryOutput) +} + +type FunctionRuntimePolicyAuditing struct { + AuditAllNetwork *bool `pulumi:"auditAllNetwork"` + AuditAllProcesses *bool `pulumi:"auditAllProcesses"` + AuditFailedLogin *bool `pulumi:"auditFailedLogin"` + AuditOsUserActivity *bool `pulumi:"auditOsUserActivity"` + AuditProcessCmdline *bool `pulumi:"auditProcessCmdline"` + AuditSuccessLogin *bool `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Enabled *bool `pulumi:"enabled"` +} + +// FunctionRuntimePolicyAuditingInput is an input type that accepts FunctionRuntimePolicyAuditingArgs and FunctionRuntimePolicyAuditingOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyAuditingInput` via: +// +// FunctionRuntimePolicyAuditingArgs{...} +type FunctionRuntimePolicyAuditingInput interface { + pulumi.Input + + ToFunctionRuntimePolicyAuditingOutput() FunctionRuntimePolicyAuditingOutput + ToFunctionRuntimePolicyAuditingOutputWithContext(context.Context) FunctionRuntimePolicyAuditingOutput +} + +type FunctionRuntimePolicyAuditingArgs struct { + AuditAllNetwork pulumi.BoolPtrInput `pulumi:"auditAllNetwork"` + AuditAllProcesses pulumi.BoolPtrInput `pulumi:"auditAllProcesses"` + AuditFailedLogin pulumi.BoolPtrInput `pulumi:"auditFailedLogin"` + AuditOsUserActivity pulumi.BoolPtrInput `pulumi:"auditOsUserActivity"` + AuditProcessCmdline pulumi.BoolPtrInput `pulumi:"auditProcessCmdline"` + AuditSuccessLogin pulumi.BoolPtrInput `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement pulumi.BoolPtrInput `pulumi:"auditUserAccountManagement"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (FunctionRuntimePolicyAuditingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyAuditing)(nil)).Elem() +} + +func (i FunctionRuntimePolicyAuditingArgs) ToFunctionRuntimePolicyAuditingOutput() FunctionRuntimePolicyAuditingOutput { + return i.ToFunctionRuntimePolicyAuditingOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyAuditingArgs) ToFunctionRuntimePolicyAuditingOutputWithContext(ctx context.Context) FunctionRuntimePolicyAuditingOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAuditingOutput) +} + +func (i FunctionRuntimePolicyAuditingArgs) ToFunctionRuntimePolicyAuditingPtrOutput() FunctionRuntimePolicyAuditingPtrOutput { + return i.ToFunctionRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyAuditingArgs) ToFunctionRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAuditingOutput).ToFunctionRuntimePolicyAuditingPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyAuditingPtrInput is an input type that accepts FunctionRuntimePolicyAuditingArgs, FunctionRuntimePolicyAuditingPtr and FunctionRuntimePolicyAuditingPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyAuditingPtrInput` via: +// +// FunctionRuntimePolicyAuditingArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyAuditingPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyAuditingPtrOutput() FunctionRuntimePolicyAuditingPtrOutput + ToFunctionRuntimePolicyAuditingPtrOutputWithContext(context.Context) FunctionRuntimePolicyAuditingPtrOutput +} + +type functionRuntimePolicyAuditingPtrType FunctionRuntimePolicyAuditingArgs + +func FunctionRuntimePolicyAuditingPtr(v *FunctionRuntimePolicyAuditingArgs) FunctionRuntimePolicyAuditingPtrInput { + return (*functionRuntimePolicyAuditingPtrType)(v) +} + +func (*functionRuntimePolicyAuditingPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyAuditing)(nil)).Elem() +} + +func (i *functionRuntimePolicyAuditingPtrType) ToFunctionRuntimePolicyAuditingPtrOutput() FunctionRuntimePolicyAuditingPtrOutput { + return i.ToFunctionRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyAuditingPtrType) ToFunctionRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyAuditingPtrOutput) +} + +type FunctionRuntimePolicyAuditingOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyAuditingOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyAuditing)(nil)).Elem() +} + +func (o FunctionRuntimePolicyAuditingOutput) ToFunctionRuntimePolicyAuditingOutput() FunctionRuntimePolicyAuditingOutput { + return o +} + +func (o FunctionRuntimePolicyAuditingOutput) ToFunctionRuntimePolicyAuditingOutputWithContext(ctx context.Context) FunctionRuntimePolicyAuditingOutput { + return o +} + +func (o FunctionRuntimePolicyAuditingOutput) ToFunctionRuntimePolicyAuditingPtrOutput() FunctionRuntimePolicyAuditingPtrOutput { + return o.ToFunctionRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyAuditingOutput) ToFunctionRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyAuditingPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyAuditing) *FunctionRuntimePolicyAuditing { + return &v + }).(FunctionRuntimePolicyAuditingPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditAllNetwork }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditAllProcesses }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditFailedLogin }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditOsUserActivity }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditProcessCmdline }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditSuccessLogin }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.AuditUserAccountManagement }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyAuditing) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyAuditingPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyAuditingPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyAuditing)(nil)).Elem() +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) ToFunctionRuntimePolicyAuditingPtrOutput() FunctionRuntimePolicyAuditingPtrOutput { + return o +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) ToFunctionRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyAuditingPtrOutput { + return o +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) Elem() FunctionRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) FunctionRuntimePolicyAuditing { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyAuditing + return ret + }).(FunctionRuntimePolicyAuditingOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllNetwork + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllProcesses + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditFailedLogin + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditOsUserActivity + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditProcessCmdline + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditSuccessLogin + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditUserAccountManagement + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyAuditingPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyBlacklistedOsUsers struct { + Enabled *bool `pulumi:"enabled"` + GroupBlackLists []string `pulumi:"groupBlackLists"` + UserBlackLists []string `pulumi:"userBlackLists"` +} + +// FunctionRuntimePolicyBlacklistedOsUsersInput is an input type that accepts FunctionRuntimePolicyBlacklistedOsUsersArgs and FunctionRuntimePolicyBlacklistedOsUsersOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBlacklistedOsUsersInput` via: +// +// FunctionRuntimePolicyBlacklistedOsUsersArgs{...} +type FunctionRuntimePolicyBlacklistedOsUsersInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBlacklistedOsUsersOutput() FunctionRuntimePolicyBlacklistedOsUsersOutput + ToFunctionRuntimePolicyBlacklistedOsUsersOutputWithContext(context.Context) FunctionRuntimePolicyBlacklistedOsUsersOutput +} + +type FunctionRuntimePolicyBlacklistedOsUsersArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + GroupBlackLists pulumi.StringArrayInput `pulumi:"groupBlackLists"` + UserBlackLists pulumi.StringArrayInput `pulumi:"userBlackLists"` +} + +func (FunctionRuntimePolicyBlacklistedOsUsersArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBlacklistedOsUsersArgs) ToFunctionRuntimePolicyBlacklistedOsUsersOutput() FunctionRuntimePolicyBlacklistedOsUsersOutput { + return i.ToFunctionRuntimePolicyBlacklistedOsUsersOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBlacklistedOsUsersArgs) ToFunctionRuntimePolicyBlacklistedOsUsersOutputWithContext(ctx context.Context) FunctionRuntimePolicyBlacklistedOsUsersOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBlacklistedOsUsersOutput) +} + +func (i FunctionRuntimePolicyBlacklistedOsUsersArgs) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutput() FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return i.ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBlacklistedOsUsersArgs) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBlacklistedOsUsersOutput).ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyBlacklistedOsUsersPtrInput is an input type that accepts FunctionRuntimePolicyBlacklistedOsUsersArgs, FunctionRuntimePolicyBlacklistedOsUsersPtr and FunctionRuntimePolicyBlacklistedOsUsersPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBlacklistedOsUsersPtrInput` via: +// +// FunctionRuntimePolicyBlacklistedOsUsersArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyBlacklistedOsUsersPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutput() FunctionRuntimePolicyBlacklistedOsUsersPtrOutput + ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Context) FunctionRuntimePolicyBlacklistedOsUsersPtrOutput +} + +type functionRuntimePolicyBlacklistedOsUsersPtrType FunctionRuntimePolicyBlacklistedOsUsersArgs + +func FunctionRuntimePolicyBlacklistedOsUsersPtr(v *FunctionRuntimePolicyBlacklistedOsUsersArgs) FunctionRuntimePolicyBlacklistedOsUsersPtrInput { + return (*functionRuntimePolicyBlacklistedOsUsersPtrType)(v) +} + +func (*functionRuntimePolicyBlacklistedOsUsersPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (i *functionRuntimePolicyBlacklistedOsUsersPtrType) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutput() FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return i.ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyBlacklistedOsUsersPtrType) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) +} + +type FunctionRuntimePolicyBlacklistedOsUsersOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBlacklistedOsUsersOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) ToFunctionRuntimePolicyBlacklistedOsUsersOutput() FunctionRuntimePolicyBlacklistedOsUsersOutput { + return o +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) ToFunctionRuntimePolicyBlacklistedOsUsersOutputWithContext(ctx context.Context) FunctionRuntimePolicyBlacklistedOsUsersOutput { + return o +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutput() FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return o.ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyBlacklistedOsUsers) *FunctionRuntimePolicyBlacklistedOsUsers { + return &v + }).(FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBlacklistedOsUsers) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) GroupBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBlacklistedOsUsers) []string { return v.GroupBlackLists }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersOutput) UserBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBlacklistedOsUsers) []string { return v.UserBlackLists }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyBlacklistedOsUsersPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutput() FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return o +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) ToFunctionRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyBlacklistedOsUsersPtrOutput { + return o +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) Elem() FunctionRuntimePolicyBlacklistedOsUsersOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyBlacklistedOsUsers) FunctionRuntimePolicyBlacklistedOsUsers { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyBlacklistedOsUsers + return ret + }).(FunctionRuntimePolicyBlacklistedOsUsersOutput) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyBlacklistedOsUsers) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) GroupBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyBlacklistedOsUsers) []string { + if v == nil { + return nil + } + return v.GroupBlackLists + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyBlacklistedOsUsersPtrOutput) UserBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyBlacklistedOsUsers) []string { + if v == nil { + return nil + } + return v.UserBlackLists + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyBypassScope struct { + // Whether bypassing the scope is enabled. + Enabled *bool `pulumi:"enabled"` + // Scope configuration. + Scopes []FunctionRuntimePolicyBypassScopeScope `pulumi:"scopes"` +} + +// FunctionRuntimePolicyBypassScopeInput is an input type that accepts FunctionRuntimePolicyBypassScopeArgs and FunctionRuntimePolicyBypassScopeOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBypassScopeInput` via: +// +// FunctionRuntimePolicyBypassScopeArgs{...} +type FunctionRuntimePolicyBypassScopeInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBypassScopeOutput() FunctionRuntimePolicyBypassScopeOutput + ToFunctionRuntimePolicyBypassScopeOutputWithContext(context.Context) FunctionRuntimePolicyBypassScopeOutput +} + +type FunctionRuntimePolicyBypassScopeArgs struct { + // Whether bypassing the scope is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Scope configuration. + Scopes FunctionRuntimePolicyBypassScopeScopeArrayInput `pulumi:"scopes"` +} + +func (FunctionRuntimePolicyBypassScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBypassScope)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBypassScopeArgs) ToFunctionRuntimePolicyBypassScopeOutput() FunctionRuntimePolicyBypassScopeOutput { + return i.ToFunctionRuntimePolicyBypassScopeOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBypassScopeArgs) ToFunctionRuntimePolicyBypassScopeOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBypassScopeOutput) +} + +// FunctionRuntimePolicyBypassScopeArrayInput is an input type that accepts FunctionRuntimePolicyBypassScopeArray and FunctionRuntimePolicyBypassScopeArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBypassScopeArrayInput` via: +// +// FunctionRuntimePolicyBypassScopeArray{ FunctionRuntimePolicyBypassScopeArgs{...} } +type FunctionRuntimePolicyBypassScopeArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBypassScopeArrayOutput() FunctionRuntimePolicyBypassScopeArrayOutput + ToFunctionRuntimePolicyBypassScopeArrayOutputWithContext(context.Context) FunctionRuntimePolicyBypassScopeArrayOutput +} + +type FunctionRuntimePolicyBypassScopeArray []FunctionRuntimePolicyBypassScopeInput + +func (FunctionRuntimePolicyBypassScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyBypassScope)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBypassScopeArray) ToFunctionRuntimePolicyBypassScopeArrayOutput() FunctionRuntimePolicyBypassScopeArrayOutput { + return i.ToFunctionRuntimePolicyBypassScopeArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBypassScopeArray) ToFunctionRuntimePolicyBypassScopeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBypassScopeArrayOutput) +} + +type FunctionRuntimePolicyBypassScopeOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBypassScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBypassScope)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBypassScopeOutput) ToFunctionRuntimePolicyBypassScopeOutput() FunctionRuntimePolicyBypassScopeOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeOutput) ToFunctionRuntimePolicyBypassScopeOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeOutput { + return o +} + +// Whether bypassing the scope is enabled. +func (o FunctionRuntimePolicyBypassScopeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBypassScope) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Scope configuration. +func (o FunctionRuntimePolicyBypassScopeOutput) Scopes() FunctionRuntimePolicyBypassScopeScopeArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBypassScope) []FunctionRuntimePolicyBypassScopeScope { return v.Scopes }).(FunctionRuntimePolicyBypassScopeScopeArrayOutput) +} + +type FunctionRuntimePolicyBypassScopeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBypassScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyBypassScope)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBypassScopeArrayOutput) ToFunctionRuntimePolicyBypassScopeArrayOutput() FunctionRuntimePolicyBypassScopeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeArrayOutput) ToFunctionRuntimePolicyBypassScopeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyBypassScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyBypassScope { + return vs[0].([]FunctionRuntimePolicyBypassScope)[vs[1].(int)] + }).(FunctionRuntimePolicyBypassScopeOutput) +} + +type FunctionRuntimePolicyBypassScopeScope struct { + // Scope expression. + Expression *string `pulumi:"expression"` + // List of variables in the scope. + Variables []FunctionRuntimePolicyBypassScopeScopeVariable `pulumi:"variables"` +} + +// FunctionRuntimePolicyBypassScopeScopeInput is an input type that accepts FunctionRuntimePolicyBypassScopeScopeArgs and FunctionRuntimePolicyBypassScopeScopeOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBypassScopeScopeInput` via: +// +// FunctionRuntimePolicyBypassScopeScopeArgs{...} +type FunctionRuntimePolicyBypassScopeScopeInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBypassScopeScopeOutput() FunctionRuntimePolicyBypassScopeScopeOutput + ToFunctionRuntimePolicyBypassScopeScopeOutputWithContext(context.Context) FunctionRuntimePolicyBypassScopeScopeOutput +} + +type FunctionRuntimePolicyBypassScopeScopeArgs struct { + // Scope expression. + Expression pulumi.StringPtrInput `pulumi:"expression"` + // List of variables in the scope. + Variables FunctionRuntimePolicyBypassScopeScopeVariableArrayInput `pulumi:"variables"` +} + +func (FunctionRuntimePolicyBypassScopeScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBypassScopeScopeArgs) ToFunctionRuntimePolicyBypassScopeScopeOutput() FunctionRuntimePolicyBypassScopeScopeOutput { + return i.ToFunctionRuntimePolicyBypassScopeScopeOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBypassScopeScopeArgs) ToFunctionRuntimePolicyBypassScopeScopeOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBypassScopeScopeOutput) +} + +// FunctionRuntimePolicyBypassScopeScopeArrayInput is an input type that accepts FunctionRuntimePolicyBypassScopeScopeArray and FunctionRuntimePolicyBypassScopeScopeArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBypassScopeScopeArrayInput` via: +// +// FunctionRuntimePolicyBypassScopeScopeArray{ FunctionRuntimePolicyBypassScopeScopeArgs{...} } +type FunctionRuntimePolicyBypassScopeScopeArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBypassScopeScopeArrayOutput() FunctionRuntimePolicyBypassScopeScopeArrayOutput + ToFunctionRuntimePolicyBypassScopeScopeArrayOutputWithContext(context.Context) FunctionRuntimePolicyBypassScopeScopeArrayOutput +} + +type FunctionRuntimePolicyBypassScopeScopeArray []FunctionRuntimePolicyBypassScopeScopeInput + +func (FunctionRuntimePolicyBypassScopeScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBypassScopeScopeArray) ToFunctionRuntimePolicyBypassScopeScopeArrayOutput() FunctionRuntimePolicyBypassScopeScopeArrayOutput { + return i.ToFunctionRuntimePolicyBypassScopeScopeArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBypassScopeScopeArray) ToFunctionRuntimePolicyBypassScopeScopeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBypassScopeScopeArrayOutput) +} + +type FunctionRuntimePolicyBypassScopeScopeOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBypassScopeScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBypassScopeScopeOutput) ToFunctionRuntimePolicyBypassScopeScopeOutput() FunctionRuntimePolicyBypassScopeScopeOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeScopeOutput) ToFunctionRuntimePolicyBypassScopeScopeOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeOutput { + return o +} + +// Scope expression. +func (o FunctionRuntimePolicyBypassScopeScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBypassScopeScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +} + +// List of variables in the scope. +func (o FunctionRuntimePolicyBypassScopeScopeOutput) Variables() FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBypassScopeScope) []FunctionRuntimePolicyBypassScopeScopeVariable { + return v.Variables + }).(FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput) +} + +type FunctionRuntimePolicyBypassScopeScopeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBypassScopeScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBypassScopeScopeArrayOutput) ToFunctionRuntimePolicyBypassScopeScopeArrayOutput() FunctionRuntimePolicyBypassScopeScopeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeScopeArrayOutput) ToFunctionRuntimePolicyBypassScopeScopeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeScopeArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyBypassScopeScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyBypassScopeScope { + return vs[0].([]FunctionRuntimePolicyBypassScopeScope)[vs[1].(int)] + }).(FunctionRuntimePolicyBypassScopeScopeOutput) +} + +type FunctionRuntimePolicyBypassScopeScopeVariable struct { + // Variable attribute. + Attribute *string `pulumi:"attribute"` + // Variable value. + Value *string `pulumi:"value"` +} + +// FunctionRuntimePolicyBypassScopeScopeVariableInput is an input type that accepts FunctionRuntimePolicyBypassScopeScopeVariableArgs and FunctionRuntimePolicyBypassScopeScopeVariableOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBypassScopeScopeVariableInput` via: +// +// FunctionRuntimePolicyBypassScopeScopeVariableArgs{...} +type FunctionRuntimePolicyBypassScopeScopeVariableInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBypassScopeScopeVariableOutput() FunctionRuntimePolicyBypassScopeScopeVariableOutput + ToFunctionRuntimePolicyBypassScopeScopeVariableOutputWithContext(context.Context) FunctionRuntimePolicyBypassScopeScopeVariableOutput +} + +type FunctionRuntimePolicyBypassScopeScopeVariableArgs struct { + // Variable attribute. + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + // Variable value. + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (FunctionRuntimePolicyBypassScopeScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBypassScopeScopeVariableArgs) ToFunctionRuntimePolicyBypassScopeScopeVariableOutput() FunctionRuntimePolicyBypassScopeScopeVariableOutput { + return i.ToFunctionRuntimePolicyBypassScopeScopeVariableOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBypassScopeScopeVariableArgs) ToFunctionRuntimePolicyBypassScopeScopeVariableOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBypassScopeScopeVariableOutput) +} + +// FunctionRuntimePolicyBypassScopeScopeVariableArrayInput is an input type that accepts FunctionRuntimePolicyBypassScopeScopeVariableArray and FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyBypassScopeScopeVariableArrayInput` via: +// +// FunctionRuntimePolicyBypassScopeScopeVariableArray{ FunctionRuntimePolicyBypassScopeScopeVariableArgs{...} } +type FunctionRuntimePolicyBypassScopeScopeVariableArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutput() FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput + ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(context.Context) FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput +} + +type FunctionRuntimePolicyBypassScopeScopeVariableArray []FunctionRuntimePolicyBypassScopeScopeVariableInput + +func (FunctionRuntimePolicyBypassScopeScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (i FunctionRuntimePolicyBypassScopeScopeVariableArray) ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutput() FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput { + return i.ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyBypassScopeScopeVariableArray) ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput) +} + +type FunctionRuntimePolicyBypassScopeScopeVariableOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBypassScopeScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBypassScopeScopeVariableOutput) ToFunctionRuntimePolicyBypassScopeScopeVariableOutput() FunctionRuntimePolicyBypassScopeScopeVariableOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeScopeVariableOutput) ToFunctionRuntimePolicyBypassScopeScopeVariableOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeVariableOutput { + return o +} + +// Variable attribute. +func (o FunctionRuntimePolicyBypassScopeScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBypassScopeScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +} + +// Variable value. +func (o FunctionRuntimePolicyBypassScopeScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyBypassScopeScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (o FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput) ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutput() FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput) ToFunctionRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o +} + +func (o FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyBypassScopeScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyBypassScopeScopeVariable { + return vs[0].([]FunctionRuntimePolicyBypassScopeScopeVariable)[vs[1].(int)] + }).(FunctionRuntimePolicyBypassScopeScopeVariableOutput) +} + +type FunctionRuntimePolicyContainerExec struct { + BlockContainerExec *bool `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists []string `pulumi:"containerExecProcWhiteLists"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` +} + +// FunctionRuntimePolicyContainerExecInput is an input type that accepts FunctionRuntimePolicyContainerExecArgs and FunctionRuntimePolicyContainerExecOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyContainerExecInput` via: +// +// FunctionRuntimePolicyContainerExecArgs{...} +type FunctionRuntimePolicyContainerExecInput interface { + pulumi.Input + + ToFunctionRuntimePolicyContainerExecOutput() FunctionRuntimePolicyContainerExecOutput + ToFunctionRuntimePolicyContainerExecOutputWithContext(context.Context) FunctionRuntimePolicyContainerExecOutput +} + +type FunctionRuntimePolicyContainerExecArgs struct { + BlockContainerExec pulumi.BoolPtrInput `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists pulumi.StringArrayInput `pulumi:"containerExecProcWhiteLists"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` +} + +func (FunctionRuntimePolicyContainerExecArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyContainerExec)(nil)).Elem() +} + +func (i FunctionRuntimePolicyContainerExecArgs) ToFunctionRuntimePolicyContainerExecOutput() FunctionRuntimePolicyContainerExecOutput { + return i.ToFunctionRuntimePolicyContainerExecOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyContainerExecArgs) ToFunctionRuntimePolicyContainerExecOutputWithContext(ctx context.Context) FunctionRuntimePolicyContainerExecOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyContainerExecOutput) +} + +func (i FunctionRuntimePolicyContainerExecArgs) ToFunctionRuntimePolicyContainerExecPtrOutput() FunctionRuntimePolicyContainerExecPtrOutput { + return i.ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyContainerExecArgs) ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyContainerExecOutput).ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyContainerExecPtrInput is an input type that accepts FunctionRuntimePolicyContainerExecArgs, FunctionRuntimePolicyContainerExecPtr and FunctionRuntimePolicyContainerExecPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyContainerExecPtrInput` via: +// +// FunctionRuntimePolicyContainerExecArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyContainerExecPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyContainerExecPtrOutput() FunctionRuntimePolicyContainerExecPtrOutput + ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(context.Context) FunctionRuntimePolicyContainerExecPtrOutput +} + +type functionRuntimePolicyContainerExecPtrType FunctionRuntimePolicyContainerExecArgs + +func FunctionRuntimePolicyContainerExecPtr(v *FunctionRuntimePolicyContainerExecArgs) FunctionRuntimePolicyContainerExecPtrInput { + return (*functionRuntimePolicyContainerExecPtrType)(v) +} + +func (*functionRuntimePolicyContainerExecPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyContainerExec)(nil)).Elem() +} + +func (i *functionRuntimePolicyContainerExecPtrType) ToFunctionRuntimePolicyContainerExecPtrOutput() FunctionRuntimePolicyContainerExecPtrOutput { + return i.ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyContainerExecPtrType) ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyContainerExecPtrOutput) +} + +type FunctionRuntimePolicyContainerExecOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyContainerExecOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyContainerExec)(nil)).Elem() +} + +func (o FunctionRuntimePolicyContainerExecOutput) ToFunctionRuntimePolicyContainerExecOutput() FunctionRuntimePolicyContainerExecOutput { + return o +} + +func (o FunctionRuntimePolicyContainerExecOutput) ToFunctionRuntimePolicyContainerExecOutputWithContext(ctx context.Context) FunctionRuntimePolicyContainerExecOutput { + return o +} + +func (o FunctionRuntimePolicyContainerExecOutput) ToFunctionRuntimePolicyContainerExecPtrOutput() FunctionRuntimePolicyContainerExecPtrOutput { + return o.ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyContainerExecOutput) ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyContainerExecPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyContainerExec) *FunctionRuntimePolicyContainerExec { + return &v + }).(FunctionRuntimePolicyContainerExecPtrOutput) +} + +func (o FunctionRuntimePolicyContainerExecOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyContainerExec) *bool { return v.BlockContainerExec }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyContainerExecOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyContainerExec) []string { return v.ContainerExecProcWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyContainerExecOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyContainerExec) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyContainerExecOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyContainerExec) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyContainerExecPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyContainerExecPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyContainerExec)(nil)).Elem() +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) ToFunctionRuntimePolicyContainerExecPtrOutput() FunctionRuntimePolicyContainerExecPtrOutput { + return o +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) ToFunctionRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyContainerExecPtrOutput { + return o +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) Elem() FunctionRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyContainerExec) FunctionRuntimePolicyContainerExec { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyContainerExec + return ret + }).(FunctionRuntimePolicyContainerExecOutput) +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.BlockContainerExec + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ContainerExecProcWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyContainerExecPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyDriftPrevention struct { + // Whether drift prevention is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown *bool `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown *bool `pulumi:"imageLockdown"` +} + +// FunctionRuntimePolicyDriftPreventionInput is an input type that accepts FunctionRuntimePolicyDriftPreventionArgs and FunctionRuntimePolicyDriftPreventionOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyDriftPreventionInput` via: +// +// FunctionRuntimePolicyDriftPreventionArgs{...} +type FunctionRuntimePolicyDriftPreventionInput interface { + pulumi.Input + + ToFunctionRuntimePolicyDriftPreventionOutput() FunctionRuntimePolicyDriftPreventionOutput + ToFunctionRuntimePolicyDriftPreventionOutputWithContext(context.Context) FunctionRuntimePolicyDriftPreventionOutput +} + +type FunctionRuntimePolicyDriftPreventionArgs struct { + // Whether drift prevention is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown pulumi.BoolPtrInput `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists pulumi.StringArrayInput `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown pulumi.BoolPtrInput `pulumi:"imageLockdown"` +} + +func (FunctionRuntimePolicyDriftPreventionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (i FunctionRuntimePolicyDriftPreventionArgs) ToFunctionRuntimePolicyDriftPreventionOutput() FunctionRuntimePolicyDriftPreventionOutput { + return i.ToFunctionRuntimePolicyDriftPreventionOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyDriftPreventionArgs) ToFunctionRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) FunctionRuntimePolicyDriftPreventionOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyDriftPreventionOutput) +} + +// FunctionRuntimePolicyDriftPreventionArrayInput is an input type that accepts FunctionRuntimePolicyDriftPreventionArray and FunctionRuntimePolicyDriftPreventionArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyDriftPreventionArrayInput` via: +// +// FunctionRuntimePolicyDriftPreventionArray{ FunctionRuntimePolicyDriftPreventionArgs{...} } +type FunctionRuntimePolicyDriftPreventionArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyDriftPreventionArrayOutput() FunctionRuntimePolicyDriftPreventionArrayOutput + ToFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(context.Context) FunctionRuntimePolicyDriftPreventionArrayOutput +} + +type FunctionRuntimePolicyDriftPreventionArray []FunctionRuntimePolicyDriftPreventionInput + +func (FunctionRuntimePolicyDriftPreventionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (i FunctionRuntimePolicyDriftPreventionArray) ToFunctionRuntimePolicyDriftPreventionArrayOutput() FunctionRuntimePolicyDriftPreventionArrayOutput { + return i.ToFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyDriftPreventionArray) ToFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyDriftPreventionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyDriftPreventionArrayOutput) +} + +type FunctionRuntimePolicyDriftPreventionOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyDriftPreventionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (o FunctionRuntimePolicyDriftPreventionOutput) ToFunctionRuntimePolicyDriftPreventionOutput() FunctionRuntimePolicyDriftPreventionOutput { + return o +} + +func (o FunctionRuntimePolicyDriftPreventionOutput) ToFunctionRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) FunctionRuntimePolicyDriftPreventionOutput { + return o +} + +// Whether drift prevention is enabled. +func (o FunctionRuntimePolicyDriftPreventionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyDriftPrevention) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to lockdown execution drift. +func (o FunctionRuntimePolicyDriftPreventionOutput) ExecLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyDriftPrevention) *bool { return v.ExecLockdown }).(pulumi.BoolPtrOutput) +} + +// List of items in the execution lockdown white list. +func (o FunctionRuntimePolicyDriftPreventionOutput) ExecLockdownWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyDriftPrevention) []string { return v.ExecLockdownWhiteLists }).(pulumi.StringArrayOutput) +} + +// Whether to lockdown image drift. +func (o FunctionRuntimePolicyDriftPreventionOutput) ImageLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyDriftPrevention) *bool { return v.ImageLockdown }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyDriftPreventionArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyDriftPreventionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (o FunctionRuntimePolicyDriftPreventionArrayOutput) ToFunctionRuntimePolicyDriftPreventionArrayOutput() FunctionRuntimePolicyDriftPreventionArrayOutput { + return o +} + +func (o FunctionRuntimePolicyDriftPreventionArrayOutput) ToFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyDriftPreventionArrayOutput { + return o +} + +func (o FunctionRuntimePolicyDriftPreventionArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyDriftPreventionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyDriftPrevention { + return vs[0].([]FunctionRuntimePolicyDriftPrevention)[vs[1].(int)] + }).(FunctionRuntimePolicyDriftPreventionOutput) +} + +type FunctionRuntimePolicyExecutableBlacklist struct { + // Whether the executable blacklist is enabled. + Enabled *bool `pulumi:"enabled"` + // List of blacklisted executables. + Executables []string `pulumi:"executables"` +} + +// FunctionRuntimePolicyExecutableBlacklistInput is an input type that accepts FunctionRuntimePolicyExecutableBlacklistArgs and FunctionRuntimePolicyExecutableBlacklistOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyExecutableBlacklistInput` via: +// +// FunctionRuntimePolicyExecutableBlacklistArgs{...} +type FunctionRuntimePolicyExecutableBlacklistInput interface { + pulumi.Input + + ToFunctionRuntimePolicyExecutableBlacklistOutput() FunctionRuntimePolicyExecutableBlacklistOutput + ToFunctionRuntimePolicyExecutableBlacklistOutputWithContext(context.Context) FunctionRuntimePolicyExecutableBlacklistOutput +} + +type FunctionRuntimePolicyExecutableBlacklistArgs struct { + // Whether the executable blacklist is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of blacklisted executables. + Executables pulumi.StringArrayInput `pulumi:"executables"` +} + +func (FunctionRuntimePolicyExecutableBlacklistArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (i FunctionRuntimePolicyExecutableBlacklistArgs) ToFunctionRuntimePolicyExecutableBlacklistOutput() FunctionRuntimePolicyExecutableBlacklistOutput { + return i.ToFunctionRuntimePolicyExecutableBlacklistOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyExecutableBlacklistArgs) ToFunctionRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) FunctionRuntimePolicyExecutableBlacklistOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyExecutableBlacklistOutput) +} + +// FunctionRuntimePolicyExecutableBlacklistArrayInput is an input type that accepts FunctionRuntimePolicyExecutableBlacklistArray and FunctionRuntimePolicyExecutableBlacklistArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyExecutableBlacklistArrayInput` via: +// +// FunctionRuntimePolicyExecutableBlacklistArray{ FunctionRuntimePolicyExecutableBlacklistArgs{...} } +type FunctionRuntimePolicyExecutableBlacklistArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyExecutableBlacklistArrayOutput() FunctionRuntimePolicyExecutableBlacklistArrayOutput + ToFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Context) FunctionRuntimePolicyExecutableBlacklistArrayOutput +} + +type FunctionRuntimePolicyExecutableBlacklistArray []FunctionRuntimePolicyExecutableBlacklistInput + +func (FunctionRuntimePolicyExecutableBlacklistArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (i FunctionRuntimePolicyExecutableBlacklistArray) ToFunctionRuntimePolicyExecutableBlacklistArrayOutput() FunctionRuntimePolicyExecutableBlacklistArrayOutput { + return i.ToFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyExecutableBlacklistArray) ToFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyExecutableBlacklistArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyExecutableBlacklistArrayOutput) +} + +type FunctionRuntimePolicyExecutableBlacklistOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyExecutableBlacklistOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (o FunctionRuntimePolicyExecutableBlacklistOutput) ToFunctionRuntimePolicyExecutableBlacklistOutput() FunctionRuntimePolicyExecutableBlacklistOutput { + return o +} + +func (o FunctionRuntimePolicyExecutableBlacklistOutput) ToFunctionRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) FunctionRuntimePolicyExecutableBlacklistOutput { + return o +} + +// Whether the executable blacklist is enabled. +func (o FunctionRuntimePolicyExecutableBlacklistOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyExecutableBlacklist) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of blacklisted executables. +func (o FunctionRuntimePolicyExecutableBlacklistOutput) Executables() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyExecutableBlacklist) []string { return v.Executables }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyExecutableBlacklistArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyExecutableBlacklistArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (o FunctionRuntimePolicyExecutableBlacklistArrayOutput) ToFunctionRuntimePolicyExecutableBlacklistArrayOutput() FunctionRuntimePolicyExecutableBlacklistArrayOutput { + return o +} + +func (o FunctionRuntimePolicyExecutableBlacklistArrayOutput) ToFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyExecutableBlacklistArrayOutput { + return o +} + +func (o FunctionRuntimePolicyExecutableBlacklistArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyExecutableBlacklistOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyExecutableBlacklist { + return vs[0].([]FunctionRuntimePolicyExecutableBlacklist)[vs[1].(int)] + }).(FunctionRuntimePolicyExecutableBlacklistOutput) +} + +type FunctionRuntimePolicyFailedKubernetesChecks struct { + Enabled *bool `pulumi:"enabled"` + FailedChecks []string `pulumi:"failedChecks"` +} + +// FunctionRuntimePolicyFailedKubernetesChecksInput is an input type that accepts FunctionRuntimePolicyFailedKubernetesChecksArgs and FunctionRuntimePolicyFailedKubernetesChecksOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyFailedKubernetesChecksInput` via: +// +// FunctionRuntimePolicyFailedKubernetesChecksArgs{...} +type FunctionRuntimePolicyFailedKubernetesChecksInput interface { + pulumi.Input + + ToFunctionRuntimePolicyFailedKubernetesChecksOutput() FunctionRuntimePolicyFailedKubernetesChecksOutput + ToFunctionRuntimePolicyFailedKubernetesChecksOutputWithContext(context.Context) FunctionRuntimePolicyFailedKubernetesChecksOutput +} + +type FunctionRuntimePolicyFailedKubernetesChecksArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + FailedChecks pulumi.StringArrayInput `pulumi:"failedChecks"` +} + +func (FunctionRuntimePolicyFailedKubernetesChecksArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (i FunctionRuntimePolicyFailedKubernetesChecksArgs) ToFunctionRuntimePolicyFailedKubernetesChecksOutput() FunctionRuntimePolicyFailedKubernetesChecksOutput { + return i.ToFunctionRuntimePolicyFailedKubernetesChecksOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyFailedKubernetesChecksArgs) ToFunctionRuntimePolicyFailedKubernetesChecksOutputWithContext(ctx context.Context) FunctionRuntimePolicyFailedKubernetesChecksOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFailedKubernetesChecksOutput) +} + +func (i FunctionRuntimePolicyFailedKubernetesChecksArgs) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutput() FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return i.ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyFailedKubernetesChecksArgs) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFailedKubernetesChecksOutput).ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyFailedKubernetesChecksPtrInput is an input type that accepts FunctionRuntimePolicyFailedKubernetesChecksArgs, FunctionRuntimePolicyFailedKubernetesChecksPtr and FunctionRuntimePolicyFailedKubernetesChecksPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyFailedKubernetesChecksPtrInput` via: +// +// FunctionRuntimePolicyFailedKubernetesChecksArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyFailedKubernetesChecksPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutput() FunctionRuntimePolicyFailedKubernetesChecksPtrOutput + ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Context) FunctionRuntimePolicyFailedKubernetesChecksPtrOutput +} + +type functionRuntimePolicyFailedKubernetesChecksPtrType FunctionRuntimePolicyFailedKubernetesChecksArgs + +func FunctionRuntimePolicyFailedKubernetesChecksPtr(v *FunctionRuntimePolicyFailedKubernetesChecksArgs) FunctionRuntimePolicyFailedKubernetesChecksPtrInput { + return (*functionRuntimePolicyFailedKubernetesChecksPtrType)(v) +} + +func (*functionRuntimePolicyFailedKubernetesChecksPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (i *functionRuntimePolicyFailedKubernetesChecksPtrType) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutput() FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return i.ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyFailedKubernetesChecksPtrType) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) +} + +type FunctionRuntimePolicyFailedKubernetesChecksOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyFailedKubernetesChecksOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksOutput) ToFunctionRuntimePolicyFailedKubernetesChecksOutput() FunctionRuntimePolicyFailedKubernetesChecksOutput { + return o +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksOutput) ToFunctionRuntimePolicyFailedKubernetesChecksOutputWithContext(ctx context.Context) FunctionRuntimePolicyFailedKubernetesChecksOutput { + return o +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksOutput) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutput() FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return o.ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksOutput) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyFailedKubernetesChecks) *FunctionRuntimePolicyFailedKubernetesChecks { + return &v + }).(FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFailedKubernetesChecks) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksOutput) FailedChecks() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFailedKubernetesChecks) []string { return v.FailedChecks }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyFailedKubernetesChecksPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutput() FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return o +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) ToFunctionRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFailedKubernetesChecksPtrOutput { + return o +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) Elem() FunctionRuntimePolicyFailedKubernetesChecksOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFailedKubernetesChecks) FunctionRuntimePolicyFailedKubernetesChecks { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyFailedKubernetesChecks + return ret + }).(FunctionRuntimePolicyFailedKubernetesChecksOutput) +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFailedKubernetesChecks) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyFailedKubernetesChecksPtrOutput) FailedChecks() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFailedKubernetesChecks) []string { + if v == nil { + return nil + } + return v.FailedChecks + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyFileBlock struct { + BlockFilesProcesses []string `pulumi:"blockFilesProcesses"` + BlockFilesUsers []string `pulumi:"blockFilesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockFiles []string `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses []string `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers []string `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists []string `pulumi:"filenameBlockLists"` +} + +// FunctionRuntimePolicyFileBlockInput is an input type that accepts FunctionRuntimePolicyFileBlockArgs and FunctionRuntimePolicyFileBlockOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyFileBlockInput` via: +// +// FunctionRuntimePolicyFileBlockArgs{...} +type FunctionRuntimePolicyFileBlockInput interface { + pulumi.Input + + ToFunctionRuntimePolicyFileBlockOutput() FunctionRuntimePolicyFileBlockOutput + ToFunctionRuntimePolicyFileBlockOutputWithContext(context.Context) FunctionRuntimePolicyFileBlockOutput +} + +type FunctionRuntimePolicyFileBlockArgs struct { + BlockFilesProcesses pulumi.StringArrayInput `pulumi:"blockFilesProcesses"` + BlockFilesUsers pulumi.StringArrayInput `pulumi:"blockFilesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists pulumi.StringArrayInput `pulumi:"filenameBlockLists"` +} + +func (FunctionRuntimePolicyFileBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyFileBlock)(nil)).Elem() +} + +func (i FunctionRuntimePolicyFileBlockArgs) ToFunctionRuntimePolicyFileBlockOutput() FunctionRuntimePolicyFileBlockOutput { + return i.ToFunctionRuntimePolicyFileBlockOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyFileBlockArgs) ToFunctionRuntimePolicyFileBlockOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFileBlockOutput) +} + +func (i FunctionRuntimePolicyFileBlockArgs) ToFunctionRuntimePolicyFileBlockPtrOutput() FunctionRuntimePolicyFileBlockPtrOutput { + return i.ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyFileBlockArgs) ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFileBlockOutput).ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyFileBlockPtrInput is an input type that accepts FunctionRuntimePolicyFileBlockArgs, FunctionRuntimePolicyFileBlockPtr and FunctionRuntimePolicyFileBlockPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyFileBlockPtrInput` via: +// +// FunctionRuntimePolicyFileBlockArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyFileBlockPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyFileBlockPtrOutput() FunctionRuntimePolicyFileBlockPtrOutput + ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(context.Context) FunctionRuntimePolicyFileBlockPtrOutput +} + +type functionRuntimePolicyFileBlockPtrType FunctionRuntimePolicyFileBlockArgs + +func FunctionRuntimePolicyFileBlockPtr(v *FunctionRuntimePolicyFileBlockArgs) FunctionRuntimePolicyFileBlockPtrInput { + return (*functionRuntimePolicyFileBlockPtrType)(v) +} + +func (*functionRuntimePolicyFileBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyFileBlock)(nil)).Elem() +} + +func (i *functionRuntimePolicyFileBlockPtrType) ToFunctionRuntimePolicyFileBlockPtrOutput() FunctionRuntimePolicyFileBlockPtrOutput { + return i.ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyFileBlockPtrType) ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFileBlockPtrOutput) +} + +type FunctionRuntimePolicyFileBlockOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyFileBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyFileBlock)(nil)).Elem() +} + +func (o FunctionRuntimePolicyFileBlockOutput) ToFunctionRuntimePolicyFileBlockOutput() FunctionRuntimePolicyFileBlockOutput { + return o +} + +func (o FunctionRuntimePolicyFileBlockOutput) ToFunctionRuntimePolicyFileBlockOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileBlockOutput { + return o +} + +func (o FunctionRuntimePolicyFileBlockOutput) ToFunctionRuntimePolicyFileBlockPtrOutput() FunctionRuntimePolicyFileBlockPtrOutput { + return o.ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyFileBlockOutput) ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyFileBlock) *FunctionRuntimePolicyFileBlock { + return &v + }).(FunctionRuntimePolicyFileBlockPtrOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) []string { return v.BlockFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) []string { return v.BlockFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFiles }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileBlock) []string { return v.FilenameBlockLists }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyFileBlockPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyFileBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyFileBlock)(nil)).Elem() +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) ToFunctionRuntimePolicyFileBlockPtrOutput() FunctionRuntimePolicyFileBlockPtrOutput { + return o +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) ToFunctionRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileBlockPtrOutput { + return o +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) Elem() FunctionRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) FunctionRuntimePolicyFileBlock { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyFileBlock + return ret + }).(FunctionRuntimePolicyFileBlockOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFiles + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyFileBlockPtrOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.FilenameBlockLists + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyFileIntegrityMonitoring struct { + // If true, file integrity monitoring is enabled. + Enabled *bool `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles []string `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses []string `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers []string `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles []string `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes *bool `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate *bool `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete *bool `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify *bool `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses []string `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead *bool `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers []string `pulumi:"monitoredFilesUsers"` +} + +// FunctionRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts FunctionRuntimePolicyFileIntegrityMonitoringArgs and FunctionRuntimePolicyFileIntegrityMonitoringOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyFileIntegrityMonitoringInput` via: +// +// FunctionRuntimePolicyFileIntegrityMonitoringArgs{...} +type FunctionRuntimePolicyFileIntegrityMonitoringInput interface { + pulumi.Input + + ToFunctionRuntimePolicyFileIntegrityMonitoringOutput() FunctionRuntimePolicyFileIntegrityMonitoringOutput + ToFunctionRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) FunctionRuntimePolicyFileIntegrityMonitoringOutput +} + +type FunctionRuntimePolicyFileIntegrityMonitoringArgs struct { + // If true, file integrity monitoring is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles pulumi.StringArrayInput `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes pulumi.BoolPtrInput `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate pulumi.BoolPtrInput `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete pulumi.BoolPtrInput `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify pulumi.BoolPtrInput `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead pulumi.BoolPtrInput `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers pulumi.StringArrayInput `pulumi:"monitoredFilesUsers"` +} + +func (FunctionRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (i FunctionRuntimePolicyFileIntegrityMonitoringArgs) ToFunctionRuntimePolicyFileIntegrityMonitoringOutput() FunctionRuntimePolicyFileIntegrityMonitoringOutput { + return i.ToFunctionRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyFileIntegrityMonitoringArgs) ToFunctionRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileIntegrityMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFileIntegrityMonitoringOutput) +} + +// FunctionRuntimePolicyFileIntegrityMonitoringArrayInput is an input type that accepts FunctionRuntimePolicyFileIntegrityMonitoringArray and FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyFileIntegrityMonitoringArrayInput` via: +// +// FunctionRuntimePolicyFileIntegrityMonitoringArray{ FunctionRuntimePolicyFileIntegrityMonitoringArgs{...} } +type FunctionRuntimePolicyFileIntegrityMonitoringArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutput() FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput + ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(context.Context) FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput +} + +type FunctionRuntimePolicyFileIntegrityMonitoringArray []FunctionRuntimePolicyFileIntegrityMonitoringInput + +func (FunctionRuntimePolicyFileIntegrityMonitoringArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (i FunctionRuntimePolicyFileIntegrityMonitoringArray) ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutput() FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput { + return i.ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyFileIntegrityMonitoringArray) ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput) +} + +type FunctionRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) ToFunctionRuntimePolicyFileIntegrityMonitoringOutput() FunctionRuntimePolicyFileIntegrityMonitoringOutput { + return o +} + +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) ToFunctionRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileIntegrityMonitoringOutput { + return o +} + +// If true, file integrity monitoring is enabled. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of paths to be excluded from monitoring. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFiles }).(pulumi.StringArrayOutput) +} + +// List of processes to be excluded from monitoring. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) []string { + return v.ExceptionalMonitoredFilesProcesses + }).(pulumi.StringArrayOutput) +} + +// List of users to be excluded from monitoring. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFilesUsers }).(pulumi.StringArrayOutput) +} + +// List of paths to be monitored. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFiles }).(pulumi.StringArrayOutput) +} + +// Whether to monitor file attribute operations. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesAttributes }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file create operations. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesCreate }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file delete operations. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesDelete }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file modify operations. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesModify }).(pulumi.BoolPtrOutput) +} + +// List of processes associated with monitored files. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesProcesses }).(pulumi.StringArrayOutput) +} + +// Whether to monitor file read operations. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesRead }).(pulumi.BoolPtrOutput) +} + +// List of users associated with monitored files. +func (o FunctionRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesUsers }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (o FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput) ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutput() FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput { + return o +} + +func (o FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput) ToFunctionRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput { + return o +} + +func (o FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyFileIntegrityMonitoringOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyFileIntegrityMonitoring { + return vs[0].([]FunctionRuntimePolicyFileIntegrityMonitoring)[vs[1].(int)] + }).(FunctionRuntimePolicyFileIntegrityMonitoringOutput) +} + +type FunctionRuntimePolicyLimitContainerPrivilege struct { + // Whether to block adding capabilities. + BlockAddCapabilities *bool `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode *bool `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode *bool `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode *bool `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding *bool `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser *bool `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged *bool `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser *bool `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode *bool `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode *bool `pulumi:"utsmode"` +} + +// FunctionRuntimePolicyLimitContainerPrivilegeInput is an input type that accepts FunctionRuntimePolicyLimitContainerPrivilegeArgs and FunctionRuntimePolicyLimitContainerPrivilegeOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyLimitContainerPrivilegeInput` via: +// +// FunctionRuntimePolicyLimitContainerPrivilegeArgs{...} +type FunctionRuntimePolicyLimitContainerPrivilegeInput interface { + pulumi.Input + + ToFunctionRuntimePolicyLimitContainerPrivilegeOutput() FunctionRuntimePolicyLimitContainerPrivilegeOutput + ToFunctionRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Context) FunctionRuntimePolicyLimitContainerPrivilegeOutput +} + +type FunctionRuntimePolicyLimitContainerPrivilegeArgs struct { + // Whether to block adding capabilities. + BlockAddCapabilities pulumi.BoolPtrInput `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode pulumi.BoolPtrInput `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode pulumi.BoolPtrInput `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode pulumi.BoolPtrInput `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding pulumi.BoolPtrInput `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser pulumi.BoolPtrInput `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged pulumi.BoolPtrInput `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser pulumi.BoolPtrInput `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode pulumi.BoolPtrInput `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode pulumi.BoolPtrInput `pulumi:"utsmode"` +} + +func (FunctionRuntimePolicyLimitContainerPrivilegeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (i FunctionRuntimePolicyLimitContainerPrivilegeArgs) ToFunctionRuntimePolicyLimitContainerPrivilegeOutput() FunctionRuntimePolicyLimitContainerPrivilegeOutput { + return i.ToFunctionRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyLimitContainerPrivilegeArgs) ToFunctionRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) FunctionRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyLimitContainerPrivilegeOutput) +} + +// FunctionRuntimePolicyLimitContainerPrivilegeArrayInput is an input type that accepts FunctionRuntimePolicyLimitContainerPrivilegeArray and FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyLimitContainerPrivilegeArrayInput` via: +// +// FunctionRuntimePolicyLimitContainerPrivilegeArray{ FunctionRuntimePolicyLimitContainerPrivilegeArgs{...} } +type FunctionRuntimePolicyLimitContainerPrivilegeArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutput() FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput + ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Context) FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput +} + +type FunctionRuntimePolicyLimitContainerPrivilegeArray []FunctionRuntimePolicyLimitContainerPrivilegeInput + +func (FunctionRuntimePolicyLimitContainerPrivilegeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (i FunctionRuntimePolicyLimitContainerPrivilegeArray) ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutput() FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput { + return i.ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyLimitContainerPrivilegeArray) ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput) +} + +type FunctionRuntimePolicyLimitContainerPrivilegeOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyLimitContainerPrivilegeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) ToFunctionRuntimePolicyLimitContainerPrivilegeOutput() FunctionRuntimePolicyLimitContainerPrivilegeOutput { + return o +} + +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) ToFunctionRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) FunctionRuntimePolicyLimitContainerPrivilegeOutput { + return o +} + +// Whether to block adding capabilities. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) BlockAddCapabilities() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.BlockAddCapabilities }).(pulumi.BoolPtrOutput) +} + +// Whether container privilege limitations are enabled. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to limit IPC-related capabilities. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Ipcmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Ipcmode }).(pulumi.BoolPtrOutput) +} + +// Whether to limit network-related capabilities. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Netmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Netmode }).(pulumi.BoolPtrOutput) +} + +// Whether to limit process-related capabilities. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Pidmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Pidmode }).(pulumi.BoolPtrOutput) +} + +// Whether to prevent low port binding. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) PreventLowPortBinding() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventLowPortBinding }).(pulumi.BoolPtrOutput) +} + +// Whether to prevent the use of the root user. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) PreventRootUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventRootUser }).(pulumi.BoolPtrOutput) +} + +// Whether the container is run in privileged mode. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Privileged() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Privileged }).(pulumi.BoolPtrOutput) +} + +// Whether to use the host user. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) UseHostUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.UseHostUser }).(pulumi.BoolPtrOutput) +} + +// Whether to limit user-related capabilities. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Usermode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Usermode }).(pulumi.BoolPtrOutput) +} + +// Whether to limit UTS-related capabilities. +func (o FunctionRuntimePolicyLimitContainerPrivilegeOutput) Utsmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLimitContainerPrivilege) *bool { return v.Utsmode }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (o FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput) ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutput() FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput) ToFunctionRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyLimitContainerPrivilege { + return vs[0].([]FunctionRuntimePolicyLimitContainerPrivilege)[vs[1].(int)] + }).(FunctionRuntimePolicyLimitContainerPrivilegeOutput) +} + +type FunctionRuntimePolicyLinuxCapabilities struct { + Enabled *bool `pulumi:"enabled"` + RemoveLinuxCapabilities []string `pulumi:"removeLinuxCapabilities"` +} + +// FunctionRuntimePolicyLinuxCapabilitiesInput is an input type that accepts FunctionRuntimePolicyLinuxCapabilitiesArgs and FunctionRuntimePolicyLinuxCapabilitiesOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyLinuxCapabilitiesInput` via: +// +// FunctionRuntimePolicyLinuxCapabilitiesArgs{...} +type FunctionRuntimePolicyLinuxCapabilitiesInput interface { + pulumi.Input + + ToFunctionRuntimePolicyLinuxCapabilitiesOutput() FunctionRuntimePolicyLinuxCapabilitiesOutput + ToFunctionRuntimePolicyLinuxCapabilitiesOutputWithContext(context.Context) FunctionRuntimePolicyLinuxCapabilitiesOutput +} + +type FunctionRuntimePolicyLinuxCapabilitiesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + RemoveLinuxCapabilities pulumi.StringArrayInput `pulumi:"removeLinuxCapabilities"` +} + +func (FunctionRuntimePolicyLinuxCapabilitiesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (i FunctionRuntimePolicyLinuxCapabilitiesArgs) ToFunctionRuntimePolicyLinuxCapabilitiesOutput() FunctionRuntimePolicyLinuxCapabilitiesOutput { + return i.ToFunctionRuntimePolicyLinuxCapabilitiesOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyLinuxCapabilitiesArgs) ToFunctionRuntimePolicyLinuxCapabilitiesOutputWithContext(ctx context.Context) FunctionRuntimePolicyLinuxCapabilitiesOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyLinuxCapabilitiesOutput) +} + +func (i FunctionRuntimePolicyLinuxCapabilitiesArgs) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutput() FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return i.ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyLinuxCapabilitiesArgs) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyLinuxCapabilitiesOutput).ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyLinuxCapabilitiesPtrInput is an input type that accepts FunctionRuntimePolicyLinuxCapabilitiesArgs, FunctionRuntimePolicyLinuxCapabilitiesPtr and FunctionRuntimePolicyLinuxCapabilitiesPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyLinuxCapabilitiesPtrInput` via: +// +// FunctionRuntimePolicyLinuxCapabilitiesArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyLinuxCapabilitiesPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutput() FunctionRuntimePolicyLinuxCapabilitiesPtrOutput + ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Context) FunctionRuntimePolicyLinuxCapabilitiesPtrOutput +} + +type functionRuntimePolicyLinuxCapabilitiesPtrType FunctionRuntimePolicyLinuxCapabilitiesArgs + +func FunctionRuntimePolicyLinuxCapabilitiesPtr(v *FunctionRuntimePolicyLinuxCapabilitiesArgs) FunctionRuntimePolicyLinuxCapabilitiesPtrInput { + return (*functionRuntimePolicyLinuxCapabilitiesPtrType)(v) +} + +func (*functionRuntimePolicyLinuxCapabilitiesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (i *functionRuntimePolicyLinuxCapabilitiesPtrType) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutput() FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return i.ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyLinuxCapabilitiesPtrType) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) +} + +type FunctionRuntimePolicyLinuxCapabilitiesOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyLinuxCapabilitiesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesOutput) ToFunctionRuntimePolicyLinuxCapabilitiesOutput() FunctionRuntimePolicyLinuxCapabilitiesOutput { + return o +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesOutput) ToFunctionRuntimePolicyLinuxCapabilitiesOutputWithContext(ctx context.Context) FunctionRuntimePolicyLinuxCapabilitiesOutput { + return o +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesOutput) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutput() FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return o.ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesOutput) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyLinuxCapabilities) *FunctionRuntimePolicyLinuxCapabilities { + return &v + }).(FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLinuxCapabilities) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesOutput) RemoveLinuxCapabilities() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyLinuxCapabilities) []string { return v.RemoveLinuxCapabilities }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyLinuxCapabilitiesPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutput() FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return o +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) ToFunctionRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyLinuxCapabilitiesPtrOutput { + return o +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) Elem() FunctionRuntimePolicyLinuxCapabilitiesOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyLinuxCapabilities) FunctionRuntimePolicyLinuxCapabilities { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyLinuxCapabilities + return ret + }).(FunctionRuntimePolicyLinuxCapabilitiesOutput) +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyLinuxCapabilities) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyLinuxCapabilitiesPtrOutput) RemoveLinuxCapabilities() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyLinuxCapabilities) []string { + if v == nil { + return nil + } + return v.RemoveLinuxCapabilities + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyMalwareScanOptions struct { + // Set Action, Defaults to 'Alert' when empty + Action *string `pulumi:"action"` + // Defines if enabled or not + Enabled *bool `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories []string `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses []string `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories []string `pulumi:"includeDirectories"` +} + +// FunctionRuntimePolicyMalwareScanOptionsInput is an input type that accepts FunctionRuntimePolicyMalwareScanOptionsArgs and FunctionRuntimePolicyMalwareScanOptionsOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyMalwareScanOptionsInput` via: +// +// FunctionRuntimePolicyMalwareScanOptionsArgs{...} +type FunctionRuntimePolicyMalwareScanOptionsInput interface { + pulumi.Input + + ToFunctionRuntimePolicyMalwareScanOptionsOutput() FunctionRuntimePolicyMalwareScanOptionsOutput + ToFunctionRuntimePolicyMalwareScanOptionsOutputWithContext(context.Context) FunctionRuntimePolicyMalwareScanOptionsOutput +} + +type FunctionRuntimePolicyMalwareScanOptionsArgs struct { + // Set Action, Defaults to 'Alert' when empty + Action pulumi.StringPtrInput `pulumi:"action"` + // Defines if enabled or not + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories pulumi.StringArrayInput `pulumi:"includeDirectories"` +} + +func (FunctionRuntimePolicyMalwareScanOptionsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (i FunctionRuntimePolicyMalwareScanOptionsArgs) ToFunctionRuntimePolicyMalwareScanOptionsOutput() FunctionRuntimePolicyMalwareScanOptionsOutput { + return i.ToFunctionRuntimePolicyMalwareScanOptionsOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyMalwareScanOptionsArgs) ToFunctionRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) FunctionRuntimePolicyMalwareScanOptionsOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyMalwareScanOptionsOutput) +} + +func (i FunctionRuntimePolicyMalwareScanOptionsArgs) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutput() FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return i.ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyMalwareScanOptionsArgs) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyMalwareScanOptionsOutput).ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyMalwareScanOptionsPtrInput is an input type that accepts FunctionRuntimePolicyMalwareScanOptionsArgs, FunctionRuntimePolicyMalwareScanOptionsPtr and FunctionRuntimePolicyMalwareScanOptionsPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyMalwareScanOptionsPtrInput` via: +// +// FunctionRuntimePolicyMalwareScanOptionsArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyMalwareScanOptionsPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyMalwareScanOptionsPtrOutput() FunctionRuntimePolicyMalwareScanOptionsPtrOutput + ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Context) FunctionRuntimePolicyMalwareScanOptionsPtrOutput +} + +type functionRuntimePolicyMalwareScanOptionsPtrType FunctionRuntimePolicyMalwareScanOptionsArgs + +func FunctionRuntimePolicyMalwareScanOptionsPtr(v *FunctionRuntimePolicyMalwareScanOptionsArgs) FunctionRuntimePolicyMalwareScanOptionsPtrInput { + return (*functionRuntimePolicyMalwareScanOptionsPtrType)(v) +} + +func (*functionRuntimePolicyMalwareScanOptionsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (i *functionRuntimePolicyMalwareScanOptionsPtrType) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutput() FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return i.ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyMalwareScanOptionsPtrType) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyMalwareScanOptionsPtrOutput) +} + +type FunctionRuntimePolicyMalwareScanOptionsOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyMalwareScanOptionsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) ToFunctionRuntimePolicyMalwareScanOptionsOutput() FunctionRuntimePolicyMalwareScanOptionsOutput { + return o +} + +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) ToFunctionRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) FunctionRuntimePolicyMalwareScanOptionsOutput { + return o +} + +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutput() FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyMalwareScanOptions) *FunctionRuntimePolicyMalwareScanOptions { + return &v + }).(FunctionRuntimePolicyMalwareScanOptionsPtrOutput) +} + +// Set Action, Defaults to 'Alert' when empty +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyMalwareScanOptions) *string { return v.Action }).(pulumi.StringPtrOutput) +} + +// Defines if enabled or not +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyMalwareScanOptions) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of registry paths to be excluded from being protected. +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyMalwareScanOptions) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) +} + +// List of registry processes to be excluded from being protected. +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyMalwareScanOptions) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +} + +// List of registry paths to be excluded from being protected. +func (o FunctionRuntimePolicyMalwareScanOptionsOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyMalwareScanOptions) []string { return v.IncludeDirectories }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyMalwareScanOptionsPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyMalwareScanOptionsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutput() FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return o +} + +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) ToFunctionRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyMalwareScanOptionsPtrOutput { + return o +} + +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) Elem() FunctionRuntimePolicyMalwareScanOptionsOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyMalwareScanOptions) FunctionRuntimePolicyMalwareScanOptions { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyMalwareScanOptions + return ret + }).(FunctionRuntimePolicyMalwareScanOptionsOutput) +} + +// Set Action, Defaults to 'Alert' when empty +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyMalwareScanOptions) *string { + if v == nil { + return nil + } + return v.Action + }).(pulumi.StringPtrOutput) +} + +// Defines if enabled or not +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyMalwareScanOptions) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// List of registry paths to be excluded from being protected. +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.ExcludeDirectories + }).(pulumi.StringArrayOutput) +} + +// List of registry processes to be excluded from being protected. +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.ExcludeProcesses + }).(pulumi.StringArrayOutput) +} + +// List of registry paths to be excluded from being protected. +func (o FunctionRuntimePolicyMalwareScanOptionsPtrOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.IncludeDirectories + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyPackageBlock struct { + BlockPackagesProcesses []string `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers []string `pulumi:"blockPackagesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockPackagesFiles []string `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses []string `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers []string `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists []string `pulumi:"packagesBlackLists"` +} + +// FunctionRuntimePolicyPackageBlockInput is an input type that accepts FunctionRuntimePolicyPackageBlockArgs and FunctionRuntimePolicyPackageBlockOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyPackageBlockInput` via: +// +// FunctionRuntimePolicyPackageBlockArgs{...} +type FunctionRuntimePolicyPackageBlockInput interface { + pulumi.Input + + ToFunctionRuntimePolicyPackageBlockOutput() FunctionRuntimePolicyPackageBlockOutput + ToFunctionRuntimePolicyPackageBlockOutputWithContext(context.Context) FunctionRuntimePolicyPackageBlockOutput +} + +type FunctionRuntimePolicyPackageBlockArgs struct { + BlockPackagesProcesses pulumi.StringArrayInput `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers pulumi.StringArrayInput `pulumi:"blockPackagesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockPackagesFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists pulumi.StringArrayInput `pulumi:"packagesBlackLists"` +} + +func (FunctionRuntimePolicyPackageBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i FunctionRuntimePolicyPackageBlockArgs) ToFunctionRuntimePolicyPackageBlockOutput() FunctionRuntimePolicyPackageBlockOutput { + return i.ToFunctionRuntimePolicyPackageBlockOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyPackageBlockArgs) ToFunctionRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) FunctionRuntimePolicyPackageBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyPackageBlockOutput) +} + +func (i FunctionRuntimePolicyPackageBlockArgs) ToFunctionRuntimePolicyPackageBlockPtrOutput() FunctionRuntimePolicyPackageBlockPtrOutput { + return i.ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyPackageBlockArgs) ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPackageBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyPackageBlockOutput).ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyPackageBlockPtrInput is an input type that accepts FunctionRuntimePolicyPackageBlockArgs, FunctionRuntimePolicyPackageBlockPtr and FunctionRuntimePolicyPackageBlockPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyPackageBlockPtrInput` via: +// +// FunctionRuntimePolicyPackageBlockArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyPackageBlockPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyPackageBlockPtrOutput() FunctionRuntimePolicyPackageBlockPtrOutput + ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(context.Context) FunctionRuntimePolicyPackageBlockPtrOutput +} + +type functionRuntimePolicyPackageBlockPtrType FunctionRuntimePolicyPackageBlockArgs + +func FunctionRuntimePolicyPackageBlockPtr(v *FunctionRuntimePolicyPackageBlockArgs) FunctionRuntimePolicyPackageBlockPtrInput { + return (*functionRuntimePolicyPackageBlockPtrType)(v) +} + +func (*functionRuntimePolicyPackageBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i *functionRuntimePolicyPackageBlockPtrType) ToFunctionRuntimePolicyPackageBlockPtrOutput() FunctionRuntimePolicyPackageBlockPtrOutput { + return i.ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyPackageBlockPtrType) ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPackageBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyPackageBlockPtrOutput) +} + +type FunctionRuntimePolicyPackageBlockOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyPackageBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ToFunctionRuntimePolicyPackageBlockOutput() FunctionRuntimePolicyPackageBlockOutput { + return o +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ToFunctionRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) FunctionRuntimePolicyPackageBlockOutput { + return o +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ToFunctionRuntimePolicyPackageBlockPtrOutput() FunctionRuntimePolicyPackageBlockPtrOutput { + return o.ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPackageBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyPackageBlock) *FunctionRuntimePolicyPackageBlock { + return &v + }).(FunctionRuntimePolicyPackageBlockPtrOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) BlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) []string { return v.BlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) BlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) []string { return v.BlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesFiles }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockOutput) PackagesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPackageBlock) []string { return v.PackagesBlackLists }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyPackageBlockPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyPackageBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) ToFunctionRuntimePolicyPackageBlockPtrOutput() FunctionRuntimePolicyPackageBlockPtrOutput { + return o +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) ToFunctionRuntimePolicyPackageBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPackageBlockPtrOutput { + return o +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) Elem() FunctionRuntimePolicyPackageBlockOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) FunctionRuntimePolicyPackageBlock { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyPackageBlock + return ret + }).(FunctionRuntimePolicyPackageBlockOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) BlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.BlockPackagesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) BlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.BlockPackagesUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) ExceptionalBlockPackagesFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockPackagesFiles + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) ExceptionalBlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockPackagesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) ExceptionalBlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockPackagesUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPackageBlockPtrOutput) PackagesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPackageBlock) []string { + if v == nil { + return nil + } + return v.PackagesBlackLists + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyPortBlock struct { + BlockInboundPorts []string `pulumi:"blockInboundPorts"` + BlockOutboundPorts []string `pulumi:"blockOutboundPorts"` + Enabled *bool `pulumi:"enabled"` +} + +// FunctionRuntimePolicyPortBlockInput is an input type that accepts FunctionRuntimePolicyPortBlockArgs and FunctionRuntimePolicyPortBlockOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyPortBlockInput` via: +// +// FunctionRuntimePolicyPortBlockArgs{...} +type FunctionRuntimePolicyPortBlockInput interface { + pulumi.Input + + ToFunctionRuntimePolicyPortBlockOutput() FunctionRuntimePolicyPortBlockOutput + ToFunctionRuntimePolicyPortBlockOutputWithContext(context.Context) FunctionRuntimePolicyPortBlockOutput +} + +type FunctionRuntimePolicyPortBlockArgs struct { + BlockInboundPorts pulumi.StringArrayInput `pulumi:"blockInboundPorts"` + BlockOutboundPorts pulumi.StringArrayInput `pulumi:"blockOutboundPorts"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (FunctionRuntimePolicyPortBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyPortBlock)(nil)).Elem() +} + +func (i FunctionRuntimePolicyPortBlockArgs) ToFunctionRuntimePolicyPortBlockOutput() FunctionRuntimePolicyPortBlockOutput { + return i.ToFunctionRuntimePolicyPortBlockOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyPortBlockArgs) ToFunctionRuntimePolicyPortBlockOutputWithContext(ctx context.Context) FunctionRuntimePolicyPortBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyPortBlockOutput) +} + +func (i FunctionRuntimePolicyPortBlockArgs) ToFunctionRuntimePolicyPortBlockPtrOutput() FunctionRuntimePolicyPortBlockPtrOutput { + return i.ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyPortBlockArgs) ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyPortBlockOutput).ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyPortBlockPtrInput is an input type that accepts FunctionRuntimePolicyPortBlockArgs, FunctionRuntimePolicyPortBlockPtr and FunctionRuntimePolicyPortBlockPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyPortBlockPtrInput` via: +// +// FunctionRuntimePolicyPortBlockArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyPortBlockPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyPortBlockPtrOutput() FunctionRuntimePolicyPortBlockPtrOutput + ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(context.Context) FunctionRuntimePolicyPortBlockPtrOutput +} + +type functionRuntimePolicyPortBlockPtrType FunctionRuntimePolicyPortBlockArgs + +func FunctionRuntimePolicyPortBlockPtr(v *FunctionRuntimePolicyPortBlockArgs) FunctionRuntimePolicyPortBlockPtrInput { + return (*functionRuntimePolicyPortBlockPtrType)(v) +} + +func (*functionRuntimePolicyPortBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyPortBlock)(nil)).Elem() +} + +func (i *functionRuntimePolicyPortBlockPtrType) ToFunctionRuntimePolicyPortBlockPtrOutput() FunctionRuntimePolicyPortBlockPtrOutput { + return i.ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyPortBlockPtrType) ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyPortBlockPtrOutput) +} + +type FunctionRuntimePolicyPortBlockOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyPortBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyPortBlock)(nil)).Elem() +} + +func (o FunctionRuntimePolicyPortBlockOutput) ToFunctionRuntimePolicyPortBlockOutput() FunctionRuntimePolicyPortBlockOutput { + return o +} + +func (o FunctionRuntimePolicyPortBlockOutput) ToFunctionRuntimePolicyPortBlockOutputWithContext(ctx context.Context) FunctionRuntimePolicyPortBlockOutput { + return o +} + +func (o FunctionRuntimePolicyPortBlockOutput) ToFunctionRuntimePolicyPortBlockPtrOutput() FunctionRuntimePolicyPortBlockPtrOutput { + return o.ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyPortBlockOutput) ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPortBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyPortBlock) *FunctionRuntimePolicyPortBlock { + return &v + }).(FunctionRuntimePolicyPortBlockPtrOutput) +} + +func (o FunctionRuntimePolicyPortBlockOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPortBlock) []string { return v.BlockInboundPorts }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPortBlockOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPortBlock) []string { return v.BlockOutboundPorts }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPortBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyPortBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyPortBlockPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyPortBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyPortBlock)(nil)).Elem() +} + +func (o FunctionRuntimePolicyPortBlockPtrOutput) ToFunctionRuntimePolicyPortBlockPtrOutput() FunctionRuntimePolicyPortBlockPtrOutput { + return o +} + +func (o FunctionRuntimePolicyPortBlockPtrOutput) ToFunctionRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyPortBlockPtrOutput { + return o +} + +func (o FunctionRuntimePolicyPortBlockPtrOutput) Elem() FunctionRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPortBlock) FunctionRuntimePolicyPortBlock { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyPortBlock + return ret + }).(FunctionRuntimePolicyPortBlockOutput) +} + +func (o FunctionRuntimePolicyPortBlockPtrOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockInboundPorts + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPortBlockPtrOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockOutboundPorts + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyPortBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyPortBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyReadonlyFiles struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyFiles []string `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses []string `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers []string `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles []string `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses []string `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers []string `pulumi:"readonlyFilesUsers"` +} + +// FunctionRuntimePolicyReadonlyFilesInput is an input type that accepts FunctionRuntimePolicyReadonlyFilesArgs and FunctionRuntimePolicyReadonlyFilesOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyReadonlyFilesInput` via: +// +// FunctionRuntimePolicyReadonlyFilesArgs{...} +type FunctionRuntimePolicyReadonlyFilesInput interface { + pulumi.Input + + ToFunctionRuntimePolicyReadonlyFilesOutput() FunctionRuntimePolicyReadonlyFilesOutput + ToFunctionRuntimePolicyReadonlyFilesOutputWithContext(context.Context) FunctionRuntimePolicyReadonlyFilesOutput +} + +type FunctionRuntimePolicyReadonlyFilesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyFiles pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles pulumi.StringArrayInput `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"readonlyFilesUsers"` +} + +func (FunctionRuntimePolicyReadonlyFilesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (i FunctionRuntimePolicyReadonlyFilesArgs) ToFunctionRuntimePolicyReadonlyFilesOutput() FunctionRuntimePolicyReadonlyFilesOutput { + return i.ToFunctionRuntimePolicyReadonlyFilesOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyReadonlyFilesArgs) ToFunctionRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyFilesOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReadonlyFilesOutput) +} + +func (i FunctionRuntimePolicyReadonlyFilesArgs) ToFunctionRuntimePolicyReadonlyFilesPtrOutput() FunctionRuntimePolicyReadonlyFilesPtrOutput { + return i.ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyReadonlyFilesArgs) ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReadonlyFilesOutput).ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyReadonlyFilesPtrInput is an input type that accepts FunctionRuntimePolicyReadonlyFilesArgs, FunctionRuntimePolicyReadonlyFilesPtr and FunctionRuntimePolicyReadonlyFilesPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyReadonlyFilesPtrInput` via: +// +// FunctionRuntimePolicyReadonlyFilesArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyReadonlyFilesPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyReadonlyFilesPtrOutput() FunctionRuntimePolicyReadonlyFilesPtrOutput + ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Context) FunctionRuntimePolicyReadonlyFilesPtrOutput +} + +type functionRuntimePolicyReadonlyFilesPtrType FunctionRuntimePolicyReadonlyFilesArgs + +func FunctionRuntimePolicyReadonlyFilesPtr(v *FunctionRuntimePolicyReadonlyFilesArgs) FunctionRuntimePolicyReadonlyFilesPtrInput { + return (*functionRuntimePolicyReadonlyFilesPtrType)(v) +} + +func (*functionRuntimePolicyReadonlyFilesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (i *functionRuntimePolicyReadonlyFilesPtrType) ToFunctionRuntimePolicyReadonlyFilesPtrOutput() FunctionRuntimePolicyReadonlyFilesPtrOutput { + return i.ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyReadonlyFilesPtrType) ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReadonlyFilesPtrOutput) +} + +type FunctionRuntimePolicyReadonlyFilesOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyReadonlyFilesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ToFunctionRuntimePolicyReadonlyFilesOutput() FunctionRuntimePolicyReadonlyFilesOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ToFunctionRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyFilesOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ToFunctionRuntimePolicyReadonlyFilesPtrOutput() FunctionRuntimePolicyReadonlyFilesPtrOutput { + return o.ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyFilesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyReadonlyFiles) *FunctionRuntimePolicyReadonlyFiles { + return &v + }).(FunctionRuntimePolicyReadonlyFilesPtrOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFiles }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFiles }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesUsers }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyReadonlyFilesPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyReadonlyFilesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ToFunctionRuntimePolicyReadonlyFilesPtrOutput() FunctionRuntimePolicyReadonlyFilesPtrOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ToFunctionRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyFilesPtrOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) Elem() FunctionRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) FunctionRuntimePolicyReadonlyFiles { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyReadonlyFiles + return ret + }).(FunctionRuntimePolicyReadonlyFilesOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFiles + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFiles + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesUsers + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyReadonlyRegistry struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyRegistryPaths []string `pulumi:"exceptionalReadonlyRegistryPaths"` + ExceptionalReadonlyRegistryProcesses []string `pulumi:"exceptionalReadonlyRegistryProcesses"` + ExceptionalReadonlyRegistryUsers []string `pulumi:"exceptionalReadonlyRegistryUsers"` + ReadonlyRegistryPaths []string `pulumi:"readonlyRegistryPaths"` + ReadonlyRegistryProcesses []string `pulumi:"readonlyRegistryProcesses"` + ReadonlyRegistryUsers []string `pulumi:"readonlyRegistryUsers"` +} + +// FunctionRuntimePolicyReadonlyRegistryInput is an input type that accepts FunctionRuntimePolicyReadonlyRegistryArgs and FunctionRuntimePolicyReadonlyRegistryOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyReadonlyRegistryInput` via: +// +// FunctionRuntimePolicyReadonlyRegistryArgs{...} +type FunctionRuntimePolicyReadonlyRegistryInput interface { + pulumi.Input + + ToFunctionRuntimePolicyReadonlyRegistryOutput() FunctionRuntimePolicyReadonlyRegistryOutput + ToFunctionRuntimePolicyReadonlyRegistryOutputWithContext(context.Context) FunctionRuntimePolicyReadonlyRegistryOutput +} + +type FunctionRuntimePolicyReadonlyRegistryArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyRegistryPaths pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryPaths"` + ExceptionalReadonlyRegistryProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryProcesses"` + ExceptionalReadonlyRegistryUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryUsers"` + ReadonlyRegistryPaths pulumi.StringArrayInput `pulumi:"readonlyRegistryPaths"` + ReadonlyRegistryProcesses pulumi.StringArrayInput `pulumi:"readonlyRegistryProcesses"` + ReadonlyRegistryUsers pulumi.StringArrayInput `pulumi:"readonlyRegistryUsers"` +} + +func (FunctionRuntimePolicyReadonlyRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (i FunctionRuntimePolicyReadonlyRegistryArgs) ToFunctionRuntimePolicyReadonlyRegistryOutput() FunctionRuntimePolicyReadonlyRegistryOutput { + return i.ToFunctionRuntimePolicyReadonlyRegistryOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyReadonlyRegistryArgs) ToFunctionRuntimePolicyReadonlyRegistryOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReadonlyRegistryOutput) +} + +func (i FunctionRuntimePolicyReadonlyRegistryArgs) ToFunctionRuntimePolicyReadonlyRegistryPtrOutput() FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return i.ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyReadonlyRegistryArgs) ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReadonlyRegistryOutput).ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyReadonlyRegistryPtrInput is an input type that accepts FunctionRuntimePolicyReadonlyRegistryArgs, FunctionRuntimePolicyReadonlyRegistryPtr and FunctionRuntimePolicyReadonlyRegistryPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyReadonlyRegistryPtrInput` via: +// +// FunctionRuntimePolicyReadonlyRegistryArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyReadonlyRegistryPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyReadonlyRegistryPtrOutput() FunctionRuntimePolicyReadonlyRegistryPtrOutput + ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Context) FunctionRuntimePolicyReadonlyRegistryPtrOutput +} + +type functionRuntimePolicyReadonlyRegistryPtrType FunctionRuntimePolicyReadonlyRegistryArgs + +func FunctionRuntimePolicyReadonlyRegistryPtr(v *FunctionRuntimePolicyReadonlyRegistryArgs) FunctionRuntimePolicyReadonlyRegistryPtrInput { + return (*functionRuntimePolicyReadonlyRegistryPtrType)(v) +} + +func (*functionRuntimePolicyReadonlyRegistryPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (i *functionRuntimePolicyReadonlyRegistryPtrType) ToFunctionRuntimePolicyReadonlyRegistryPtrOutput() FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return i.ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyReadonlyRegistryPtrType) ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReadonlyRegistryPtrOutput) +} + +type FunctionRuntimePolicyReadonlyRegistryOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyReadonlyRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ToFunctionRuntimePolicyReadonlyRegistryOutput() FunctionRuntimePolicyReadonlyRegistryOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ToFunctionRuntimePolicyReadonlyRegistryOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyRegistryOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ToFunctionRuntimePolicyReadonlyRegistryPtrOutput() FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return o.ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyReadonlyRegistry) *FunctionRuntimePolicyReadonlyRegistry { + return &v + }).(FunctionRuntimePolicyReadonlyRegistryPtrOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryUsers }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryUsers }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyReadonlyRegistryPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyReadonlyRegistryPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ToFunctionRuntimePolicyReadonlyRegistryPtrOutput() FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ToFunctionRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReadonlyRegistryPtrOutput { + return o +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) Elem() FunctionRuntimePolicyReadonlyRegistryOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) FunctionRuntimePolicyReadonlyRegistry { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyReadonlyRegistry + return ret + }).(FunctionRuntimePolicyReadonlyRegistryOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryUsers + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyRegistryAccessMonitoring struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalMonitoredRegistryPaths []string `pulumi:"exceptionalMonitoredRegistryPaths"` + ExceptionalMonitoredRegistryProcesses []string `pulumi:"exceptionalMonitoredRegistryProcesses"` + ExceptionalMonitoredRegistryUsers []string `pulumi:"exceptionalMonitoredRegistryUsers"` + MonitoredRegistryAttributes *bool `pulumi:"monitoredRegistryAttributes"` + MonitoredRegistryCreate *bool `pulumi:"monitoredRegistryCreate"` + MonitoredRegistryDelete *bool `pulumi:"monitoredRegistryDelete"` + MonitoredRegistryModify *bool `pulumi:"monitoredRegistryModify"` + MonitoredRegistryPaths []string `pulumi:"monitoredRegistryPaths"` + MonitoredRegistryProcesses []string `pulumi:"monitoredRegistryProcesses"` + MonitoredRegistryRead *bool `pulumi:"monitoredRegistryRead"` + MonitoredRegistryUsers []string `pulumi:"monitoredRegistryUsers"` +} + +// FunctionRuntimePolicyRegistryAccessMonitoringInput is an input type that accepts FunctionRuntimePolicyRegistryAccessMonitoringArgs and FunctionRuntimePolicyRegistryAccessMonitoringOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyRegistryAccessMonitoringInput` via: +// +// FunctionRuntimePolicyRegistryAccessMonitoringArgs{...} +type FunctionRuntimePolicyRegistryAccessMonitoringInput interface { + pulumi.Input + + ToFunctionRuntimePolicyRegistryAccessMonitoringOutput() FunctionRuntimePolicyRegistryAccessMonitoringOutput + ToFunctionRuntimePolicyRegistryAccessMonitoringOutputWithContext(context.Context) FunctionRuntimePolicyRegistryAccessMonitoringOutput +} + +type FunctionRuntimePolicyRegistryAccessMonitoringArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalMonitoredRegistryPaths pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryPaths"` + ExceptionalMonitoredRegistryProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryProcesses"` + ExceptionalMonitoredRegistryUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryUsers"` + MonitoredRegistryAttributes pulumi.BoolPtrInput `pulumi:"monitoredRegistryAttributes"` + MonitoredRegistryCreate pulumi.BoolPtrInput `pulumi:"monitoredRegistryCreate"` + MonitoredRegistryDelete pulumi.BoolPtrInput `pulumi:"monitoredRegistryDelete"` + MonitoredRegistryModify pulumi.BoolPtrInput `pulumi:"monitoredRegistryModify"` + MonitoredRegistryPaths pulumi.StringArrayInput `pulumi:"monitoredRegistryPaths"` + MonitoredRegistryProcesses pulumi.StringArrayInput `pulumi:"monitoredRegistryProcesses"` + MonitoredRegistryRead pulumi.BoolPtrInput `pulumi:"monitoredRegistryRead"` + MonitoredRegistryUsers pulumi.StringArrayInput `pulumi:"monitoredRegistryUsers"` +} + +func (FunctionRuntimePolicyRegistryAccessMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (i FunctionRuntimePolicyRegistryAccessMonitoringArgs) ToFunctionRuntimePolicyRegistryAccessMonitoringOutput() FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return i.ToFunctionRuntimePolicyRegistryAccessMonitoringOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyRegistryAccessMonitoringArgs) ToFunctionRuntimePolicyRegistryAccessMonitoringOutputWithContext(ctx context.Context) FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (i FunctionRuntimePolicyRegistryAccessMonitoringArgs) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutput() FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return i.ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyRegistryAccessMonitoringArgs) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyRegistryAccessMonitoringOutput).ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyRegistryAccessMonitoringPtrInput is an input type that accepts FunctionRuntimePolicyRegistryAccessMonitoringArgs, FunctionRuntimePolicyRegistryAccessMonitoringPtr and FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyRegistryAccessMonitoringPtrInput` via: +// +// FunctionRuntimePolicyRegistryAccessMonitoringArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyRegistryAccessMonitoringPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutput() FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput + ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Context) FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput +} + +type functionRuntimePolicyRegistryAccessMonitoringPtrType FunctionRuntimePolicyRegistryAccessMonitoringArgs + +func FunctionRuntimePolicyRegistryAccessMonitoringPtr(v *FunctionRuntimePolicyRegistryAccessMonitoringArgs) FunctionRuntimePolicyRegistryAccessMonitoringPtrInput { + return (*functionRuntimePolicyRegistryAccessMonitoringPtrType)(v) +} + +func (*functionRuntimePolicyRegistryAccessMonitoringPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (i *functionRuntimePolicyRegistryAccessMonitoringPtrType) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutput() FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return i.ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyRegistryAccessMonitoringPtrType) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) +} + +type FunctionRuntimePolicyRegistryAccessMonitoringOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyRegistryAccessMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ToFunctionRuntimePolicyRegistryAccessMonitoringOutput() FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return o +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ToFunctionRuntimePolicyRegistryAccessMonitoringOutputWithContext(ctx context.Context) FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return o +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutput() FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o.ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyRegistryAccessMonitoring) *FunctionRuntimePolicyRegistryAccessMonitoring { + return &v + }).(FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryAttributes }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryCreate }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryDelete }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryModify }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryRead }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryUsers }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutput() FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) ToFunctionRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) Elem() FunctionRuntimePolicyRegistryAccessMonitoringOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) FunctionRuntimePolicyRegistryAccessMonitoring { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyRegistryAccessMonitoring + return ret + }).(FunctionRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryAttributes + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryCreate + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryDelete + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryModify + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryRead + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyRestrictedVolume struct { + // Whether restricted volumes are enabled. + Enabled *bool `pulumi:"enabled"` + // List of restricted volumes. + Volumes []string `pulumi:"volumes"` +} + +// FunctionRuntimePolicyRestrictedVolumeInput is an input type that accepts FunctionRuntimePolicyRestrictedVolumeArgs and FunctionRuntimePolicyRestrictedVolumeOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyRestrictedVolumeInput` via: +// +// FunctionRuntimePolicyRestrictedVolumeArgs{...} +type FunctionRuntimePolicyRestrictedVolumeInput interface { + pulumi.Input + + ToFunctionRuntimePolicyRestrictedVolumeOutput() FunctionRuntimePolicyRestrictedVolumeOutput + ToFunctionRuntimePolicyRestrictedVolumeOutputWithContext(context.Context) FunctionRuntimePolicyRestrictedVolumeOutput +} + +type FunctionRuntimePolicyRestrictedVolumeArgs struct { + // Whether restricted volumes are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of restricted volumes. + Volumes pulumi.StringArrayInput `pulumi:"volumes"` +} + +func (FunctionRuntimePolicyRestrictedVolumeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (i FunctionRuntimePolicyRestrictedVolumeArgs) ToFunctionRuntimePolicyRestrictedVolumeOutput() FunctionRuntimePolicyRestrictedVolumeOutput { + return i.ToFunctionRuntimePolicyRestrictedVolumeOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyRestrictedVolumeArgs) ToFunctionRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) FunctionRuntimePolicyRestrictedVolumeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyRestrictedVolumeOutput) +} + +// FunctionRuntimePolicyRestrictedVolumeArrayInput is an input type that accepts FunctionRuntimePolicyRestrictedVolumeArray and FunctionRuntimePolicyRestrictedVolumeArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyRestrictedVolumeArrayInput` via: +// +// FunctionRuntimePolicyRestrictedVolumeArray{ FunctionRuntimePolicyRestrictedVolumeArgs{...} } +type FunctionRuntimePolicyRestrictedVolumeArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyRestrictedVolumeArrayOutput() FunctionRuntimePolicyRestrictedVolumeArrayOutput + ToFunctionRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Context) FunctionRuntimePolicyRestrictedVolumeArrayOutput +} + +type FunctionRuntimePolicyRestrictedVolumeArray []FunctionRuntimePolicyRestrictedVolumeInput + +func (FunctionRuntimePolicyRestrictedVolumeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (i FunctionRuntimePolicyRestrictedVolumeArray) ToFunctionRuntimePolicyRestrictedVolumeArrayOutput() FunctionRuntimePolicyRestrictedVolumeArrayOutput { + return i.ToFunctionRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyRestrictedVolumeArray) ToFunctionRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyRestrictedVolumeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyRestrictedVolumeArrayOutput) +} + +type FunctionRuntimePolicyRestrictedVolumeOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyRestrictedVolumeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (o FunctionRuntimePolicyRestrictedVolumeOutput) ToFunctionRuntimePolicyRestrictedVolumeOutput() FunctionRuntimePolicyRestrictedVolumeOutput { + return o +} + +func (o FunctionRuntimePolicyRestrictedVolumeOutput) ToFunctionRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) FunctionRuntimePolicyRestrictedVolumeOutput { + return o +} + +// Whether restricted volumes are enabled. +func (o FunctionRuntimePolicyRestrictedVolumeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRestrictedVolume) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of restricted volumes. +func (o FunctionRuntimePolicyRestrictedVolumeOutput) Volumes() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyRestrictedVolume) []string { return v.Volumes }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyRestrictedVolumeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyRestrictedVolumeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (o FunctionRuntimePolicyRestrictedVolumeArrayOutput) ToFunctionRuntimePolicyRestrictedVolumeArrayOutput() FunctionRuntimePolicyRestrictedVolumeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyRestrictedVolumeArrayOutput) ToFunctionRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyRestrictedVolumeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyRestrictedVolumeArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyRestrictedVolumeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyRestrictedVolume { + return vs[0].([]FunctionRuntimePolicyRestrictedVolume)[vs[1].(int)] + }).(FunctionRuntimePolicyRestrictedVolumeOutput) +} + +type FunctionRuntimePolicyReverseShell struct { + BlockReverseShell *bool `pulumi:"blockReverseShell"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` + ReverseShellProcWhiteLists []string `pulumi:"reverseShellProcWhiteLists"` +} + +// FunctionRuntimePolicyReverseShellInput is an input type that accepts FunctionRuntimePolicyReverseShellArgs and FunctionRuntimePolicyReverseShellOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyReverseShellInput` via: +// +// FunctionRuntimePolicyReverseShellArgs{...} +type FunctionRuntimePolicyReverseShellInput interface { + pulumi.Input + + ToFunctionRuntimePolicyReverseShellOutput() FunctionRuntimePolicyReverseShellOutput + ToFunctionRuntimePolicyReverseShellOutputWithContext(context.Context) FunctionRuntimePolicyReverseShellOutput +} + +type FunctionRuntimePolicyReverseShellArgs struct { + BlockReverseShell pulumi.BoolPtrInput `pulumi:"blockReverseShell"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` + ReverseShellProcWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellProcWhiteLists"` +} + +func (FunctionRuntimePolicyReverseShellArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyReverseShell)(nil)).Elem() +} + +func (i FunctionRuntimePolicyReverseShellArgs) ToFunctionRuntimePolicyReverseShellOutput() FunctionRuntimePolicyReverseShellOutput { + return i.ToFunctionRuntimePolicyReverseShellOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyReverseShellArgs) ToFunctionRuntimePolicyReverseShellOutputWithContext(ctx context.Context) FunctionRuntimePolicyReverseShellOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReverseShellOutput) +} + +func (i FunctionRuntimePolicyReverseShellArgs) ToFunctionRuntimePolicyReverseShellPtrOutput() FunctionRuntimePolicyReverseShellPtrOutput { + return i.ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyReverseShellArgs) ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReverseShellPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReverseShellOutput).ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyReverseShellPtrInput is an input type that accepts FunctionRuntimePolicyReverseShellArgs, FunctionRuntimePolicyReverseShellPtr and FunctionRuntimePolicyReverseShellPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyReverseShellPtrInput` via: +// +// FunctionRuntimePolicyReverseShellArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyReverseShellPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyReverseShellPtrOutput() FunctionRuntimePolicyReverseShellPtrOutput + ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(context.Context) FunctionRuntimePolicyReverseShellPtrOutput +} + +type functionRuntimePolicyReverseShellPtrType FunctionRuntimePolicyReverseShellArgs + +func FunctionRuntimePolicyReverseShellPtr(v *FunctionRuntimePolicyReverseShellArgs) FunctionRuntimePolicyReverseShellPtrInput { + return (*functionRuntimePolicyReverseShellPtrType)(v) +} + +func (*functionRuntimePolicyReverseShellPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyReverseShell)(nil)).Elem() +} + +func (i *functionRuntimePolicyReverseShellPtrType) ToFunctionRuntimePolicyReverseShellPtrOutput() FunctionRuntimePolicyReverseShellPtrOutput { + return i.ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyReverseShellPtrType) ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReverseShellPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyReverseShellPtrOutput) +} + +type FunctionRuntimePolicyReverseShellOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyReverseShellOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyReverseShell)(nil)).Elem() +} + +func (o FunctionRuntimePolicyReverseShellOutput) ToFunctionRuntimePolicyReverseShellOutput() FunctionRuntimePolicyReverseShellOutput { + return o +} + +func (o FunctionRuntimePolicyReverseShellOutput) ToFunctionRuntimePolicyReverseShellOutputWithContext(ctx context.Context) FunctionRuntimePolicyReverseShellOutput { + return o +} + +func (o FunctionRuntimePolicyReverseShellOutput) ToFunctionRuntimePolicyReverseShellPtrOutput() FunctionRuntimePolicyReverseShellPtrOutput { + return o.ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyReverseShellOutput) ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReverseShellPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyReverseShell) *FunctionRuntimePolicyReverseShell { + return &v + }).(FunctionRuntimePolicyReverseShellPtrOutput) +} + +func (o FunctionRuntimePolicyReverseShellOutput) BlockReverseShell() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReverseShell) *bool { return v.BlockReverseShell }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReverseShellOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReverseShell) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReverseShellOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReverseShell) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReverseShellOutput) ReverseShellProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyReverseShell) []string { return v.ReverseShellProcWhiteLists }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyReverseShellPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyReverseShellPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyReverseShell)(nil)).Elem() +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) ToFunctionRuntimePolicyReverseShellPtrOutput() FunctionRuntimePolicyReverseShellPtrOutput { + return o +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) ToFunctionRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyReverseShellPtrOutput { + return o +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) Elem() FunctionRuntimePolicyReverseShellOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReverseShell) FunctionRuntimePolicyReverseShell { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyReverseShell + return ret + }).(FunctionRuntimePolicyReverseShellOutput) +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) BlockReverseShell() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReverseShell) *bool { + if v == nil { + return nil + } + return v.BlockReverseShell + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReverseShell) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReverseShell) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyReverseShellPtrOutput) ReverseShellProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyReverseShell) []string { + if v == nil { + return nil + } + return v.ReverseShellProcWhiteLists + }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyScope struct { + // Scope expression. + Expression string `pulumi:"expression"` + // List of variables in the scope. + Variables []FunctionRuntimePolicyScopeVariable `pulumi:"variables"` +} + +// FunctionRuntimePolicyScopeInput is an input type that accepts FunctionRuntimePolicyScopeArgs and FunctionRuntimePolicyScopeOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyScopeInput` via: +// +// FunctionRuntimePolicyScopeArgs{...} +type FunctionRuntimePolicyScopeInput interface { + pulumi.Input + + ToFunctionRuntimePolicyScopeOutput() FunctionRuntimePolicyScopeOutput + ToFunctionRuntimePolicyScopeOutputWithContext(context.Context) FunctionRuntimePolicyScopeOutput +} + +type FunctionRuntimePolicyScopeArgs struct { + // Scope expression. + Expression pulumi.StringInput `pulumi:"expression"` + // List of variables in the scope. + Variables FunctionRuntimePolicyScopeVariableArrayInput `pulumi:"variables"` +} + +func (FunctionRuntimePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyScope)(nil)).Elem() +} + +func (i FunctionRuntimePolicyScopeArgs) ToFunctionRuntimePolicyScopeOutput() FunctionRuntimePolicyScopeOutput { + return i.ToFunctionRuntimePolicyScopeOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyScopeArgs) ToFunctionRuntimePolicyScopeOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyScopeOutput) +} + +// FunctionRuntimePolicyScopeArrayInput is an input type that accepts FunctionRuntimePolicyScopeArray and FunctionRuntimePolicyScopeArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyScopeArrayInput` via: +// +// FunctionRuntimePolicyScopeArray{ FunctionRuntimePolicyScopeArgs{...} } +type FunctionRuntimePolicyScopeArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyScopeArrayOutput() FunctionRuntimePolicyScopeArrayOutput + ToFunctionRuntimePolicyScopeArrayOutputWithContext(context.Context) FunctionRuntimePolicyScopeArrayOutput +} + +type FunctionRuntimePolicyScopeArray []FunctionRuntimePolicyScopeInput + +func (FunctionRuntimePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyScope)(nil)).Elem() +} + +func (i FunctionRuntimePolicyScopeArray) ToFunctionRuntimePolicyScopeArrayOutput() FunctionRuntimePolicyScopeArrayOutput { + return i.ToFunctionRuntimePolicyScopeArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyScopeArray) ToFunctionRuntimePolicyScopeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyScopeArrayOutput) +} + +type FunctionRuntimePolicyScopeOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyScope)(nil)).Elem() +} + +func (o FunctionRuntimePolicyScopeOutput) ToFunctionRuntimePolicyScopeOutput() FunctionRuntimePolicyScopeOutput { + return o +} + +func (o FunctionRuntimePolicyScopeOutput) ToFunctionRuntimePolicyScopeOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeOutput { + return o +} + +// Scope expression. +func (o FunctionRuntimePolicyScopeOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v FunctionRuntimePolicyScope) string { return v.Expression }).(pulumi.StringOutput) +} + +// List of variables in the scope. +func (o FunctionRuntimePolicyScopeOutput) Variables() FunctionRuntimePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyScope) []FunctionRuntimePolicyScopeVariable { return v.Variables }).(FunctionRuntimePolicyScopeVariableArrayOutput) +} + +type FunctionRuntimePolicyScopeArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyScope)(nil)).Elem() +} + +func (o FunctionRuntimePolicyScopeArrayOutput) ToFunctionRuntimePolicyScopeArrayOutput() FunctionRuntimePolicyScopeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyScopeArrayOutput) ToFunctionRuntimePolicyScopeArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeArrayOutput { + return o +} + +func (o FunctionRuntimePolicyScopeArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyScope { + return vs[0].([]FunctionRuntimePolicyScope)[vs[1].(int)] + }).(FunctionRuntimePolicyScopeOutput) +} + +type FunctionRuntimePolicyScopeVariable struct { + // Class of supported scope. + Attribute string `pulumi:"attribute"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + // Value assigned to the attribute. + Value string `pulumi:"value"` +} + +// FunctionRuntimePolicyScopeVariableInput is an input type that accepts FunctionRuntimePolicyScopeVariableArgs and FunctionRuntimePolicyScopeVariableOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyScopeVariableInput` via: +// +// FunctionRuntimePolicyScopeVariableArgs{...} +type FunctionRuntimePolicyScopeVariableInput interface { + pulumi.Input + + ToFunctionRuntimePolicyScopeVariableOutput() FunctionRuntimePolicyScopeVariableOutput + ToFunctionRuntimePolicyScopeVariableOutputWithContext(context.Context) FunctionRuntimePolicyScopeVariableOutput +} + +type FunctionRuntimePolicyScopeVariableArgs struct { + // Class of supported scope. + Attribute pulumi.StringInput `pulumi:"attribute"` + // Name assigned to the attribute. + Name pulumi.StringPtrInput `pulumi:"name"` + // Value assigned to the attribute. + Value pulumi.StringInput `pulumi:"value"` +} + +func (FunctionRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (i FunctionRuntimePolicyScopeVariableArgs) ToFunctionRuntimePolicyScopeVariableOutput() FunctionRuntimePolicyScopeVariableOutput { + return i.ToFunctionRuntimePolicyScopeVariableOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyScopeVariableArgs) ToFunctionRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyScopeVariableOutput) +} + +// FunctionRuntimePolicyScopeVariableArrayInput is an input type that accepts FunctionRuntimePolicyScopeVariableArray and FunctionRuntimePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyScopeVariableArrayInput` via: +// +// FunctionRuntimePolicyScopeVariableArray{ FunctionRuntimePolicyScopeVariableArgs{...} } +type FunctionRuntimePolicyScopeVariableArrayInput interface { + pulumi.Input + + ToFunctionRuntimePolicyScopeVariableArrayOutput() FunctionRuntimePolicyScopeVariableArrayOutput + ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(context.Context) FunctionRuntimePolicyScopeVariableArrayOutput +} + +type FunctionRuntimePolicyScopeVariableArray []FunctionRuntimePolicyScopeVariableInput + +func (FunctionRuntimePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (i FunctionRuntimePolicyScopeVariableArray) ToFunctionRuntimePolicyScopeVariableArrayOutput() FunctionRuntimePolicyScopeVariableArrayOutput { + return i.ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyScopeVariableArray) ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyScopeVariableArrayOutput) +} + +type FunctionRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (o FunctionRuntimePolicyScopeVariableOutput) ToFunctionRuntimePolicyScopeVariableOutput() FunctionRuntimePolicyScopeVariableOutput { + return o +} + +func (o FunctionRuntimePolicyScopeVariableOutput) ToFunctionRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableOutput { + return o +} + +// Class of supported scope. +func (o FunctionRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v FunctionRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +} + +// Name assigned to the attribute. +func (o FunctionRuntimePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +// Value assigned to the attribute. +func (o FunctionRuntimePolicyScopeVariableOutput) Value() pulumi.StringOutput { + return o.ApplyT(func(v FunctionRuntimePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +} + +type FunctionRuntimePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]FunctionRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (o FunctionRuntimePolicyScopeVariableArrayOutput) ToFunctionRuntimePolicyScopeVariableArrayOutput() FunctionRuntimePolicyScopeVariableArrayOutput { + return o +} + +func (o FunctionRuntimePolicyScopeVariableArrayOutput) ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableArrayOutput { + return o +} + +func (o FunctionRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyScopeVariable { + return vs[0].([]FunctionRuntimePolicyScopeVariable)[vs[1].(int)] + }).(FunctionRuntimePolicyScopeVariableOutput) +} + +type FunctionRuntimePolicySystemIntegrityProtection struct { + AuditSystemtimeChange *bool `pulumi:"auditSystemtimeChange"` + Enabled *bool `pulumi:"enabled"` + MonitorAuditLogIntegrity *bool `pulumi:"monitorAuditLogIntegrity"` + WindowsServicesMonitoring *bool `pulumi:"windowsServicesMonitoring"` +} + +// FunctionRuntimePolicySystemIntegrityProtectionInput is an input type that accepts FunctionRuntimePolicySystemIntegrityProtectionArgs and FunctionRuntimePolicySystemIntegrityProtectionOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicySystemIntegrityProtectionInput` via: +// +// FunctionRuntimePolicySystemIntegrityProtectionArgs{...} +type FunctionRuntimePolicySystemIntegrityProtectionInput interface { + pulumi.Input + + ToFunctionRuntimePolicySystemIntegrityProtectionOutput() FunctionRuntimePolicySystemIntegrityProtectionOutput + ToFunctionRuntimePolicySystemIntegrityProtectionOutputWithContext(context.Context) FunctionRuntimePolicySystemIntegrityProtectionOutput +} + +type FunctionRuntimePolicySystemIntegrityProtectionArgs struct { + AuditSystemtimeChange pulumi.BoolPtrInput `pulumi:"auditSystemtimeChange"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + MonitorAuditLogIntegrity pulumi.BoolPtrInput `pulumi:"monitorAuditLogIntegrity"` + WindowsServicesMonitoring pulumi.BoolPtrInput `pulumi:"windowsServicesMonitoring"` +} + +func (FunctionRuntimePolicySystemIntegrityProtectionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (i FunctionRuntimePolicySystemIntegrityProtectionArgs) ToFunctionRuntimePolicySystemIntegrityProtectionOutput() FunctionRuntimePolicySystemIntegrityProtectionOutput { + return i.ToFunctionRuntimePolicySystemIntegrityProtectionOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicySystemIntegrityProtectionArgs) ToFunctionRuntimePolicySystemIntegrityProtectionOutputWithContext(ctx context.Context) FunctionRuntimePolicySystemIntegrityProtectionOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicySystemIntegrityProtectionOutput) +} + +func (i FunctionRuntimePolicySystemIntegrityProtectionArgs) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutput() FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return i.ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicySystemIntegrityProtectionArgs) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicySystemIntegrityProtectionOutput).ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicySystemIntegrityProtectionPtrInput is an input type that accepts FunctionRuntimePolicySystemIntegrityProtectionArgs, FunctionRuntimePolicySystemIntegrityProtectionPtr and FunctionRuntimePolicySystemIntegrityProtectionPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicySystemIntegrityProtectionPtrInput` via: +// +// FunctionRuntimePolicySystemIntegrityProtectionArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicySystemIntegrityProtectionPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutput() FunctionRuntimePolicySystemIntegrityProtectionPtrOutput + ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Context) FunctionRuntimePolicySystemIntegrityProtectionPtrOutput +} + +type functionRuntimePolicySystemIntegrityProtectionPtrType FunctionRuntimePolicySystemIntegrityProtectionArgs + +func FunctionRuntimePolicySystemIntegrityProtectionPtr(v *FunctionRuntimePolicySystemIntegrityProtectionArgs) FunctionRuntimePolicySystemIntegrityProtectionPtrInput { + return (*functionRuntimePolicySystemIntegrityProtectionPtrType)(v) +} + +func (*functionRuntimePolicySystemIntegrityProtectionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (i *functionRuntimePolicySystemIntegrityProtectionPtrType) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutput() FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return i.ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicySystemIntegrityProtectionPtrType) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) +} + +type FunctionRuntimePolicySystemIntegrityProtectionOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicySystemIntegrityProtectionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) ToFunctionRuntimePolicySystemIntegrityProtectionOutput() FunctionRuntimePolicySystemIntegrityProtectionOutput { + return o +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) ToFunctionRuntimePolicySystemIntegrityProtectionOutputWithContext(ctx context.Context) FunctionRuntimePolicySystemIntegrityProtectionOutput { + return o +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutput() FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return o.ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicySystemIntegrityProtection) *FunctionRuntimePolicySystemIntegrityProtection { + return &v + }).(FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) AuditSystemtimeChange() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicySystemIntegrityProtection) *bool { return v.AuditSystemtimeChange }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicySystemIntegrityProtection) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) MonitorAuditLogIntegrity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicySystemIntegrityProtection) *bool { return v.MonitorAuditLogIntegrity }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionOutput) WindowsServicesMonitoring() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicySystemIntegrityProtection) *bool { return v.WindowsServicesMonitoring }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicySystemIntegrityProtectionPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutput() FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return o +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) ToFunctionRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicySystemIntegrityProtectionPtrOutput { + return o +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) Elem() FunctionRuntimePolicySystemIntegrityProtectionOutput { + return o.ApplyT(func(v *FunctionRuntimePolicySystemIntegrityProtection) FunctionRuntimePolicySystemIntegrityProtection { + if v != nil { + return *v + } + var ret FunctionRuntimePolicySystemIntegrityProtection + return ret + }).(FunctionRuntimePolicySystemIntegrityProtectionOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) AuditSystemtimeChange() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.AuditSystemtimeChange + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) MonitorAuditLogIntegrity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.MonitorAuditLogIntegrity + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicySystemIntegrityProtectionPtrOutput) WindowsServicesMonitoring() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.WindowsServicesMonitoring + }).(pulumi.BoolPtrOutput) +} + +type FunctionRuntimePolicyTripwire struct { + ApplyOns []string `pulumi:"applyOns"` + Enabled *bool `pulumi:"enabled"` + ServerlessApp *string `pulumi:"serverlessApp"` + UserId *string `pulumi:"userId"` + UserPassword *string `pulumi:"userPassword"` +} + +// FunctionRuntimePolicyTripwireInput is an input type that accepts FunctionRuntimePolicyTripwireArgs and FunctionRuntimePolicyTripwireOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyTripwireInput` via: +// +// FunctionRuntimePolicyTripwireArgs{...} +type FunctionRuntimePolicyTripwireInput interface { + pulumi.Input + + ToFunctionRuntimePolicyTripwireOutput() FunctionRuntimePolicyTripwireOutput + ToFunctionRuntimePolicyTripwireOutputWithContext(context.Context) FunctionRuntimePolicyTripwireOutput +} + +type FunctionRuntimePolicyTripwireArgs struct { + ApplyOns pulumi.StringArrayInput `pulumi:"applyOns"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ServerlessApp pulumi.StringPtrInput `pulumi:"serverlessApp"` + UserId pulumi.StringPtrInput `pulumi:"userId"` + UserPassword pulumi.StringPtrInput `pulumi:"userPassword"` +} + +func (FunctionRuntimePolicyTripwireArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyTripwire)(nil)).Elem() +} + +func (i FunctionRuntimePolicyTripwireArgs) ToFunctionRuntimePolicyTripwireOutput() FunctionRuntimePolicyTripwireOutput { + return i.ToFunctionRuntimePolicyTripwireOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyTripwireArgs) ToFunctionRuntimePolicyTripwireOutputWithContext(ctx context.Context) FunctionRuntimePolicyTripwireOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyTripwireOutput) +} + +func (i FunctionRuntimePolicyTripwireArgs) ToFunctionRuntimePolicyTripwirePtrOutput() FunctionRuntimePolicyTripwirePtrOutput { + return i.ToFunctionRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyTripwireArgs) ToFunctionRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyTripwirePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyTripwireOutput).ToFunctionRuntimePolicyTripwirePtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyTripwirePtrInput is an input type that accepts FunctionRuntimePolicyTripwireArgs, FunctionRuntimePolicyTripwirePtr and FunctionRuntimePolicyTripwirePtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyTripwirePtrInput` via: +// +// FunctionRuntimePolicyTripwireArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyTripwirePtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyTripwirePtrOutput() FunctionRuntimePolicyTripwirePtrOutput + ToFunctionRuntimePolicyTripwirePtrOutputWithContext(context.Context) FunctionRuntimePolicyTripwirePtrOutput +} + +type functionRuntimePolicyTripwirePtrType FunctionRuntimePolicyTripwireArgs + +func FunctionRuntimePolicyTripwirePtr(v *FunctionRuntimePolicyTripwireArgs) FunctionRuntimePolicyTripwirePtrInput { + return (*functionRuntimePolicyTripwirePtrType)(v) +} + +func (*functionRuntimePolicyTripwirePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyTripwire)(nil)).Elem() +} + +func (i *functionRuntimePolicyTripwirePtrType) ToFunctionRuntimePolicyTripwirePtrOutput() FunctionRuntimePolicyTripwirePtrOutput { + return i.ToFunctionRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyTripwirePtrType) ToFunctionRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyTripwirePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyTripwirePtrOutput) +} + +type FunctionRuntimePolicyTripwireOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyTripwireOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyTripwire)(nil)).Elem() +} + +func (o FunctionRuntimePolicyTripwireOutput) ToFunctionRuntimePolicyTripwireOutput() FunctionRuntimePolicyTripwireOutput { + return o +} + +func (o FunctionRuntimePolicyTripwireOutput) ToFunctionRuntimePolicyTripwireOutputWithContext(ctx context.Context) FunctionRuntimePolicyTripwireOutput { + return o +} + +func (o FunctionRuntimePolicyTripwireOutput) ToFunctionRuntimePolicyTripwirePtrOutput() FunctionRuntimePolicyTripwirePtrOutput { + return o.ToFunctionRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyTripwireOutput) ToFunctionRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyTripwirePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyTripwire) *FunctionRuntimePolicyTripwire { + return &v + }).(FunctionRuntimePolicyTripwirePtrOutput) +} + +func (o FunctionRuntimePolicyTripwireOutput) ApplyOns() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyTripwire) []string { return v.ApplyOns }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyTripwireOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyTripwire) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyTripwireOutput) ServerlessApp() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyTripwire) *string { return v.ServerlessApp }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyTripwireOutput) UserId() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyTripwire) *string { return v.UserId }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyTripwireOutput) UserPassword() pulumi.StringPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyTripwire) *string { return v.UserPassword }).(pulumi.StringPtrOutput) +} + +type FunctionRuntimePolicyTripwirePtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyTripwirePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyTripwire)(nil)).Elem() +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) ToFunctionRuntimePolicyTripwirePtrOutput() FunctionRuntimePolicyTripwirePtrOutput { + return o +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) ToFunctionRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyTripwirePtrOutput { + return o +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) Elem() FunctionRuntimePolicyTripwireOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyTripwire) FunctionRuntimePolicyTripwire { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyTripwire + return ret + }).(FunctionRuntimePolicyTripwireOutput) +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) ApplyOns() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyTripwire) []string { + if v == nil { + return nil + } + return v.ApplyOns + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyTripwire) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) ServerlessApp() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.ServerlessApp + }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) UserId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.UserId + }).(pulumi.StringPtrOutput) +} + +func (o FunctionRuntimePolicyTripwirePtrOutput) UserPassword() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.UserPassword + }).(pulumi.StringPtrOutput) +} + +type FunctionRuntimePolicyWhitelistedOsUsers struct { + Enabled *bool `pulumi:"enabled"` + GroupWhiteLists []string `pulumi:"groupWhiteLists"` + UserWhiteLists []string `pulumi:"userWhiteLists"` +} + +// FunctionRuntimePolicyWhitelistedOsUsersInput is an input type that accepts FunctionRuntimePolicyWhitelistedOsUsersArgs and FunctionRuntimePolicyWhitelistedOsUsersOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyWhitelistedOsUsersInput` via: +// +// FunctionRuntimePolicyWhitelistedOsUsersArgs{...} +type FunctionRuntimePolicyWhitelistedOsUsersInput interface { + pulumi.Input + + ToFunctionRuntimePolicyWhitelistedOsUsersOutput() FunctionRuntimePolicyWhitelistedOsUsersOutput + ToFunctionRuntimePolicyWhitelistedOsUsersOutputWithContext(context.Context) FunctionRuntimePolicyWhitelistedOsUsersOutput +} + +type FunctionRuntimePolicyWhitelistedOsUsersArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + GroupWhiteLists pulumi.StringArrayInput `pulumi:"groupWhiteLists"` + UserWhiteLists pulumi.StringArrayInput `pulumi:"userWhiteLists"` +} + +func (FunctionRuntimePolicyWhitelistedOsUsersArgs) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (i FunctionRuntimePolicyWhitelistedOsUsersArgs) ToFunctionRuntimePolicyWhitelistedOsUsersOutput() FunctionRuntimePolicyWhitelistedOsUsersOutput { + return i.ToFunctionRuntimePolicyWhitelistedOsUsersOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyWhitelistedOsUsersArgs) ToFunctionRuntimePolicyWhitelistedOsUsersOutputWithContext(ctx context.Context) FunctionRuntimePolicyWhitelistedOsUsersOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyWhitelistedOsUsersOutput) +} + +func (i FunctionRuntimePolicyWhitelistedOsUsersArgs) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutput() FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return i.ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i FunctionRuntimePolicyWhitelistedOsUsersArgs) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyWhitelistedOsUsersOutput).ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx) +} + +// FunctionRuntimePolicyWhitelistedOsUsersPtrInput is an input type that accepts FunctionRuntimePolicyWhitelistedOsUsersArgs, FunctionRuntimePolicyWhitelistedOsUsersPtr and FunctionRuntimePolicyWhitelistedOsUsersPtrOutput values. +// You can construct a concrete instance of `FunctionRuntimePolicyWhitelistedOsUsersPtrInput` via: +// +// FunctionRuntimePolicyWhitelistedOsUsersArgs{...} +// +// or: +// +// nil +type FunctionRuntimePolicyWhitelistedOsUsersPtrInput interface { + pulumi.Input + + ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutput() FunctionRuntimePolicyWhitelistedOsUsersPtrOutput + ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Context) FunctionRuntimePolicyWhitelistedOsUsersPtrOutput +} + +type functionRuntimePolicyWhitelistedOsUsersPtrType FunctionRuntimePolicyWhitelistedOsUsersArgs + +func FunctionRuntimePolicyWhitelistedOsUsersPtr(v *FunctionRuntimePolicyWhitelistedOsUsersArgs) FunctionRuntimePolicyWhitelistedOsUsersPtrInput { + return (*functionRuntimePolicyWhitelistedOsUsersPtrType)(v) +} + +func (*functionRuntimePolicyWhitelistedOsUsersPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (i *functionRuntimePolicyWhitelistedOsUsersPtrType) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutput() FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return i.ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i *functionRuntimePolicyWhitelistedOsUsersPtrType) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) +} + +type FunctionRuntimePolicyWhitelistedOsUsersOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyWhitelistedOsUsersOutput) ElementType() reflect.Type { + return reflect.TypeOf((*FunctionRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) ToFunctionRuntimePolicyWhitelistedOsUsersOutput() FunctionRuntimePolicyWhitelistedOsUsersOutput { + return o +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) ToFunctionRuntimePolicyWhitelistedOsUsersOutputWithContext(ctx context.Context) FunctionRuntimePolicyWhitelistedOsUsersOutput { + return o +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutput() FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return o.ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v FunctionRuntimePolicyWhitelistedOsUsers) *FunctionRuntimePolicyWhitelistedOsUsers { + return &v + }).(FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FunctionRuntimePolicyWhitelistedOsUsers) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) GroupWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyWhitelistedOsUsers) []string { return v.GroupWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersOutput) UserWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v FunctionRuntimePolicyWhitelistedOsUsers) []string { return v.UserWhiteLists }).(pulumi.StringArrayOutput) +} + +type FunctionRuntimePolicyWhitelistedOsUsersPtrOutput struct{ *pulumi.OutputState } + +func (FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**FunctionRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutput() FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return o +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) ToFunctionRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) FunctionRuntimePolicyWhitelistedOsUsersPtrOutput { + return o +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) Elem() FunctionRuntimePolicyWhitelistedOsUsersOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyWhitelistedOsUsers) FunctionRuntimePolicyWhitelistedOsUsers { + if v != nil { + return *v + } + var ret FunctionRuntimePolicyWhitelistedOsUsers + return ret + }).(FunctionRuntimePolicyWhitelistedOsUsersOutput) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyWhitelistedOsUsers) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) GroupWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyWhitelistedOsUsers) []string { + if v == nil { + return nil + } + return v.GroupWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o FunctionRuntimePolicyWhitelistedOsUsersPtrOutput) UserWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *FunctionRuntimePolicyWhitelistedOsUsers) []string { + if v == nil { + return nil + } + return v.UserWhiteLists + }).(pulumi.StringArrayOutput) +} + +type HostAssurancePolicyAutoScanTime struct { + Iteration *int `pulumi:"iteration"` + IterationType *string `pulumi:"iterationType"` + Time *string `pulumi:"time"` + WeekDays []string `pulumi:"weekDays"` +} + +// HostAssurancePolicyAutoScanTimeInput is an input type that accepts HostAssurancePolicyAutoScanTimeArgs and HostAssurancePolicyAutoScanTimeOutput values. +// You can construct a concrete instance of `HostAssurancePolicyAutoScanTimeInput` via: +// +// HostAssurancePolicyAutoScanTimeArgs{...} +type HostAssurancePolicyAutoScanTimeInput interface { + pulumi.Input + + ToHostAssurancePolicyAutoScanTimeOutput() HostAssurancePolicyAutoScanTimeOutput + ToHostAssurancePolicyAutoScanTimeOutputWithContext(context.Context) HostAssurancePolicyAutoScanTimeOutput +} + +type HostAssurancePolicyAutoScanTimeArgs struct { + Iteration pulumi.IntPtrInput `pulumi:"iteration"` + IterationType pulumi.StringPtrInput `pulumi:"iterationType"` + Time pulumi.StringPtrInput `pulumi:"time"` + WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` +} + +func (HostAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (i HostAssurancePolicyAutoScanTimeArgs) ToHostAssurancePolicyAutoScanTimeOutput() HostAssurancePolicyAutoScanTimeOutput { + return i.ToHostAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyAutoScanTimeArgs) ToHostAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyAutoScanTimeOutput) +} + +// HostAssurancePolicyAutoScanTimeArrayInput is an input type that accepts HostAssurancePolicyAutoScanTimeArray and HostAssurancePolicyAutoScanTimeArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyAutoScanTimeArrayInput` via: +// +// HostAssurancePolicyAutoScanTimeArray{ HostAssurancePolicyAutoScanTimeArgs{...} } +type HostAssurancePolicyAutoScanTimeArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyAutoScanTimeArrayOutput() HostAssurancePolicyAutoScanTimeArrayOutput + ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) HostAssurancePolicyAutoScanTimeArrayOutput +} + +type HostAssurancePolicyAutoScanTimeArray []HostAssurancePolicyAutoScanTimeInput + +func (HostAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (i HostAssurancePolicyAutoScanTimeArray) ToHostAssurancePolicyAutoScanTimeArrayOutput() HostAssurancePolicyAutoScanTimeArrayOutput { + return i.ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyAutoScanTimeArray) ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyAutoScanTimeArrayOutput) +} + +type HostAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (o HostAssurancePolicyAutoScanTimeOutput) ToHostAssurancePolicyAutoScanTimeOutput() HostAssurancePolicyAutoScanTimeOutput { + return o +} + +func (o HostAssurancePolicyAutoScanTimeOutput) ToHostAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeOutput { + return o +} + +func (o HostAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) +} + +func (o HostAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) +} + +type HostAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyAutoScanTime)(nil)).Elem() +} + +func (o HostAssurancePolicyAutoScanTimeArrayOutput) ToHostAssurancePolicyAutoScanTimeArrayOutput() HostAssurancePolicyAutoScanTimeArrayOutput { + return o +} + +func (o HostAssurancePolicyAutoScanTimeArrayOutput) ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeArrayOutput { + return o +} + +func (o HostAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyAutoScanTimeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyAutoScanTime { + return vs[0].([]HostAssurancePolicyAutoScanTime)[vs[1].(int)] + }).(HostAssurancePolicyAutoScanTimeOutput) +} + +type HostAssurancePolicyCustomCheck struct { + // Name of user account that created the policy. + Author *string `pulumi:"author"` + Description *string `pulumi:"description"` + Engine *string `pulumi:"engine"` + LastModified *int `pulumi:"lastModified"` + Name *string `pulumi:"name"` + Path *string `pulumi:"path"` + ReadOnly *bool `pulumi:"readOnly"` + ScriptId *string `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` + Snippet *string `pulumi:"snippet"` +} + +// HostAssurancePolicyCustomCheckInput is an input type that accepts HostAssurancePolicyCustomCheckArgs and HostAssurancePolicyCustomCheckOutput values. +// You can construct a concrete instance of `HostAssurancePolicyCustomCheckInput` via: +// +// HostAssurancePolicyCustomCheckArgs{...} +type HostAssurancePolicyCustomCheckInput interface { + pulumi.Input + + ToHostAssurancePolicyCustomCheckOutput() HostAssurancePolicyCustomCheckOutput + ToHostAssurancePolicyCustomCheckOutputWithContext(context.Context) HostAssurancePolicyCustomCheckOutput +} + +type HostAssurancePolicyCustomCheckArgs struct { + // Name of user account that created the policy. + Author pulumi.StringPtrInput `pulumi:"author"` + Description pulumi.StringPtrInput `pulumi:"description"` + Engine pulumi.StringPtrInput `pulumi:"engine"` + LastModified pulumi.IntPtrInput `pulumi:"lastModified"` + Name pulumi.StringPtrInput `pulumi:"name"` + Path pulumi.StringPtrInput `pulumi:"path"` + ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` + ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` + Snippet pulumi.StringPtrInput `pulumi:"snippet"` +} + +func (HostAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (i HostAssurancePolicyCustomCheckArgs) ToHostAssurancePolicyCustomCheckOutput() HostAssurancePolicyCustomCheckOutput { + return i.ToHostAssurancePolicyCustomCheckOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyCustomCheckArgs) ToHostAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyCustomCheckOutput) +} + +// HostAssurancePolicyCustomCheckArrayInput is an input type that accepts HostAssurancePolicyCustomCheckArray and HostAssurancePolicyCustomCheckArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyCustomCheckArrayInput` via: +// +// HostAssurancePolicyCustomCheckArray{ HostAssurancePolicyCustomCheckArgs{...} } +type HostAssurancePolicyCustomCheckArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyCustomCheckArrayOutput() HostAssurancePolicyCustomCheckArrayOutput + ToHostAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) HostAssurancePolicyCustomCheckArrayOutput +} + +type HostAssurancePolicyCustomCheckArray []HostAssurancePolicyCustomCheckInput + +func (HostAssurancePolicyCustomCheckArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (i HostAssurancePolicyCustomCheckArray) ToHostAssurancePolicyCustomCheckArrayOutput() HostAssurancePolicyCustomCheckArrayOutput { + return i.ToHostAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyCustomCheckArray) ToHostAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyCustomCheckArrayOutput) +} + +type HostAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (o HostAssurancePolicyCustomCheckOutput) ToHostAssurancePolicyCustomCheckOutput() HostAssurancePolicyCustomCheckOutput { + return o +} + +func (o HostAssurancePolicyCustomCheckOutput) ToHostAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckOutput { + return o +} + +// Name of user account that created the policy. +func (o HostAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (o HostAssurancePolicyCustomCheckArrayOutput) ToHostAssurancePolicyCustomCheckArrayOutput() HostAssurancePolicyCustomCheckArrayOutput { + return o +} + +func (o HostAssurancePolicyCustomCheckArrayOutput) ToHostAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckArrayOutput { + return o +} + +func (o HostAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyCustomCheckOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyCustomCheck { + return vs[0].([]HostAssurancePolicyCustomCheck)[vs[1].(int)] + }).(HostAssurancePolicyCustomCheckOutput) +} + +type HostAssurancePolicyForbiddenLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` +} + +// HostAssurancePolicyForbiddenLabelInput is an input type that accepts HostAssurancePolicyForbiddenLabelArgs and HostAssurancePolicyForbiddenLabelOutput values. +// You can construct a concrete instance of `HostAssurancePolicyForbiddenLabelInput` via: +// +// HostAssurancePolicyForbiddenLabelArgs{...} +type HostAssurancePolicyForbiddenLabelInput interface { + pulumi.Input + + ToHostAssurancePolicyForbiddenLabelOutput() HostAssurancePolicyForbiddenLabelOutput + ToHostAssurancePolicyForbiddenLabelOutputWithContext(context.Context) HostAssurancePolicyForbiddenLabelOutput +} + +type HostAssurancePolicyForbiddenLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (HostAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (i HostAssurancePolicyForbiddenLabelArgs) ToHostAssurancePolicyForbiddenLabelOutput() HostAssurancePolicyForbiddenLabelOutput { + return i.ToHostAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyForbiddenLabelArgs) ToHostAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyForbiddenLabelOutput) +} + +// HostAssurancePolicyForbiddenLabelArrayInput is an input type that accepts HostAssurancePolicyForbiddenLabelArray and HostAssurancePolicyForbiddenLabelArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyForbiddenLabelArrayInput` via: +// +// HostAssurancePolicyForbiddenLabelArray{ HostAssurancePolicyForbiddenLabelArgs{...} } +type HostAssurancePolicyForbiddenLabelArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyForbiddenLabelArrayOutput() HostAssurancePolicyForbiddenLabelArrayOutput + ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) HostAssurancePolicyForbiddenLabelArrayOutput +} + +type HostAssurancePolicyForbiddenLabelArray []HostAssurancePolicyForbiddenLabelInput + +func (HostAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (i HostAssurancePolicyForbiddenLabelArray) ToHostAssurancePolicyForbiddenLabelArrayOutput() HostAssurancePolicyForbiddenLabelArrayOutput { + return i.ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyForbiddenLabelArray) ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyForbiddenLabelArrayOutput) +} + +type HostAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (o HostAssurancePolicyForbiddenLabelOutput) ToHostAssurancePolicyForbiddenLabelOutput() HostAssurancePolicyForbiddenLabelOutput { + return o +} + +func (o HostAssurancePolicyForbiddenLabelOutput) ToHostAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelOutput { + return o +} + +func (o HostAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyForbiddenLabel)(nil)).Elem() +} + +func (o HostAssurancePolicyForbiddenLabelArrayOutput) ToHostAssurancePolicyForbiddenLabelArrayOutput() HostAssurancePolicyForbiddenLabelArrayOutput { + return o +} + +func (o HostAssurancePolicyForbiddenLabelArrayOutput) ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelArrayOutput { + return o +} + +func (o HostAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyForbiddenLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyForbiddenLabel { + return vs[0].([]HostAssurancePolicyForbiddenLabel)[vs[1].(int)] + }).(HostAssurancePolicyForbiddenLabelOutput) +} + +type HostAssurancePolicyPackagesBlackList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` +} + +// HostAssurancePolicyPackagesBlackListInput is an input type that accepts HostAssurancePolicyPackagesBlackListArgs and HostAssurancePolicyPackagesBlackListOutput values. +// You can construct a concrete instance of `HostAssurancePolicyPackagesBlackListInput` via: +// +// HostAssurancePolicyPackagesBlackListArgs{...} +type HostAssurancePolicyPackagesBlackListInput interface { + pulumi.Input + + ToHostAssurancePolicyPackagesBlackListOutput() HostAssurancePolicyPackagesBlackListOutput + ToHostAssurancePolicyPackagesBlackListOutputWithContext(context.Context) HostAssurancePolicyPackagesBlackListOutput +} + +type HostAssurancePolicyPackagesBlackListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +} + +func (HostAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (i HostAssurancePolicyPackagesBlackListArgs) ToHostAssurancePolicyPackagesBlackListOutput() HostAssurancePolicyPackagesBlackListOutput { + return i.ToHostAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyPackagesBlackListArgs) ToHostAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesBlackListOutput) +} + +// HostAssurancePolicyPackagesBlackListArrayInput is an input type that accepts HostAssurancePolicyPackagesBlackListArray and HostAssurancePolicyPackagesBlackListArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyPackagesBlackListArrayInput` via: +// +// HostAssurancePolicyPackagesBlackListArray{ HostAssurancePolicyPackagesBlackListArgs{...} } +type HostAssurancePolicyPackagesBlackListArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyPackagesBlackListArrayOutput() HostAssurancePolicyPackagesBlackListArrayOutput + ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) HostAssurancePolicyPackagesBlackListArrayOutput +} + +type HostAssurancePolicyPackagesBlackListArray []HostAssurancePolicyPackagesBlackListInput + +func (HostAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (i HostAssurancePolicyPackagesBlackListArray) ToHostAssurancePolicyPackagesBlackListArrayOutput() HostAssurancePolicyPackagesBlackListArrayOutput { + return i.ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyPackagesBlackListArray) ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesBlackListArrayOutput) +} + +type HostAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (o HostAssurancePolicyPackagesBlackListOutput) ToHostAssurancePolicyPackagesBlackListOutput() HostAssurancePolicyPackagesBlackListOutput { + return o +} + +func (o HostAssurancePolicyPackagesBlackListOutput) ToHostAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListOutput { + return o +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyPackagesBlackList)(nil)).Elem() +} + +func (o HostAssurancePolicyPackagesBlackListArrayOutput) ToHostAssurancePolicyPackagesBlackListArrayOutput() HostAssurancePolicyPackagesBlackListArrayOutput { + return o +} + +func (o HostAssurancePolicyPackagesBlackListArrayOutput) ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListArrayOutput { + return o +} + +func (o HostAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyPackagesBlackListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyPackagesBlackList { + return vs[0].([]HostAssurancePolicyPackagesBlackList)[vs[1].(int)] + }).(HostAssurancePolicyPackagesBlackListOutput) +} + +type HostAssurancePolicyPackagesWhiteList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` +} + +// HostAssurancePolicyPackagesWhiteListInput is an input type that accepts HostAssurancePolicyPackagesWhiteListArgs and HostAssurancePolicyPackagesWhiteListOutput values. +// You can construct a concrete instance of `HostAssurancePolicyPackagesWhiteListInput` via: +// +// HostAssurancePolicyPackagesWhiteListArgs{...} +type HostAssurancePolicyPackagesWhiteListInput interface { + pulumi.Input + + ToHostAssurancePolicyPackagesWhiteListOutput() HostAssurancePolicyPackagesWhiteListOutput + ToHostAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) HostAssurancePolicyPackagesWhiteListOutput +} + +type HostAssurancePolicyPackagesWhiteListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +} + +func (HostAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (i HostAssurancePolicyPackagesWhiteListArgs) ToHostAssurancePolicyPackagesWhiteListOutput() HostAssurancePolicyPackagesWhiteListOutput { + return i.ToHostAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyPackagesWhiteListArgs) ToHostAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesWhiteListOutput) +} + +// HostAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts HostAssurancePolicyPackagesWhiteListArray and HostAssurancePolicyPackagesWhiteListArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyPackagesWhiteListArrayInput` via: +// +// HostAssurancePolicyPackagesWhiteListArray{ HostAssurancePolicyPackagesWhiteListArgs{...} } +type HostAssurancePolicyPackagesWhiteListArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyPackagesWhiteListArrayOutput() HostAssurancePolicyPackagesWhiteListArrayOutput + ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) HostAssurancePolicyPackagesWhiteListArrayOutput +} + +type HostAssurancePolicyPackagesWhiteListArray []HostAssurancePolicyPackagesWhiteListInput + +func (HostAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (i HostAssurancePolicyPackagesWhiteListArray) ToHostAssurancePolicyPackagesWhiteListArrayOutput() HostAssurancePolicyPackagesWhiteListArrayOutput { + return i.ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyPackagesWhiteListArray) ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesWhiteListArrayOutput) +} + +type HostAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) ToHostAssurancePolicyPackagesWhiteListOutput() HostAssurancePolicyPackagesWhiteListOutput { + return o +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) ToHostAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListOutput { + return o +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (o HostAssurancePolicyPackagesWhiteListArrayOutput) ToHostAssurancePolicyPackagesWhiteListArrayOutput() HostAssurancePolicyPackagesWhiteListArrayOutput { + return o +} + +func (o HostAssurancePolicyPackagesWhiteListArrayOutput) ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListArrayOutput { + return o +} + +func (o HostAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyPackagesWhiteListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyPackagesWhiteList { + return vs[0].([]HostAssurancePolicyPackagesWhiteList)[vs[1].(int)] + }).(HostAssurancePolicyPackagesWhiteListOutput) +} + +type HostAssurancePolicyPolicySettings struct { + Enforce *bool `pulumi:"enforce"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + Warn *bool `pulumi:"warn"` + WarningMessage *string `pulumi:"warningMessage"` +} + +// HostAssurancePolicyPolicySettingsInput is an input type that accepts HostAssurancePolicyPolicySettingsArgs and HostAssurancePolicyPolicySettingsOutput values. +// You can construct a concrete instance of `HostAssurancePolicyPolicySettingsInput` via: +// +// HostAssurancePolicyPolicySettingsArgs{...} +type HostAssurancePolicyPolicySettingsInput interface { + pulumi.Input + + ToHostAssurancePolicyPolicySettingsOutput() HostAssurancePolicyPolicySettingsOutput + ToHostAssurancePolicyPolicySettingsOutputWithContext(context.Context) HostAssurancePolicyPolicySettingsOutput +} + +type HostAssurancePolicyPolicySettingsArgs struct { + Enforce pulumi.BoolPtrInput `pulumi:"enforce"` + IsAuditChecked pulumi.BoolPtrInput `pulumi:"isAuditChecked"` + Warn pulumi.BoolPtrInput `pulumi:"warn"` + WarningMessage pulumi.StringPtrInput `pulumi:"warningMessage"` +} + +func (HostAssurancePolicyPolicySettingsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (i HostAssurancePolicyPolicySettingsArgs) ToHostAssurancePolicyPolicySettingsOutput() HostAssurancePolicyPolicySettingsOutput { + return i.ToHostAssurancePolicyPolicySettingsOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyPolicySettingsArgs) ToHostAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) HostAssurancePolicyPolicySettingsOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPolicySettingsOutput) +} + +func (i HostAssurancePolicyPolicySettingsArgs) ToHostAssurancePolicyPolicySettingsPtrOutput() HostAssurancePolicyPolicySettingsPtrOutput { + return i.ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyPolicySettingsArgs) ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) HostAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPolicySettingsOutput).ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(ctx) +} + +// HostAssurancePolicyPolicySettingsPtrInput is an input type that accepts HostAssurancePolicyPolicySettingsArgs, HostAssurancePolicyPolicySettingsPtr and HostAssurancePolicyPolicySettingsPtrOutput values. +// You can construct a concrete instance of `HostAssurancePolicyPolicySettingsPtrInput` via: +// +// HostAssurancePolicyPolicySettingsArgs{...} +// +// or: +// +// nil +type HostAssurancePolicyPolicySettingsPtrInput interface { + pulumi.Input + + ToHostAssurancePolicyPolicySettingsPtrOutput() HostAssurancePolicyPolicySettingsPtrOutput + ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(context.Context) HostAssurancePolicyPolicySettingsPtrOutput +} + +type hostAssurancePolicyPolicySettingsPtrType HostAssurancePolicyPolicySettingsArgs + +func HostAssurancePolicyPolicySettingsPtr(v *HostAssurancePolicyPolicySettingsArgs) HostAssurancePolicyPolicySettingsPtrInput { + return (*hostAssurancePolicyPolicySettingsPtrType)(v) +} + +func (*hostAssurancePolicyPolicySettingsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (i *hostAssurancePolicyPolicySettingsPtrType) ToHostAssurancePolicyPolicySettingsPtrOutput() HostAssurancePolicyPolicySettingsPtrOutput { + return i.ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) +} + +func (i *hostAssurancePolicyPolicySettingsPtrType) ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) HostAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPolicySettingsPtrOutput) +} + +type HostAssurancePolicyPolicySettingsOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyPolicySettingsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (o HostAssurancePolicyPolicySettingsOutput) ToHostAssurancePolicyPolicySettingsOutput() HostAssurancePolicyPolicySettingsOutput { + return o +} + +func (o HostAssurancePolicyPolicySettingsOutput) ToHostAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) HostAssurancePolicyPolicySettingsOutput { + return o +} + +func (o HostAssurancePolicyPolicySettingsOutput) ToHostAssurancePolicyPolicySettingsPtrOutput() HostAssurancePolicyPolicySettingsPtrOutput { + return o.ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) +} + +func (o HostAssurancePolicyPolicySettingsOutput) ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) HostAssurancePolicyPolicySettingsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostAssurancePolicyPolicySettings) *HostAssurancePolicyPolicySettings { + return &v + }).(HostAssurancePolicyPolicySettingsPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPolicySettings) *bool { return v.Enforce }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPolicySettings) *bool { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPolicySettings) *bool { return v.Warn }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyPolicySettings) *string { return v.WarningMessage }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyPolicySettingsPtrOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyPolicySettingsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostAssurancePolicyPolicySettings)(nil)).Elem() +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) ToHostAssurancePolicyPolicySettingsPtrOutput() HostAssurancePolicyPolicySettingsPtrOutput { + return o +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) ToHostAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) HostAssurancePolicyPolicySettingsPtrOutput { + return o +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) Elem() HostAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *HostAssurancePolicyPolicySettings) HostAssurancePolicyPolicySettings { + if v != nil { + return *v + } + var ret HostAssurancePolicyPolicySettings + return ret + }).(HostAssurancePolicyPolicySettingsOutput) +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Enforce + }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.IsAuditChecked + }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Warn + }).(pulumi.BoolPtrOutput) +} + +func (o HostAssurancePolicyPolicySettingsPtrOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostAssurancePolicyPolicySettings) *string { + if v == nil { + return nil + } + return v.WarningMessage + }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyRequiredLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` +} + +// HostAssurancePolicyRequiredLabelInput is an input type that accepts HostAssurancePolicyRequiredLabelArgs and HostAssurancePolicyRequiredLabelOutput values. +// You can construct a concrete instance of `HostAssurancePolicyRequiredLabelInput` via: +// +// HostAssurancePolicyRequiredLabelArgs{...} +type HostAssurancePolicyRequiredLabelInput interface { + pulumi.Input + + ToHostAssurancePolicyRequiredLabelOutput() HostAssurancePolicyRequiredLabelOutput + ToHostAssurancePolicyRequiredLabelOutputWithContext(context.Context) HostAssurancePolicyRequiredLabelOutput +} + +type HostAssurancePolicyRequiredLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (HostAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (i HostAssurancePolicyRequiredLabelArgs) ToHostAssurancePolicyRequiredLabelOutput() HostAssurancePolicyRequiredLabelOutput { + return i.ToHostAssurancePolicyRequiredLabelOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyRequiredLabelArgs) ToHostAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyRequiredLabelOutput) +} + +// HostAssurancePolicyRequiredLabelArrayInput is an input type that accepts HostAssurancePolicyRequiredLabelArray and HostAssurancePolicyRequiredLabelArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyRequiredLabelArrayInput` via: +// +// HostAssurancePolicyRequiredLabelArray{ HostAssurancePolicyRequiredLabelArgs{...} } +type HostAssurancePolicyRequiredLabelArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyRequiredLabelArrayOutput() HostAssurancePolicyRequiredLabelArrayOutput + ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) HostAssurancePolicyRequiredLabelArrayOutput +} + +type HostAssurancePolicyRequiredLabelArray []HostAssurancePolicyRequiredLabelInput + +func (HostAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (i HostAssurancePolicyRequiredLabelArray) ToHostAssurancePolicyRequiredLabelArrayOutput() HostAssurancePolicyRequiredLabelArrayOutput { + return i.ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyRequiredLabelArray) ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyRequiredLabelArrayOutput) +} + +type HostAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o HostAssurancePolicyRequiredLabelOutput) ToHostAssurancePolicyRequiredLabelOutput() HostAssurancePolicyRequiredLabelOutput { + return o +} + +func (o HostAssurancePolicyRequiredLabelOutput) ToHostAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelOutput { + return o +} + +func (o HostAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o HostAssurancePolicyRequiredLabelArrayOutput) ToHostAssurancePolicyRequiredLabelArrayOutput() HostAssurancePolicyRequiredLabelArrayOutput { + return o +} + +func (o HostAssurancePolicyRequiredLabelArrayOutput) ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelArrayOutput { + return o +} + +func (o HostAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyRequiredLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyRequiredLabel { + return vs[0].([]HostAssurancePolicyRequiredLabel)[vs[1].(int)] + }).(HostAssurancePolicyRequiredLabelOutput) +} + +type HostAssurancePolicyScope struct { + Expression *string `pulumi:"expression"` + Variables []HostAssurancePolicyScopeVariable `pulumi:"variables"` +} + +// HostAssurancePolicyScopeInput is an input type that accepts HostAssurancePolicyScopeArgs and HostAssurancePolicyScopeOutput values. +// You can construct a concrete instance of `HostAssurancePolicyScopeInput` via: +// +// HostAssurancePolicyScopeArgs{...} +type HostAssurancePolicyScopeInput interface { + pulumi.Input + + ToHostAssurancePolicyScopeOutput() HostAssurancePolicyScopeOutput + ToHostAssurancePolicyScopeOutputWithContext(context.Context) HostAssurancePolicyScopeOutput +} + +type HostAssurancePolicyScopeArgs struct { + Expression pulumi.StringPtrInput `pulumi:"expression"` + Variables HostAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` +} + +func (HostAssurancePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyScope)(nil)).Elem() +} + +func (i HostAssurancePolicyScopeArgs) ToHostAssurancePolicyScopeOutput() HostAssurancePolicyScopeOutput { + return i.ToHostAssurancePolicyScopeOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyScopeArgs) ToHostAssurancePolicyScopeOutputWithContext(ctx context.Context) HostAssurancePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeOutput) +} + +// HostAssurancePolicyScopeArrayInput is an input type that accepts HostAssurancePolicyScopeArray and HostAssurancePolicyScopeArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyScopeArrayInput` via: +// +// HostAssurancePolicyScopeArray{ HostAssurancePolicyScopeArgs{...} } +type HostAssurancePolicyScopeArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyScopeArrayOutput() HostAssurancePolicyScopeArrayOutput + ToHostAssurancePolicyScopeArrayOutputWithContext(context.Context) HostAssurancePolicyScopeArrayOutput +} + +type HostAssurancePolicyScopeArray []HostAssurancePolicyScopeInput + +func (HostAssurancePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyScope)(nil)).Elem() +} + +func (i HostAssurancePolicyScopeArray) ToHostAssurancePolicyScopeArrayOutput() HostAssurancePolicyScopeArrayOutput { + return i.ToHostAssurancePolicyScopeArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyScopeArray) ToHostAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeArrayOutput) +} + +type HostAssurancePolicyScopeOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyScope)(nil)).Elem() +} + +func (o HostAssurancePolicyScopeOutput) ToHostAssurancePolicyScopeOutput() HostAssurancePolicyScopeOutput { + return o +} + +func (o HostAssurancePolicyScopeOutput) ToHostAssurancePolicyScopeOutputWithContext(ctx context.Context) HostAssurancePolicyScopeOutput { + return o +} + +func (o HostAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyScopeOutput) Variables() HostAssurancePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v HostAssurancePolicyScope) []HostAssurancePolicyScopeVariable { return v.Variables }).(HostAssurancePolicyScopeVariableArrayOutput) +} + +type HostAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyScope)(nil)).Elem() +} + +func (o HostAssurancePolicyScopeArrayOutput) ToHostAssurancePolicyScopeArrayOutput() HostAssurancePolicyScopeArrayOutput { + return o +} + +func (o HostAssurancePolicyScopeArrayOutput) ToHostAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeArrayOutput { + return o +} + +func (o HostAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyScope { + return vs[0].([]HostAssurancePolicyScope)[vs[1].(int)] + }).(HostAssurancePolicyScopeOutput) +} + +type HostAssurancePolicyScopeVariable struct { + Attribute *string `pulumi:"attribute"` + Name *string `pulumi:"name"` + Value *string `pulumi:"value"` +} + +// HostAssurancePolicyScopeVariableInput is an input type that accepts HostAssurancePolicyScopeVariableArgs and HostAssurancePolicyScopeVariableOutput values. +// You can construct a concrete instance of `HostAssurancePolicyScopeVariableInput` via: +// +// HostAssurancePolicyScopeVariableArgs{...} +type HostAssurancePolicyScopeVariableInput interface { + pulumi.Input + + ToHostAssurancePolicyScopeVariableOutput() HostAssurancePolicyScopeVariableOutput + ToHostAssurancePolicyScopeVariableOutputWithContext(context.Context) HostAssurancePolicyScopeVariableOutput +} + +type HostAssurancePolicyScopeVariableArgs struct { + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + Name pulumi.StringPtrInput `pulumi:"name"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (HostAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (i HostAssurancePolicyScopeVariableArgs) ToHostAssurancePolicyScopeVariableOutput() HostAssurancePolicyScopeVariableOutput { + return i.ToHostAssurancePolicyScopeVariableOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyScopeVariableArgs) ToHostAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeVariableOutput) +} + +// HostAssurancePolicyScopeVariableArrayInput is an input type that accepts HostAssurancePolicyScopeVariableArray and HostAssurancePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyScopeVariableArrayInput` via: +// +// HostAssurancePolicyScopeVariableArray{ HostAssurancePolicyScopeVariableArgs{...} } +type HostAssurancePolicyScopeVariableArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyScopeVariableArrayOutput() HostAssurancePolicyScopeVariableArrayOutput + ToHostAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) HostAssurancePolicyScopeVariableArrayOutput +} + +type HostAssurancePolicyScopeVariableArray []HostAssurancePolicyScopeVariableInput + +func (HostAssurancePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (i HostAssurancePolicyScopeVariableArray) ToHostAssurancePolicyScopeVariableArrayOutput() HostAssurancePolicyScopeVariableArrayOutput { + return i.ToHostAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyScopeVariableArray) ToHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeVariableArrayOutput) +} + +type HostAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (o HostAssurancePolicyScopeVariableOutput) ToHostAssurancePolicyScopeVariableOutput() HostAssurancePolicyScopeVariableOutput { + return o +} + +func (o HostAssurancePolicyScopeVariableOutput) ToHostAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableOutput { + return o +} + +func (o HostAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (o HostAssurancePolicyScopeVariableArrayOutput) ToHostAssurancePolicyScopeVariableArrayOutput() HostAssurancePolicyScopeVariableArrayOutput { + return o +} + +func (o HostAssurancePolicyScopeVariableArrayOutput) ToHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableArrayOutput { + return o +} + +func (o HostAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyScopeVariable { + return vs[0].([]HostAssurancePolicyScopeVariable)[vs[1].(int)] + }).(HostAssurancePolicyScopeVariableOutput) +} + +type HostAssurancePolicyTrustedBaseImage struct { + Imagename *string `pulumi:"imagename"` + Registry *string `pulumi:"registry"` +} + +// HostAssurancePolicyTrustedBaseImageInput is an input type that accepts HostAssurancePolicyTrustedBaseImageArgs and HostAssurancePolicyTrustedBaseImageOutput values. +// You can construct a concrete instance of `HostAssurancePolicyTrustedBaseImageInput` via: +// +// HostAssurancePolicyTrustedBaseImageArgs{...} +type HostAssurancePolicyTrustedBaseImageInput interface { + pulumi.Input + + ToHostAssurancePolicyTrustedBaseImageOutput() HostAssurancePolicyTrustedBaseImageOutput + ToHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) HostAssurancePolicyTrustedBaseImageOutput +} + +type HostAssurancePolicyTrustedBaseImageArgs struct { + Imagename pulumi.StringPtrInput `pulumi:"imagename"` + Registry pulumi.StringPtrInput `pulumi:"registry"` +} + +func (HostAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (i HostAssurancePolicyTrustedBaseImageArgs) ToHostAssurancePolicyTrustedBaseImageOutput() HostAssurancePolicyTrustedBaseImageOutput { + return i.ToHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyTrustedBaseImageArgs) ToHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyTrustedBaseImageOutput) +} + +// HostAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts HostAssurancePolicyTrustedBaseImageArray and HostAssurancePolicyTrustedBaseImageArrayOutput values. +// You can construct a concrete instance of `HostAssurancePolicyTrustedBaseImageArrayInput` via: +// +// HostAssurancePolicyTrustedBaseImageArray{ HostAssurancePolicyTrustedBaseImageArgs{...} } +type HostAssurancePolicyTrustedBaseImageArrayInput interface { + pulumi.Input + + ToHostAssurancePolicyTrustedBaseImageArrayOutput() HostAssurancePolicyTrustedBaseImageArrayOutput + ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) HostAssurancePolicyTrustedBaseImageArrayOutput +} + +type HostAssurancePolicyTrustedBaseImageArray []HostAssurancePolicyTrustedBaseImageInput + +func (HostAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (i HostAssurancePolicyTrustedBaseImageArray) ToHostAssurancePolicyTrustedBaseImageArrayOutput() HostAssurancePolicyTrustedBaseImageArrayOutput { + return i.ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +} + +func (i HostAssurancePolicyTrustedBaseImageArray) ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyTrustedBaseImageArrayOutput) +} + +type HostAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o HostAssurancePolicyTrustedBaseImageOutput) ToHostAssurancePolicyTrustedBaseImageOutput() HostAssurancePolicyTrustedBaseImageOutput { + return o +} + +func (o HostAssurancePolicyTrustedBaseImageOutput) ToHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageOutput { + return o +} + +func (o HostAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +} + +func (o HostAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +} + +type HostAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } + +func (HostAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o HostAssurancePolicyTrustedBaseImageArrayOutput) ToHostAssurancePolicyTrustedBaseImageArrayOutput() HostAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o HostAssurancePolicyTrustedBaseImageArrayOutput) ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o HostAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyTrustedBaseImage { + return vs[0].([]HostAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(HostAssurancePolicyTrustedBaseImageOutput) +} + +type HostRuntimePolicyAllowedExecutable struct { + // List of allowed executables. + AllowExecutables []string `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables []string `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables *bool `pulumi:"separateExecutables"` +} + +// HostRuntimePolicyAllowedExecutableInput is an input type that accepts HostRuntimePolicyAllowedExecutableArgs and HostRuntimePolicyAllowedExecutableOutput values. +// You can construct a concrete instance of `HostRuntimePolicyAllowedExecutableInput` via: +// +// HostRuntimePolicyAllowedExecutableArgs{...} +type HostRuntimePolicyAllowedExecutableInput interface { + pulumi.Input + + ToHostRuntimePolicyAllowedExecutableOutput() HostRuntimePolicyAllowedExecutableOutput + ToHostRuntimePolicyAllowedExecutableOutputWithContext(context.Context) HostRuntimePolicyAllowedExecutableOutput +} + +type HostRuntimePolicyAllowedExecutableArgs struct { + // List of allowed executables. + AllowExecutables pulumi.StringArrayInput `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables pulumi.StringArrayInput `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables pulumi.BoolPtrInput `pulumi:"separateExecutables"` +} + +func (HostRuntimePolicyAllowedExecutableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (i HostRuntimePolicyAllowedExecutableArgs) ToHostRuntimePolicyAllowedExecutableOutput() HostRuntimePolicyAllowedExecutableOutput { + return i.ToHostRuntimePolicyAllowedExecutableOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyAllowedExecutableArgs) ToHostRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedExecutableOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAllowedExecutableOutput) +} + +// HostRuntimePolicyAllowedExecutableArrayInput is an input type that accepts HostRuntimePolicyAllowedExecutableArray and HostRuntimePolicyAllowedExecutableArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyAllowedExecutableArrayInput` via: +// +// HostRuntimePolicyAllowedExecutableArray{ HostRuntimePolicyAllowedExecutableArgs{...} } +type HostRuntimePolicyAllowedExecutableArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyAllowedExecutableArrayOutput() HostRuntimePolicyAllowedExecutableArrayOutput + ToHostRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Context) HostRuntimePolicyAllowedExecutableArrayOutput +} + +type HostRuntimePolicyAllowedExecutableArray []HostRuntimePolicyAllowedExecutableInput + +func (HostRuntimePolicyAllowedExecutableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (i HostRuntimePolicyAllowedExecutableArray) ToHostRuntimePolicyAllowedExecutableArrayOutput() HostRuntimePolicyAllowedExecutableArrayOutput { + return i.ToHostRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyAllowedExecutableArray) ToHostRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedExecutableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAllowedExecutableArrayOutput) +} + +type HostRuntimePolicyAllowedExecutableOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyAllowedExecutableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (o HostRuntimePolicyAllowedExecutableOutput) ToHostRuntimePolicyAllowedExecutableOutput() HostRuntimePolicyAllowedExecutableOutput { + return o +} + +func (o HostRuntimePolicyAllowedExecutableOutput) ToHostRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedExecutableOutput { + return o +} + +// List of allowed executables. +func (o HostRuntimePolicyAllowedExecutableOutput) AllowExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyAllowedExecutable) []string { return v.AllowExecutables }).(pulumi.StringArrayOutput) +} + +// List of allowed root executables. +func (o HostRuntimePolicyAllowedExecutableOutput) AllowRootExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyAllowedExecutable) []string { return v.AllowRootExecutables }).(pulumi.StringArrayOutput) +} + +// Whether allowed executables configuration is enabled. +func (o HostRuntimePolicyAllowedExecutableOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAllowedExecutable) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to treat executables separately. +func (o HostRuntimePolicyAllowedExecutableOutput) SeparateExecutables() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAllowedExecutable) *bool { return v.SeparateExecutables }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyAllowedExecutableArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyAllowedExecutableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyAllowedExecutable)(nil)).Elem() +} + +func (o HostRuntimePolicyAllowedExecutableArrayOutput) ToHostRuntimePolicyAllowedExecutableArrayOutput() HostRuntimePolicyAllowedExecutableArrayOutput { + return o +} + +func (o HostRuntimePolicyAllowedExecutableArrayOutput) ToHostRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedExecutableArrayOutput { + return o +} + +func (o HostRuntimePolicyAllowedExecutableArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyAllowedExecutableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyAllowedExecutable { + return vs[0].([]HostRuntimePolicyAllowedExecutable)[vs[1].(int)] + }).(HostRuntimePolicyAllowedExecutableOutput) +} + +type HostRuntimePolicyAllowedRegistry struct { + // List of allowed registries. + AllowedRegistries []string `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled *bool `pulumi:"enabled"` +} + +// HostRuntimePolicyAllowedRegistryInput is an input type that accepts HostRuntimePolicyAllowedRegistryArgs and HostRuntimePolicyAllowedRegistryOutput values. +// You can construct a concrete instance of `HostRuntimePolicyAllowedRegistryInput` via: +// +// HostRuntimePolicyAllowedRegistryArgs{...} +type HostRuntimePolicyAllowedRegistryInput interface { + pulumi.Input + + ToHostRuntimePolicyAllowedRegistryOutput() HostRuntimePolicyAllowedRegistryOutput + ToHostRuntimePolicyAllowedRegistryOutputWithContext(context.Context) HostRuntimePolicyAllowedRegistryOutput +} + +type HostRuntimePolicyAllowedRegistryArgs struct { + // List of allowed registries. + AllowedRegistries pulumi.StringArrayInput `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (HostRuntimePolicyAllowedRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (i HostRuntimePolicyAllowedRegistryArgs) ToHostRuntimePolicyAllowedRegistryOutput() HostRuntimePolicyAllowedRegistryOutput { + return i.ToHostRuntimePolicyAllowedRegistryOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyAllowedRegistryArgs) ToHostRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAllowedRegistryOutput) +} + +// HostRuntimePolicyAllowedRegistryArrayInput is an input type that accepts HostRuntimePolicyAllowedRegistryArray and HostRuntimePolicyAllowedRegistryArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyAllowedRegistryArrayInput` via: +// +// HostRuntimePolicyAllowedRegistryArray{ HostRuntimePolicyAllowedRegistryArgs{...} } +type HostRuntimePolicyAllowedRegistryArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyAllowedRegistryArrayOutput() HostRuntimePolicyAllowedRegistryArrayOutput + ToHostRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Context) HostRuntimePolicyAllowedRegistryArrayOutput +} + +type HostRuntimePolicyAllowedRegistryArray []HostRuntimePolicyAllowedRegistryInput + +func (HostRuntimePolicyAllowedRegistryArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (i HostRuntimePolicyAllowedRegistryArray) ToHostRuntimePolicyAllowedRegistryArrayOutput() HostRuntimePolicyAllowedRegistryArrayOutput { + return i.ToHostRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyAllowedRegistryArray) ToHostRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedRegistryArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAllowedRegistryArrayOutput) +} + +type HostRuntimePolicyAllowedRegistryOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyAllowedRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (o HostRuntimePolicyAllowedRegistryOutput) ToHostRuntimePolicyAllowedRegistryOutput() HostRuntimePolicyAllowedRegistryOutput { + return o +} + +func (o HostRuntimePolicyAllowedRegistryOutput) ToHostRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedRegistryOutput { + return o +} + +// List of allowed registries. +func (o HostRuntimePolicyAllowedRegistryOutput) AllowedRegistries() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyAllowedRegistry) []string { return v.AllowedRegistries }).(pulumi.StringArrayOutput) +} + +// Whether allowed registries are enabled. +func (o HostRuntimePolicyAllowedRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAllowedRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyAllowedRegistryArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyAllowedRegistryArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyAllowedRegistry)(nil)).Elem() +} + +func (o HostRuntimePolicyAllowedRegistryArrayOutput) ToHostRuntimePolicyAllowedRegistryArrayOutput() HostRuntimePolicyAllowedRegistryArrayOutput { + return o +} + +func (o HostRuntimePolicyAllowedRegistryArrayOutput) ToHostRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) HostRuntimePolicyAllowedRegistryArrayOutput { + return o +} + +func (o HostRuntimePolicyAllowedRegistryArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyAllowedRegistryOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyAllowedRegistry { + return vs[0].([]HostRuntimePolicyAllowedRegistry)[vs[1].(int)] + }).(HostRuntimePolicyAllowedRegistryOutput) +} + +type HostRuntimePolicyAuditing struct { + AuditAllNetwork *bool `pulumi:"auditAllNetwork"` + AuditAllProcesses *bool `pulumi:"auditAllProcesses"` + AuditFailedLogin *bool `pulumi:"auditFailedLogin"` + AuditOsUserActivity *bool `pulumi:"auditOsUserActivity"` + AuditProcessCmdline *bool `pulumi:"auditProcessCmdline"` + AuditSuccessLogin *bool `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Enabled *bool `pulumi:"enabled"` +} + +// HostRuntimePolicyAuditingInput is an input type that accepts HostRuntimePolicyAuditingArgs and HostRuntimePolicyAuditingOutput values. +// You can construct a concrete instance of `HostRuntimePolicyAuditingInput` via: +// +// HostRuntimePolicyAuditingArgs{...} +type HostRuntimePolicyAuditingInput interface { + pulumi.Input + + ToHostRuntimePolicyAuditingOutput() HostRuntimePolicyAuditingOutput + ToHostRuntimePolicyAuditingOutputWithContext(context.Context) HostRuntimePolicyAuditingOutput +} + +type HostRuntimePolicyAuditingArgs struct { + AuditAllNetwork pulumi.BoolPtrInput `pulumi:"auditAllNetwork"` + AuditAllProcesses pulumi.BoolPtrInput `pulumi:"auditAllProcesses"` + AuditFailedLogin pulumi.BoolPtrInput `pulumi:"auditFailedLogin"` + AuditOsUserActivity pulumi.BoolPtrInput `pulumi:"auditOsUserActivity"` + AuditProcessCmdline pulumi.BoolPtrInput `pulumi:"auditProcessCmdline"` + AuditSuccessLogin pulumi.BoolPtrInput `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement pulumi.BoolPtrInput `pulumi:"auditUserAccountManagement"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (HostRuntimePolicyAuditingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyAuditing)(nil)).Elem() +} + +func (i HostRuntimePolicyAuditingArgs) ToHostRuntimePolicyAuditingOutput() HostRuntimePolicyAuditingOutput { + return i.ToHostRuntimePolicyAuditingOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyAuditingArgs) ToHostRuntimePolicyAuditingOutputWithContext(ctx context.Context) HostRuntimePolicyAuditingOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAuditingOutput) +} + +func (i HostRuntimePolicyAuditingArgs) ToHostRuntimePolicyAuditingPtrOutput() HostRuntimePolicyAuditingPtrOutput { + return i.ToHostRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyAuditingArgs) ToHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) HostRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAuditingOutput).ToHostRuntimePolicyAuditingPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyAuditingPtrInput is an input type that accepts HostRuntimePolicyAuditingArgs, HostRuntimePolicyAuditingPtr and HostRuntimePolicyAuditingPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyAuditingPtrInput` via: +// +// HostRuntimePolicyAuditingArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyAuditingPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyAuditingPtrOutput() HostRuntimePolicyAuditingPtrOutput + ToHostRuntimePolicyAuditingPtrOutputWithContext(context.Context) HostRuntimePolicyAuditingPtrOutput +} + +type hostRuntimePolicyAuditingPtrType HostRuntimePolicyAuditingArgs + +func HostRuntimePolicyAuditingPtr(v *HostRuntimePolicyAuditingArgs) HostRuntimePolicyAuditingPtrInput { + return (*hostRuntimePolicyAuditingPtrType)(v) +} + +func (*hostRuntimePolicyAuditingPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyAuditing)(nil)).Elem() +} + +func (i *hostRuntimePolicyAuditingPtrType) ToHostRuntimePolicyAuditingPtrOutput() HostRuntimePolicyAuditingPtrOutput { + return i.ToHostRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyAuditingPtrType) ToHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) HostRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyAuditingPtrOutput) +} + +type HostRuntimePolicyAuditingOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyAuditingOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyAuditing)(nil)).Elem() +} + +func (o HostRuntimePolicyAuditingOutput) ToHostRuntimePolicyAuditingOutput() HostRuntimePolicyAuditingOutput { + return o +} + +func (o HostRuntimePolicyAuditingOutput) ToHostRuntimePolicyAuditingOutputWithContext(ctx context.Context) HostRuntimePolicyAuditingOutput { + return o +} + +func (o HostRuntimePolicyAuditingOutput) ToHostRuntimePolicyAuditingPtrOutput() HostRuntimePolicyAuditingPtrOutput { + return o.ToHostRuntimePolicyAuditingPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyAuditingOutput) ToHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) HostRuntimePolicyAuditingPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyAuditing) *HostRuntimePolicyAuditing { + return &v + }).(HostRuntimePolicyAuditingPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditAllNetwork }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditAllProcesses }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditFailedLogin }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditOsUserActivity }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditProcessCmdline }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditSuccessLogin }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.AuditUserAccountManagement }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyAuditing) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyAuditingPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyAuditingPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyAuditing)(nil)).Elem() +} + +func (o HostRuntimePolicyAuditingPtrOutput) ToHostRuntimePolicyAuditingPtrOutput() HostRuntimePolicyAuditingPtrOutput { + return o +} + +func (o HostRuntimePolicyAuditingPtrOutput) ToHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) HostRuntimePolicyAuditingPtrOutput { + return o +} + +func (o HostRuntimePolicyAuditingPtrOutput) Elem() HostRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) HostRuntimePolicyAuditing { + if v != nil { + return *v + } + var ret HostRuntimePolicyAuditing + return ret + }).(HostRuntimePolicyAuditingOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllNetwork + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllProcesses + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditFailedLogin + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditOsUserActivity + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditProcessCmdline + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditSuccessLogin + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditUserAccountManagement + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyAuditingPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyBlacklistedOsUsers struct { + Enabled *bool `pulumi:"enabled"` + GroupBlackLists []string `pulumi:"groupBlackLists"` + UserBlackLists []string `pulumi:"userBlackLists"` +} + +// HostRuntimePolicyBlacklistedOsUsersInput is an input type that accepts HostRuntimePolicyBlacklistedOsUsersArgs and HostRuntimePolicyBlacklistedOsUsersOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBlacklistedOsUsersInput` via: +// +// HostRuntimePolicyBlacklistedOsUsersArgs{...} +type HostRuntimePolicyBlacklistedOsUsersInput interface { + pulumi.Input + + ToHostRuntimePolicyBlacklistedOsUsersOutput() HostRuntimePolicyBlacklistedOsUsersOutput + ToHostRuntimePolicyBlacklistedOsUsersOutputWithContext(context.Context) HostRuntimePolicyBlacklistedOsUsersOutput +} + +type HostRuntimePolicyBlacklistedOsUsersArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + GroupBlackLists pulumi.StringArrayInput `pulumi:"groupBlackLists"` + UserBlackLists pulumi.StringArrayInput `pulumi:"userBlackLists"` +} + +func (HostRuntimePolicyBlacklistedOsUsersArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (i HostRuntimePolicyBlacklistedOsUsersArgs) ToHostRuntimePolicyBlacklistedOsUsersOutput() HostRuntimePolicyBlacklistedOsUsersOutput { + return i.ToHostRuntimePolicyBlacklistedOsUsersOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBlacklistedOsUsersArgs) ToHostRuntimePolicyBlacklistedOsUsersOutputWithContext(ctx context.Context) HostRuntimePolicyBlacklistedOsUsersOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBlacklistedOsUsersOutput) +} + +func (i HostRuntimePolicyBlacklistedOsUsersArgs) ToHostRuntimePolicyBlacklistedOsUsersPtrOutput() HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return i.ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBlacklistedOsUsersArgs) ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBlacklistedOsUsersOutput).ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyBlacklistedOsUsersPtrInput is an input type that accepts HostRuntimePolicyBlacklistedOsUsersArgs, HostRuntimePolicyBlacklistedOsUsersPtr and HostRuntimePolicyBlacklistedOsUsersPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBlacklistedOsUsersPtrInput` via: +// +// HostRuntimePolicyBlacklistedOsUsersArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyBlacklistedOsUsersPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyBlacklistedOsUsersPtrOutput() HostRuntimePolicyBlacklistedOsUsersPtrOutput + ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Context) HostRuntimePolicyBlacklistedOsUsersPtrOutput +} + +type hostRuntimePolicyBlacklistedOsUsersPtrType HostRuntimePolicyBlacklistedOsUsersArgs + +func HostRuntimePolicyBlacklistedOsUsersPtr(v *HostRuntimePolicyBlacklistedOsUsersArgs) HostRuntimePolicyBlacklistedOsUsersPtrInput { + return (*hostRuntimePolicyBlacklistedOsUsersPtrType)(v) +} + +func (*hostRuntimePolicyBlacklistedOsUsersPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (i *hostRuntimePolicyBlacklistedOsUsersPtrType) ToHostRuntimePolicyBlacklistedOsUsersPtrOutput() HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return i.ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyBlacklistedOsUsersPtrType) ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBlacklistedOsUsersPtrOutput) +} + +type HostRuntimePolicyBlacklistedOsUsersOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBlacklistedOsUsersOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) ToHostRuntimePolicyBlacklistedOsUsersOutput() HostRuntimePolicyBlacklistedOsUsersOutput { + return o +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) ToHostRuntimePolicyBlacklistedOsUsersOutputWithContext(ctx context.Context) HostRuntimePolicyBlacklistedOsUsersOutput { + return o +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) ToHostRuntimePolicyBlacklistedOsUsersPtrOutput() HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return o.ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyBlacklistedOsUsers) *HostRuntimePolicyBlacklistedOsUsers { + return &v + }).(HostRuntimePolicyBlacklistedOsUsersPtrOutput) +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyBlacklistedOsUsers) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) GroupBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyBlacklistedOsUsers) []string { return v.GroupBlackLists }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyBlacklistedOsUsersOutput) UserBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyBlacklistedOsUsers) []string { return v.UserBlackLists }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyBlacklistedOsUsersPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBlacklistedOsUsersPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyBlacklistedOsUsers)(nil)).Elem() +} + +func (o HostRuntimePolicyBlacklistedOsUsersPtrOutput) ToHostRuntimePolicyBlacklistedOsUsersPtrOutput() HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return o +} + +func (o HostRuntimePolicyBlacklistedOsUsersPtrOutput) ToHostRuntimePolicyBlacklistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyBlacklistedOsUsersPtrOutput { + return o +} + +func (o HostRuntimePolicyBlacklistedOsUsersPtrOutput) Elem() HostRuntimePolicyBlacklistedOsUsersOutput { + return o.ApplyT(func(v *HostRuntimePolicyBlacklistedOsUsers) HostRuntimePolicyBlacklistedOsUsers { + if v != nil { + return *v + } + var ret HostRuntimePolicyBlacklistedOsUsers + return ret + }).(HostRuntimePolicyBlacklistedOsUsersOutput) +} + +func (o HostRuntimePolicyBlacklistedOsUsersPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyBlacklistedOsUsers) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyBlacklistedOsUsersPtrOutput) GroupBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyBlacklistedOsUsers) []string { + if v == nil { + return nil + } + return v.GroupBlackLists + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyBlacklistedOsUsersPtrOutput) UserBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyBlacklistedOsUsers) []string { + if v == nil { + return nil + } + return v.UserBlackLists + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyBypassScope struct { + // Whether bypassing the scope is enabled. + Enabled *bool `pulumi:"enabled"` + // Scope configuration. + Scopes []HostRuntimePolicyBypassScopeScope `pulumi:"scopes"` +} + +// HostRuntimePolicyBypassScopeInput is an input type that accepts HostRuntimePolicyBypassScopeArgs and HostRuntimePolicyBypassScopeOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBypassScopeInput` via: +// +// HostRuntimePolicyBypassScopeArgs{...} +type HostRuntimePolicyBypassScopeInput interface { + pulumi.Input + + ToHostRuntimePolicyBypassScopeOutput() HostRuntimePolicyBypassScopeOutput + ToHostRuntimePolicyBypassScopeOutputWithContext(context.Context) HostRuntimePolicyBypassScopeOutput +} + +type HostRuntimePolicyBypassScopeArgs struct { + // Whether bypassing the scope is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Scope configuration. + Scopes HostRuntimePolicyBypassScopeScopeArrayInput `pulumi:"scopes"` +} + +func (HostRuntimePolicyBypassScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBypassScope)(nil)).Elem() +} + +func (i HostRuntimePolicyBypassScopeArgs) ToHostRuntimePolicyBypassScopeOutput() HostRuntimePolicyBypassScopeOutput { + return i.ToHostRuntimePolicyBypassScopeOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBypassScopeArgs) ToHostRuntimePolicyBypassScopeOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBypassScopeOutput) +} + +// HostRuntimePolicyBypassScopeArrayInput is an input type that accepts HostRuntimePolicyBypassScopeArray and HostRuntimePolicyBypassScopeArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBypassScopeArrayInput` via: +// +// HostRuntimePolicyBypassScopeArray{ HostRuntimePolicyBypassScopeArgs{...} } +type HostRuntimePolicyBypassScopeArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyBypassScopeArrayOutput() HostRuntimePolicyBypassScopeArrayOutput + ToHostRuntimePolicyBypassScopeArrayOutputWithContext(context.Context) HostRuntimePolicyBypassScopeArrayOutput +} + +type HostRuntimePolicyBypassScopeArray []HostRuntimePolicyBypassScopeInput + +func (HostRuntimePolicyBypassScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyBypassScope)(nil)).Elem() +} + +func (i HostRuntimePolicyBypassScopeArray) ToHostRuntimePolicyBypassScopeArrayOutput() HostRuntimePolicyBypassScopeArrayOutput { + return i.ToHostRuntimePolicyBypassScopeArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBypassScopeArray) ToHostRuntimePolicyBypassScopeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBypassScopeArrayOutput) +} + +type HostRuntimePolicyBypassScopeOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBypassScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBypassScope)(nil)).Elem() +} + +func (o HostRuntimePolicyBypassScopeOutput) ToHostRuntimePolicyBypassScopeOutput() HostRuntimePolicyBypassScopeOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeOutput) ToHostRuntimePolicyBypassScopeOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeOutput { + return o +} + +// Whether bypassing the scope is enabled. +func (o HostRuntimePolicyBypassScopeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyBypassScope) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Scope configuration. +func (o HostRuntimePolicyBypassScopeOutput) Scopes() HostRuntimePolicyBypassScopeScopeArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyBypassScope) []HostRuntimePolicyBypassScopeScope { return v.Scopes }).(HostRuntimePolicyBypassScopeScopeArrayOutput) +} + +type HostRuntimePolicyBypassScopeArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBypassScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyBypassScope)(nil)).Elem() +} + +func (o HostRuntimePolicyBypassScopeArrayOutput) ToHostRuntimePolicyBypassScopeArrayOutput() HostRuntimePolicyBypassScopeArrayOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeArrayOutput) ToHostRuntimePolicyBypassScopeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeArrayOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyBypassScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyBypassScope { + return vs[0].([]HostRuntimePolicyBypassScope)[vs[1].(int)] + }).(HostRuntimePolicyBypassScopeOutput) +} + +type HostRuntimePolicyBypassScopeScope struct { + // Scope expression. + Expression *string `pulumi:"expression"` + // List of variables in the scope. + Variables []HostRuntimePolicyBypassScopeScopeVariable `pulumi:"variables"` +} + +// HostRuntimePolicyBypassScopeScopeInput is an input type that accepts HostRuntimePolicyBypassScopeScopeArgs and HostRuntimePolicyBypassScopeScopeOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBypassScopeScopeInput` via: +// +// HostRuntimePolicyBypassScopeScopeArgs{...} +type HostRuntimePolicyBypassScopeScopeInput interface { + pulumi.Input + + ToHostRuntimePolicyBypassScopeScopeOutput() HostRuntimePolicyBypassScopeScopeOutput + ToHostRuntimePolicyBypassScopeScopeOutputWithContext(context.Context) HostRuntimePolicyBypassScopeScopeOutput +} + +type HostRuntimePolicyBypassScopeScopeArgs struct { + // Scope expression. + Expression pulumi.StringPtrInput `pulumi:"expression"` + // List of variables in the scope. + Variables HostRuntimePolicyBypassScopeScopeVariableArrayInput `pulumi:"variables"` +} + +func (HostRuntimePolicyBypassScopeScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (i HostRuntimePolicyBypassScopeScopeArgs) ToHostRuntimePolicyBypassScopeScopeOutput() HostRuntimePolicyBypassScopeScopeOutput { + return i.ToHostRuntimePolicyBypassScopeScopeOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBypassScopeScopeArgs) ToHostRuntimePolicyBypassScopeScopeOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBypassScopeScopeOutput) +} + +// HostRuntimePolicyBypassScopeScopeArrayInput is an input type that accepts HostRuntimePolicyBypassScopeScopeArray and HostRuntimePolicyBypassScopeScopeArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBypassScopeScopeArrayInput` via: +// +// HostRuntimePolicyBypassScopeScopeArray{ HostRuntimePolicyBypassScopeScopeArgs{...} } +type HostRuntimePolicyBypassScopeScopeArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyBypassScopeScopeArrayOutput() HostRuntimePolicyBypassScopeScopeArrayOutput + ToHostRuntimePolicyBypassScopeScopeArrayOutputWithContext(context.Context) HostRuntimePolicyBypassScopeScopeArrayOutput +} + +type HostRuntimePolicyBypassScopeScopeArray []HostRuntimePolicyBypassScopeScopeInput + +func (HostRuntimePolicyBypassScopeScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (i HostRuntimePolicyBypassScopeScopeArray) ToHostRuntimePolicyBypassScopeScopeArrayOutput() HostRuntimePolicyBypassScopeScopeArrayOutput { + return i.ToHostRuntimePolicyBypassScopeScopeArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBypassScopeScopeArray) ToHostRuntimePolicyBypassScopeScopeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBypassScopeScopeArrayOutput) +} + +type HostRuntimePolicyBypassScopeScopeOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBypassScopeScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (o HostRuntimePolicyBypassScopeScopeOutput) ToHostRuntimePolicyBypassScopeScopeOutput() HostRuntimePolicyBypassScopeScopeOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeScopeOutput) ToHostRuntimePolicyBypassScopeScopeOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeOutput { + return o +} + +// Scope expression. +func (o HostRuntimePolicyBypassScopeScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyBypassScopeScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +} + +// List of variables in the scope. +func (o HostRuntimePolicyBypassScopeScopeOutput) Variables() HostRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyBypassScopeScope) []HostRuntimePolicyBypassScopeScopeVariable { + return v.Variables + }).(HostRuntimePolicyBypassScopeScopeVariableArrayOutput) +} + +type HostRuntimePolicyBypassScopeScopeArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBypassScopeScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyBypassScopeScope)(nil)).Elem() +} + +func (o HostRuntimePolicyBypassScopeScopeArrayOutput) ToHostRuntimePolicyBypassScopeScopeArrayOutput() HostRuntimePolicyBypassScopeScopeArrayOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeScopeArrayOutput) ToHostRuntimePolicyBypassScopeScopeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeArrayOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeScopeArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyBypassScopeScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyBypassScopeScope { + return vs[0].([]HostRuntimePolicyBypassScopeScope)[vs[1].(int)] + }).(HostRuntimePolicyBypassScopeScopeOutput) +} + +type HostRuntimePolicyBypassScopeScopeVariable struct { + // Variable attribute. + Attribute *string `pulumi:"attribute"` + // Variable value. + Value *string `pulumi:"value"` +} + +// HostRuntimePolicyBypassScopeScopeVariableInput is an input type that accepts HostRuntimePolicyBypassScopeScopeVariableArgs and HostRuntimePolicyBypassScopeScopeVariableOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBypassScopeScopeVariableInput` via: +// +// HostRuntimePolicyBypassScopeScopeVariableArgs{...} +type HostRuntimePolicyBypassScopeScopeVariableInput interface { + pulumi.Input + + ToHostRuntimePolicyBypassScopeScopeVariableOutput() HostRuntimePolicyBypassScopeScopeVariableOutput + ToHostRuntimePolicyBypassScopeScopeVariableOutputWithContext(context.Context) HostRuntimePolicyBypassScopeScopeVariableOutput +} + +type HostRuntimePolicyBypassScopeScopeVariableArgs struct { + // Variable attribute. + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + // Variable value. + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (HostRuntimePolicyBypassScopeScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (i HostRuntimePolicyBypassScopeScopeVariableArgs) ToHostRuntimePolicyBypassScopeScopeVariableOutput() HostRuntimePolicyBypassScopeScopeVariableOutput { + return i.ToHostRuntimePolicyBypassScopeScopeVariableOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBypassScopeScopeVariableArgs) ToHostRuntimePolicyBypassScopeScopeVariableOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBypassScopeScopeVariableOutput) +} + +// HostRuntimePolicyBypassScopeScopeVariableArrayInput is an input type that accepts HostRuntimePolicyBypassScopeScopeVariableArray and HostRuntimePolicyBypassScopeScopeVariableArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyBypassScopeScopeVariableArrayInput` via: +// +// HostRuntimePolicyBypassScopeScopeVariableArray{ HostRuntimePolicyBypassScopeScopeVariableArgs{...} } +type HostRuntimePolicyBypassScopeScopeVariableArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyBypassScopeScopeVariableArrayOutput() HostRuntimePolicyBypassScopeScopeVariableArrayOutput + ToHostRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(context.Context) HostRuntimePolicyBypassScopeScopeVariableArrayOutput +} + +type HostRuntimePolicyBypassScopeScopeVariableArray []HostRuntimePolicyBypassScopeScopeVariableInput + +func (HostRuntimePolicyBypassScopeScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (i HostRuntimePolicyBypassScopeScopeVariableArray) ToHostRuntimePolicyBypassScopeScopeVariableArrayOutput() HostRuntimePolicyBypassScopeScopeVariableArrayOutput { + return i.ToHostRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyBypassScopeScopeVariableArray) ToHostRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyBypassScopeScopeVariableArrayOutput) +} + +type HostRuntimePolicyBypassScopeScopeVariableOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBypassScopeScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (o HostRuntimePolicyBypassScopeScopeVariableOutput) ToHostRuntimePolicyBypassScopeScopeVariableOutput() HostRuntimePolicyBypassScopeScopeVariableOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeScopeVariableOutput) ToHostRuntimePolicyBypassScopeScopeVariableOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeVariableOutput { + return o +} + +// Variable attribute. +func (o HostRuntimePolicyBypassScopeScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyBypassScopeScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +} + +// Variable value. +func (o HostRuntimePolicyBypassScopeScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyBypassScopeScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type HostRuntimePolicyBypassScopeScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyBypassScopeScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyBypassScopeScopeVariable)(nil)).Elem() +} + +func (o HostRuntimePolicyBypassScopeScopeVariableArrayOutput) ToHostRuntimePolicyBypassScopeScopeVariableArrayOutput() HostRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeScopeVariableArrayOutput) ToHostRuntimePolicyBypassScopeScopeVariableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyBypassScopeScopeVariableArrayOutput { + return o +} + +func (o HostRuntimePolicyBypassScopeScopeVariableArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyBypassScopeScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyBypassScopeScopeVariable { + return vs[0].([]HostRuntimePolicyBypassScopeScopeVariable)[vs[1].(int)] + }).(HostRuntimePolicyBypassScopeScopeVariableOutput) +} + +type HostRuntimePolicyContainerExec struct { + BlockContainerExec *bool `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists []string `pulumi:"containerExecProcWhiteLists"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` +} + +// HostRuntimePolicyContainerExecInput is an input type that accepts HostRuntimePolicyContainerExecArgs and HostRuntimePolicyContainerExecOutput values. +// You can construct a concrete instance of `HostRuntimePolicyContainerExecInput` via: +// +// HostRuntimePolicyContainerExecArgs{...} +type HostRuntimePolicyContainerExecInput interface { + pulumi.Input + + ToHostRuntimePolicyContainerExecOutput() HostRuntimePolicyContainerExecOutput + ToHostRuntimePolicyContainerExecOutputWithContext(context.Context) HostRuntimePolicyContainerExecOutput +} + +type HostRuntimePolicyContainerExecArgs struct { + BlockContainerExec pulumi.BoolPtrInput `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists pulumi.StringArrayInput `pulumi:"containerExecProcWhiteLists"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` +} + +func (HostRuntimePolicyContainerExecArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyContainerExec)(nil)).Elem() +} + +func (i HostRuntimePolicyContainerExecArgs) ToHostRuntimePolicyContainerExecOutput() HostRuntimePolicyContainerExecOutput { + return i.ToHostRuntimePolicyContainerExecOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyContainerExecArgs) ToHostRuntimePolicyContainerExecOutputWithContext(ctx context.Context) HostRuntimePolicyContainerExecOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyContainerExecOutput) +} + +func (i HostRuntimePolicyContainerExecArgs) ToHostRuntimePolicyContainerExecPtrOutput() HostRuntimePolicyContainerExecPtrOutput { + return i.ToHostRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyContainerExecArgs) ToHostRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) HostRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyContainerExecOutput).ToHostRuntimePolicyContainerExecPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyContainerExecPtrInput is an input type that accepts HostRuntimePolicyContainerExecArgs, HostRuntimePolicyContainerExecPtr and HostRuntimePolicyContainerExecPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyContainerExecPtrInput` via: +// +// HostRuntimePolicyContainerExecArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyContainerExecPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyContainerExecPtrOutput() HostRuntimePolicyContainerExecPtrOutput + ToHostRuntimePolicyContainerExecPtrOutputWithContext(context.Context) HostRuntimePolicyContainerExecPtrOutput +} + +type hostRuntimePolicyContainerExecPtrType HostRuntimePolicyContainerExecArgs + +func HostRuntimePolicyContainerExecPtr(v *HostRuntimePolicyContainerExecArgs) HostRuntimePolicyContainerExecPtrInput { + return (*hostRuntimePolicyContainerExecPtrType)(v) +} + +func (*hostRuntimePolicyContainerExecPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyContainerExec)(nil)).Elem() +} + +func (i *hostRuntimePolicyContainerExecPtrType) ToHostRuntimePolicyContainerExecPtrOutput() HostRuntimePolicyContainerExecPtrOutput { + return i.ToHostRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyContainerExecPtrType) ToHostRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) HostRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyContainerExecPtrOutput) +} + +type HostRuntimePolicyContainerExecOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyContainerExecOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyContainerExec)(nil)).Elem() +} + +func (o HostRuntimePolicyContainerExecOutput) ToHostRuntimePolicyContainerExecOutput() HostRuntimePolicyContainerExecOutput { + return o +} + +func (o HostRuntimePolicyContainerExecOutput) ToHostRuntimePolicyContainerExecOutputWithContext(ctx context.Context) HostRuntimePolicyContainerExecOutput { + return o +} + +func (o HostRuntimePolicyContainerExecOutput) ToHostRuntimePolicyContainerExecPtrOutput() HostRuntimePolicyContainerExecPtrOutput { + return o.ToHostRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyContainerExecOutput) ToHostRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) HostRuntimePolicyContainerExecPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyContainerExec) *HostRuntimePolicyContainerExec { + return &v + }).(HostRuntimePolicyContainerExecPtrOutput) +} + +func (o HostRuntimePolicyContainerExecOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyContainerExec) *bool { return v.BlockContainerExec }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyContainerExecOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyContainerExec) []string { return v.ContainerExecProcWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyContainerExecOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyContainerExec) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyContainerExecOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyContainerExec) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyContainerExecPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyContainerExecPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyContainerExec)(nil)).Elem() +} + +func (o HostRuntimePolicyContainerExecPtrOutput) ToHostRuntimePolicyContainerExecPtrOutput() HostRuntimePolicyContainerExecPtrOutput { + return o +} + +func (o HostRuntimePolicyContainerExecPtrOutput) ToHostRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) HostRuntimePolicyContainerExecPtrOutput { + return o +} + +func (o HostRuntimePolicyContainerExecPtrOutput) Elem() HostRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *HostRuntimePolicyContainerExec) HostRuntimePolicyContainerExec { + if v != nil { + return *v + } + var ret HostRuntimePolicyContainerExec + return ret + }).(HostRuntimePolicyContainerExecOutput) +} + +func (o HostRuntimePolicyContainerExecPtrOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.BlockContainerExec + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyContainerExecPtrOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ContainerExecProcWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyContainerExecPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyContainerExecPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyDriftPrevention struct { + // Whether drift prevention is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown *bool `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown *bool `pulumi:"imageLockdown"` +} + +// HostRuntimePolicyDriftPreventionInput is an input type that accepts HostRuntimePolicyDriftPreventionArgs and HostRuntimePolicyDriftPreventionOutput values. +// You can construct a concrete instance of `HostRuntimePolicyDriftPreventionInput` via: +// +// HostRuntimePolicyDriftPreventionArgs{...} +type HostRuntimePolicyDriftPreventionInput interface { + pulumi.Input + + ToHostRuntimePolicyDriftPreventionOutput() HostRuntimePolicyDriftPreventionOutput + ToHostRuntimePolicyDriftPreventionOutputWithContext(context.Context) HostRuntimePolicyDriftPreventionOutput +} + +type HostRuntimePolicyDriftPreventionArgs struct { + // Whether drift prevention is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown pulumi.BoolPtrInput `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists pulumi.StringArrayInput `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown pulumi.BoolPtrInput `pulumi:"imageLockdown"` +} + +func (HostRuntimePolicyDriftPreventionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (i HostRuntimePolicyDriftPreventionArgs) ToHostRuntimePolicyDriftPreventionOutput() HostRuntimePolicyDriftPreventionOutput { + return i.ToHostRuntimePolicyDriftPreventionOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyDriftPreventionArgs) ToHostRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) HostRuntimePolicyDriftPreventionOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyDriftPreventionOutput) +} + +// HostRuntimePolicyDriftPreventionArrayInput is an input type that accepts HostRuntimePolicyDriftPreventionArray and HostRuntimePolicyDriftPreventionArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyDriftPreventionArrayInput` via: +// +// HostRuntimePolicyDriftPreventionArray{ HostRuntimePolicyDriftPreventionArgs{...} } +type HostRuntimePolicyDriftPreventionArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyDriftPreventionArrayOutput() HostRuntimePolicyDriftPreventionArrayOutput + ToHostRuntimePolicyDriftPreventionArrayOutputWithContext(context.Context) HostRuntimePolicyDriftPreventionArrayOutput +} + +type HostRuntimePolicyDriftPreventionArray []HostRuntimePolicyDriftPreventionInput + +func (HostRuntimePolicyDriftPreventionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (i HostRuntimePolicyDriftPreventionArray) ToHostRuntimePolicyDriftPreventionArrayOutput() HostRuntimePolicyDriftPreventionArrayOutput { + return i.ToHostRuntimePolicyDriftPreventionArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyDriftPreventionArray) ToHostRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) HostRuntimePolicyDriftPreventionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyDriftPreventionArrayOutput) +} + +type HostRuntimePolicyDriftPreventionOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyDriftPreventionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (o HostRuntimePolicyDriftPreventionOutput) ToHostRuntimePolicyDriftPreventionOutput() HostRuntimePolicyDriftPreventionOutput { + return o +} + +func (o HostRuntimePolicyDriftPreventionOutput) ToHostRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) HostRuntimePolicyDriftPreventionOutput { + return o +} + +// Whether drift prevention is enabled. +func (o HostRuntimePolicyDriftPreventionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyDriftPrevention) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to lockdown execution drift. +func (o HostRuntimePolicyDriftPreventionOutput) ExecLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyDriftPrevention) *bool { return v.ExecLockdown }).(pulumi.BoolPtrOutput) +} + +// List of items in the execution lockdown white list. +func (o HostRuntimePolicyDriftPreventionOutput) ExecLockdownWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyDriftPrevention) []string { return v.ExecLockdownWhiteLists }).(pulumi.StringArrayOutput) +} + +// Whether to lockdown image drift. +func (o HostRuntimePolicyDriftPreventionOutput) ImageLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyDriftPrevention) *bool { return v.ImageLockdown }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyDriftPreventionArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyDriftPreventionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (o HostRuntimePolicyDriftPreventionArrayOutput) ToHostRuntimePolicyDriftPreventionArrayOutput() HostRuntimePolicyDriftPreventionArrayOutput { + return o +} + +func (o HostRuntimePolicyDriftPreventionArrayOutput) ToHostRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) HostRuntimePolicyDriftPreventionArrayOutput { + return o +} + +func (o HostRuntimePolicyDriftPreventionArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyDriftPreventionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyDriftPrevention { + return vs[0].([]HostRuntimePolicyDriftPrevention)[vs[1].(int)] + }).(HostRuntimePolicyDriftPreventionOutput) +} + +type HostRuntimePolicyExecutableBlacklist struct { + // Whether the executable blacklist is enabled. + Enabled *bool `pulumi:"enabled"` + // List of blacklisted executables. + Executables []string `pulumi:"executables"` +} + +// HostRuntimePolicyExecutableBlacklistInput is an input type that accepts HostRuntimePolicyExecutableBlacklistArgs and HostRuntimePolicyExecutableBlacklistOutput values. +// You can construct a concrete instance of `HostRuntimePolicyExecutableBlacklistInput` via: +// +// HostRuntimePolicyExecutableBlacklistArgs{...} +type HostRuntimePolicyExecutableBlacklistInput interface { + pulumi.Input + + ToHostRuntimePolicyExecutableBlacklistOutput() HostRuntimePolicyExecutableBlacklistOutput + ToHostRuntimePolicyExecutableBlacklistOutputWithContext(context.Context) HostRuntimePolicyExecutableBlacklistOutput +} + +type HostRuntimePolicyExecutableBlacklistArgs struct { + // Whether the executable blacklist is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of blacklisted executables. + Executables pulumi.StringArrayInput `pulumi:"executables"` +} + +func (HostRuntimePolicyExecutableBlacklistArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (i HostRuntimePolicyExecutableBlacklistArgs) ToHostRuntimePolicyExecutableBlacklistOutput() HostRuntimePolicyExecutableBlacklistOutput { + return i.ToHostRuntimePolicyExecutableBlacklistOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyExecutableBlacklistArgs) ToHostRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) HostRuntimePolicyExecutableBlacklistOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyExecutableBlacklistOutput) +} + +// HostRuntimePolicyExecutableBlacklistArrayInput is an input type that accepts HostRuntimePolicyExecutableBlacklistArray and HostRuntimePolicyExecutableBlacklistArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyExecutableBlacklistArrayInput` via: +// +// HostRuntimePolicyExecutableBlacklistArray{ HostRuntimePolicyExecutableBlacklistArgs{...} } +type HostRuntimePolicyExecutableBlacklistArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyExecutableBlacklistArrayOutput() HostRuntimePolicyExecutableBlacklistArrayOutput + ToHostRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Context) HostRuntimePolicyExecutableBlacklistArrayOutput +} + +type HostRuntimePolicyExecutableBlacklistArray []HostRuntimePolicyExecutableBlacklistInput + +func (HostRuntimePolicyExecutableBlacklistArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (i HostRuntimePolicyExecutableBlacklistArray) ToHostRuntimePolicyExecutableBlacklistArrayOutput() HostRuntimePolicyExecutableBlacklistArrayOutput { + return i.ToHostRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyExecutableBlacklistArray) ToHostRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) HostRuntimePolicyExecutableBlacklistArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyExecutableBlacklistArrayOutput) +} + +type HostRuntimePolicyExecutableBlacklistOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyExecutableBlacklistOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (o HostRuntimePolicyExecutableBlacklistOutput) ToHostRuntimePolicyExecutableBlacklistOutput() HostRuntimePolicyExecutableBlacklistOutput { + return o +} + +func (o HostRuntimePolicyExecutableBlacklistOutput) ToHostRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) HostRuntimePolicyExecutableBlacklistOutput { + return o +} + +// Whether the executable blacklist is enabled. +func (o HostRuntimePolicyExecutableBlacklistOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyExecutableBlacklist) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of blacklisted executables. +func (o HostRuntimePolicyExecutableBlacklistOutput) Executables() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyExecutableBlacklist) []string { return v.Executables }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyExecutableBlacklistArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyExecutableBlacklistArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (o HostRuntimePolicyExecutableBlacklistArrayOutput) ToHostRuntimePolicyExecutableBlacklistArrayOutput() HostRuntimePolicyExecutableBlacklistArrayOutput { + return o +} + +func (o HostRuntimePolicyExecutableBlacklistArrayOutput) ToHostRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) HostRuntimePolicyExecutableBlacklistArrayOutput { + return o +} + +func (o HostRuntimePolicyExecutableBlacklistArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyExecutableBlacklistOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyExecutableBlacklist { + return vs[0].([]HostRuntimePolicyExecutableBlacklist)[vs[1].(int)] + }).(HostRuntimePolicyExecutableBlacklistOutput) +} + +type HostRuntimePolicyFailedKubernetesChecks struct { + Enabled *bool `pulumi:"enabled"` + FailedChecks []string `pulumi:"failedChecks"` +} + +// HostRuntimePolicyFailedKubernetesChecksInput is an input type that accepts HostRuntimePolicyFailedKubernetesChecksArgs and HostRuntimePolicyFailedKubernetesChecksOutput values. +// You can construct a concrete instance of `HostRuntimePolicyFailedKubernetesChecksInput` via: +// +// HostRuntimePolicyFailedKubernetesChecksArgs{...} +type HostRuntimePolicyFailedKubernetesChecksInput interface { + pulumi.Input + + ToHostRuntimePolicyFailedKubernetesChecksOutput() HostRuntimePolicyFailedKubernetesChecksOutput + ToHostRuntimePolicyFailedKubernetesChecksOutputWithContext(context.Context) HostRuntimePolicyFailedKubernetesChecksOutput +} + +type HostRuntimePolicyFailedKubernetesChecksArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + FailedChecks pulumi.StringArrayInput `pulumi:"failedChecks"` +} + +func (HostRuntimePolicyFailedKubernetesChecksArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (i HostRuntimePolicyFailedKubernetesChecksArgs) ToHostRuntimePolicyFailedKubernetesChecksOutput() HostRuntimePolicyFailedKubernetesChecksOutput { + return i.ToHostRuntimePolicyFailedKubernetesChecksOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyFailedKubernetesChecksArgs) ToHostRuntimePolicyFailedKubernetesChecksOutputWithContext(ctx context.Context) HostRuntimePolicyFailedKubernetesChecksOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFailedKubernetesChecksOutput) +} + +func (i HostRuntimePolicyFailedKubernetesChecksArgs) ToHostRuntimePolicyFailedKubernetesChecksPtrOutput() HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return i.ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyFailedKubernetesChecksArgs) ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFailedKubernetesChecksOutput).ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyFailedKubernetesChecksPtrInput is an input type that accepts HostRuntimePolicyFailedKubernetesChecksArgs, HostRuntimePolicyFailedKubernetesChecksPtr and HostRuntimePolicyFailedKubernetesChecksPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyFailedKubernetesChecksPtrInput` via: +// +// HostRuntimePolicyFailedKubernetesChecksArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyFailedKubernetesChecksPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyFailedKubernetesChecksPtrOutput() HostRuntimePolicyFailedKubernetesChecksPtrOutput + ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Context) HostRuntimePolicyFailedKubernetesChecksPtrOutput +} + +type hostRuntimePolicyFailedKubernetesChecksPtrType HostRuntimePolicyFailedKubernetesChecksArgs + +func HostRuntimePolicyFailedKubernetesChecksPtr(v *HostRuntimePolicyFailedKubernetesChecksArgs) HostRuntimePolicyFailedKubernetesChecksPtrInput { + return (*hostRuntimePolicyFailedKubernetesChecksPtrType)(v) +} + +func (*hostRuntimePolicyFailedKubernetesChecksPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (i *hostRuntimePolicyFailedKubernetesChecksPtrType) ToHostRuntimePolicyFailedKubernetesChecksPtrOutput() HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return i.ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyFailedKubernetesChecksPtrType) ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFailedKubernetesChecksPtrOutput) +} + +type HostRuntimePolicyFailedKubernetesChecksOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyFailedKubernetesChecksOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (o HostRuntimePolicyFailedKubernetesChecksOutput) ToHostRuntimePolicyFailedKubernetesChecksOutput() HostRuntimePolicyFailedKubernetesChecksOutput { + return o +} + +func (o HostRuntimePolicyFailedKubernetesChecksOutput) ToHostRuntimePolicyFailedKubernetesChecksOutputWithContext(ctx context.Context) HostRuntimePolicyFailedKubernetesChecksOutput { + return o +} + +func (o HostRuntimePolicyFailedKubernetesChecksOutput) ToHostRuntimePolicyFailedKubernetesChecksPtrOutput() HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return o.ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyFailedKubernetesChecksOutput) ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyFailedKubernetesChecks) *HostRuntimePolicyFailedKubernetesChecks { + return &v + }).(HostRuntimePolicyFailedKubernetesChecksPtrOutput) +} + +func (o HostRuntimePolicyFailedKubernetesChecksOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFailedKubernetesChecks) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyFailedKubernetesChecksOutput) FailedChecks() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFailedKubernetesChecks) []string { return v.FailedChecks }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyFailedKubernetesChecksPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyFailedKubernetesChecksPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyFailedKubernetesChecks)(nil)).Elem() +} + +func (o HostRuntimePolicyFailedKubernetesChecksPtrOutput) ToHostRuntimePolicyFailedKubernetesChecksPtrOutput() HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return o +} + +func (o HostRuntimePolicyFailedKubernetesChecksPtrOutput) ToHostRuntimePolicyFailedKubernetesChecksPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFailedKubernetesChecksPtrOutput { + return o +} + +func (o HostRuntimePolicyFailedKubernetesChecksPtrOutput) Elem() HostRuntimePolicyFailedKubernetesChecksOutput { + return o.ApplyT(func(v *HostRuntimePolicyFailedKubernetesChecks) HostRuntimePolicyFailedKubernetesChecks { + if v != nil { + return *v + } + var ret HostRuntimePolicyFailedKubernetesChecks + return ret + }).(HostRuntimePolicyFailedKubernetesChecksOutput) +} + +func (o HostRuntimePolicyFailedKubernetesChecksPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFailedKubernetesChecks) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyFailedKubernetesChecksPtrOutput) FailedChecks() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFailedKubernetesChecks) []string { + if v == nil { + return nil + } + return v.FailedChecks + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyFileBlock struct { + BlockFilesProcesses []string `pulumi:"blockFilesProcesses"` + BlockFilesUsers []string `pulumi:"blockFilesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockFiles []string `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses []string `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers []string `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists []string `pulumi:"filenameBlockLists"` +} + +// HostRuntimePolicyFileBlockInput is an input type that accepts HostRuntimePolicyFileBlockArgs and HostRuntimePolicyFileBlockOutput values. +// You can construct a concrete instance of `HostRuntimePolicyFileBlockInput` via: +// +// HostRuntimePolicyFileBlockArgs{...} +type HostRuntimePolicyFileBlockInput interface { + pulumi.Input + + ToHostRuntimePolicyFileBlockOutput() HostRuntimePolicyFileBlockOutput + ToHostRuntimePolicyFileBlockOutputWithContext(context.Context) HostRuntimePolicyFileBlockOutput +} + +type HostRuntimePolicyFileBlockArgs struct { + BlockFilesProcesses pulumi.StringArrayInput `pulumi:"blockFilesProcesses"` + BlockFilesUsers pulumi.StringArrayInput `pulumi:"blockFilesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists pulumi.StringArrayInput `pulumi:"filenameBlockLists"` +} + +func (HostRuntimePolicyFileBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyFileBlock)(nil)).Elem() +} + +func (i HostRuntimePolicyFileBlockArgs) ToHostRuntimePolicyFileBlockOutput() HostRuntimePolicyFileBlockOutput { + return i.ToHostRuntimePolicyFileBlockOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyFileBlockArgs) ToHostRuntimePolicyFileBlockOutputWithContext(ctx context.Context) HostRuntimePolicyFileBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileBlockOutput) +} + +func (i HostRuntimePolicyFileBlockArgs) ToHostRuntimePolicyFileBlockPtrOutput() HostRuntimePolicyFileBlockPtrOutput { + return i.ToHostRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyFileBlockArgs) ToHostRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileBlockOutput).ToHostRuntimePolicyFileBlockPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyFileBlockPtrInput is an input type that accepts HostRuntimePolicyFileBlockArgs, HostRuntimePolicyFileBlockPtr and HostRuntimePolicyFileBlockPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyFileBlockPtrInput` via: +// +// HostRuntimePolicyFileBlockArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyFileBlockPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyFileBlockPtrOutput() HostRuntimePolicyFileBlockPtrOutput + ToHostRuntimePolicyFileBlockPtrOutputWithContext(context.Context) HostRuntimePolicyFileBlockPtrOutput +} + +type hostRuntimePolicyFileBlockPtrType HostRuntimePolicyFileBlockArgs + +func HostRuntimePolicyFileBlockPtr(v *HostRuntimePolicyFileBlockArgs) HostRuntimePolicyFileBlockPtrInput { + return (*hostRuntimePolicyFileBlockPtrType)(v) +} + +func (*hostRuntimePolicyFileBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyFileBlock)(nil)).Elem() +} + +func (i *hostRuntimePolicyFileBlockPtrType) ToHostRuntimePolicyFileBlockPtrOutput() HostRuntimePolicyFileBlockPtrOutput { + return i.ToHostRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyFileBlockPtrType) ToHostRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileBlockPtrOutput) +} + +type HostRuntimePolicyFileBlockOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyFileBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyFileBlock)(nil)).Elem() +} + +func (o HostRuntimePolicyFileBlockOutput) ToHostRuntimePolicyFileBlockOutput() HostRuntimePolicyFileBlockOutput { + return o +} + +func (o HostRuntimePolicyFileBlockOutput) ToHostRuntimePolicyFileBlockOutputWithContext(ctx context.Context) HostRuntimePolicyFileBlockOutput { + return o +} + +func (o HostRuntimePolicyFileBlockOutput) ToHostRuntimePolicyFileBlockPtrOutput() HostRuntimePolicyFileBlockPtrOutput { + return o.ToHostRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyFileBlockOutput) ToHostRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyFileBlock) *HostRuntimePolicyFileBlock { + return &v + }).(HostRuntimePolicyFileBlockPtrOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) []string { return v.BlockFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) []string { return v.BlockFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFiles }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileBlock) []string { return v.FilenameBlockLists }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyFileBlockPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyFileBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyFileBlock)(nil)).Elem() +} + +func (o HostRuntimePolicyFileBlockPtrOutput) ToHostRuntimePolicyFileBlockPtrOutput() HostRuntimePolicyFileBlockPtrOutput { + return o +} + +func (o HostRuntimePolicyFileBlockPtrOutput) ToHostRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileBlockPtrOutput { + return o +} + +func (o HostRuntimePolicyFileBlockPtrOutput) Elem() HostRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) HostRuntimePolicyFileBlock { + if v != nil { + return *v + } + var ret HostRuntimePolicyFileBlock + return ret + }).(HostRuntimePolicyFileBlockOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFiles + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyFileBlockPtrOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.FilenameBlockLists + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyFileIntegrityMonitoring struct { + // If true, file integrity monitoring is enabled. + Enabled *bool `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles []string `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses []string `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers []string `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles []string `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes *bool `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate *bool `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete *bool `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify *bool `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses []string `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead *bool `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers []string `pulumi:"monitoredFilesUsers"` +} + +// HostRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts HostRuntimePolicyFileIntegrityMonitoringArgs and HostRuntimePolicyFileIntegrityMonitoringOutput values. +// You can construct a concrete instance of `HostRuntimePolicyFileIntegrityMonitoringInput` via: +// +// HostRuntimePolicyFileIntegrityMonitoringArgs{...} +type HostRuntimePolicyFileIntegrityMonitoringInput interface { + pulumi.Input + + ToHostRuntimePolicyFileIntegrityMonitoringOutput() HostRuntimePolicyFileIntegrityMonitoringOutput + ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) HostRuntimePolicyFileIntegrityMonitoringOutput +} + +type HostRuntimePolicyFileIntegrityMonitoringArgs struct { + // If true, file integrity monitoring is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles pulumi.StringArrayInput `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes pulumi.BoolPtrInput `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate pulumi.BoolPtrInput `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete pulumi.BoolPtrInput `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify pulumi.BoolPtrInput `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead pulumi.BoolPtrInput `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers pulumi.StringArrayInput `pulumi:"monitoredFilesUsers"` +} + +func (HostRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringOutput() HostRuntimePolicyFileIntegrityMonitoringOutput { + return i.ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileIntegrityMonitoringOutput) +} + +func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return i.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileIntegrityMonitoringOutput).ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyFileIntegrityMonitoringPtrInput is an input type that accepts HostRuntimePolicyFileIntegrityMonitoringArgs, HostRuntimePolicyFileIntegrityMonitoringPtr and HostRuntimePolicyFileIntegrityMonitoringPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyFileIntegrityMonitoringPtrInput` via: +// +// HostRuntimePolicyFileIntegrityMonitoringArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyFileIntegrityMonitoringPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput + ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput +} + +type hostRuntimePolicyFileIntegrityMonitoringPtrType HostRuntimePolicyFileIntegrityMonitoringArgs + +func HostRuntimePolicyFileIntegrityMonitoringPtr(v *HostRuntimePolicyFileIntegrityMonitoringArgs) HostRuntimePolicyFileIntegrityMonitoringPtrInput { + return (*hostRuntimePolicyFileIntegrityMonitoringPtrType)(v) +} + +func (*hostRuntimePolicyFileIntegrityMonitoringPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (i *hostRuntimePolicyFileIntegrityMonitoringPtrType) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return i.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyFileIntegrityMonitoringPtrType) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileIntegrityMonitoringPtrOutput) +} + +type HostRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringOutput() HostRuntimePolicyFileIntegrityMonitoringOutput { + return o +} + +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringOutput { + return o +} + +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyFileIntegrityMonitoring) *HostRuntimePolicyFileIntegrityMonitoring { + return &v + }).(HostRuntimePolicyFileIntegrityMonitoringPtrOutput) +} + +// If true, file integrity monitoring is enabled. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of paths to be excluded from monitoring. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFiles }).(pulumi.StringArrayOutput) +} + +// List of processes to be excluded from monitoring. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFilesProcesses }).(pulumi.StringArrayOutput) +} + +// List of users to be excluded from monitoring. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFilesUsers }).(pulumi.StringArrayOutput) +} + +// List of paths to be monitored. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFiles }).(pulumi.StringArrayOutput) +} + +// Whether to monitor file attribute operations. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesAttributes }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file create operations. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesCreate }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file delete operations. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesDelete }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file modify operations. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesModify }).(pulumi.BoolPtrOutput) +} + +// List of processes associated with monitored files. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesProcesses }).(pulumi.StringArrayOutput) +} + +// Whether to monitor file read operations. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesRead }).(pulumi.BoolPtrOutput) +} + +// List of users associated with monitored files. +func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesUsers }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyFileIntegrityMonitoringPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +} + +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o +} + +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { + return o +} + +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) Elem() HostRuntimePolicyFileIntegrityMonitoringOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) HostRuntimePolicyFileIntegrityMonitoring { + if v != nil { + return *v + } + var ret HostRuntimePolicyFileIntegrityMonitoring + return ret + }).(HostRuntimePolicyFileIntegrityMonitoringOutput) +} + +// If true, file integrity monitoring is enabled. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// List of paths to be excluded from monitoring. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredFiles + }).(pulumi.StringArrayOutput) +} + +// List of processes to be excluded from monitoring. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredFilesProcesses + }).(pulumi.StringArrayOutput) +} + +// List of users to be excluded from monitoring. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredFilesUsers + }).(pulumi.StringArrayOutput) +} + +// List of paths to be monitored. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredFiles + }).(pulumi.StringArrayOutput) +} + +// Whether to monitor file attribute operations. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesAttributes + }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file create operations. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesCreate + }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file delete operations. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesDelete + }).(pulumi.BoolPtrOutput) +} + +// Whether to monitor file modify operations. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesModify + }).(pulumi.BoolPtrOutput) +} + +// List of processes associated with monitored files. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredFilesProcesses + }).(pulumi.StringArrayOutput) +} + +// Whether to monitor file read operations. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredFilesRead + }).(pulumi.BoolPtrOutput) +} + +// List of users associated with monitored files. +func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredFilesUsers + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyLimitContainerPrivilege struct { + // Whether to block adding capabilities. + BlockAddCapabilities *bool `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode *bool `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode *bool `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode *bool `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding *bool `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser *bool `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged *bool `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser *bool `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode *bool `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode *bool `pulumi:"utsmode"` +} + +// HostRuntimePolicyLimitContainerPrivilegeInput is an input type that accepts HostRuntimePolicyLimitContainerPrivilegeArgs and HostRuntimePolicyLimitContainerPrivilegeOutput values. +// You can construct a concrete instance of `HostRuntimePolicyLimitContainerPrivilegeInput` via: +// +// HostRuntimePolicyLimitContainerPrivilegeArgs{...} +type HostRuntimePolicyLimitContainerPrivilegeInput interface { + pulumi.Input + + ToHostRuntimePolicyLimitContainerPrivilegeOutput() HostRuntimePolicyLimitContainerPrivilegeOutput + ToHostRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Context) HostRuntimePolicyLimitContainerPrivilegeOutput +} + +type HostRuntimePolicyLimitContainerPrivilegeArgs struct { + // Whether to block adding capabilities. + BlockAddCapabilities pulumi.BoolPtrInput `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode pulumi.BoolPtrInput `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode pulumi.BoolPtrInput `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode pulumi.BoolPtrInput `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding pulumi.BoolPtrInput `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser pulumi.BoolPtrInput `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged pulumi.BoolPtrInput `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser pulumi.BoolPtrInput `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode pulumi.BoolPtrInput `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode pulumi.BoolPtrInput `pulumi:"utsmode"` +} + +func (HostRuntimePolicyLimitContainerPrivilegeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (i HostRuntimePolicyLimitContainerPrivilegeArgs) ToHostRuntimePolicyLimitContainerPrivilegeOutput() HostRuntimePolicyLimitContainerPrivilegeOutput { + return i.ToHostRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyLimitContainerPrivilegeArgs) ToHostRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) HostRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyLimitContainerPrivilegeOutput) +} + +// HostRuntimePolicyLimitContainerPrivilegeArrayInput is an input type that accepts HostRuntimePolicyLimitContainerPrivilegeArray and HostRuntimePolicyLimitContainerPrivilegeArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyLimitContainerPrivilegeArrayInput` via: +// +// HostRuntimePolicyLimitContainerPrivilegeArray{ HostRuntimePolicyLimitContainerPrivilegeArgs{...} } +type HostRuntimePolicyLimitContainerPrivilegeArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyLimitContainerPrivilegeArrayOutput() HostRuntimePolicyLimitContainerPrivilegeArrayOutput + ToHostRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Context) HostRuntimePolicyLimitContainerPrivilegeArrayOutput +} + +type HostRuntimePolicyLimitContainerPrivilegeArray []HostRuntimePolicyLimitContainerPrivilegeInput + +func (HostRuntimePolicyLimitContainerPrivilegeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (i HostRuntimePolicyLimitContainerPrivilegeArray) ToHostRuntimePolicyLimitContainerPrivilegeArrayOutput() HostRuntimePolicyLimitContainerPrivilegeArrayOutput { + return i.ToHostRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyLimitContainerPrivilegeArray) ToHostRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyLimitContainerPrivilegeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyLimitContainerPrivilegeArrayOutput) +} + +type HostRuntimePolicyLimitContainerPrivilegeOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyLimitContainerPrivilegeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) ToHostRuntimePolicyLimitContainerPrivilegeOutput() HostRuntimePolicyLimitContainerPrivilegeOutput { + return o +} + +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) ToHostRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) HostRuntimePolicyLimitContainerPrivilegeOutput { + return o +} + +// Whether to block adding capabilities. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) BlockAddCapabilities() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.BlockAddCapabilities }).(pulumi.BoolPtrOutput) +} + +// Whether container privilege limitations are enabled. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to limit IPC-related capabilities. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Ipcmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Ipcmode }).(pulumi.BoolPtrOutput) +} + +// Whether to limit network-related capabilities. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Netmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Netmode }).(pulumi.BoolPtrOutput) +} + +// Whether to limit process-related capabilities. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Pidmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Pidmode }).(pulumi.BoolPtrOutput) +} + +// Whether to prevent low port binding. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) PreventLowPortBinding() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventLowPortBinding }).(pulumi.BoolPtrOutput) +} + +// Whether to prevent the use of the root user. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) PreventRootUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventRootUser }).(pulumi.BoolPtrOutput) +} + +// Whether the container is run in privileged mode. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Privileged() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Privileged }).(pulumi.BoolPtrOutput) +} + +// Whether to use the host user. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) UseHostUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.UseHostUser }).(pulumi.BoolPtrOutput) +} + +// Whether to limit user-related capabilities. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Usermode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Usermode }).(pulumi.BoolPtrOutput) +} + +// Whether to limit UTS-related capabilities. +func (o HostRuntimePolicyLimitContainerPrivilegeOutput) Utsmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLimitContainerPrivilege) *bool { return v.Utsmode }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyLimitContainerPrivilegeArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyLimitContainerPrivilegeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} + +func (o HostRuntimePolicyLimitContainerPrivilegeArrayOutput) ToHostRuntimePolicyLimitContainerPrivilegeArrayOutput() HostRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o +} + +func (o HostRuntimePolicyLimitContainerPrivilegeArrayOutput) ToHostRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyLimitContainerPrivilegeArrayOutput { + return o +} + +func (o HostRuntimePolicyLimitContainerPrivilegeArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyLimitContainerPrivilege { + return vs[0].([]HostRuntimePolicyLimitContainerPrivilege)[vs[1].(int)] + }).(HostRuntimePolicyLimitContainerPrivilegeOutput) +} + +type HostRuntimePolicyLinuxCapabilities struct { + Enabled *bool `pulumi:"enabled"` + RemoveLinuxCapabilities []string `pulumi:"removeLinuxCapabilities"` +} + +// HostRuntimePolicyLinuxCapabilitiesInput is an input type that accepts HostRuntimePolicyLinuxCapabilitiesArgs and HostRuntimePolicyLinuxCapabilitiesOutput values. +// You can construct a concrete instance of `HostRuntimePolicyLinuxCapabilitiesInput` via: +// +// HostRuntimePolicyLinuxCapabilitiesArgs{...} +type HostRuntimePolicyLinuxCapabilitiesInput interface { + pulumi.Input + + ToHostRuntimePolicyLinuxCapabilitiesOutput() HostRuntimePolicyLinuxCapabilitiesOutput + ToHostRuntimePolicyLinuxCapabilitiesOutputWithContext(context.Context) HostRuntimePolicyLinuxCapabilitiesOutput +} + +type HostRuntimePolicyLinuxCapabilitiesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + RemoveLinuxCapabilities pulumi.StringArrayInput `pulumi:"removeLinuxCapabilities"` +} + +func (HostRuntimePolicyLinuxCapabilitiesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (i HostRuntimePolicyLinuxCapabilitiesArgs) ToHostRuntimePolicyLinuxCapabilitiesOutput() HostRuntimePolicyLinuxCapabilitiesOutput { + return i.ToHostRuntimePolicyLinuxCapabilitiesOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyLinuxCapabilitiesArgs) ToHostRuntimePolicyLinuxCapabilitiesOutputWithContext(ctx context.Context) HostRuntimePolicyLinuxCapabilitiesOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyLinuxCapabilitiesOutput) +} + +func (i HostRuntimePolicyLinuxCapabilitiesArgs) ToHostRuntimePolicyLinuxCapabilitiesPtrOutput() HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return i.ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyLinuxCapabilitiesArgs) ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyLinuxCapabilitiesOutput).ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyLinuxCapabilitiesPtrInput is an input type that accepts HostRuntimePolicyLinuxCapabilitiesArgs, HostRuntimePolicyLinuxCapabilitiesPtr and HostRuntimePolicyLinuxCapabilitiesPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyLinuxCapabilitiesPtrInput` via: +// +// HostRuntimePolicyLinuxCapabilitiesArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyLinuxCapabilitiesPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyLinuxCapabilitiesPtrOutput() HostRuntimePolicyLinuxCapabilitiesPtrOutput + ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Context) HostRuntimePolicyLinuxCapabilitiesPtrOutput +} + +type hostRuntimePolicyLinuxCapabilitiesPtrType HostRuntimePolicyLinuxCapabilitiesArgs + +func HostRuntimePolicyLinuxCapabilitiesPtr(v *HostRuntimePolicyLinuxCapabilitiesArgs) HostRuntimePolicyLinuxCapabilitiesPtrInput { + return (*hostRuntimePolicyLinuxCapabilitiesPtrType)(v) +} + +func (*hostRuntimePolicyLinuxCapabilitiesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (i *hostRuntimePolicyLinuxCapabilitiesPtrType) ToHostRuntimePolicyLinuxCapabilitiesPtrOutput() HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return i.ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyLinuxCapabilitiesPtrType) ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyLinuxCapabilitiesPtrOutput) +} + +type HostRuntimePolicyLinuxCapabilitiesOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyLinuxCapabilitiesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (o HostRuntimePolicyLinuxCapabilitiesOutput) ToHostRuntimePolicyLinuxCapabilitiesOutput() HostRuntimePolicyLinuxCapabilitiesOutput { + return o +} + +func (o HostRuntimePolicyLinuxCapabilitiesOutput) ToHostRuntimePolicyLinuxCapabilitiesOutputWithContext(ctx context.Context) HostRuntimePolicyLinuxCapabilitiesOutput { + return o +} + +func (o HostRuntimePolicyLinuxCapabilitiesOutput) ToHostRuntimePolicyLinuxCapabilitiesPtrOutput() HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return o.ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyLinuxCapabilitiesOutput) ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyLinuxCapabilities) *HostRuntimePolicyLinuxCapabilities { + return &v + }).(HostRuntimePolicyLinuxCapabilitiesPtrOutput) +} + +func (o HostRuntimePolicyLinuxCapabilitiesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyLinuxCapabilities) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyLinuxCapabilitiesOutput) RemoveLinuxCapabilities() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyLinuxCapabilities) []string { return v.RemoveLinuxCapabilities }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyLinuxCapabilitiesPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyLinuxCapabilitiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyLinuxCapabilities)(nil)).Elem() +} + +func (o HostRuntimePolicyLinuxCapabilitiesPtrOutput) ToHostRuntimePolicyLinuxCapabilitiesPtrOutput() HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return o +} + +func (o HostRuntimePolicyLinuxCapabilitiesPtrOutput) ToHostRuntimePolicyLinuxCapabilitiesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyLinuxCapabilitiesPtrOutput { + return o +} + +func (o HostRuntimePolicyLinuxCapabilitiesPtrOutput) Elem() HostRuntimePolicyLinuxCapabilitiesOutput { + return o.ApplyT(func(v *HostRuntimePolicyLinuxCapabilities) HostRuntimePolicyLinuxCapabilities { + if v != nil { + return *v + } + var ret HostRuntimePolicyLinuxCapabilities + return ret + }).(HostRuntimePolicyLinuxCapabilitiesOutput) +} + +func (o HostRuntimePolicyLinuxCapabilitiesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyLinuxCapabilities) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyLinuxCapabilitiesPtrOutput) RemoveLinuxCapabilities() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyLinuxCapabilities) []string { + if v == nil { + return nil + } + return v.RemoveLinuxCapabilities + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyMalwareScanOptions struct { + // Set Action, Defaults to 'Alert' when empty + Action *string `pulumi:"action"` + // Defines if enabled or not + Enabled *bool `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories []string `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses []string `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories []string `pulumi:"includeDirectories"` +} + +// HostRuntimePolicyMalwareScanOptionsInput is an input type that accepts HostRuntimePolicyMalwareScanOptionsArgs and HostRuntimePolicyMalwareScanOptionsOutput values. +// You can construct a concrete instance of `HostRuntimePolicyMalwareScanOptionsInput` via: +// +// HostRuntimePolicyMalwareScanOptionsArgs{...} +type HostRuntimePolicyMalwareScanOptionsInput interface { + pulumi.Input + + ToHostRuntimePolicyMalwareScanOptionsOutput() HostRuntimePolicyMalwareScanOptionsOutput + ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(context.Context) HostRuntimePolicyMalwareScanOptionsOutput +} + +type HostRuntimePolicyMalwareScanOptionsArgs struct { + // Set Action, Defaults to 'Alert' when empty + Action pulumi.StringPtrInput `pulumi:"action"` + // Defines if enabled or not + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories pulumi.StringArrayInput `pulumi:"includeDirectories"` +} + +func (HostRuntimePolicyMalwareScanOptionsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsOutput() HostRuntimePolicyMalwareScanOptionsOutput { + return i.ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMalwareScanOptionsOutput) +} + +func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { + return i.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMalwareScanOptionsOutput).ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyMalwareScanOptionsPtrInput is an input type that accepts HostRuntimePolicyMalwareScanOptionsArgs, HostRuntimePolicyMalwareScanOptionsPtr and HostRuntimePolicyMalwareScanOptionsPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyMalwareScanOptionsPtrInput` via: +// +// HostRuntimePolicyMalwareScanOptionsArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyMalwareScanOptionsPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput + ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput +} + +type hostRuntimePolicyMalwareScanOptionsPtrType HostRuntimePolicyMalwareScanOptionsArgs + +func HostRuntimePolicyMalwareScanOptionsPtr(v *HostRuntimePolicyMalwareScanOptionsArgs) HostRuntimePolicyMalwareScanOptionsPtrInput { + return (*hostRuntimePolicyMalwareScanOptionsPtrType)(v) +} + +func (*hostRuntimePolicyMalwareScanOptionsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (i *hostRuntimePolicyMalwareScanOptionsPtrType) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { + return i.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyMalwareScanOptionsPtrType) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMalwareScanOptionsPtrOutput) +} + +type HostRuntimePolicyMalwareScanOptionsOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyMalwareScanOptionsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsOutput() HostRuntimePolicyMalwareScanOptionsOutput { + return o +} + +func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsOutput { + return o +} + +func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyMalwareScanOptions) *HostRuntimePolicyMalwareScanOptions { + return &v + }).(HostRuntimePolicyMalwareScanOptionsPtrOutput) +} + +// Set Action, Defaults to 'Alert' when empty +func (o HostRuntimePolicyMalwareScanOptionsOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) *string { return v.Action }).(pulumi.StringPtrOutput) +} + +// Defines if enabled or not +func (o HostRuntimePolicyMalwareScanOptionsOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of registry paths to be excluded from being protected. +func (o HostRuntimePolicyMalwareScanOptionsOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) +} + +// List of registry processes to be excluded from being protected. +func (o HostRuntimePolicyMalwareScanOptionsOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +} + +// List of registry paths to be excluded from being protected. +func (o HostRuntimePolicyMalwareScanOptionsOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) []string { return v.IncludeDirectories }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyMalwareScanOptionsPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyMalwareScanOptionsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +} + +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { + return o +} + +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { + return o +} + +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) Elem() HostRuntimePolicyMalwareScanOptionsOutput { + return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) HostRuntimePolicyMalwareScanOptions { + if v != nil { + return *v + } + var ret HostRuntimePolicyMalwareScanOptions + return ret + }).(HostRuntimePolicyMalwareScanOptionsOutput) +} + +// Set Action, Defaults to 'Alert' when empty +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) *string { + if v == nil { + return nil + } + return v.Action + }).(pulumi.StringPtrOutput) +} + +// Defines if enabled or not +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +// List of registry paths to be excluded from being protected. +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.ExcludeDirectories + }).(pulumi.StringArrayOutput) +} + +// List of registry processes to be excluded from being protected. +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.ExcludeProcesses + }).(pulumi.StringArrayOutput) +} + +// List of registry paths to be excluded from being protected. +func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) []string { + if v == nil { + return nil + } + return v.IncludeDirectories + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyPackageBlock struct { + BlockPackagesProcesses []string `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers []string `pulumi:"blockPackagesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockPackagesFiles []string `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses []string `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers []string `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists []string `pulumi:"packagesBlackLists"` +} + +// HostRuntimePolicyPackageBlockInput is an input type that accepts HostRuntimePolicyPackageBlockArgs and HostRuntimePolicyPackageBlockOutput values. +// You can construct a concrete instance of `HostRuntimePolicyPackageBlockInput` via: +// +// HostRuntimePolicyPackageBlockArgs{...} +type HostRuntimePolicyPackageBlockInput interface { + pulumi.Input + + ToHostRuntimePolicyPackageBlockOutput() HostRuntimePolicyPackageBlockOutput + ToHostRuntimePolicyPackageBlockOutputWithContext(context.Context) HostRuntimePolicyPackageBlockOutput +} + +type HostRuntimePolicyPackageBlockArgs struct { + BlockPackagesProcesses pulumi.StringArrayInput `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers pulumi.StringArrayInput `pulumi:"blockPackagesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockPackagesFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists pulumi.StringArrayInput `pulumi:"packagesBlackLists"` +} + +func (HostRuntimePolicyPackageBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i HostRuntimePolicyPackageBlockArgs) ToHostRuntimePolicyPackageBlockOutput() HostRuntimePolicyPackageBlockOutput { + return i.ToHostRuntimePolicyPackageBlockOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyPackageBlockArgs) ToHostRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) HostRuntimePolicyPackageBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyPackageBlockOutput) +} + +// HostRuntimePolicyPackageBlockArrayInput is an input type that accepts HostRuntimePolicyPackageBlockArray and HostRuntimePolicyPackageBlockArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyPackageBlockArrayInput` via: +// +// HostRuntimePolicyPackageBlockArray{ HostRuntimePolicyPackageBlockArgs{...} } +type HostRuntimePolicyPackageBlockArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyPackageBlockArrayOutput() HostRuntimePolicyPackageBlockArrayOutput + ToHostRuntimePolicyPackageBlockArrayOutputWithContext(context.Context) HostRuntimePolicyPackageBlockArrayOutput +} + +type HostRuntimePolicyPackageBlockArray []HostRuntimePolicyPackageBlockInput + +func (HostRuntimePolicyPackageBlockArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i HostRuntimePolicyPackageBlockArray) ToHostRuntimePolicyPackageBlockArrayOutput() HostRuntimePolicyPackageBlockArrayOutput { + return i.ToHostRuntimePolicyPackageBlockArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyPackageBlockArray) ToHostRuntimePolicyPackageBlockArrayOutputWithContext(ctx context.Context) HostRuntimePolicyPackageBlockArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyPackageBlockArrayOutput) +} + +type HostRuntimePolicyPackageBlockOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyPackageBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o HostRuntimePolicyPackageBlockOutput) ToHostRuntimePolicyPackageBlockOutput() HostRuntimePolicyPackageBlockOutput { + return o +} + +func (o HostRuntimePolicyPackageBlockOutput) ToHostRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) HostRuntimePolicyPackageBlockOutput { + return o +} + +func (o HostRuntimePolicyPackageBlockOutput) BlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) []string { return v.BlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPackageBlockOutput) BlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) []string { return v.BlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPackageBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesFiles }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPackageBlockOutput) PackagesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPackageBlock) []string { return v.PackagesBlackLists }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyPackageBlockArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyPackageBlockArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o HostRuntimePolicyPackageBlockArrayOutput) ToHostRuntimePolicyPackageBlockArrayOutput() HostRuntimePolicyPackageBlockArrayOutput { + return o +} + +func (o HostRuntimePolicyPackageBlockArrayOutput) ToHostRuntimePolicyPackageBlockArrayOutputWithContext(ctx context.Context) HostRuntimePolicyPackageBlockArrayOutput { + return o +} + +func (o HostRuntimePolicyPackageBlockArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyPackageBlockOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyPackageBlock { + return vs[0].([]HostRuntimePolicyPackageBlock)[vs[1].(int)] + }).(HostRuntimePolicyPackageBlockOutput) +} + +type HostRuntimePolicyPortBlock struct { + BlockInboundPorts []string `pulumi:"blockInboundPorts"` + BlockOutboundPorts []string `pulumi:"blockOutboundPorts"` + Enabled *bool `pulumi:"enabled"` +} + +// HostRuntimePolicyPortBlockInput is an input type that accepts HostRuntimePolicyPortBlockArgs and HostRuntimePolicyPortBlockOutput values. +// You can construct a concrete instance of `HostRuntimePolicyPortBlockInput` via: +// +// HostRuntimePolicyPortBlockArgs{...} +type HostRuntimePolicyPortBlockInput interface { + pulumi.Input + + ToHostRuntimePolicyPortBlockOutput() HostRuntimePolicyPortBlockOutput + ToHostRuntimePolicyPortBlockOutputWithContext(context.Context) HostRuntimePolicyPortBlockOutput +} + +type HostRuntimePolicyPortBlockArgs struct { + BlockInboundPorts pulumi.StringArrayInput `pulumi:"blockInboundPorts"` + BlockOutboundPorts pulumi.StringArrayInput `pulumi:"blockOutboundPorts"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` +} + +func (HostRuntimePolicyPortBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyPortBlock)(nil)).Elem() +} + +func (i HostRuntimePolicyPortBlockArgs) ToHostRuntimePolicyPortBlockOutput() HostRuntimePolicyPortBlockOutput { + return i.ToHostRuntimePolicyPortBlockOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyPortBlockArgs) ToHostRuntimePolicyPortBlockOutputWithContext(ctx context.Context) HostRuntimePolicyPortBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyPortBlockOutput) +} + +func (i HostRuntimePolicyPortBlockArgs) ToHostRuntimePolicyPortBlockPtrOutput() HostRuntimePolicyPortBlockPtrOutput { + return i.ToHostRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyPortBlockArgs) ToHostRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyPortBlockOutput).ToHostRuntimePolicyPortBlockPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyPortBlockPtrInput is an input type that accepts HostRuntimePolicyPortBlockArgs, HostRuntimePolicyPortBlockPtr and HostRuntimePolicyPortBlockPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyPortBlockPtrInput` via: +// +// HostRuntimePolicyPortBlockArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyPortBlockPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyPortBlockPtrOutput() HostRuntimePolicyPortBlockPtrOutput + ToHostRuntimePolicyPortBlockPtrOutputWithContext(context.Context) HostRuntimePolicyPortBlockPtrOutput +} + +type hostRuntimePolicyPortBlockPtrType HostRuntimePolicyPortBlockArgs + +func HostRuntimePolicyPortBlockPtr(v *HostRuntimePolicyPortBlockArgs) HostRuntimePolicyPortBlockPtrInput { + return (*hostRuntimePolicyPortBlockPtrType)(v) +} + +func (*hostRuntimePolicyPortBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyPortBlock)(nil)).Elem() +} + +func (i *hostRuntimePolicyPortBlockPtrType) ToHostRuntimePolicyPortBlockPtrOutput() HostRuntimePolicyPortBlockPtrOutput { + return i.ToHostRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyPortBlockPtrType) ToHostRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyPortBlockPtrOutput) +} + +type HostRuntimePolicyPortBlockOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyPortBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyPortBlock)(nil)).Elem() +} + +func (o HostRuntimePolicyPortBlockOutput) ToHostRuntimePolicyPortBlockOutput() HostRuntimePolicyPortBlockOutput { + return o +} + +func (o HostRuntimePolicyPortBlockOutput) ToHostRuntimePolicyPortBlockOutputWithContext(ctx context.Context) HostRuntimePolicyPortBlockOutput { + return o +} + +func (o HostRuntimePolicyPortBlockOutput) ToHostRuntimePolicyPortBlockPtrOutput() HostRuntimePolicyPortBlockPtrOutput { + return o.ToHostRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyPortBlockOutput) ToHostRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyPortBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyPortBlock) *HostRuntimePolicyPortBlock { + return &v + }).(HostRuntimePolicyPortBlockPtrOutput) +} + +func (o HostRuntimePolicyPortBlockOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPortBlock) []string { return v.BlockInboundPorts }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPortBlockOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyPortBlock) []string { return v.BlockOutboundPorts }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPortBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyPortBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyPortBlockPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyPortBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyPortBlock)(nil)).Elem() +} + +func (o HostRuntimePolicyPortBlockPtrOutput) ToHostRuntimePolicyPortBlockPtrOutput() HostRuntimePolicyPortBlockPtrOutput { + return o +} + +func (o HostRuntimePolicyPortBlockPtrOutput) ToHostRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) HostRuntimePolicyPortBlockPtrOutput { + return o +} + +func (o HostRuntimePolicyPortBlockPtrOutput) Elem() HostRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *HostRuntimePolicyPortBlock) HostRuntimePolicyPortBlock { + if v != nil { + return *v + } + var ret HostRuntimePolicyPortBlock + return ret + }).(HostRuntimePolicyPortBlockOutput) +} + +func (o HostRuntimePolicyPortBlockPtrOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockInboundPorts + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPortBlockPtrOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockOutboundPorts + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyPortBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyPortBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyReadonlyFiles struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyFiles []string `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses []string `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers []string `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles []string `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses []string `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers []string `pulumi:"readonlyFilesUsers"` +} + +// HostRuntimePolicyReadonlyFilesInput is an input type that accepts HostRuntimePolicyReadonlyFilesArgs and HostRuntimePolicyReadonlyFilesOutput values. +// You can construct a concrete instance of `HostRuntimePolicyReadonlyFilesInput` via: +// +// HostRuntimePolicyReadonlyFilesArgs{...} +type HostRuntimePolicyReadonlyFilesInput interface { + pulumi.Input + + ToHostRuntimePolicyReadonlyFilesOutput() HostRuntimePolicyReadonlyFilesOutput + ToHostRuntimePolicyReadonlyFilesOutputWithContext(context.Context) HostRuntimePolicyReadonlyFilesOutput +} + +type HostRuntimePolicyReadonlyFilesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyFiles pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles pulumi.StringArrayInput `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"readonlyFilesUsers"` +} + +func (HostRuntimePolicyReadonlyFilesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (i HostRuntimePolicyReadonlyFilesArgs) ToHostRuntimePolicyReadonlyFilesOutput() HostRuntimePolicyReadonlyFilesOutput { + return i.ToHostRuntimePolicyReadonlyFilesOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyReadonlyFilesArgs) ToHostRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyFilesOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReadonlyFilesOutput) +} + +func (i HostRuntimePolicyReadonlyFilesArgs) ToHostRuntimePolicyReadonlyFilesPtrOutput() HostRuntimePolicyReadonlyFilesPtrOutput { + return i.ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyReadonlyFilesArgs) ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReadonlyFilesOutput).ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyReadonlyFilesPtrInput is an input type that accepts HostRuntimePolicyReadonlyFilesArgs, HostRuntimePolicyReadonlyFilesPtr and HostRuntimePolicyReadonlyFilesPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyReadonlyFilesPtrInput` via: +// +// HostRuntimePolicyReadonlyFilesArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyReadonlyFilesPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyReadonlyFilesPtrOutput() HostRuntimePolicyReadonlyFilesPtrOutput + ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Context) HostRuntimePolicyReadonlyFilesPtrOutput +} + +type hostRuntimePolicyReadonlyFilesPtrType HostRuntimePolicyReadonlyFilesArgs + +func HostRuntimePolicyReadonlyFilesPtr(v *HostRuntimePolicyReadonlyFilesArgs) HostRuntimePolicyReadonlyFilesPtrInput { + return (*hostRuntimePolicyReadonlyFilesPtrType)(v) +} + +func (*hostRuntimePolicyReadonlyFilesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (i *hostRuntimePolicyReadonlyFilesPtrType) ToHostRuntimePolicyReadonlyFilesPtrOutput() HostRuntimePolicyReadonlyFilesPtrOutput { + return i.ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyReadonlyFilesPtrType) ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReadonlyFilesPtrOutput) +} + +type HostRuntimePolicyReadonlyFilesOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyReadonlyFilesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ToHostRuntimePolicyReadonlyFilesOutput() HostRuntimePolicyReadonlyFilesOutput { + return o +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ToHostRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyFilesOutput { + return o +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ToHostRuntimePolicyReadonlyFilesPtrOutput() HostRuntimePolicyReadonlyFilesPtrOutput { + return o.ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyFilesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyReadonlyFiles) *HostRuntimePolicyReadonlyFiles { + return &v + }).(HostRuntimePolicyReadonlyFilesPtrOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFiles }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFiles }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesUsers }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyReadonlyFilesPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyReadonlyFilesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyReadonlyFiles)(nil)).Elem() +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ToHostRuntimePolicyReadonlyFilesPtrOutput() HostRuntimePolicyReadonlyFilesPtrOutput { + return o +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ToHostRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyFilesPtrOutput { + return o +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) Elem() HostRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) HostRuntimePolicyReadonlyFiles { + if v != nil { + return *v + } + var ret HostRuntimePolicyReadonlyFiles + return ret + }).(HostRuntimePolicyReadonlyFilesOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFiles + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesUsers + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFiles + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesUsers + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyReadonlyRegistry struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyRegistryPaths []string `pulumi:"exceptionalReadonlyRegistryPaths"` + ExceptionalReadonlyRegistryProcesses []string `pulumi:"exceptionalReadonlyRegistryProcesses"` + ExceptionalReadonlyRegistryUsers []string `pulumi:"exceptionalReadonlyRegistryUsers"` + ReadonlyRegistryPaths []string `pulumi:"readonlyRegistryPaths"` + ReadonlyRegistryProcesses []string `pulumi:"readonlyRegistryProcesses"` + ReadonlyRegistryUsers []string `pulumi:"readonlyRegistryUsers"` +} + +// HostRuntimePolicyReadonlyRegistryInput is an input type that accepts HostRuntimePolicyReadonlyRegistryArgs and HostRuntimePolicyReadonlyRegistryOutput values. +// You can construct a concrete instance of `HostRuntimePolicyReadonlyRegistryInput` via: +// +// HostRuntimePolicyReadonlyRegistryArgs{...} +type HostRuntimePolicyReadonlyRegistryInput interface { + pulumi.Input + + ToHostRuntimePolicyReadonlyRegistryOutput() HostRuntimePolicyReadonlyRegistryOutput + ToHostRuntimePolicyReadonlyRegistryOutputWithContext(context.Context) HostRuntimePolicyReadonlyRegistryOutput +} + +type HostRuntimePolicyReadonlyRegistryArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyRegistryPaths pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryPaths"` + ExceptionalReadonlyRegistryProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryProcesses"` + ExceptionalReadonlyRegistryUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyRegistryUsers"` + ReadonlyRegistryPaths pulumi.StringArrayInput `pulumi:"readonlyRegistryPaths"` + ReadonlyRegistryProcesses pulumi.StringArrayInput `pulumi:"readonlyRegistryProcesses"` + ReadonlyRegistryUsers pulumi.StringArrayInput `pulumi:"readonlyRegistryUsers"` +} + +func (HostRuntimePolicyReadonlyRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (i HostRuntimePolicyReadonlyRegistryArgs) ToHostRuntimePolicyReadonlyRegistryOutput() HostRuntimePolicyReadonlyRegistryOutput { + return i.ToHostRuntimePolicyReadonlyRegistryOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyReadonlyRegistryArgs) ToHostRuntimePolicyReadonlyRegistryOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReadonlyRegistryOutput) +} + +func (i HostRuntimePolicyReadonlyRegistryArgs) ToHostRuntimePolicyReadonlyRegistryPtrOutput() HostRuntimePolicyReadonlyRegistryPtrOutput { + return i.ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyReadonlyRegistryArgs) ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyRegistryPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReadonlyRegistryOutput).ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyReadonlyRegistryPtrInput is an input type that accepts HostRuntimePolicyReadonlyRegistryArgs, HostRuntimePolicyReadonlyRegistryPtr and HostRuntimePolicyReadonlyRegistryPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyReadonlyRegistryPtrInput` via: +// +// HostRuntimePolicyReadonlyRegistryArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyReadonlyRegistryPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyReadonlyRegistryPtrOutput() HostRuntimePolicyReadonlyRegistryPtrOutput + ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Context) HostRuntimePolicyReadonlyRegistryPtrOutput +} + +type hostRuntimePolicyReadonlyRegistryPtrType HostRuntimePolicyReadonlyRegistryArgs + +func HostRuntimePolicyReadonlyRegistryPtr(v *HostRuntimePolicyReadonlyRegistryArgs) HostRuntimePolicyReadonlyRegistryPtrInput { + return (*hostRuntimePolicyReadonlyRegistryPtrType)(v) +} + +func (*hostRuntimePolicyReadonlyRegistryPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (i *hostRuntimePolicyReadonlyRegistryPtrType) ToHostRuntimePolicyReadonlyRegistryPtrOutput() HostRuntimePolicyReadonlyRegistryPtrOutput { + return i.ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyReadonlyRegistryPtrType) ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyRegistryPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReadonlyRegistryPtrOutput) +} + +type HostRuntimePolicyReadonlyRegistryOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyReadonlyRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ToHostRuntimePolicyReadonlyRegistryOutput() HostRuntimePolicyReadonlyRegistryOutput { + return o +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ToHostRuntimePolicyReadonlyRegistryOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyRegistryOutput { + return o +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ToHostRuntimePolicyReadonlyRegistryPtrOutput() HostRuntimePolicyReadonlyRegistryPtrOutput { + return o.ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyRegistryPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyReadonlyRegistry) *HostRuntimePolicyReadonlyRegistry { + return &v + }).(HostRuntimePolicyReadonlyRegistryPtrOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ExceptionalReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) []string { return v.ExceptionalReadonlyRegistryUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryOutput) ReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReadonlyRegistry) []string { return v.ReadonlyRegistryUsers }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyReadonlyRegistryPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyReadonlyRegistryPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyReadonlyRegistry)(nil)).Elem() +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ToHostRuntimePolicyReadonlyRegistryPtrOutput() HostRuntimePolicyReadonlyRegistryPtrOutput { + return o +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ToHostRuntimePolicyReadonlyRegistryPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReadonlyRegistryPtrOutput { + return o +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) Elem() HostRuntimePolicyReadonlyRegistryOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) HostRuntimePolicyReadonlyRegistry { + if v != nil { + return *v + } + var ret HostRuntimePolicyReadonlyRegistry + return ret + }).(HostRuntimePolicyReadonlyRegistryOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ExceptionalReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReadonlyRegistryPtrOutput) ReadonlyRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReadonlyRegistry) []string { + if v == nil { + return nil + } + return v.ReadonlyRegistryUsers + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyRegistryAccessMonitoring struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalMonitoredRegistryPaths []string `pulumi:"exceptionalMonitoredRegistryPaths"` + ExceptionalMonitoredRegistryProcesses []string `pulumi:"exceptionalMonitoredRegistryProcesses"` + ExceptionalMonitoredRegistryUsers []string `pulumi:"exceptionalMonitoredRegistryUsers"` + MonitoredRegistryAttributes *bool `pulumi:"monitoredRegistryAttributes"` + MonitoredRegistryCreate *bool `pulumi:"monitoredRegistryCreate"` + MonitoredRegistryDelete *bool `pulumi:"monitoredRegistryDelete"` + MonitoredRegistryModify *bool `pulumi:"monitoredRegistryModify"` + MonitoredRegistryPaths []string `pulumi:"monitoredRegistryPaths"` + MonitoredRegistryProcesses []string `pulumi:"monitoredRegistryProcesses"` + MonitoredRegistryRead *bool `pulumi:"monitoredRegistryRead"` + MonitoredRegistryUsers []string `pulumi:"monitoredRegistryUsers"` +} + +// HostRuntimePolicyRegistryAccessMonitoringInput is an input type that accepts HostRuntimePolicyRegistryAccessMonitoringArgs and HostRuntimePolicyRegistryAccessMonitoringOutput values. +// You can construct a concrete instance of `HostRuntimePolicyRegistryAccessMonitoringInput` via: +// +// HostRuntimePolicyRegistryAccessMonitoringArgs{...} +type HostRuntimePolicyRegistryAccessMonitoringInput interface { + pulumi.Input + + ToHostRuntimePolicyRegistryAccessMonitoringOutput() HostRuntimePolicyRegistryAccessMonitoringOutput + ToHostRuntimePolicyRegistryAccessMonitoringOutputWithContext(context.Context) HostRuntimePolicyRegistryAccessMonitoringOutput +} + +type HostRuntimePolicyRegistryAccessMonitoringArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalMonitoredRegistryPaths pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryPaths"` + ExceptionalMonitoredRegistryProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryProcesses"` + ExceptionalMonitoredRegistryUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredRegistryUsers"` + MonitoredRegistryAttributes pulumi.BoolPtrInput `pulumi:"monitoredRegistryAttributes"` + MonitoredRegistryCreate pulumi.BoolPtrInput `pulumi:"monitoredRegistryCreate"` + MonitoredRegistryDelete pulumi.BoolPtrInput `pulumi:"monitoredRegistryDelete"` + MonitoredRegistryModify pulumi.BoolPtrInput `pulumi:"monitoredRegistryModify"` + MonitoredRegistryPaths pulumi.StringArrayInput `pulumi:"monitoredRegistryPaths"` + MonitoredRegistryProcesses pulumi.StringArrayInput `pulumi:"monitoredRegistryProcesses"` + MonitoredRegistryRead pulumi.BoolPtrInput `pulumi:"monitoredRegistryRead"` + MonitoredRegistryUsers pulumi.StringArrayInput `pulumi:"monitoredRegistryUsers"` +} + +func (HostRuntimePolicyRegistryAccessMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (i HostRuntimePolicyRegistryAccessMonitoringArgs) ToHostRuntimePolicyRegistryAccessMonitoringOutput() HostRuntimePolicyRegistryAccessMonitoringOutput { + return i.ToHostRuntimePolicyRegistryAccessMonitoringOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyRegistryAccessMonitoringArgs) ToHostRuntimePolicyRegistryAccessMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyRegistryAccessMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (i HostRuntimePolicyRegistryAccessMonitoringArgs) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutput() HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return i.ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyRegistryAccessMonitoringArgs) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyRegistryAccessMonitoringOutput).ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyRegistryAccessMonitoringPtrInput is an input type that accepts HostRuntimePolicyRegistryAccessMonitoringArgs, HostRuntimePolicyRegistryAccessMonitoringPtr and HostRuntimePolicyRegistryAccessMonitoringPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyRegistryAccessMonitoringPtrInput` via: +// +// HostRuntimePolicyRegistryAccessMonitoringArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyRegistryAccessMonitoringPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyRegistryAccessMonitoringPtrOutput() HostRuntimePolicyRegistryAccessMonitoringPtrOutput + ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Context) HostRuntimePolicyRegistryAccessMonitoringPtrOutput +} + +type hostRuntimePolicyRegistryAccessMonitoringPtrType HostRuntimePolicyRegistryAccessMonitoringArgs + +func HostRuntimePolicyRegistryAccessMonitoringPtr(v *HostRuntimePolicyRegistryAccessMonitoringArgs) HostRuntimePolicyRegistryAccessMonitoringPtrInput { + return (*hostRuntimePolicyRegistryAccessMonitoringPtrType)(v) +} + +func (*hostRuntimePolicyRegistryAccessMonitoringPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (i *hostRuntimePolicyRegistryAccessMonitoringPtrType) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutput() HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return i.ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyRegistryAccessMonitoringPtrType) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyRegistryAccessMonitoringPtrOutput) +} + +type HostRuntimePolicyRegistryAccessMonitoringOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyRegistryAccessMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ToHostRuntimePolicyRegistryAccessMonitoringOutput() HostRuntimePolicyRegistryAccessMonitoringOutput { + return o +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ToHostRuntimePolicyRegistryAccessMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyRegistryAccessMonitoringOutput { + return o +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutput() HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o.ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyRegistryAccessMonitoring) *HostRuntimePolicyRegistryAccessMonitoring { + return &v + }).(HostRuntimePolicyRegistryAccessMonitoringPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) []string { return v.ExceptionalMonitoredRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) []string { + return v.ExceptionalMonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) ExceptionalMonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) []string { return v.ExceptionalMonitoredRegistryUsers }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryAttributes }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryCreate }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryDelete }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryModify }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryPaths }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryProcesses }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) *bool { return v.MonitoredRegistryRead }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringOutput) MonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRegistryAccessMonitoring) []string { return v.MonitoredRegistryUsers }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyRegistryAccessMonitoringPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyRegistryAccessMonitoringPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyRegistryAccessMonitoring)(nil)).Elem() +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutput() HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) ToHostRuntimePolicyRegistryAccessMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyRegistryAccessMonitoringPtrOutput { + return o +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) Elem() HostRuntimePolicyRegistryAccessMonitoringOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) HostRuntimePolicyRegistryAccessMonitoring { + if v != nil { + return *v + } + var ret HostRuntimePolicyRegistryAccessMonitoring + return ret + }).(HostRuntimePolicyRegistryAccessMonitoringOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) ExceptionalMonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.ExceptionalMonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryAttributes + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryCreate + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryDelete + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryModify + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryPaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryPaths + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryProcesses + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) *bool { + if v == nil { + return nil + } + return v.MonitoredRegistryRead + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyRegistryAccessMonitoringPtrOutput) MonitoredRegistryUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyRegistryAccessMonitoring) []string { + if v == nil { + return nil + } + return v.MonitoredRegistryUsers + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyRestrictedVolume struct { + // Whether restricted volumes are enabled. + Enabled *bool `pulumi:"enabled"` + // List of restricted volumes. + Volumes []string `pulumi:"volumes"` +} + +// HostRuntimePolicyRestrictedVolumeInput is an input type that accepts HostRuntimePolicyRestrictedVolumeArgs and HostRuntimePolicyRestrictedVolumeOutput values. +// You can construct a concrete instance of `HostRuntimePolicyRestrictedVolumeInput` via: +// +// HostRuntimePolicyRestrictedVolumeArgs{...} +type HostRuntimePolicyRestrictedVolumeInput interface { + pulumi.Input + + ToHostRuntimePolicyRestrictedVolumeOutput() HostRuntimePolicyRestrictedVolumeOutput + ToHostRuntimePolicyRestrictedVolumeOutputWithContext(context.Context) HostRuntimePolicyRestrictedVolumeOutput +} + +type HostRuntimePolicyRestrictedVolumeArgs struct { + // Whether restricted volumes are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of restricted volumes. + Volumes pulumi.StringArrayInput `pulumi:"volumes"` +} + +func (HostRuntimePolicyRestrictedVolumeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (i HostRuntimePolicyRestrictedVolumeArgs) ToHostRuntimePolicyRestrictedVolumeOutput() HostRuntimePolicyRestrictedVolumeOutput { + return i.ToHostRuntimePolicyRestrictedVolumeOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyRestrictedVolumeArgs) ToHostRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) HostRuntimePolicyRestrictedVolumeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyRestrictedVolumeOutput) +} + +// HostRuntimePolicyRestrictedVolumeArrayInput is an input type that accepts HostRuntimePolicyRestrictedVolumeArray and HostRuntimePolicyRestrictedVolumeArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyRestrictedVolumeArrayInput` via: +// +// HostRuntimePolicyRestrictedVolumeArray{ HostRuntimePolicyRestrictedVolumeArgs{...} } +type HostRuntimePolicyRestrictedVolumeArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyRestrictedVolumeArrayOutput() HostRuntimePolicyRestrictedVolumeArrayOutput + ToHostRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Context) HostRuntimePolicyRestrictedVolumeArrayOutput +} + +type HostRuntimePolicyRestrictedVolumeArray []HostRuntimePolicyRestrictedVolumeInput + +func (HostRuntimePolicyRestrictedVolumeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (i HostRuntimePolicyRestrictedVolumeArray) ToHostRuntimePolicyRestrictedVolumeArrayOutput() HostRuntimePolicyRestrictedVolumeArrayOutput { + return i.ToHostRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyRestrictedVolumeArray) ToHostRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyRestrictedVolumeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyRestrictedVolumeArrayOutput) +} + +type HostRuntimePolicyRestrictedVolumeOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyRestrictedVolumeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (o HostRuntimePolicyRestrictedVolumeOutput) ToHostRuntimePolicyRestrictedVolumeOutput() HostRuntimePolicyRestrictedVolumeOutput { + return o +} + +func (o HostRuntimePolicyRestrictedVolumeOutput) ToHostRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) HostRuntimePolicyRestrictedVolumeOutput { + return o +} + +// Whether restricted volumes are enabled. +func (o HostRuntimePolicyRestrictedVolumeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyRestrictedVolume) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// List of restricted volumes. +func (o HostRuntimePolicyRestrictedVolumeOutput) Volumes() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyRestrictedVolume) []string { return v.Volumes }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyRestrictedVolumeArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyRestrictedVolumeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyRestrictedVolume)(nil)).Elem() +} + +func (o HostRuntimePolicyRestrictedVolumeArrayOutput) ToHostRuntimePolicyRestrictedVolumeArrayOutput() HostRuntimePolicyRestrictedVolumeArrayOutput { + return o +} + +func (o HostRuntimePolicyRestrictedVolumeArrayOutput) ToHostRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyRestrictedVolumeArrayOutput { + return o +} + +func (o HostRuntimePolicyRestrictedVolumeArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyRestrictedVolumeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyRestrictedVolume { + return vs[0].([]HostRuntimePolicyRestrictedVolume)[vs[1].(int)] + }).(HostRuntimePolicyRestrictedVolumeOutput) +} + +type HostRuntimePolicyReverseShell struct { + BlockReverseShell *bool `pulumi:"blockReverseShell"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` + ReverseShellProcWhiteLists []string `pulumi:"reverseShellProcWhiteLists"` +} + +// HostRuntimePolicyReverseShellInput is an input type that accepts HostRuntimePolicyReverseShellArgs and HostRuntimePolicyReverseShellOutput values. +// You can construct a concrete instance of `HostRuntimePolicyReverseShellInput` via: +// +// HostRuntimePolicyReverseShellArgs{...} +type HostRuntimePolicyReverseShellInput interface { + pulumi.Input + + ToHostRuntimePolicyReverseShellOutput() HostRuntimePolicyReverseShellOutput + ToHostRuntimePolicyReverseShellOutputWithContext(context.Context) HostRuntimePolicyReverseShellOutput +} + +type HostRuntimePolicyReverseShellArgs struct { + BlockReverseShell pulumi.BoolPtrInput `pulumi:"blockReverseShell"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` + ReverseShellProcWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellProcWhiteLists"` +} + +func (HostRuntimePolicyReverseShellArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyReverseShell)(nil)).Elem() +} + +func (i HostRuntimePolicyReverseShellArgs) ToHostRuntimePolicyReverseShellOutput() HostRuntimePolicyReverseShellOutput { + return i.ToHostRuntimePolicyReverseShellOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyReverseShellArgs) ToHostRuntimePolicyReverseShellOutputWithContext(ctx context.Context) HostRuntimePolicyReverseShellOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReverseShellOutput) +} + +func (i HostRuntimePolicyReverseShellArgs) ToHostRuntimePolicyReverseShellPtrOutput() HostRuntimePolicyReverseShellPtrOutput { + return i.ToHostRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyReverseShellArgs) ToHostRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReverseShellPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReverseShellOutput).ToHostRuntimePolicyReverseShellPtrOutputWithContext(ctx) +} + +// HostRuntimePolicyReverseShellPtrInput is an input type that accepts HostRuntimePolicyReverseShellArgs, HostRuntimePolicyReverseShellPtr and HostRuntimePolicyReverseShellPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyReverseShellPtrInput` via: +// +// HostRuntimePolicyReverseShellArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyReverseShellPtrInput interface { + pulumi.Input + + ToHostRuntimePolicyReverseShellPtrOutput() HostRuntimePolicyReverseShellPtrOutput + ToHostRuntimePolicyReverseShellPtrOutputWithContext(context.Context) HostRuntimePolicyReverseShellPtrOutput +} + +type hostRuntimePolicyReverseShellPtrType HostRuntimePolicyReverseShellArgs + +func HostRuntimePolicyReverseShellPtr(v *HostRuntimePolicyReverseShellArgs) HostRuntimePolicyReverseShellPtrInput { + return (*hostRuntimePolicyReverseShellPtrType)(v) +} + +func (*hostRuntimePolicyReverseShellPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyReverseShell)(nil)).Elem() +} + +func (i *hostRuntimePolicyReverseShellPtrType) ToHostRuntimePolicyReverseShellPtrOutput() HostRuntimePolicyReverseShellPtrOutput { + return i.ToHostRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyReverseShellPtrType) ToHostRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReverseShellPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyReverseShellPtrOutput) +} + +type HostRuntimePolicyReverseShellOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyReverseShellOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyReverseShell)(nil)).Elem() +} + +func (o HostRuntimePolicyReverseShellOutput) ToHostRuntimePolicyReverseShellOutput() HostRuntimePolicyReverseShellOutput { + return o +} + +func (o HostRuntimePolicyReverseShellOutput) ToHostRuntimePolicyReverseShellOutputWithContext(ctx context.Context) HostRuntimePolicyReverseShellOutput { + return o +} + +func (o HostRuntimePolicyReverseShellOutput) ToHostRuntimePolicyReverseShellPtrOutput() HostRuntimePolicyReverseShellPtrOutput { + return o.ToHostRuntimePolicyReverseShellPtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyReverseShellOutput) ToHostRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReverseShellPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyReverseShell) *HostRuntimePolicyReverseShell { + return &v + }).(HostRuntimePolicyReverseShellPtrOutput) +} + +func (o HostRuntimePolicyReverseShellOutput) BlockReverseShell() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyReverseShell) *bool { return v.BlockReverseShell }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReverseShellOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyReverseShell) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReverseShellOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReverseShell) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReverseShellOutput) ReverseShellProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyReverseShell) []string { return v.ReverseShellProcWhiteLists }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyReverseShellPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyReverseShellPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyReverseShell)(nil)).Elem() +} + +func (o HostRuntimePolicyReverseShellPtrOutput) ToHostRuntimePolicyReverseShellPtrOutput() HostRuntimePolicyReverseShellPtrOutput { + return o +} + +func (o HostRuntimePolicyReverseShellPtrOutput) ToHostRuntimePolicyReverseShellPtrOutputWithContext(ctx context.Context) HostRuntimePolicyReverseShellPtrOutput { + return o +} + +func (o HostRuntimePolicyReverseShellPtrOutput) Elem() HostRuntimePolicyReverseShellOutput { + return o.ApplyT(func(v *HostRuntimePolicyReverseShell) HostRuntimePolicyReverseShell { + if v != nil { + return *v + } + var ret HostRuntimePolicyReverseShell + return ret + }).(HostRuntimePolicyReverseShellOutput) +} + +func (o HostRuntimePolicyReverseShellPtrOutput) BlockReverseShell() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyReverseShell) *bool { + if v == nil { + return nil + } + return v.BlockReverseShell + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReverseShellPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyReverseShell) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyReverseShellPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReverseShell) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyReverseShellPtrOutput) ReverseShellProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyReverseShell) []string { + if v == nil { + return nil + } + return v.ReverseShellProcWhiteLists + }).(pulumi.StringArrayOutput) +} + +type HostRuntimePolicyScope struct { + // Scope expression. + Expression string `pulumi:"expression"` + // List of variables in the scope. + Variables []HostRuntimePolicyScopeVariable `pulumi:"variables"` +} + +// HostRuntimePolicyScopeInput is an input type that accepts HostRuntimePolicyScopeArgs and HostRuntimePolicyScopeOutput values. +// You can construct a concrete instance of `HostRuntimePolicyScopeInput` via: +// +// HostRuntimePolicyScopeArgs{...} +type HostRuntimePolicyScopeInput interface { + pulumi.Input + + ToHostRuntimePolicyScopeOutput() HostRuntimePolicyScopeOutput + ToHostRuntimePolicyScopeOutputWithContext(context.Context) HostRuntimePolicyScopeOutput +} + +type HostRuntimePolicyScopeArgs struct { + // Scope expression. + Expression pulumi.StringInput `pulumi:"expression"` + // List of variables in the scope. + Variables HostRuntimePolicyScopeVariableArrayInput `pulumi:"variables"` +} + +func (HostRuntimePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyScope)(nil)).Elem() +} + +func (i HostRuntimePolicyScopeArgs) ToHostRuntimePolicyScopeOutput() HostRuntimePolicyScopeOutput { + return i.ToHostRuntimePolicyScopeOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyScopeArgs) ToHostRuntimePolicyScopeOutputWithContext(ctx context.Context) HostRuntimePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyScopeOutput) +} + +// HostRuntimePolicyScopeArrayInput is an input type that accepts HostRuntimePolicyScopeArray and HostRuntimePolicyScopeArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyScopeArrayInput` via: +// +// HostRuntimePolicyScopeArray{ HostRuntimePolicyScopeArgs{...} } +type HostRuntimePolicyScopeArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyScopeArrayOutput() HostRuntimePolicyScopeArrayOutput + ToHostRuntimePolicyScopeArrayOutputWithContext(context.Context) HostRuntimePolicyScopeArrayOutput +} + +type HostRuntimePolicyScopeArray []HostRuntimePolicyScopeInput + +func (HostRuntimePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyScope)(nil)).Elem() +} + +func (i HostRuntimePolicyScopeArray) ToHostRuntimePolicyScopeArrayOutput() HostRuntimePolicyScopeArrayOutput { + return i.ToHostRuntimePolicyScopeArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyScopeArray) ToHostRuntimePolicyScopeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyScopeArrayOutput) +} + +type HostRuntimePolicyScopeOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyScope)(nil)).Elem() +} + +func (o HostRuntimePolicyScopeOutput) ToHostRuntimePolicyScopeOutput() HostRuntimePolicyScopeOutput { + return o +} + +func (o HostRuntimePolicyScopeOutput) ToHostRuntimePolicyScopeOutputWithContext(ctx context.Context) HostRuntimePolicyScopeOutput { + return o +} + +// Scope expression. +func (o HostRuntimePolicyScopeOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v HostRuntimePolicyScope) string { return v.Expression }).(pulumi.StringOutput) +} + +// List of variables in the scope. +func (o HostRuntimePolicyScopeOutput) Variables() HostRuntimePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyScope) []HostRuntimePolicyScopeVariable { return v.Variables }).(HostRuntimePolicyScopeVariableArrayOutput) +} + +type HostRuntimePolicyScopeArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyScope)(nil)).Elem() +} + +func (o HostRuntimePolicyScopeArrayOutput) ToHostRuntimePolicyScopeArrayOutput() HostRuntimePolicyScopeArrayOutput { + return o +} + +func (o HostRuntimePolicyScopeArrayOutput) ToHostRuntimePolicyScopeArrayOutputWithContext(ctx context.Context) HostRuntimePolicyScopeArrayOutput { + return o +} + +func (o HostRuntimePolicyScopeArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyScope { + return vs[0].([]HostRuntimePolicyScope)[vs[1].(int)] + }).(HostRuntimePolicyScopeOutput) +} + +type HostRuntimePolicyScopeVariable struct { + // Class of supported scope. + Attribute string `pulumi:"attribute"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + // Value assigned to the attribute. + Value string `pulumi:"value"` +} + +// HostRuntimePolicyScopeVariableInput is an input type that accepts HostRuntimePolicyScopeVariableArgs and HostRuntimePolicyScopeVariableOutput values. +// You can construct a concrete instance of `HostRuntimePolicyScopeVariableInput` via: +// +// HostRuntimePolicyScopeVariableArgs{...} +type HostRuntimePolicyScopeVariableInput interface { + pulumi.Input + + ToHostRuntimePolicyScopeVariableOutput() HostRuntimePolicyScopeVariableOutput + ToHostRuntimePolicyScopeVariableOutputWithContext(context.Context) HostRuntimePolicyScopeVariableOutput +} + +type HostRuntimePolicyScopeVariableArgs struct { + // Class of supported scope. + Attribute pulumi.StringInput `pulumi:"attribute"` + // Name assigned to the attribute. + Name pulumi.StringPtrInput `pulumi:"name"` + // Value assigned to the attribute. + Value pulumi.StringInput `pulumi:"value"` +} + +func (HostRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (i HostRuntimePolicyScopeVariableArgs) ToHostRuntimePolicyScopeVariableOutput() HostRuntimePolicyScopeVariableOutput { + return i.ToHostRuntimePolicyScopeVariableOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyScopeVariableArgs) ToHostRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyScopeVariableOutput) +} + +// HostRuntimePolicyScopeVariableArrayInput is an input type that accepts HostRuntimePolicyScopeVariableArray and HostRuntimePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `HostRuntimePolicyScopeVariableArrayInput` via: +// +// HostRuntimePolicyScopeVariableArray{ HostRuntimePolicyScopeVariableArgs{...} } +type HostRuntimePolicyScopeVariableArrayInput interface { + pulumi.Input + + ToHostRuntimePolicyScopeVariableArrayOutput() HostRuntimePolicyScopeVariableArrayOutput + ToHostRuntimePolicyScopeVariableArrayOutputWithContext(context.Context) HostRuntimePolicyScopeVariableArrayOutput +} + +type HostRuntimePolicyScopeVariableArray []HostRuntimePolicyScopeVariableInput + +func (HostRuntimePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (i HostRuntimePolicyScopeVariableArray) ToHostRuntimePolicyScopeVariableArrayOutput() HostRuntimePolicyScopeVariableArrayOutput { + return i.ToHostRuntimePolicyScopeVariableArrayOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyScopeVariableArray) ToHostRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyScopeVariableArrayOutput) +} + +type HostRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyScopeVariable)(nil)).Elem() } -// FunctionAssurancePolicyRequiredLabelInput is an input type that accepts FunctionAssurancePolicyRequiredLabelArgs and FunctionAssurancePolicyRequiredLabelOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyRequiredLabelInput` via: +func (o HostRuntimePolicyScopeVariableOutput) ToHostRuntimePolicyScopeVariableOutput() HostRuntimePolicyScopeVariableOutput { + return o +} + +func (o HostRuntimePolicyScopeVariableOutput) ToHostRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableOutput { + return o +} + +// Class of supported scope. +func (o HostRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v HostRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +} + +// Name assigned to the attribute. +func (o HostRuntimePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +// Value assigned to the attribute. +func (o HostRuntimePolicyScopeVariableOutput) Value() pulumi.StringOutput { + return o.ApplyT(func(v HostRuntimePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +} + +type HostRuntimePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostRuntimePolicyScopeVariable)(nil)).Elem() +} + +func (o HostRuntimePolicyScopeVariableArrayOutput) ToHostRuntimePolicyScopeVariableArrayOutput() HostRuntimePolicyScopeVariableArrayOutput { + return o +} + +func (o HostRuntimePolicyScopeVariableArrayOutput) ToHostRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableArrayOutput { + return o +} + +func (o HostRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyScopeVariable { + return vs[0].([]HostRuntimePolicyScopeVariable)[vs[1].(int)] + }).(HostRuntimePolicyScopeVariableOutput) +} + +type HostRuntimePolicySystemIntegrityProtection struct { + AuditSystemtimeChange *bool `pulumi:"auditSystemtimeChange"` + Enabled *bool `pulumi:"enabled"` + MonitorAuditLogIntegrity *bool `pulumi:"monitorAuditLogIntegrity"` + WindowsServicesMonitoring *bool `pulumi:"windowsServicesMonitoring"` +} + +// HostRuntimePolicySystemIntegrityProtectionInput is an input type that accepts HostRuntimePolicySystemIntegrityProtectionArgs and HostRuntimePolicySystemIntegrityProtectionOutput values. +// You can construct a concrete instance of `HostRuntimePolicySystemIntegrityProtectionInput` via: // -// FunctionAssurancePolicyRequiredLabelArgs{...} -type FunctionAssurancePolicyRequiredLabelInput interface { +// HostRuntimePolicySystemIntegrityProtectionArgs{...} +type HostRuntimePolicySystemIntegrityProtectionInput interface { pulumi.Input - ToFunctionAssurancePolicyRequiredLabelOutput() FunctionAssurancePolicyRequiredLabelOutput - ToFunctionAssurancePolicyRequiredLabelOutputWithContext(context.Context) FunctionAssurancePolicyRequiredLabelOutput + ToHostRuntimePolicySystemIntegrityProtectionOutput() HostRuntimePolicySystemIntegrityProtectionOutput + ToHostRuntimePolicySystemIntegrityProtectionOutputWithContext(context.Context) HostRuntimePolicySystemIntegrityProtectionOutput } -type FunctionAssurancePolicyRequiredLabelArgs struct { - Key pulumi.StringPtrInput `pulumi:"key"` - Value pulumi.StringPtrInput `pulumi:"value"` +type HostRuntimePolicySystemIntegrityProtectionArgs struct { + AuditSystemtimeChange pulumi.BoolPtrInput `pulumi:"auditSystemtimeChange"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + MonitorAuditLogIntegrity pulumi.BoolPtrInput `pulumi:"monitorAuditLogIntegrity"` + WindowsServicesMonitoring pulumi.BoolPtrInput `pulumi:"windowsServicesMonitoring"` } -func (FunctionAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +func (HostRuntimePolicySystemIntegrityProtectionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicySystemIntegrityProtection)(nil)).Elem() } -func (i FunctionAssurancePolicyRequiredLabelArgs) ToFunctionAssurancePolicyRequiredLabelOutput() FunctionAssurancePolicyRequiredLabelOutput { - return i.ToFunctionAssurancePolicyRequiredLabelOutputWithContext(context.Background()) +func (i HostRuntimePolicySystemIntegrityProtectionArgs) ToHostRuntimePolicySystemIntegrityProtectionOutput() HostRuntimePolicySystemIntegrityProtectionOutput { + return i.ToHostRuntimePolicySystemIntegrityProtectionOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyRequiredLabelArgs) ToFunctionAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyRequiredLabelOutput) +func (i HostRuntimePolicySystemIntegrityProtectionArgs) ToHostRuntimePolicySystemIntegrityProtectionOutputWithContext(ctx context.Context) HostRuntimePolicySystemIntegrityProtectionOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicySystemIntegrityProtectionOutput) } -func (i FunctionAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[FunctionAssurancePolicyRequiredLabel]{ - OutputState: i.ToFunctionAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } +func (i HostRuntimePolicySystemIntegrityProtectionArgs) ToHostRuntimePolicySystemIntegrityProtectionPtrOutput() HostRuntimePolicySystemIntegrityProtectionPtrOutput { + return i.ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) } -// FunctionAssurancePolicyRequiredLabelArrayInput is an input type that accepts FunctionAssurancePolicyRequiredLabelArray and FunctionAssurancePolicyRequiredLabelArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyRequiredLabelArrayInput` via: +func (i HostRuntimePolicySystemIntegrityProtectionArgs) ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicySystemIntegrityProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicySystemIntegrityProtectionOutput).ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx) +} + +// HostRuntimePolicySystemIntegrityProtectionPtrInput is an input type that accepts HostRuntimePolicySystemIntegrityProtectionArgs, HostRuntimePolicySystemIntegrityProtectionPtr and HostRuntimePolicySystemIntegrityProtectionPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicySystemIntegrityProtectionPtrInput` via: // -// FunctionAssurancePolicyRequiredLabelArray{ FunctionAssurancePolicyRequiredLabelArgs{...} } -type FunctionAssurancePolicyRequiredLabelArrayInput interface { +// HostRuntimePolicySystemIntegrityProtectionArgs{...} +// +// or: +// +// nil +type HostRuntimePolicySystemIntegrityProtectionPtrInput interface { pulumi.Input - ToFunctionAssurancePolicyRequiredLabelArrayOutput() FunctionAssurancePolicyRequiredLabelArrayOutput - ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) FunctionAssurancePolicyRequiredLabelArrayOutput + ToHostRuntimePolicySystemIntegrityProtectionPtrOutput() HostRuntimePolicySystemIntegrityProtectionPtrOutput + ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Context) HostRuntimePolicySystemIntegrityProtectionPtrOutput } -type FunctionAssurancePolicyRequiredLabelArray []FunctionAssurancePolicyRequiredLabelInput +type hostRuntimePolicySystemIntegrityProtectionPtrType HostRuntimePolicySystemIntegrityProtectionArgs -func (FunctionAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +func HostRuntimePolicySystemIntegrityProtectionPtr(v *HostRuntimePolicySystemIntegrityProtectionArgs) HostRuntimePolicySystemIntegrityProtectionPtrInput { + return (*hostRuntimePolicySystemIntegrityProtectionPtrType)(v) } -func (i FunctionAssurancePolicyRequiredLabelArray) ToFunctionAssurancePolicyRequiredLabelArrayOutput() FunctionAssurancePolicyRequiredLabelArrayOutput { - return i.ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +func (*hostRuntimePolicySystemIntegrityProtectionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicySystemIntegrityProtection)(nil)).Elem() } -func (i FunctionAssurancePolicyRequiredLabelArray) ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyRequiredLabelArrayOutput) +func (i *hostRuntimePolicySystemIntegrityProtectionPtrType) ToHostRuntimePolicySystemIntegrityProtectionPtrOutput() HostRuntimePolicySystemIntegrityProtectionPtrOutput { + return i.ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[[]FunctionAssurancePolicyRequiredLabel]{ - OutputState: i.ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } +func (i *hostRuntimePolicySystemIntegrityProtectionPtrType) ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicySystemIntegrityProtectionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicySystemIntegrityProtectionPtrOutput) } -type FunctionAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } +type HostRuntimePolicySystemIntegrityProtectionOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +func (HostRuntimePolicySystemIntegrityProtectionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicySystemIntegrityProtection)(nil)).Elem() } -func (o FunctionAssurancePolicyRequiredLabelOutput) ToFunctionAssurancePolicyRequiredLabelOutput() FunctionAssurancePolicyRequiredLabelOutput { +func (o HostRuntimePolicySystemIntegrityProtectionOutput) ToHostRuntimePolicySystemIntegrityProtectionOutput() HostRuntimePolicySystemIntegrityProtectionOutput { return o } -func (o FunctionAssurancePolicyRequiredLabelOutput) ToFunctionAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelOutput { +func (o HostRuntimePolicySystemIntegrityProtectionOutput) ToHostRuntimePolicySystemIntegrityProtectionOutputWithContext(ctx context.Context) HostRuntimePolicySystemIntegrityProtectionOutput { return o } -func (o FunctionAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[FunctionAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } +func (o HostRuntimePolicySystemIntegrityProtectionOutput) ToHostRuntimePolicySystemIntegrityProtectionPtrOutput() HostRuntimePolicySystemIntegrityProtectionPtrOutput { + return o.ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o HostRuntimePolicySystemIntegrityProtectionOutput) ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicySystemIntegrityProtectionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicySystemIntegrityProtection) *HostRuntimePolicySystemIntegrityProtection { + return &v + }).(HostRuntimePolicySystemIntegrityProtectionPtrOutput) } -func (o FunctionAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o HostRuntimePolicySystemIntegrityProtectionOutput) AuditSystemtimeChange() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicySystemIntegrityProtection) *bool { return v.AuditSystemtimeChange }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } +func (o HostRuntimePolicySystemIntegrityProtectionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicySystemIntegrityProtection) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} -func (FunctionAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyRequiredLabel)(nil)).Elem() +func (o HostRuntimePolicySystemIntegrityProtectionOutput) MonitorAuditLogIntegrity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicySystemIntegrityProtection) *bool { return v.MonitorAuditLogIntegrity }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyRequiredLabelArrayOutput) ToFunctionAssurancePolicyRequiredLabelArrayOutput() FunctionAssurancePolicyRequiredLabelArrayOutput { +func (o HostRuntimePolicySystemIntegrityProtectionOutput) WindowsServicesMonitoring() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicySystemIntegrityProtection) *bool { return v.WindowsServicesMonitoring }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicySystemIntegrityProtectionPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicySystemIntegrityProtectionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicySystemIntegrityProtection)(nil)).Elem() +} + +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) ToHostRuntimePolicySystemIntegrityProtectionPtrOutput() HostRuntimePolicySystemIntegrityProtectionPtrOutput { return o } -func (o FunctionAssurancePolicyRequiredLabelArrayOutput) ToFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyRequiredLabelArrayOutput { +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) ToHostRuntimePolicySystemIntegrityProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicySystemIntegrityProtectionPtrOutput { return o } -func (o FunctionAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[[]FunctionAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) Elem() HostRuntimePolicySystemIntegrityProtectionOutput { + return o.ApplyT(func(v *HostRuntimePolicySystemIntegrityProtection) HostRuntimePolicySystemIntegrityProtection { + if v != nil { + return *v + } + var ret HostRuntimePolicySystemIntegrityProtection + return ret + }).(HostRuntimePolicySystemIntegrityProtectionOutput) } -func (o FunctionAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyRequiredLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyRequiredLabel { - return vs[0].([]FunctionAssurancePolicyRequiredLabel)[vs[1].(int)] - }).(FunctionAssurancePolicyRequiredLabelOutput) +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) AuditSystemtimeChange() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.AuditSystemtimeChange + }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyScope struct { - Expression *string `pulumi:"expression"` - Variables []FunctionAssurancePolicyScopeVariable `pulumi:"variables"` +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -// FunctionAssurancePolicyScopeInput is an input type that accepts FunctionAssurancePolicyScopeArgs and FunctionAssurancePolicyScopeOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyScopeInput` via: +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) MonitorAuditLogIntegrity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.MonitorAuditLogIntegrity + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicySystemIntegrityProtectionPtrOutput) WindowsServicesMonitoring() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicySystemIntegrityProtection) *bool { + if v == nil { + return nil + } + return v.WindowsServicesMonitoring + }).(pulumi.BoolPtrOutput) +} + +type HostRuntimePolicyTripwire struct { + ApplyOns []string `pulumi:"applyOns"` + Enabled *bool `pulumi:"enabled"` + ServerlessApp *string `pulumi:"serverlessApp"` + UserId *string `pulumi:"userId"` + UserPassword *string `pulumi:"userPassword"` +} + +// HostRuntimePolicyTripwireInput is an input type that accepts HostRuntimePolicyTripwireArgs and HostRuntimePolicyTripwireOutput values. +// You can construct a concrete instance of `HostRuntimePolicyTripwireInput` via: // -// FunctionAssurancePolicyScopeArgs{...} -type FunctionAssurancePolicyScopeInput interface { +// HostRuntimePolicyTripwireArgs{...} +type HostRuntimePolicyTripwireInput interface { + pulumi.Input + + ToHostRuntimePolicyTripwireOutput() HostRuntimePolicyTripwireOutput + ToHostRuntimePolicyTripwireOutputWithContext(context.Context) HostRuntimePolicyTripwireOutput +} + +type HostRuntimePolicyTripwireArgs struct { + ApplyOns pulumi.StringArrayInput `pulumi:"applyOns"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ServerlessApp pulumi.StringPtrInput `pulumi:"serverlessApp"` + UserId pulumi.StringPtrInput `pulumi:"userId"` + UserPassword pulumi.StringPtrInput `pulumi:"userPassword"` +} + +func (HostRuntimePolicyTripwireArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyTripwire)(nil)).Elem() +} + +func (i HostRuntimePolicyTripwireArgs) ToHostRuntimePolicyTripwireOutput() HostRuntimePolicyTripwireOutput { + return i.ToHostRuntimePolicyTripwireOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyTripwireArgs) ToHostRuntimePolicyTripwireOutputWithContext(ctx context.Context) HostRuntimePolicyTripwireOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyTripwireOutput) +} + +func (i HostRuntimePolicyTripwireArgs) ToHostRuntimePolicyTripwirePtrOutput() HostRuntimePolicyTripwirePtrOutput { + return i.ToHostRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (i HostRuntimePolicyTripwireArgs) ToHostRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) HostRuntimePolicyTripwirePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyTripwireOutput).ToHostRuntimePolicyTripwirePtrOutputWithContext(ctx) +} + +// HostRuntimePolicyTripwirePtrInput is an input type that accepts HostRuntimePolicyTripwireArgs, HostRuntimePolicyTripwirePtr and HostRuntimePolicyTripwirePtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyTripwirePtrInput` via: +// +// HostRuntimePolicyTripwireArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyTripwirePtrInput interface { + pulumi.Input + + ToHostRuntimePolicyTripwirePtrOutput() HostRuntimePolicyTripwirePtrOutput + ToHostRuntimePolicyTripwirePtrOutputWithContext(context.Context) HostRuntimePolicyTripwirePtrOutput +} + +type hostRuntimePolicyTripwirePtrType HostRuntimePolicyTripwireArgs + +func HostRuntimePolicyTripwirePtr(v *HostRuntimePolicyTripwireArgs) HostRuntimePolicyTripwirePtrInput { + return (*hostRuntimePolicyTripwirePtrType)(v) +} + +func (*hostRuntimePolicyTripwirePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyTripwire)(nil)).Elem() +} + +func (i *hostRuntimePolicyTripwirePtrType) ToHostRuntimePolicyTripwirePtrOutput() HostRuntimePolicyTripwirePtrOutput { + return i.ToHostRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (i *hostRuntimePolicyTripwirePtrType) ToHostRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) HostRuntimePolicyTripwirePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyTripwirePtrOutput) +} + +type HostRuntimePolicyTripwireOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyTripwireOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyTripwire)(nil)).Elem() +} + +func (o HostRuntimePolicyTripwireOutput) ToHostRuntimePolicyTripwireOutput() HostRuntimePolicyTripwireOutput { + return o +} + +func (o HostRuntimePolicyTripwireOutput) ToHostRuntimePolicyTripwireOutputWithContext(ctx context.Context) HostRuntimePolicyTripwireOutput { + return o +} + +func (o HostRuntimePolicyTripwireOutput) ToHostRuntimePolicyTripwirePtrOutput() HostRuntimePolicyTripwirePtrOutput { + return o.ToHostRuntimePolicyTripwirePtrOutputWithContext(context.Background()) +} + +func (o HostRuntimePolicyTripwireOutput) ToHostRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) HostRuntimePolicyTripwirePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyTripwire) *HostRuntimePolicyTripwire { + return &v + }).(HostRuntimePolicyTripwirePtrOutput) +} + +func (o HostRuntimePolicyTripwireOutput) ApplyOns() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyTripwire) []string { return v.ApplyOns }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyTripwireOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyTripwire) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyTripwireOutput) ServerlessApp() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyTripwire) *string { return v.ServerlessApp }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyTripwireOutput) UserId() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyTripwire) *string { return v.UserId }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyTripwireOutput) UserPassword() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyTripwire) *string { return v.UserPassword }).(pulumi.StringPtrOutput) +} + +type HostRuntimePolicyTripwirePtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyTripwirePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyTripwire)(nil)).Elem() +} + +func (o HostRuntimePolicyTripwirePtrOutput) ToHostRuntimePolicyTripwirePtrOutput() HostRuntimePolicyTripwirePtrOutput { + return o +} + +func (o HostRuntimePolicyTripwirePtrOutput) ToHostRuntimePolicyTripwirePtrOutputWithContext(ctx context.Context) HostRuntimePolicyTripwirePtrOutput { + return o +} + +func (o HostRuntimePolicyTripwirePtrOutput) Elem() HostRuntimePolicyTripwireOutput { + return o.ApplyT(func(v *HostRuntimePolicyTripwire) HostRuntimePolicyTripwire { + if v != nil { + return *v + } + var ret HostRuntimePolicyTripwire + return ret + }).(HostRuntimePolicyTripwireOutput) +} + +func (o HostRuntimePolicyTripwirePtrOutput) ApplyOns() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyTripwire) []string { + if v == nil { + return nil + } + return v.ApplyOns + }).(pulumi.StringArrayOutput) +} + +func (o HostRuntimePolicyTripwirePtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyTripwire) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +func (o HostRuntimePolicyTripwirePtrOutput) ServerlessApp() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.ServerlessApp + }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyTripwirePtrOutput) UserId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.UserId + }).(pulumi.StringPtrOutput) +} + +func (o HostRuntimePolicyTripwirePtrOutput) UserPassword() pulumi.StringPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyTripwire) *string { + if v == nil { + return nil + } + return v.UserPassword + }).(pulumi.StringPtrOutput) +} + +type HostRuntimePolicyWhitelistedOsUsers struct { + Enabled *bool `pulumi:"enabled"` + GroupWhiteLists []string `pulumi:"groupWhiteLists"` + UserWhiteLists []string `pulumi:"userWhiteLists"` +} + +// HostRuntimePolicyWhitelistedOsUsersInput is an input type that accepts HostRuntimePolicyWhitelistedOsUsersArgs and HostRuntimePolicyWhitelistedOsUsersOutput values. +// You can construct a concrete instance of `HostRuntimePolicyWhitelistedOsUsersInput` via: +// +// HostRuntimePolicyWhitelistedOsUsersArgs{...} +type HostRuntimePolicyWhitelistedOsUsersInput interface { pulumi.Input - ToFunctionAssurancePolicyScopeOutput() FunctionAssurancePolicyScopeOutput - ToFunctionAssurancePolicyScopeOutputWithContext(context.Context) FunctionAssurancePolicyScopeOutput + ToHostRuntimePolicyWhitelistedOsUsersOutput() HostRuntimePolicyWhitelistedOsUsersOutput + ToHostRuntimePolicyWhitelistedOsUsersOutputWithContext(context.Context) HostRuntimePolicyWhitelistedOsUsersOutput +} + +type HostRuntimePolicyWhitelistedOsUsersArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + GroupWhiteLists pulumi.StringArrayInput `pulumi:"groupWhiteLists"` + UserWhiteLists pulumi.StringArrayInput `pulumi:"userWhiteLists"` } -type FunctionAssurancePolicyScopeArgs struct { - Expression pulumi.StringPtrInput `pulumi:"expression"` - Variables FunctionAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` +func (HostRuntimePolicyWhitelistedOsUsersArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyWhitelistedOsUsers)(nil)).Elem() } -func (FunctionAssurancePolicyScopeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyScope)(nil)).Elem() +func (i HostRuntimePolicyWhitelistedOsUsersArgs) ToHostRuntimePolicyWhitelistedOsUsersOutput() HostRuntimePolicyWhitelistedOsUsersOutput { + return i.ToHostRuntimePolicyWhitelistedOsUsersOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyScopeArgs) ToFunctionAssurancePolicyScopeOutput() FunctionAssurancePolicyScopeOutput { - return i.ToFunctionAssurancePolicyScopeOutputWithContext(context.Background()) +func (i HostRuntimePolicyWhitelistedOsUsersArgs) ToHostRuntimePolicyWhitelistedOsUsersOutputWithContext(ctx context.Context) HostRuntimePolicyWhitelistedOsUsersOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWhitelistedOsUsersOutput) } -func (i FunctionAssurancePolicyScopeArgs) ToFunctionAssurancePolicyScopeOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeOutput) +func (i HostRuntimePolicyWhitelistedOsUsersArgs) ToHostRuntimePolicyWhitelistedOsUsersPtrOutput() HostRuntimePolicyWhitelistedOsUsersPtrOutput { + return i.ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyScope] { - return pulumix.Output[FunctionAssurancePolicyScope]{ - OutputState: i.ToFunctionAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } +func (i HostRuntimePolicyWhitelistedOsUsersArgs) ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWhitelistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWhitelistedOsUsersOutput).ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx) } -// FunctionAssurancePolicyScopeArrayInput is an input type that accepts FunctionAssurancePolicyScopeArray and FunctionAssurancePolicyScopeArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyScopeArrayInput` via: +// HostRuntimePolicyWhitelistedOsUsersPtrInput is an input type that accepts HostRuntimePolicyWhitelistedOsUsersArgs, HostRuntimePolicyWhitelistedOsUsersPtr and HostRuntimePolicyWhitelistedOsUsersPtrOutput values. +// You can construct a concrete instance of `HostRuntimePolicyWhitelistedOsUsersPtrInput` via: // -// FunctionAssurancePolicyScopeArray{ FunctionAssurancePolicyScopeArgs{...} } -type FunctionAssurancePolicyScopeArrayInput interface { +// HostRuntimePolicyWhitelistedOsUsersArgs{...} +// +// or: +// +// nil +type HostRuntimePolicyWhitelistedOsUsersPtrInput interface { pulumi.Input - ToFunctionAssurancePolicyScopeArrayOutput() FunctionAssurancePolicyScopeArrayOutput - ToFunctionAssurancePolicyScopeArrayOutputWithContext(context.Context) FunctionAssurancePolicyScopeArrayOutput + ToHostRuntimePolicyWhitelistedOsUsersPtrOutput() HostRuntimePolicyWhitelistedOsUsersPtrOutput + ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Context) HostRuntimePolicyWhitelistedOsUsersPtrOutput } -type FunctionAssurancePolicyScopeArray []FunctionAssurancePolicyScopeInput +type hostRuntimePolicyWhitelistedOsUsersPtrType HostRuntimePolicyWhitelistedOsUsersArgs -func (FunctionAssurancePolicyScopeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyScope)(nil)).Elem() +func HostRuntimePolicyWhitelistedOsUsersPtr(v *HostRuntimePolicyWhitelistedOsUsersArgs) HostRuntimePolicyWhitelistedOsUsersPtrInput { + return (*hostRuntimePolicyWhitelistedOsUsersPtrType)(v) } -func (i FunctionAssurancePolicyScopeArray) ToFunctionAssurancePolicyScopeArrayOutput() FunctionAssurancePolicyScopeArrayOutput { - return i.ToFunctionAssurancePolicyScopeArrayOutputWithContext(context.Background()) +func (*hostRuntimePolicyWhitelistedOsUsersPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyWhitelistedOsUsers)(nil)).Elem() } -func (i FunctionAssurancePolicyScopeArray) ToFunctionAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeArrayOutput) +func (i *hostRuntimePolicyWhitelistedOsUsersPtrType) ToHostRuntimePolicyWhitelistedOsUsersPtrOutput() HostRuntimePolicyWhitelistedOsUsersPtrOutput { + return i.ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyScope] { - return pulumix.Output[[]FunctionAssurancePolicyScope]{ - OutputState: i.ToFunctionAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } +func (i *hostRuntimePolicyWhitelistedOsUsersPtrType) ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWhitelistedOsUsersPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWhitelistedOsUsersPtrOutput) } -type FunctionAssurancePolicyScopeOutput struct{ *pulumi.OutputState } +type HostRuntimePolicyWhitelistedOsUsersOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyScopeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyScope)(nil)).Elem() +func (HostRuntimePolicyWhitelistedOsUsersOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostRuntimePolicyWhitelistedOsUsers)(nil)).Elem() } -func (o FunctionAssurancePolicyScopeOutput) ToFunctionAssurancePolicyScopeOutput() FunctionAssurancePolicyScopeOutput { +func (o HostRuntimePolicyWhitelistedOsUsersOutput) ToHostRuntimePolicyWhitelistedOsUsersOutput() HostRuntimePolicyWhitelistedOsUsersOutput { return o } -func (o FunctionAssurancePolicyScopeOutput) ToFunctionAssurancePolicyScopeOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeOutput { +func (o HostRuntimePolicyWhitelistedOsUsersOutput) ToHostRuntimePolicyWhitelistedOsUsersOutputWithContext(ctx context.Context) HostRuntimePolicyWhitelistedOsUsersOutput { return o } -func (o FunctionAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyScope] { - return pulumix.Output[FunctionAssurancePolicyScope]{ - OutputState: o.OutputState, - } +func (o HostRuntimePolicyWhitelistedOsUsersOutput) ToHostRuntimePolicyWhitelistedOsUsersPtrOutput() HostRuntimePolicyWhitelistedOsUsersPtrOutput { + return o.ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(context.Background()) } -func (o FunctionAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +func (o HostRuntimePolicyWhitelistedOsUsersOutput) ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWhitelistedOsUsersPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyWhitelistedOsUsers) *HostRuntimePolicyWhitelistedOsUsers { + return &v + }).(HostRuntimePolicyWhitelistedOsUsersPtrOutput) } -func (o FunctionAssurancePolicyScopeOutput) Variables() FunctionAssurancePolicyScopeVariableArrayOutput { - return o.ApplyT(func(v FunctionAssurancePolicyScope) []FunctionAssurancePolicyScopeVariable { return v.Variables }).(FunctionAssurancePolicyScopeVariableArrayOutput) +func (o HostRuntimePolicyWhitelistedOsUsersOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v HostRuntimePolicyWhitelistedOsUsers) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } +func (o HostRuntimePolicyWhitelistedOsUsersOutput) GroupWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyWhitelistedOsUsers) []string { return v.GroupWhiteLists }).(pulumi.StringArrayOutput) +} -func (FunctionAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyScope)(nil)).Elem() +func (o HostRuntimePolicyWhitelistedOsUsersOutput) UserWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v HostRuntimePolicyWhitelistedOsUsers) []string { return v.UserWhiteLists }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyScopeArrayOutput) ToFunctionAssurancePolicyScopeArrayOutput() FunctionAssurancePolicyScopeArrayOutput { +type HostRuntimePolicyWhitelistedOsUsersPtrOutput struct{ *pulumi.OutputState } + +func (HostRuntimePolicyWhitelistedOsUsersPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**HostRuntimePolicyWhitelistedOsUsers)(nil)).Elem() +} + +func (o HostRuntimePolicyWhitelistedOsUsersPtrOutput) ToHostRuntimePolicyWhitelistedOsUsersPtrOutput() HostRuntimePolicyWhitelistedOsUsersPtrOutput { return o } -func (o FunctionAssurancePolicyScopeArrayOutput) ToFunctionAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeArrayOutput { +func (o HostRuntimePolicyWhitelistedOsUsersPtrOutput) ToHostRuntimePolicyWhitelistedOsUsersPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWhitelistedOsUsersPtrOutput { return o } -func (o FunctionAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyScope] { - return pulumix.Output[[]FunctionAssurancePolicyScope]{ - OutputState: o.OutputState, - } +func (o HostRuntimePolicyWhitelistedOsUsersPtrOutput) Elem() HostRuntimePolicyWhitelistedOsUsersOutput { + return o.ApplyT(func(v *HostRuntimePolicyWhitelistedOsUsers) HostRuntimePolicyWhitelistedOsUsers { + if v != nil { + return *v + } + var ret HostRuntimePolicyWhitelistedOsUsers + return ret + }).(HostRuntimePolicyWhitelistedOsUsersOutput) } -func (o FunctionAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyScopeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyScope { - return vs[0].([]FunctionAssurancePolicyScope)[vs[1].(int)] - }).(FunctionAssurancePolicyScopeOutput) +func (o HostRuntimePolicyWhitelistedOsUsersPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *HostRuntimePolicyWhitelistedOsUsers) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyScopeVariable struct { - Attribute *string `pulumi:"attribute"` - Name *string `pulumi:"name"` - Value *string `pulumi:"value"` +func (o HostRuntimePolicyWhitelistedOsUsersPtrOutput) GroupWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyWhitelistedOsUsers) []string { + if v == nil { + return nil + } + return v.GroupWhiteLists + }).(pulumi.StringArrayOutput) } -// FunctionAssurancePolicyScopeVariableInput is an input type that accepts FunctionAssurancePolicyScopeVariableArgs and FunctionAssurancePolicyScopeVariableOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyScopeVariableInput` via: -// -// FunctionAssurancePolicyScopeVariableArgs{...} -type FunctionAssurancePolicyScopeVariableInput interface { - pulumi.Input +func (o HostRuntimePolicyWhitelistedOsUsersPtrOutput) UserWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *HostRuntimePolicyWhitelistedOsUsers) []string { + if v == nil { + return nil + } + return v.UserWhiteLists + }).(pulumi.StringArrayOutput) +} - ToFunctionAssurancePolicyScopeVariableOutput() FunctionAssurancePolicyScopeVariableOutput - ToFunctionAssurancePolicyScopeVariableOutputWithContext(context.Context) FunctionAssurancePolicyScopeVariableOutput +type ImageAssuranceChecksPerformed struct { + AssuranceType *string `pulumi:"assuranceType"` + Blocking *bool `pulumi:"blocking"` + Control *string `pulumi:"control"` + DtaSkipped *bool `pulumi:"dtaSkipped"` + DtaSkippedReason *string `pulumi:"dtaSkippedReason"` + Failed *bool `pulumi:"failed"` + PolicyName *string `pulumi:"policyName"` } -type FunctionAssurancePolicyScopeVariableArgs struct { - Attribute pulumi.StringPtrInput `pulumi:"attribute"` - Name pulumi.StringPtrInput `pulumi:"name"` - Value pulumi.StringPtrInput `pulumi:"value"` +// ImageAssuranceChecksPerformedInput is an input type that accepts ImageAssuranceChecksPerformedArgs and ImageAssuranceChecksPerformedOutput values. +// You can construct a concrete instance of `ImageAssuranceChecksPerformedInput` via: +// +// ImageAssuranceChecksPerformedArgs{...} +type ImageAssuranceChecksPerformedInput interface { + pulumi.Input + + ToImageAssuranceChecksPerformedOutput() ImageAssuranceChecksPerformedOutput + ToImageAssuranceChecksPerformedOutputWithContext(context.Context) ImageAssuranceChecksPerformedOutput } -func (FunctionAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyScopeVariable)(nil)).Elem() +type ImageAssuranceChecksPerformedArgs struct { + AssuranceType pulumi.StringPtrInput `pulumi:"assuranceType"` + Blocking pulumi.BoolPtrInput `pulumi:"blocking"` + Control pulumi.StringPtrInput `pulumi:"control"` + DtaSkipped pulumi.BoolPtrInput `pulumi:"dtaSkipped"` + DtaSkippedReason pulumi.StringPtrInput `pulumi:"dtaSkippedReason"` + Failed pulumi.BoolPtrInput `pulumi:"failed"` + PolicyName pulumi.StringPtrInput `pulumi:"policyName"` } -func (i FunctionAssurancePolicyScopeVariableArgs) ToFunctionAssurancePolicyScopeVariableOutput() FunctionAssurancePolicyScopeVariableOutput { - return i.ToFunctionAssurancePolicyScopeVariableOutputWithContext(context.Background()) +func (ImageAssuranceChecksPerformedArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssuranceChecksPerformed)(nil)).Elem() } -func (i FunctionAssurancePolicyScopeVariableArgs) ToFunctionAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeVariableOutput) +func (i ImageAssuranceChecksPerformedArgs) ToImageAssuranceChecksPerformedOutput() ImageAssuranceChecksPerformedOutput { + return i.ToImageAssuranceChecksPerformedOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyScopeVariable] { - return pulumix.Output[FunctionAssurancePolicyScopeVariable]{ - OutputState: i.ToFunctionAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (i ImageAssuranceChecksPerformedArgs) ToImageAssuranceChecksPerformedOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssuranceChecksPerformedOutput) } -// FunctionAssurancePolicyScopeVariableArrayInput is an input type that accepts FunctionAssurancePolicyScopeVariableArray and FunctionAssurancePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyScopeVariableArrayInput` via: +// ImageAssuranceChecksPerformedArrayInput is an input type that accepts ImageAssuranceChecksPerformedArray and ImageAssuranceChecksPerformedArrayOutput values. +// You can construct a concrete instance of `ImageAssuranceChecksPerformedArrayInput` via: // -// FunctionAssurancePolicyScopeVariableArray{ FunctionAssurancePolicyScopeVariableArgs{...} } -type FunctionAssurancePolicyScopeVariableArrayInput interface { +// ImageAssuranceChecksPerformedArray{ ImageAssuranceChecksPerformedArgs{...} } +type ImageAssuranceChecksPerformedArrayInput interface { pulumi.Input - ToFunctionAssurancePolicyScopeVariableArrayOutput() FunctionAssurancePolicyScopeVariableArrayOutput - ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) FunctionAssurancePolicyScopeVariableArrayOutput + ToImageAssuranceChecksPerformedArrayOutput() ImageAssuranceChecksPerformedArrayOutput + ToImageAssuranceChecksPerformedArrayOutputWithContext(context.Context) ImageAssuranceChecksPerformedArrayOutput } -type FunctionAssurancePolicyScopeVariableArray []FunctionAssurancePolicyScopeVariableInput - -func (FunctionAssurancePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyScopeVariable)(nil)).Elem() -} +type ImageAssuranceChecksPerformedArray []ImageAssuranceChecksPerformedInput -func (i FunctionAssurancePolicyScopeVariableArray) ToFunctionAssurancePolicyScopeVariableArrayOutput() FunctionAssurancePolicyScopeVariableArrayOutput { - return i.ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (ImageAssuranceChecksPerformedArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssuranceChecksPerformed)(nil)).Elem() } -func (i FunctionAssurancePolicyScopeVariableArray) ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyScopeVariableArrayOutput) +func (i ImageAssuranceChecksPerformedArray) ToImageAssuranceChecksPerformedArrayOutput() ImageAssuranceChecksPerformedArrayOutput { + return i.ToImageAssuranceChecksPerformedArrayOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyScopeVariable] { - return pulumix.Output[[]FunctionAssurancePolicyScopeVariable]{ - OutputState: i.ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssuranceChecksPerformedArray) ToImageAssuranceChecksPerformedArrayOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssuranceChecksPerformedArrayOutput) } -type FunctionAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } +type ImageAssuranceChecksPerformedOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyScopeVariable)(nil)).Elem() +func (ImageAssuranceChecksPerformedOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssuranceChecksPerformed)(nil)).Elem() } -func (o FunctionAssurancePolicyScopeVariableOutput) ToFunctionAssurancePolicyScopeVariableOutput() FunctionAssurancePolicyScopeVariableOutput { +func (o ImageAssuranceChecksPerformedOutput) ToImageAssuranceChecksPerformedOutput() ImageAssuranceChecksPerformedOutput { return o } -func (o FunctionAssurancePolicyScopeVariableOutput) ToFunctionAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableOutput { +func (o ImageAssuranceChecksPerformedOutput) ToImageAssuranceChecksPerformedOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedOutput { return o } -func (o FunctionAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyScopeVariable] { - return pulumix.Output[FunctionAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (o ImageAssuranceChecksPerformedOutput) AssuranceType() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.AssuranceType }).(pulumi.StringPtrOutput) } -func (o FunctionAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +func (o ImageAssuranceChecksPerformedOutput) Blocking() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *bool { return v.Blocking }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ImageAssuranceChecksPerformedOutput) Control() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.Control }).(pulumi.StringPtrOutput) } -func (o FunctionAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o ImageAssuranceChecksPerformedOutput) DtaSkipped() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *bool { return v.DtaSkipped }).(pulumi.BoolPtrOutput) } -type FunctionAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +func (o ImageAssuranceChecksPerformedOutput) DtaSkippedReason() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.DtaSkippedReason }).(pulumi.StringPtrOutput) +} -func (FunctionAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyScopeVariable)(nil)).Elem() +func (o ImageAssuranceChecksPerformedOutput) Failed() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *bool { return v.Failed }).(pulumi.BoolPtrOutput) } -func (o FunctionAssurancePolicyScopeVariableArrayOutput) ToFunctionAssurancePolicyScopeVariableArrayOutput() FunctionAssurancePolicyScopeVariableArrayOutput { - return o +func (o ImageAssuranceChecksPerformedOutput) PolicyName() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.PolicyName }).(pulumi.StringPtrOutput) } -func (o FunctionAssurancePolicyScopeVariableArrayOutput) ToFunctionAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyScopeVariableArrayOutput { +type ImageAssuranceChecksPerformedArrayOutput struct{ *pulumi.OutputState } + +func (ImageAssuranceChecksPerformedArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssuranceChecksPerformed)(nil)).Elem() +} + +func (o ImageAssuranceChecksPerformedArrayOutput) ToImageAssuranceChecksPerformedArrayOutput() ImageAssuranceChecksPerformedArrayOutput { return o } -func (o FunctionAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyScopeVariable] { - return pulumix.Output[[]FunctionAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (o ImageAssuranceChecksPerformedArrayOutput) ToImageAssuranceChecksPerformedArrayOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedArrayOutput { + return o } -func (o FunctionAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyScopeVariable { - return vs[0].([]FunctionAssurancePolicyScopeVariable)[vs[1].(int)] - }).(FunctionAssurancePolicyScopeVariableOutput) +func (o ImageAssuranceChecksPerformedArrayOutput) Index(i pulumi.IntInput) ImageAssuranceChecksPerformedOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssuranceChecksPerformed { + return vs[0].([]ImageAssuranceChecksPerformed)[vs[1].(int)] + }).(ImageAssuranceChecksPerformedOutput) } -type FunctionAssurancePolicyTrustedBaseImage struct { - Imagename *string `pulumi:"imagename"` - Registry *string `pulumi:"registry"` +type ImageAssurancePolicyAutoScanTime struct { + Iteration *int `pulumi:"iteration"` + IterationType *string `pulumi:"iterationType"` + Time *string `pulumi:"time"` + WeekDays []string `pulumi:"weekDays"` } -// FunctionAssurancePolicyTrustedBaseImageInput is an input type that accepts FunctionAssurancePolicyTrustedBaseImageArgs and FunctionAssurancePolicyTrustedBaseImageOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyTrustedBaseImageInput` via: +// ImageAssurancePolicyAutoScanTimeInput is an input type that accepts ImageAssurancePolicyAutoScanTimeArgs and ImageAssurancePolicyAutoScanTimeOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyAutoScanTimeInput` via: // -// FunctionAssurancePolicyTrustedBaseImageArgs{...} -type FunctionAssurancePolicyTrustedBaseImageInput interface { +// ImageAssurancePolicyAutoScanTimeArgs{...} +type ImageAssurancePolicyAutoScanTimeInput interface { pulumi.Input - ToFunctionAssurancePolicyTrustedBaseImageOutput() FunctionAssurancePolicyTrustedBaseImageOutput - ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) FunctionAssurancePolicyTrustedBaseImageOutput -} - -type FunctionAssurancePolicyTrustedBaseImageArgs struct { - Imagename pulumi.StringPtrInput `pulumi:"imagename"` - Registry pulumi.StringPtrInput `pulumi:"registry"` + ToImageAssurancePolicyAutoScanTimeOutput() ImageAssurancePolicyAutoScanTimeOutput + ToImageAssurancePolicyAutoScanTimeOutputWithContext(context.Context) ImageAssurancePolicyAutoScanTimeOutput } -func (FunctionAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +type ImageAssurancePolicyAutoScanTimeArgs struct { + Iteration pulumi.IntPtrInput `pulumi:"iteration"` + IterationType pulumi.StringPtrInput `pulumi:"iterationType"` + Time pulumi.StringPtrInput `pulumi:"time"` + WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` } -func (i FunctionAssurancePolicyTrustedBaseImageArgs) ToFunctionAssurancePolicyTrustedBaseImageOutput() FunctionAssurancePolicyTrustedBaseImageOutput { - return i.ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +func (ImageAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyAutoScanTime)(nil)).Elem() } -func (i FunctionAssurancePolicyTrustedBaseImageArgs) ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyTrustedBaseImageOutput) +func (i ImageAssurancePolicyAutoScanTimeArgs) ToImageAssurancePolicyAutoScanTimeOutput() ImageAssurancePolicyAutoScanTimeOutput { + return i.ToImageAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[FunctionAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyAutoScanTimeArgs) ToImageAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyAutoScanTimeOutput) } -// FunctionAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts FunctionAssurancePolicyTrustedBaseImageArray and FunctionAssurancePolicyTrustedBaseImageArrayOutput values. -// You can construct a concrete instance of `FunctionAssurancePolicyTrustedBaseImageArrayInput` via: +// ImageAssurancePolicyAutoScanTimeArrayInput is an input type that accepts ImageAssurancePolicyAutoScanTimeArray and ImageAssurancePolicyAutoScanTimeArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyAutoScanTimeArrayInput` via: // -// FunctionAssurancePolicyTrustedBaseImageArray{ FunctionAssurancePolicyTrustedBaseImageArgs{...} } -type FunctionAssurancePolicyTrustedBaseImageArrayInput interface { +// ImageAssurancePolicyAutoScanTimeArray{ ImageAssurancePolicyAutoScanTimeArgs{...} } +type ImageAssurancePolicyAutoScanTimeArrayInput interface { pulumi.Input - ToFunctionAssurancePolicyTrustedBaseImageArrayOutput() FunctionAssurancePolicyTrustedBaseImageArrayOutput - ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) FunctionAssurancePolicyTrustedBaseImageArrayOutput + ToImageAssurancePolicyAutoScanTimeArrayOutput() ImageAssurancePolicyAutoScanTimeArrayOutput + ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) ImageAssurancePolicyAutoScanTimeArrayOutput } -type FunctionAssurancePolicyTrustedBaseImageArray []FunctionAssurancePolicyTrustedBaseImageInput - -func (FunctionAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() -} +type ImageAssurancePolicyAutoScanTimeArray []ImageAssurancePolicyAutoScanTimeInput -func (i FunctionAssurancePolicyTrustedBaseImageArray) ToFunctionAssurancePolicyTrustedBaseImageArrayOutput() FunctionAssurancePolicyTrustedBaseImageArrayOutput { - return i.ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyAutoScanTime)(nil)).Elem() } -func (i FunctionAssurancePolicyTrustedBaseImageArray) ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionAssurancePolicyTrustedBaseImageArrayOutput) +func (i ImageAssurancePolicyAutoScanTimeArray) ToImageAssurancePolicyAutoScanTimeArrayOutput() ImageAssurancePolicyAutoScanTimeArrayOutput { + return i.ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) } -func (i FunctionAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]FunctionAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyAutoScanTimeArray) ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyAutoScanTimeArrayOutput) } -type FunctionAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } -func (FunctionAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (ImageAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyAutoScanTime)(nil)).Elem() } -func (o FunctionAssurancePolicyTrustedBaseImageOutput) ToFunctionAssurancePolicyTrustedBaseImageOutput() FunctionAssurancePolicyTrustedBaseImageOutput { +func (o ImageAssurancePolicyAutoScanTimeOutput) ToImageAssurancePolicyAutoScanTimeOutput() ImageAssurancePolicyAutoScanTimeOutput { return o } -func (o FunctionAssurancePolicyTrustedBaseImageOutput) ToFunctionAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageOutput { +func (o ImageAssurancePolicyAutoScanTimeOutput) ToImageAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeOutput { return o } -func (o FunctionAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[FunctionAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) } -func (o FunctionAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) } -func (o FunctionAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) } -type FunctionAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } - -func (FunctionAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (o ImageAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { + return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) } -func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) ToFunctionAssurancePolicyTrustedBaseImageArrayOutput() FunctionAssurancePolicyTrustedBaseImageArrayOutput { - return o +type ImageAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } + +func (ImageAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyAutoScanTime)(nil)).Elem() } -func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) ToFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) FunctionAssurancePolicyTrustedBaseImageArrayOutput { +func (o ImageAssurancePolicyAutoScanTimeArrayOutput) ToImageAssurancePolicyAutoScanTimeArrayOutput() ImageAssurancePolicyAutoScanTimeArrayOutput { return o } -func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]FunctionAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyAutoScanTimeArrayOutput) ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeArrayOutput { + return o } -func (o FunctionAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) FunctionAssurancePolicyTrustedBaseImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionAssurancePolicyTrustedBaseImage { - return vs[0].([]FunctionAssurancePolicyTrustedBaseImage)[vs[1].(int)] - }).(FunctionAssurancePolicyTrustedBaseImageOutput) +func (o ImageAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyAutoScanTimeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyAutoScanTime { + return vs[0].([]ImageAssurancePolicyAutoScanTime)[vs[1].(int)] + }).(ImageAssurancePolicyAutoScanTimeOutput) } -type FunctionRuntimePolicyScopeVariable struct { - // Class of supported scope. - Attribute string `pulumi:"attribute"` - // Name assigned to the attribute. - Name *string `pulumi:"name"` - // Value assigned to the attribute. - Value string `pulumi:"value"` +type ImageAssurancePolicyCustomCheck struct { + // Name of user account that created the policy. + Author *string `pulumi:"author"` + Description *string `pulumi:"description"` + Engine *string `pulumi:"engine"` + LastModified *int `pulumi:"lastModified"` + Name *string `pulumi:"name"` + Path *string `pulumi:"path"` + ReadOnly *bool `pulumi:"readOnly"` + ScriptId *string `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` + Snippet *string `pulumi:"snippet"` } -// FunctionRuntimePolicyScopeVariableInput is an input type that accepts FunctionRuntimePolicyScopeVariableArgs and FunctionRuntimePolicyScopeVariableOutput values. -// You can construct a concrete instance of `FunctionRuntimePolicyScopeVariableInput` via: +// ImageAssurancePolicyCustomCheckInput is an input type that accepts ImageAssurancePolicyCustomCheckArgs and ImageAssurancePolicyCustomCheckOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyCustomCheckInput` via: // -// FunctionRuntimePolicyScopeVariableArgs{...} -type FunctionRuntimePolicyScopeVariableInput interface { +// ImageAssurancePolicyCustomCheckArgs{...} +type ImageAssurancePolicyCustomCheckInput interface { pulumi.Input - ToFunctionRuntimePolicyScopeVariableOutput() FunctionRuntimePolicyScopeVariableOutput - ToFunctionRuntimePolicyScopeVariableOutputWithContext(context.Context) FunctionRuntimePolicyScopeVariableOutput -} - -type FunctionRuntimePolicyScopeVariableArgs struct { - // Class of supported scope. - Attribute pulumi.StringInput `pulumi:"attribute"` - // Name assigned to the attribute. - Name pulumi.StringPtrInput `pulumi:"name"` - // Value assigned to the attribute. - Value pulumi.StringInput `pulumi:"value"` + ToImageAssurancePolicyCustomCheckOutput() ImageAssurancePolicyCustomCheckOutput + ToImageAssurancePolicyCustomCheckOutputWithContext(context.Context) ImageAssurancePolicyCustomCheckOutput } -func (FunctionRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionRuntimePolicyScopeVariable)(nil)).Elem() +type ImageAssurancePolicyCustomCheckArgs struct { + // Name of user account that created the policy. + Author pulumi.StringPtrInput `pulumi:"author"` + Description pulumi.StringPtrInput `pulumi:"description"` + Engine pulumi.StringPtrInput `pulumi:"engine"` + LastModified pulumi.IntPtrInput `pulumi:"lastModified"` + Name pulumi.StringPtrInput `pulumi:"name"` + Path pulumi.StringPtrInput `pulumi:"path"` + ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` + ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` + Snippet pulumi.StringPtrInput `pulumi:"snippet"` } -func (i FunctionRuntimePolicyScopeVariableArgs) ToFunctionRuntimePolicyScopeVariableOutput() FunctionRuntimePolicyScopeVariableOutput { - return i.ToFunctionRuntimePolicyScopeVariableOutputWithContext(context.Background()) +func (ImageAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyCustomCheck)(nil)).Elem() } -func (i FunctionRuntimePolicyScopeVariableArgs) ToFunctionRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyScopeVariableOutput) +func (i ImageAssurancePolicyCustomCheckArgs) ToImageAssurancePolicyCustomCheckOutput() ImageAssurancePolicyCustomCheckOutput { + return i.ToImageAssurancePolicyCustomCheckOutputWithContext(context.Background()) } -func (i FunctionRuntimePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[FunctionRuntimePolicyScopeVariable] { - return pulumix.Output[FunctionRuntimePolicyScopeVariable]{ - OutputState: i.ToFunctionRuntimePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyCustomCheckArgs) ToImageAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyCustomCheckOutput) } -// FunctionRuntimePolicyScopeVariableArrayInput is an input type that accepts FunctionRuntimePolicyScopeVariableArray and FunctionRuntimePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `FunctionRuntimePolicyScopeVariableArrayInput` via: +// ImageAssurancePolicyCustomCheckArrayInput is an input type that accepts ImageAssurancePolicyCustomCheckArray and ImageAssurancePolicyCustomCheckArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyCustomCheckArrayInput` via: // -// FunctionRuntimePolicyScopeVariableArray{ FunctionRuntimePolicyScopeVariableArgs{...} } -type FunctionRuntimePolicyScopeVariableArrayInput interface { +// ImageAssurancePolicyCustomCheckArray{ ImageAssurancePolicyCustomCheckArgs{...} } +type ImageAssurancePolicyCustomCheckArrayInput interface { pulumi.Input - ToFunctionRuntimePolicyScopeVariableArrayOutput() FunctionRuntimePolicyScopeVariableArrayOutput - ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(context.Context) FunctionRuntimePolicyScopeVariableArrayOutput + ToImageAssurancePolicyCustomCheckArrayOutput() ImageAssurancePolicyCustomCheckArrayOutput + ToImageAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) ImageAssurancePolicyCustomCheckArrayOutput } -type FunctionRuntimePolicyScopeVariableArray []FunctionRuntimePolicyScopeVariableInput - -func (FunctionRuntimePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionRuntimePolicyScopeVariable)(nil)).Elem() -} +type ImageAssurancePolicyCustomCheckArray []ImageAssurancePolicyCustomCheckInput -func (i FunctionRuntimePolicyScopeVariableArray) ToFunctionRuntimePolicyScopeVariableArrayOutput() FunctionRuntimePolicyScopeVariableArrayOutput { - return i.ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyCustomCheckArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyCustomCheck)(nil)).Elem() } -func (i FunctionRuntimePolicyScopeVariableArray) ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(FunctionRuntimePolicyScopeVariableArrayOutput) +func (i ImageAssurancePolicyCustomCheckArray) ToImageAssurancePolicyCustomCheckArrayOutput() ImageAssurancePolicyCustomCheckArrayOutput { + return i.ToImageAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) } -func (i FunctionRuntimePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]FunctionRuntimePolicyScopeVariable] { - return pulumix.Output[[]FunctionRuntimePolicyScopeVariable]{ - OutputState: i.ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyCustomCheckArray) ToImageAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyCustomCheckArrayOutput) } -type FunctionRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } -func (FunctionRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*FunctionRuntimePolicyScopeVariable)(nil)).Elem() +func (ImageAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyCustomCheck)(nil)).Elem() } -func (o FunctionRuntimePolicyScopeVariableOutput) ToFunctionRuntimePolicyScopeVariableOutput() FunctionRuntimePolicyScopeVariableOutput { +func (o ImageAssurancePolicyCustomCheckOutput) ToImageAssurancePolicyCustomCheckOutput() ImageAssurancePolicyCustomCheckOutput { return o } -func (o FunctionRuntimePolicyScopeVariableOutput) ToFunctionRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableOutput { +func (o ImageAssurancePolicyCustomCheckOutput) ToImageAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckOutput { return o } -func (o FunctionRuntimePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[FunctionRuntimePolicyScopeVariable] { - return pulumix.Output[FunctionRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } +// Name of user account that created the policy. +func (o ImageAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) } -// Class of supported scope. -func (o FunctionRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v FunctionRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (o ImageAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) } -// Name assigned to the attribute. -func (o FunctionRuntimePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v FunctionRuntimePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) } -// Value assigned to the attribute. -func (o FunctionRuntimePolicyScopeVariableOutput) Value() pulumi.StringOutput { - return o.ApplyT(func(v FunctionRuntimePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +func (o ImageAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) } -type FunctionRuntimePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +func (o ImageAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +} -func (FunctionRuntimePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]FunctionRuntimePolicyScopeVariable)(nil)).Elem() +func (o ImageAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) } -func (o FunctionRuntimePolicyScopeVariableArrayOutput) ToFunctionRuntimePolicyScopeVariableArrayOutput() FunctionRuntimePolicyScopeVariableArrayOutput { - return o +func (o ImageAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) } -func (o FunctionRuntimePolicyScopeVariableArrayOutput) ToFunctionRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) FunctionRuntimePolicyScopeVariableArrayOutput { +func (o ImageAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +} + +func (o ImageAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +} + +func (o ImageAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +} + +type ImageAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } + +func (ImageAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyCustomCheck)(nil)).Elem() +} + +func (o ImageAssurancePolicyCustomCheckArrayOutput) ToImageAssurancePolicyCustomCheckArrayOutput() ImageAssurancePolicyCustomCheckArrayOutput { return o } -func (o FunctionRuntimePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]FunctionRuntimePolicyScopeVariable] { - return pulumix.Output[[]FunctionRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyCustomCheckArrayOutput) ToImageAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckArrayOutput { + return o } -func (o FunctionRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) FunctionRuntimePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) FunctionRuntimePolicyScopeVariable { - return vs[0].([]FunctionRuntimePolicyScopeVariable)[vs[1].(int)] - }).(FunctionRuntimePolicyScopeVariableOutput) +func (o ImageAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyCustomCheckOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyCustomCheck { + return vs[0].([]ImageAssurancePolicyCustomCheck)[vs[1].(int)] + }).(ImageAssurancePolicyCustomCheckOutput) } -type HostAssurancePolicyAutoScanTime struct { - Iteration *int `pulumi:"iteration"` - IterationType *string `pulumi:"iterationType"` - Time *string `pulumi:"time"` - WeekDays []string `pulumi:"weekDays"` +type ImageAssurancePolicyForbiddenLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` } -// HostAssurancePolicyAutoScanTimeInput is an input type that accepts HostAssurancePolicyAutoScanTimeArgs and HostAssurancePolicyAutoScanTimeOutput values. -// You can construct a concrete instance of `HostAssurancePolicyAutoScanTimeInput` via: +// ImageAssurancePolicyForbiddenLabelInput is an input type that accepts ImageAssurancePolicyForbiddenLabelArgs and ImageAssurancePolicyForbiddenLabelOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyForbiddenLabelInput` via: // -// HostAssurancePolicyAutoScanTimeArgs{...} -type HostAssurancePolicyAutoScanTimeInput interface { +// ImageAssurancePolicyForbiddenLabelArgs{...} +type ImageAssurancePolicyForbiddenLabelInput interface { pulumi.Input - ToHostAssurancePolicyAutoScanTimeOutput() HostAssurancePolicyAutoScanTimeOutput - ToHostAssurancePolicyAutoScanTimeOutputWithContext(context.Context) HostAssurancePolicyAutoScanTimeOutput -} - -type HostAssurancePolicyAutoScanTimeArgs struct { - Iteration pulumi.IntPtrInput `pulumi:"iteration"` - IterationType pulumi.StringPtrInput `pulumi:"iterationType"` - Time pulumi.StringPtrInput `pulumi:"time"` - WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` + ToImageAssurancePolicyForbiddenLabelOutput() ImageAssurancePolicyForbiddenLabelOutput + ToImageAssurancePolicyForbiddenLabelOutputWithContext(context.Context) ImageAssurancePolicyForbiddenLabelOutput } -func (HostAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyAutoScanTime)(nil)).Elem() +type ImageAssurancePolicyForbiddenLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i HostAssurancePolicyAutoScanTimeArgs) ToHostAssurancePolicyAutoScanTimeOutput() HostAssurancePolicyAutoScanTimeOutput { - return i.ToHostAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) +func (ImageAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (i HostAssurancePolicyAutoScanTimeArgs) ToHostAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyAutoScanTimeOutput) +func (i ImageAssurancePolicyForbiddenLabelArgs) ToImageAssurancePolicyForbiddenLabelOutput() ImageAssurancePolicyForbiddenLabelOutput { + return i.ToImageAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) } -func (i HostAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyAutoScanTime] { - return pulumix.Output[HostAssurancePolicyAutoScanTime]{ - OutputState: i.ToHostAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyForbiddenLabelArgs) ToImageAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyForbiddenLabelOutput) } -// HostAssurancePolicyAutoScanTimeArrayInput is an input type that accepts HostAssurancePolicyAutoScanTimeArray and HostAssurancePolicyAutoScanTimeArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyAutoScanTimeArrayInput` via: +// ImageAssurancePolicyForbiddenLabelArrayInput is an input type that accepts ImageAssurancePolicyForbiddenLabelArray and ImageAssurancePolicyForbiddenLabelArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyForbiddenLabelArrayInput` via: // -// HostAssurancePolicyAutoScanTimeArray{ HostAssurancePolicyAutoScanTimeArgs{...} } -type HostAssurancePolicyAutoScanTimeArrayInput interface { +// ImageAssurancePolicyForbiddenLabelArray{ ImageAssurancePolicyForbiddenLabelArgs{...} } +type ImageAssurancePolicyForbiddenLabelArrayInput interface { pulumi.Input - ToHostAssurancePolicyAutoScanTimeArrayOutput() HostAssurancePolicyAutoScanTimeArrayOutput - ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) HostAssurancePolicyAutoScanTimeArrayOutput + ToImageAssurancePolicyForbiddenLabelArrayOutput() ImageAssurancePolicyForbiddenLabelArrayOutput + ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) ImageAssurancePolicyForbiddenLabelArrayOutput } -type HostAssurancePolicyAutoScanTimeArray []HostAssurancePolicyAutoScanTimeInput - -func (HostAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyAutoScanTime)(nil)).Elem() -} +type ImageAssurancePolicyForbiddenLabelArray []ImageAssurancePolicyForbiddenLabelInput -func (i HostAssurancePolicyAutoScanTimeArray) ToHostAssurancePolicyAutoScanTimeArrayOutput() HostAssurancePolicyAutoScanTimeArrayOutput { - return i.ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (i HostAssurancePolicyAutoScanTimeArray) ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyAutoScanTimeArrayOutput) +func (i ImageAssurancePolicyForbiddenLabelArray) ToImageAssurancePolicyForbiddenLabelArrayOutput() ImageAssurancePolicyForbiddenLabelArrayOutput { + return i.ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyAutoScanTime] { - return pulumix.Output[[]HostAssurancePolicyAutoScanTime]{ - OutputState: i.ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyForbiddenLabelArray) ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyForbiddenLabelArrayOutput) } -type HostAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyAutoScanTime)(nil)).Elem() +func (ImageAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (o HostAssurancePolicyAutoScanTimeOutput) ToHostAssurancePolicyAutoScanTimeOutput() HostAssurancePolicyAutoScanTimeOutput { +func (o ImageAssurancePolicyForbiddenLabelOutput) ToImageAssurancePolicyForbiddenLabelOutput() ImageAssurancePolicyForbiddenLabelOutput { return o } -func (o HostAssurancePolicyAutoScanTimeOutput) ToHostAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeOutput { +func (o ImageAssurancePolicyForbiddenLabelOutput) ToImageAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelOutput { return o } -func (o HostAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyAutoScanTime] { - return pulumix.Output[HostAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) +func (o ImageAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) +type ImageAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } + +func (ImageAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (o HostAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyForbiddenLabelArrayOutput) ToImageAssurancePolicyForbiddenLabelArrayOutput() ImageAssurancePolicyForbiddenLabelArrayOutput { + return o } -func (o HostAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) +func (o ImageAssurancePolicyForbiddenLabelArrayOutput) ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelArrayOutput { + return o } -type HostAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } +func (o ImageAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyForbiddenLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyForbiddenLabel { + return vs[0].([]ImageAssurancePolicyForbiddenLabel)[vs[1].(int)] + }).(ImageAssurancePolicyForbiddenLabelOutput) +} -func (HostAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyAutoScanTime)(nil)).Elem() +type ImageAssurancePolicyKubernetesControls struct { + AvdId *string `pulumi:"avdId"` + Description *string `pulumi:"description"` + Enabled *bool `pulumi:"enabled"` + Kind *string `pulumi:"kind"` + Name *string `pulumi:"name"` + Ootb *bool `pulumi:"ootb"` + ScriptId *int `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` } -func (o HostAssurancePolicyAutoScanTimeArrayOutput) ToHostAssurancePolicyAutoScanTimeArrayOutput() HostAssurancePolicyAutoScanTimeArrayOutput { - return o +// ImageAssurancePolicyKubernetesControlsInput is an input type that accepts ImageAssurancePolicyKubernetesControlsArgs and ImageAssurancePolicyKubernetesControlsOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyKubernetesControlsInput` via: +// +// ImageAssurancePolicyKubernetesControlsArgs{...} +type ImageAssurancePolicyKubernetesControlsInput interface { + pulumi.Input + + ToImageAssurancePolicyKubernetesControlsOutput() ImageAssurancePolicyKubernetesControlsOutput + ToImageAssurancePolicyKubernetesControlsOutputWithContext(context.Context) ImageAssurancePolicyKubernetesControlsOutput } -func (o HostAssurancePolicyAutoScanTimeArrayOutput) ToHostAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyAutoScanTimeArrayOutput { - return o +type ImageAssurancePolicyKubernetesControlsArgs struct { + AvdId pulumi.StringPtrInput `pulumi:"avdId"` + Description pulumi.StringPtrInput `pulumi:"description"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + Kind pulumi.StringPtrInput `pulumi:"kind"` + Name pulumi.StringPtrInput `pulumi:"name"` + Ootb pulumi.BoolPtrInput `pulumi:"ootb"` + ScriptId pulumi.IntPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` } -func (o HostAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyAutoScanTime] { - return pulumix.Output[[]HostAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } +func (ImageAssurancePolicyKubernetesControlsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyKubernetesControls)(nil)).Elem() } -func (o HostAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyAutoScanTimeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyAutoScanTime { - return vs[0].([]HostAssurancePolicyAutoScanTime)[vs[1].(int)] - }).(HostAssurancePolicyAutoScanTimeOutput) +func (i ImageAssurancePolicyKubernetesControlsArgs) ToImageAssurancePolicyKubernetesControlsOutput() ImageAssurancePolicyKubernetesControlsOutput { + return i.ToImageAssurancePolicyKubernetesControlsOutputWithContext(context.Background()) } -type HostAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. - Author *string `pulumi:"author"` - Description *string `pulumi:"description"` - Engine *string `pulumi:"engine"` - LastModified *int `pulumi:"lastModified"` - Name *string `pulumi:"name"` - Path *string `pulumi:"path"` - ReadOnly *bool `pulumi:"readOnly"` - ScriptId *string `pulumi:"scriptId"` - Severity *string `pulumi:"severity"` - Snippet *string `pulumi:"snippet"` +func (i ImageAssurancePolicyKubernetesControlsArgs) ToImageAssurancePolicyKubernetesControlsOutputWithContext(ctx context.Context) ImageAssurancePolicyKubernetesControlsOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyKubernetesControlsOutput) } -// HostAssurancePolicyCustomCheckInput is an input type that accepts HostAssurancePolicyCustomCheckArgs and HostAssurancePolicyCustomCheckOutput values. -// You can construct a concrete instance of `HostAssurancePolicyCustomCheckInput` via: +func (i ImageAssurancePolicyKubernetesControlsArgs) ToImageAssurancePolicyKubernetesControlsPtrOutput() ImageAssurancePolicyKubernetesControlsPtrOutput { + return i.ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(context.Background()) +} + +func (i ImageAssurancePolicyKubernetesControlsArgs) ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyKubernetesControlsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyKubernetesControlsOutput).ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(ctx) +} + +// ImageAssurancePolicyKubernetesControlsPtrInput is an input type that accepts ImageAssurancePolicyKubernetesControlsArgs, ImageAssurancePolicyKubernetesControlsPtr and ImageAssurancePolicyKubernetesControlsPtrOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyKubernetesControlsPtrInput` via: // -// HostAssurancePolicyCustomCheckArgs{...} -type HostAssurancePolicyCustomCheckInput interface { +// ImageAssurancePolicyKubernetesControlsArgs{...} +// +// or: +// +// nil +type ImageAssurancePolicyKubernetesControlsPtrInput interface { pulumi.Input - ToHostAssurancePolicyCustomCheckOutput() HostAssurancePolicyCustomCheckOutput - ToHostAssurancePolicyCustomCheckOutputWithContext(context.Context) HostAssurancePolicyCustomCheckOutput + ToImageAssurancePolicyKubernetesControlsPtrOutput() ImageAssurancePolicyKubernetesControlsPtrOutput + ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(context.Context) ImageAssurancePolicyKubernetesControlsPtrOutput } -type HostAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. - Author pulumi.StringPtrInput `pulumi:"author"` - Description pulumi.StringPtrInput `pulumi:"description"` - Engine pulumi.StringPtrInput `pulumi:"engine"` - LastModified pulumi.IntPtrInput `pulumi:"lastModified"` - Name pulumi.StringPtrInput `pulumi:"name"` - Path pulumi.StringPtrInput `pulumi:"path"` - ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` - ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` - Severity pulumi.StringPtrInput `pulumi:"severity"` - Snippet pulumi.StringPtrInput `pulumi:"snippet"` +type imageAssurancePolicyKubernetesControlsPtrType ImageAssurancePolicyKubernetesControlsArgs + +func ImageAssurancePolicyKubernetesControlsPtr(v *ImageAssurancePolicyKubernetesControlsArgs) ImageAssurancePolicyKubernetesControlsPtrInput { + return (*imageAssurancePolicyKubernetesControlsPtrType)(v) } -func (HostAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyCustomCheck)(nil)).Elem() +func (*imageAssurancePolicyKubernetesControlsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ImageAssurancePolicyKubernetesControls)(nil)).Elem() } -func (i HostAssurancePolicyCustomCheckArgs) ToHostAssurancePolicyCustomCheckOutput() HostAssurancePolicyCustomCheckOutput { - return i.ToHostAssurancePolicyCustomCheckOutputWithContext(context.Background()) +func (i *imageAssurancePolicyKubernetesControlsPtrType) ToImageAssurancePolicyKubernetesControlsPtrOutput() ImageAssurancePolicyKubernetesControlsPtrOutput { + return i.ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(context.Background()) } -func (i HostAssurancePolicyCustomCheckArgs) ToHostAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyCustomCheckOutput) +func (i *imageAssurancePolicyKubernetesControlsPtrType) ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyKubernetesControlsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyKubernetesControlsPtrOutput) } -func (i HostAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyCustomCheck] { - return pulumix.Output[HostAssurancePolicyCustomCheck]{ - OutputState: i.ToHostAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } +type ImageAssurancePolicyKubernetesControlsOutput struct{ *pulumi.OutputState } + +func (ImageAssurancePolicyKubernetesControlsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyKubernetesControls)(nil)).Elem() } -// HostAssurancePolicyCustomCheckArrayInput is an input type that accepts HostAssurancePolicyCustomCheckArray and HostAssurancePolicyCustomCheckArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyCustomCheckArrayInput` via: -// -// HostAssurancePolicyCustomCheckArray{ HostAssurancePolicyCustomCheckArgs{...} } -type HostAssurancePolicyCustomCheckArrayInput interface { - pulumi.Input +func (o ImageAssurancePolicyKubernetesControlsOutput) ToImageAssurancePolicyKubernetesControlsOutput() ImageAssurancePolicyKubernetesControlsOutput { + return o +} - ToHostAssurancePolicyCustomCheckArrayOutput() HostAssurancePolicyCustomCheckArrayOutput - ToHostAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) HostAssurancePolicyCustomCheckArrayOutput +func (o ImageAssurancePolicyKubernetesControlsOutput) ToImageAssurancePolicyKubernetesControlsOutputWithContext(ctx context.Context) ImageAssurancePolicyKubernetesControlsOutput { + return o } -type HostAssurancePolicyCustomCheckArray []HostAssurancePolicyCustomCheckInput +func (o ImageAssurancePolicyKubernetesControlsOutput) ToImageAssurancePolicyKubernetesControlsPtrOutput() ImageAssurancePolicyKubernetesControlsPtrOutput { + return o.ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(context.Background()) +} -func (HostAssurancePolicyCustomCheckArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyCustomCheck)(nil)).Elem() +func (o ImageAssurancePolicyKubernetesControlsOutput) ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyKubernetesControlsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ImageAssurancePolicyKubernetesControls) *ImageAssurancePolicyKubernetesControls { + return &v + }).(ImageAssurancePolicyKubernetesControlsPtrOutput) } -func (i HostAssurancePolicyCustomCheckArray) ToHostAssurancePolicyCustomCheckArrayOutput() HostAssurancePolicyCustomCheckArrayOutput { - return i.ToHostAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +func (o ImageAssurancePolicyKubernetesControlsOutput) AvdId() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *string { return v.AvdId }).(pulumi.StringPtrOutput) } -func (i HostAssurancePolicyCustomCheckArray) ToHostAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyCustomCheckArrayOutput) +func (o ImageAssurancePolicyKubernetesControlsOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *string { return v.Description }).(pulumi.StringPtrOutput) } -func (i HostAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyCustomCheck] { - return pulumix.Output[[]HostAssurancePolicyCustomCheck]{ - OutputState: i.ToHostAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } +func (o ImageAssurancePolicyKubernetesControlsOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type HostAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } +func (o ImageAssurancePolicyKubernetesControlsOutput) Kind() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *string { return v.Kind }).(pulumi.StringPtrOutput) +} -func (HostAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyCustomCheck)(nil)).Elem() +func (o ImageAssurancePolicyKubernetesControlsOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) ToHostAssurancePolicyCustomCheckOutput() HostAssurancePolicyCustomCheckOutput { - return o +func (o ImageAssurancePolicyKubernetesControlsOutput) Ootb() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *bool { return v.Ootb }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) ToHostAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckOutput { - return o +func (o ImageAssurancePolicyKubernetesControlsOutput) ScriptId() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *int { return v.ScriptId }).(pulumi.IntPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyCustomCheck] { - return pulumix.Output[HostAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyKubernetesControlsOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyKubernetesControls) *string { return v.Severity }).(pulumi.StringPtrOutput) } -// Name of user account that created the policy. -func (o HostAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) +type ImageAssurancePolicyKubernetesControlsPtrOutput struct{ *pulumi.OutputState } + +func (ImageAssurancePolicyKubernetesControlsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ImageAssurancePolicyKubernetesControls)(nil)).Elem() } -func (o HostAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) ToImageAssurancePolicyKubernetesControlsPtrOutput() ImageAssurancePolicyKubernetesControlsPtrOutput { + return o } -func (o HostAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) ToImageAssurancePolicyKubernetesControlsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyKubernetesControlsPtrOutput { + return o } -func (o HostAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Elem() ImageAssurancePolicyKubernetesControlsOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) ImageAssurancePolicyKubernetesControls { + if v != nil { + return *v + } + var ret ImageAssurancePolicyKubernetesControls + return ret + }).(ImageAssurancePolicyKubernetesControlsOutput) } -func (o HostAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) AvdId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *string { + if v == nil { + return nil + } + return v.AvdId + }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *string { + if v == nil { + return nil + } + return v.Description + }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Kind() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *string { + if v == nil { + return nil + } + return v.Kind + }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *string { + if v == nil { + return nil + } + return v.Name + }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Ootb() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *bool { + if v == nil { + return nil + } + return v.Ootb + }).(pulumi.BoolPtrOutput) } -type HostAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) ScriptId() pulumi.IntPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *int { + if v == nil { + return nil + } + return v.ScriptId + }).(pulumi.IntPtrOutput) +} -func (HostAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyCustomCheck)(nil)).Elem() +func (o ImageAssurancePolicyKubernetesControlsPtrOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyKubernetesControls) *string { + if v == nil { + return nil + } + return v.Severity + }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyCustomCheckArrayOutput) ToHostAssurancePolicyCustomCheckArrayOutput() HostAssurancePolicyCustomCheckArrayOutput { - return o +type ImageAssurancePolicyPackagesBlackList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` } -func (o HostAssurancePolicyCustomCheckArrayOutput) ToHostAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) HostAssurancePolicyCustomCheckArrayOutput { - return o +// ImageAssurancePolicyPackagesBlackListInput is an input type that accepts ImageAssurancePolicyPackagesBlackListArgs and ImageAssurancePolicyPackagesBlackListOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyPackagesBlackListInput` via: +// +// ImageAssurancePolicyPackagesBlackListArgs{...} +type ImageAssurancePolicyPackagesBlackListInput interface { + pulumi.Input + + ToImageAssurancePolicyPackagesBlackListOutput() ImageAssurancePolicyPackagesBlackListOutput + ToImageAssurancePolicyPackagesBlackListOutputWithContext(context.Context) ImageAssurancePolicyPackagesBlackListOutput } -func (o HostAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyCustomCheck] { - return pulumix.Output[[]HostAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } +type ImageAssurancePolicyPackagesBlackListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` } -func (o HostAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyCustomCheckOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyCustomCheck { - return vs[0].([]HostAssurancePolicyCustomCheck)[vs[1].(int)] - }).(HostAssurancePolicyCustomCheckOutput) +func (ImageAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyPackagesBlackList)(nil)).Elem() } -type HostAssurancePolicyForbiddenLabel struct { - Key *string `pulumi:"key"` - Value *string `pulumi:"value"` +func (i ImageAssurancePolicyPackagesBlackListArgs) ToImageAssurancePolicyPackagesBlackListOutput() ImageAssurancePolicyPackagesBlackListOutput { + return i.ToImageAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) } -// HostAssurancePolicyForbiddenLabelInput is an input type that accepts HostAssurancePolicyForbiddenLabelArgs and HostAssurancePolicyForbiddenLabelOutput values. -// You can construct a concrete instance of `HostAssurancePolicyForbiddenLabelInput` via: +func (i ImageAssurancePolicyPackagesBlackListArgs) ToImageAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesBlackListOutput) +} + +// ImageAssurancePolicyPackagesBlackListArrayInput is an input type that accepts ImageAssurancePolicyPackagesBlackListArray and ImageAssurancePolicyPackagesBlackListArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyPackagesBlackListArrayInput` via: // -// HostAssurancePolicyForbiddenLabelArgs{...} -type HostAssurancePolicyForbiddenLabelInput interface { +// ImageAssurancePolicyPackagesBlackListArray{ ImageAssurancePolicyPackagesBlackListArgs{...} } +type ImageAssurancePolicyPackagesBlackListArrayInput interface { pulumi.Input - ToHostAssurancePolicyForbiddenLabelOutput() HostAssurancePolicyForbiddenLabelOutput - ToHostAssurancePolicyForbiddenLabelOutputWithContext(context.Context) HostAssurancePolicyForbiddenLabelOutput -} - -type HostAssurancePolicyForbiddenLabelArgs struct { - Key pulumi.StringPtrInput `pulumi:"key"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToImageAssurancePolicyPackagesBlackListArrayOutput() ImageAssurancePolicyPackagesBlackListArrayOutput + ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) ImageAssurancePolicyPackagesBlackListArrayOutput } -func (HostAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyForbiddenLabel)(nil)).Elem() -} +type ImageAssurancePolicyPackagesBlackListArray []ImageAssurancePolicyPackagesBlackListInput -func (i HostAssurancePolicyForbiddenLabelArgs) ToHostAssurancePolicyForbiddenLabelOutput() HostAssurancePolicyForbiddenLabelOutput { - return i.ToHostAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) +func (ImageAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (i HostAssurancePolicyForbiddenLabelArgs) ToHostAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyForbiddenLabelOutput) +func (i ImageAssurancePolicyPackagesBlackListArray) ToImageAssurancePolicyPackagesBlackListArrayOutput() ImageAssurancePolicyPackagesBlackListArrayOutput { + return i.ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyForbiddenLabel] { - return pulumix.Output[HostAssurancePolicyForbiddenLabel]{ - OutputState: i.ToHostAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyPackagesBlackListArray) ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesBlackListArrayOutput) } -// HostAssurancePolicyForbiddenLabelArrayInput is an input type that accepts HostAssurancePolicyForbiddenLabelArray and HostAssurancePolicyForbiddenLabelArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyForbiddenLabelArrayInput` via: -// -// HostAssurancePolicyForbiddenLabelArray{ HostAssurancePolicyForbiddenLabelArgs{...} } -type HostAssurancePolicyForbiddenLabelArrayInput interface { - pulumi.Input +type ImageAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } - ToHostAssurancePolicyForbiddenLabelArrayOutput() HostAssurancePolicyForbiddenLabelArrayOutput - ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) HostAssurancePolicyForbiddenLabelArrayOutput +func (ImageAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyPackagesBlackList)(nil)).Elem() } -type HostAssurancePolicyForbiddenLabelArray []HostAssurancePolicyForbiddenLabelInput - -func (HostAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyForbiddenLabel)(nil)).Elem() +func (o ImageAssurancePolicyPackagesBlackListOutput) ToImageAssurancePolicyPackagesBlackListOutput() ImageAssurancePolicyPackagesBlackListOutput { + return o } -func (i HostAssurancePolicyForbiddenLabelArray) ToHostAssurancePolicyForbiddenLabelArrayOutput() HostAssurancePolicyForbiddenLabelArrayOutput { - return i.ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) +func (o ImageAssurancePolicyPackagesBlackListOutput) ToImageAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListOutput { + return o } -func (i HostAssurancePolicyForbiddenLabelArray) ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyForbiddenLabelArrayOutput) +func (o ImageAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) } -func (i HostAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]HostAssurancePolicyForbiddenLabel]{ - OutputState: i.ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } +func (o ImageAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } +func (o ImageAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +} -func (HostAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyForbiddenLabel)(nil)).Elem() +func (o ImageAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyForbiddenLabelOutput) ToHostAssurancePolicyForbiddenLabelOutput() HostAssurancePolicyForbiddenLabelOutput { - return o +func (o ImageAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyForbiddenLabelOutput) ToHostAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelOutput { - return o +func (o ImageAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyForbiddenLabel] { - return pulumix.Output[HostAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyForbiddenLabel)(nil)).Elem() +func (ImageAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (o HostAssurancePolicyForbiddenLabelArrayOutput) ToHostAssurancePolicyForbiddenLabelArrayOutput() HostAssurancePolicyForbiddenLabelArrayOutput { +func (o ImageAssurancePolicyPackagesBlackListArrayOutput) ToImageAssurancePolicyPackagesBlackListArrayOutput() ImageAssurancePolicyPackagesBlackListArrayOutput { return o } -func (o HostAssurancePolicyForbiddenLabelArrayOutput) ToHostAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyForbiddenLabelArrayOutput { +func (o ImageAssurancePolicyPackagesBlackListArrayOutput) ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListArrayOutput { return o } -func (o HostAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]HostAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyForbiddenLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyForbiddenLabel { - return vs[0].([]HostAssurancePolicyForbiddenLabel)[vs[1].(int)] - }).(HostAssurancePolicyForbiddenLabelOutput) +func (o ImageAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyPackagesBlackListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyPackagesBlackList { + return vs[0].([]ImageAssurancePolicyPackagesBlackList)[vs[1].(int)] + }).(ImageAssurancePolicyPackagesBlackListOutput) } -type HostAssurancePolicyPackagesBlackList struct { +type ImageAssurancePolicyPackagesWhiteList struct { Arch *string `pulumi:"arch"` Display *string `pulumi:"display"` Epoch *string `pulumi:"epoch"` @@ -6237,18 +20667,18 @@ type HostAssurancePolicyPackagesBlackList struct { VersionRange *string `pulumi:"versionRange"` } -// HostAssurancePolicyPackagesBlackListInput is an input type that accepts HostAssurancePolicyPackagesBlackListArgs and HostAssurancePolicyPackagesBlackListOutput values. -// You can construct a concrete instance of `HostAssurancePolicyPackagesBlackListInput` via: +// ImageAssurancePolicyPackagesWhiteListInput is an input type that accepts ImageAssurancePolicyPackagesWhiteListArgs and ImageAssurancePolicyPackagesWhiteListOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyPackagesWhiteListInput` via: // -// HostAssurancePolicyPackagesBlackListArgs{...} -type HostAssurancePolicyPackagesBlackListInput interface { +// ImageAssurancePolicyPackagesWhiteListArgs{...} +type ImageAssurancePolicyPackagesWhiteListInput interface { pulumi.Input - ToHostAssurancePolicyPackagesBlackListOutput() HostAssurancePolicyPackagesBlackListOutput - ToHostAssurancePolicyPackagesBlackListOutputWithContext(context.Context) HostAssurancePolicyPackagesBlackListOutput + ToImageAssurancePolicyPackagesWhiteListOutput() ImageAssurancePolicyPackagesWhiteListOutput + ToImageAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) ImageAssurancePolicyPackagesWhiteListOutput } -type HostAssurancePolicyPackagesBlackListArgs struct { +type ImageAssurancePolicyPackagesWhiteListArgs struct { Arch pulumi.StringPtrInput `pulumi:"arch"` Display pulumi.StringPtrInput `pulumi:"display"` Epoch pulumi.StringPtrInput `pulumi:"epoch"` @@ -6260,4928 +20690,4419 @@ type HostAssurancePolicyPackagesBlackListArgs struct { VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` } -func (HostAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyPackagesBlackList)(nil)).Elem() -} - -func (i HostAssurancePolicyPackagesBlackListArgs) ToHostAssurancePolicyPackagesBlackListOutput() HostAssurancePolicyPackagesBlackListOutput { - return i.ToHostAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) +func (ImageAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (i HostAssurancePolicyPackagesBlackListArgs) ToHostAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesBlackListOutput) +func (i ImageAssurancePolicyPackagesWhiteListArgs) ToImageAssurancePolicyPackagesWhiteListOutput() ImageAssurancePolicyPackagesWhiteListOutput { + return i.ToImageAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) } -func (i HostAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyPackagesBlackList] { - return pulumix.Output[HostAssurancePolicyPackagesBlackList]{ - OutputState: i.ToHostAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyPackagesWhiteListArgs) ToImageAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesWhiteListOutput) } -// HostAssurancePolicyPackagesBlackListArrayInput is an input type that accepts HostAssurancePolicyPackagesBlackListArray and HostAssurancePolicyPackagesBlackListArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyPackagesBlackListArrayInput` via: +// ImageAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts ImageAssurancePolicyPackagesWhiteListArray and ImageAssurancePolicyPackagesWhiteListArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyPackagesWhiteListArrayInput` via: // -// HostAssurancePolicyPackagesBlackListArray{ HostAssurancePolicyPackagesBlackListArgs{...} } -type HostAssurancePolicyPackagesBlackListArrayInput interface { +// ImageAssurancePolicyPackagesWhiteListArray{ ImageAssurancePolicyPackagesWhiteListArgs{...} } +type ImageAssurancePolicyPackagesWhiteListArrayInput interface { pulumi.Input - ToHostAssurancePolicyPackagesBlackListArrayOutput() HostAssurancePolicyPackagesBlackListArrayOutput - ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) HostAssurancePolicyPackagesBlackListArrayOutput + ToImageAssurancePolicyPackagesWhiteListArrayOutput() ImageAssurancePolicyPackagesWhiteListArrayOutput + ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) ImageAssurancePolicyPackagesWhiteListArrayOutput } -type HostAssurancePolicyPackagesBlackListArray []HostAssurancePolicyPackagesBlackListInput - -func (HostAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyPackagesBlackList)(nil)).Elem() -} +type ImageAssurancePolicyPackagesWhiteListArray []ImageAssurancePolicyPackagesWhiteListInput -func (i HostAssurancePolicyPackagesBlackListArray) ToHostAssurancePolicyPackagesBlackListArrayOutput() HostAssurancePolicyPackagesBlackListArrayOutput { - return i.ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (i HostAssurancePolicyPackagesBlackListArray) ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesBlackListArrayOutput) +func (i ImageAssurancePolicyPackagesWhiteListArray) ToImageAssurancePolicyPackagesWhiteListArrayOutput() ImageAssurancePolicyPackagesWhiteListArrayOutput { + return i.ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]HostAssurancePolicyPackagesBlackList]{ - OutputState: i.ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyPackagesWhiteListArray) ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesWhiteListArrayOutput) } -type HostAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyPackagesBlackList)(nil)).Elem() +func (ImageAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (o HostAssurancePolicyPackagesBlackListOutput) ToHostAssurancePolicyPackagesBlackListOutput() HostAssurancePolicyPackagesBlackListOutput { +func (o ImageAssurancePolicyPackagesWhiteListOutput) ToImageAssurancePolicyPackagesWhiteListOutput() ImageAssurancePolicyPackagesWhiteListOutput { return o } -func (o HostAssurancePolicyPackagesBlackListOutput) ToHostAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListOutput { +func (o ImageAssurancePolicyPackagesWhiteListOutput) ToImageAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListOutput { return o } -func (o HostAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyPackagesBlackList] { - return pulumix.Output[HostAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyPackagesBlackList)(nil)).Elem() +func (ImageAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (o HostAssurancePolicyPackagesBlackListArrayOutput) ToHostAssurancePolicyPackagesBlackListArrayOutput() HostAssurancePolicyPackagesBlackListArrayOutput { +func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) ToImageAssurancePolicyPackagesWhiteListArrayOutput() ImageAssurancePolicyPackagesWhiteListArrayOutput { return o } -func (o HostAssurancePolicyPackagesBlackListArrayOutput) ToHostAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesBlackListArrayOutput { +func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListArrayOutput { return o } -func (o HostAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]HostAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyPackagesBlackListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyPackagesBlackList { - return vs[0].([]HostAssurancePolicyPackagesBlackList)[vs[1].(int)] - }).(HostAssurancePolicyPackagesBlackListOutput) +func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyPackagesWhiteListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyPackagesWhiteList { + return vs[0].([]ImageAssurancePolicyPackagesWhiteList)[vs[1].(int)] + }).(ImageAssurancePolicyPackagesWhiteListOutput) } -type HostAssurancePolicyPackagesWhiteList struct { - Arch *string `pulumi:"arch"` - Display *string `pulumi:"display"` - Epoch *string `pulumi:"epoch"` - Format *string `pulumi:"format"` - License *string `pulumi:"license"` - Name *string `pulumi:"name"` - Release *string `pulumi:"release"` - Version *string `pulumi:"version"` - VersionRange *string `pulumi:"versionRange"` +type ImageAssurancePolicyPolicySettings struct { + Enforce *bool `pulumi:"enforce"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + Warn *bool `pulumi:"warn"` + WarningMessage *string `pulumi:"warningMessage"` } -// HostAssurancePolicyPackagesWhiteListInput is an input type that accepts HostAssurancePolicyPackagesWhiteListArgs and HostAssurancePolicyPackagesWhiteListOutput values. -// You can construct a concrete instance of `HostAssurancePolicyPackagesWhiteListInput` via: +// ImageAssurancePolicyPolicySettingsInput is an input type that accepts ImageAssurancePolicyPolicySettingsArgs and ImageAssurancePolicyPolicySettingsOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyPolicySettingsInput` via: // -// HostAssurancePolicyPackagesWhiteListArgs{...} -type HostAssurancePolicyPackagesWhiteListInput interface { +// ImageAssurancePolicyPolicySettingsArgs{...} +type ImageAssurancePolicyPolicySettingsInput interface { pulumi.Input - ToHostAssurancePolicyPackagesWhiteListOutput() HostAssurancePolicyPackagesWhiteListOutput - ToHostAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) HostAssurancePolicyPackagesWhiteListOutput + ToImageAssurancePolicyPolicySettingsOutput() ImageAssurancePolicyPolicySettingsOutput + ToImageAssurancePolicyPolicySettingsOutputWithContext(context.Context) ImageAssurancePolicyPolicySettingsOutput +} + +type ImageAssurancePolicyPolicySettingsArgs struct { + Enforce pulumi.BoolPtrInput `pulumi:"enforce"` + IsAuditChecked pulumi.BoolPtrInput `pulumi:"isAuditChecked"` + Warn pulumi.BoolPtrInput `pulumi:"warn"` + WarningMessage pulumi.StringPtrInput `pulumi:"warningMessage"` } -type HostAssurancePolicyPackagesWhiteListArgs struct { - Arch pulumi.StringPtrInput `pulumi:"arch"` - Display pulumi.StringPtrInput `pulumi:"display"` - Epoch pulumi.StringPtrInput `pulumi:"epoch"` - Format pulumi.StringPtrInput `pulumi:"format"` - License pulumi.StringPtrInput `pulumi:"license"` - Name pulumi.StringPtrInput `pulumi:"name"` - Release pulumi.StringPtrInput `pulumi:"release"` - Version pulumi.StringPtrInput `pulumi:"version"` - VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +func (ImageAssurancePolicyPolicySettingsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyPolicySettings)(nil)).Elem() } -func (HostAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (i ImageAssurancePolicyPolicySettingsArgs) ToImageAssurancePolicyPolicySettingsOutput() ImageAssurancePolicyPolicySettingsOutput { + return i.ToImageAssurancePolicyPolicySettingsOutputWithContext(context.Background()) } -func (i HostAssurancePolicyPackagesWhiteListArgs) ToHostAssurancePolicyPackagesWhiteListOutput() HostAssurancePolicyPackagesWhiteListOutput { - return i.ToHostAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) +func (i ImageAssurancePolicyPolicySettingsArgs) ToImageAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) ImageAssurancePolicyPolicySettingsOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPolicySettingsOutput) } -func (i HostAssurancePolicyPackagesWhiteListArgs) ToHostAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesWhiteListOutput) +func (i ImageAssurancePolicyPolicySettingsArgs) ToImageAssurancePolicyPolicySettingsPtrOutput() ImageAssurancePolicyPolicySettingsPtrOutput { + return i.ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (i HostAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[HostAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToHostAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyPolicySettingsArgs) ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPolicySettingsOutput).ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(ctx) } -// HostAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts HostAssurancePolicyPackagesWhiteListArray and HostAssurancePolicyPackagesWhiteListArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyPackagesWhiteListArrayInput` via: +// ImageAssurancePolicyPolicySettingsPtrInput is an input type that accepts ImageAssurancePolicyPolicySettingsArgs, ImageAssurancePolicyPolicySettingsPtr and ImageAssurancePolicyPolicySettingsPtrOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyPolicySettingsPtrInput` via: // -// HostAssurancePolicyPackagesWhiteListArray{ HostAssurancePolicyPackagesWhiteListArgs{...} } -type HostAssurancePolicyPackagesWhiteListArrayInput interface { +// ImageAssurancePolicyPolicySettingsArgs{...} +// +// or: +// +// nil +type ImageAssurancePolicyPolicySettingsPtrInput interface { pulumi.Input - ToHostAssurancePolicyPackagesWhiteListArrayOutput() HostAssurancePolicyPackagesWhiteListArrayOutput - ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) HostAssurancePolicyPackagesWhiteListArrayOutput + ToImageAssurancePolicyPolicySettingsPtrOutput() ImageAssurancePolicyPolicySettingsPtrOutput + ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(context.Context) ImageAssurancePolicyPolicySettingsPtrOutput } -type HostAssurancePolicyPackagesWhiteListArray []HostAssurancePolicyPackagesWhiteListInput +type imageAssurancePolicyPolicySettingsPtrType ImageAssurancePolicyPolicySettingsArgs -func (HostAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +func ImageAssurancePolicyPolicySettingsPtr(v *ImageAssurancePolicyPolicySettingsArgs) ImageAssurancePolicyPolicySettingsPtrInput { + return (*imageAssurancePolicyPolicySettingsPtrType)(v) } -func (i HostAssurancePolicyPackagesWhiteListArray) ToHostAssurancePolicyPackagesWhiteListArrayOutput() HostAssurancePolicyPackagesWhiteListArrayOutput { - return i.ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) +func (*imageAssurancePolicyPolicySettingsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ImageAssurancePolicyPolicySettings)(nil)).Elem() } -func (i HostAssurancePolicyPackagesWhiteListArray) ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyPackagesWhiteListArrayOutput) +func (i *imageAssurancePolicyPolicySettingsPtrType) ToImageAssurancePolicyPolicySettingsPtrOutput() ImageAssurancePolicyPolicySettingsPtrOutput { + return i.ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (i HostAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]HostAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } +func (i *imageAssurancePolicyPolicySettingsPtrType) ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPolicySettingsPtrOutput) } -type HostAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyPolicySettingsOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (ImageAssurancePolicyPolicySettingsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyPolicySettings)(nil)).Elem() } -func (o HostAssurancePolicyPackagesWhiteListOutput) ToHostAssurancePolicyPackagesWhiteListOutput() HostAssurancePolicyPackagesWhiteListOutput { +func (o ImageAssurancePolicyPolicySettingsOutput) ToImageAssurancePolicyPolicySettingsOutput() ImageAssurancePolicyPolicySettingsOutput { return o } -func (o HostAssurancePolicyPackagesWhiteListOutput) ToHostAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListOutput { +func (o ImageAssurancePolicyPolicySettingsOutput) ToImageAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) ImageAssurancePolicyPolicySettingsOutput { return o } -func (o HostAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[HostAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyPolicySettingsOutput) ToImageAssurancePolicyPolicySettingsPtrOutput() ImageAssurancePolicyPolicySettingsPtrOutput { + return o.ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (o HostAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsOutput) ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyPolicySettingsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ImageAssurancePolicyPolicySettings) *ImageAssurancePolicyPolicySettings { + return &v + }).(ImageAssurancePolicyPolicySettingsPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPolicySettings) *bool { return v.Enforce }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPolicySettings) *bool { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPolicySettings) *bool { return v.Warn }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyPolicySettings) *string { return v.WarningMessage }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) -} +type ImageAssurancePolicyPolicySettingsPtrOutput struct{ *pulumi.OutputState } -func (o HostAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +func (ImageAssurancePolicyPolicySettingsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ImageAssurancePolicyPolicySettings)(nil)).Elem() } -func (o HostAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsPtrOutput) ToImageAssurancePolicyPolicySettingsPtrOutput() ImageAssurancePolicyPolicySettingsPtrOutput { + return o } -func (o HostAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyPolicySettingsPtrOutput) ToImageAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) ImageAssurancePolicyPolicySettingsPtrOutput { + return o } -type HostAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } - -func (HostAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (o ImageAssurancePolicyPolicySettingsPtrOutput) Elem() ImageAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *ImageAssurancePolicyPolicySettings) ImageAssurancePolicyPolicySettings { + if v != nil { + return *v + } + var ret ImageAssurancePolicyPolicySettings + return ret + }).(ImageAssurancePolicyPolicySettingsOutput) } -func (o HostAssurancePolicyPackagesWhiteListArrayOutput) ToHostAssurancePolicyPackagesWhiteListArrayOutput() HostAssurancePolicyPackagesWhiteListArrayOutput { - return o +func (o ImageAssurancePolicyPolicySettingsPtrOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Enforce + }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListArrayOutput) ToHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) HostAssurancePolicyPackagesWhiteListArrayOutput { - return o +func (o ImageAssurancePolicyPolicySettingsPtrOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.IsAuditChecked + }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]HostAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (o ImageAssurancePolicyPolicySettingsPtrOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Warn + }).(pulumi.BoolPtrOutput) } -func (o HostAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyPackagesWhiteListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyPackagesWhiteList { - return vs[0].([]HostAssurancePolicyPackagesWhiteList)[vs[1].(int)] - }).(HostAssurancePolicyPackagesWhiteListOutput) +func (o ImageAssurancePolicyPolicySettingsPtrOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ImageAssurancePolicyPolicySettings) *string { + if v == nil { + return nil + } + return v.WarningMessage + }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyRequiredLabel struct { +type ImageAssurancePolicyRequiredLabel struct { Key *string `pulumi:"key"` Value *string `pulumi:"value"` } -// HostAssurancePolicyRequiredLabelInput is an input type that accepts HostAssurancePolicyRequiredLabelArgs and HostAssurancePolicyRequiredLabelOutput values. -// You can construct a concrete instance of `HostAssurancePolicyRequiredLabelInput` via: +// ImageAssurancePolicyRequiredLabelInput is an input type that accepts ImageAssurancePolicyRequiredLabelArgs and ImageAssurancePolicyRequiredLabelOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyRequiredLabelInput` via: // -// HostAssurancePolicyRequiredLabelArgs{...} -type HostAssurancePolicyRequiredLabelInput interface { +// ImageAssurancePolicyRequiredLabelArgs{...} +type ImageAssurancePolicyRequiredLabelInput interface { pulumi.Input - ToHostAssurancePolicyRequiredLabelOutput() HostAssurancePolicyRequiredLabelOutput - ToHostAssurancePolicyRequiredLabelOutputWithContext(context.Context) HostAssurancePolicyRequiredLabelOutput + ToImageAssurancePolicyRequiredLabelOutput() ImageAssurancePolicyRequiredLabelOutput + ToImageAssurancePolicyRequiredLabelOutputWithContext(context.Context) ImageAssurancePolicyRequiredLabelOutput } -type HostAssurancePolicyRequiredLabelArgs struct { +type ImageAssurancePolicyRequiredLabelArgs struct { Key pulumi.StringPtrInput `pulumi:"key"` Value pulumi.StringPtrInput `pulumi:"value"` } -func (HostAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyRequiredLabel)(nil)).Elem() -} - -func (i HostAssurancePolicyRequiredLabelArgs) ToHostAssurancePolicyRequiredLabelOutput() HostAssurancePolicyRequiredLabelOutput { - return i.ToHostAssurancePolicyRequiredLabelOutputWithContext(context.Background()) +func (ImageAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyRequiredLabel)(nil)).Elem() } -func (i HostAssurancePolicyRequiredLabelArgs) ToHostAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyRequiredLabelOutput) +func (i ImageAssurancePolicyRequiredLabelArgs) ToImageAssurancePolicyRequiredLabelOutput() ImageAssurancePolicyRequiredLabelOutput { + return i.ToImageAssurancePolicyRequiredLabelOutputWithContext(context.Background()) } -func (i HostAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyRequiredLabel] { - return pulumix.Output[HostAssurancePolicyRequiredLabel]{ - OutputState: i.ToHostAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyRequiredLabelArgs) ToImageAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyRequiredLabelOutput) } -// HostAssurancePolicyRequiredLabelArrayInput is an input type that accepts HostAssurancePolicyRequiredLabelArray and HostAssurancePolicyRequiredLabelArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyRequiredLabelArrayInput` via: +// ImageAssurancePolicyRequiredLabelArrayInput is an input type that accepts ImageAssurancePolicyRequiredLabelArray and ImageAssurancePolicyRequiredLabelArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyRequiredLabelArrayInput` via: // -// HostAssurancePolicyRequiredLabelArray{ HostAssurancePolicyRequiredLabelArgs{...} } -type HostAssurancePolicyRequiredLabelArrayInput interface { +// ImageAssurancePolicyRequiredLabelArray{ ImageAssurancePolicyRequiredLabelArgs{...} } +type ImageAssurancePolicyRequiredLabelArrayInput interface { pulumi.Input - ToHostAssurancePolicyRequiredLabelArrayOutput() HostAssurancePolicyRequiredLabelArrayOutput - ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) HostAssurancePolicyRequiredLabelArrayOutput + ToImageAssurancePolicyRequiredLabelArrayOutput() ImageAssurancePolicyRequiredLabelArrayOutput + ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) ImageAssurancePolicyRequiredLabelArrayOutput } -type HostAssurancePolicyRequiredLabelArray []HostAssurancePolicyRequiredLabelInput - -func (HostAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyRequiredLabel)(nil)).Elem() -} +type ImageAssurancePolicyRequiredLabelArray []ImageAssurancePolicyRequiredLabelInput -func (i HostAssurancePolicyRequiredLabelArray) ToHostAssurancePolicyRequiredLabelArrayOutput() HostAssurancePolicyRequiredLabelArrayOutput { - return i.ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyRequiredLabel)(nil)).Elem() } -func (i HostAssurancePolicyRequiredLabelArray) ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyRequiredLabelArrayOutput) +func (i ImageAssurancePolicyRequiredLabelArray) ToImageAssurancePolicyRequiredLabelArrayOutput() ImageAssurancePolicyRequiredLabelArrayOutput { + return i.ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyRequiredLabel] { - return pulumix.Output[[]HostAssurancePolicyRequiredLabel]{ - OutputState: i.ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyRequiredLabelArray) ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyRequiredLabelArrayOutput) } -type HostAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyRequiredLabel)(nil)).Elem() +func (ImageAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyRequiredLabel)(nil)).Elem() } -func (o HostAssurancePolicyRequiredLabelOutput) ToHostAssurancePolicyRequiredLabelOutput() HostAssurancePolicyRequiredLabelOutput { +func (o ImageAssurancePolicyRequiredLabelOutput) ToImageAssurancePolicyRequiredLabelOutput() ImageAssurancePolicyRequiredLabelOutput { return o } -func (o HostAssurancePolicyRequiredLabelOutput) ToHostAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelOutput { +func (o ImageAssurancePolicyRequiredLabelOutput) ToImageAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelOutput { return o } -func (o HostAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyRequiredLabel] { - return pulumix.Output[HostAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyRequiredLabel)(nil)).Elem() +func (ImageAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyRequiredLabel)(nil)).Elem() } -func (o HostAssurancePolicyRequiredLabelArrayOutput) ToHostAssurancePolicyRequiredLabelArrayOutput() HostAssurancePolicyRequiredLabelArrayOutput { +func (o ImageAssurancePolicyRequiredLabelArrayOutput) ToImageAssurancePolicyRequiredLabelArrayOutput() ImageAssurancePolicyRequiredLabelArrayOutput { return o } -func (o HostAssurancePolicyRequiredLabelArrayOutput) ToHostAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) HostAssurancePolicyRequiredLabelArrayOutput { +func (o ImageAssurancePolicyRequiredLabelArrayOutput) ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelArrayOutput { return o } -func (o HostAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyRequiredLabel] { - return pulumix.Output[[]HostAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyRequiredLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyRequiredLabel { - return vs[0].([]HostAssurancePolicyRequiredLabel)[vs[1].(int)] - }).(HostAssurancePolicyRequiredLabelOutput) +func (o ImageAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyRequiredLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyRequiredLabel { + return vs[0].([]ImageAssurancePolicyRequiredLabel)[vs[1].(int)] + }).(ImageAssurancePolicyRequiredLabelOutput) } -type HostAssurancePolicyScope struct { - Expression *string `pulumi:"expression"` - Variables []HostAssurancePolicyScopeVariable `pulumi:"variables"` +type ImageAssurancePolicyScope struct { + Expression *string `pulumi:"expression"` + Variables []ImageAssurancePolicyScopeVariable `pulumi:"variables"` } -// HostAssurancePolicyScopeInput is an input type that accepts HostAssurancePolicyScopeArgs and HostAssurancePolicyScopeOutput values. -// You can construct a concrete instance of `HostAssurancePolicyScopeInput` via: +// ImageAssurancePolicyScopeInput is an input type that accepts ImageAssurancePolicyScopeArgs and ImageAssurancePolicyScopeOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyScopeInput` via: // -// HostAssurancePolicyScopeArgs{...} -type HostAssurancePolicyScopeInput interface { +// ImageAssurancePolicyScopeArgs{...} +type ImageAssurancePolicyScopeInput interface { pulumi.Input - ToHostAssurancePolicyScopeOutput() HostAssurancePolicyScopeOutput - ToHostAssurancePolicyScopeOutputWithContext(context.Context) HostAssurancePolicyScopeOutput -} - -type HostAssurancePolicyScopeArgs struct { - Expression pulumi.StringPtrInput `pulumi:"expression"` - Variables HostAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` + ToImageAssurancePolicyScopeOutput() ImageAssurancePolicyScopeOutput + ToImageAssurancePolicyScopeOutputWithContext(context.Context) ImageAssurancePolicyScopeOutput } -func (HostAssurancePolicyScopeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyScope)(nil)).Elem() +type ImageAssurancePolicyScopeArgs struct { + Expression pulumi.StringPtrInput `pulumi:"expression"` + Variables ImageAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` } -func (i HostAssurancePolicyScopeArgs) ToHostAssurancePolicyScopeOutput() HostAssurancePolicyScopeOutput { - return i.ToHostAssurancePolicyScopeOutputWithContext(context.Background()) +func (ImageAssurancePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyScope)(nil)).Elem() } -func (i HostAssurancePolicyScopeArgs) ToHostAssurancePolicyScopeOutputWithContext(ctx context.Context) HostAssurancePolicyScopeOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeOutput) +func (i ImageAssurancePolicyScopeArgs) ToImageAssurancePolicyScopeOutput() ImageAssurancePolicyScopeOutput { + return i.ToImageAssurancePolicyScopeOutputWithContext(context.Background()) } -func (i HostAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyScope] { - return pulumix.Output[HostAssurancePolicyScope]{ - OutputState: i.ToHostAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyScopeArgs) ToImageAssurancePolicyScopeOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeOutput) } -// HostAssurancePolicyScopeArrayInput is an input type that accepts HostAssurancePolicyScopeArray and HostAssurancePolicyScopeArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyScopeArrayInput` via: +// ImageAssurancePolicyScopeArrayInput is an input type that accepts ImageAssurancePolicyScopeArray and ImageAssurancePolicyScopeArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyScopeArrayInput` via: // -// HostAssurancePolicyScopeArray{ HostAssurancePolicyScopeArgs{...} } -type HostAssurancePolicyScopeArrayInput interface { +// ImageAssurancePolicyScopeArray{ ImageAssurancePolicyScopeArgs{...} } +type ImageAssurancePolicyScopeArrayInput interface { pulumi.Input - ToHostAssurancePolicyScopeArrayOutput() HostAssurancePolicyScopeArrayOutput - ToHostAssurancePolicyScopeArrayOutputWithContext(context.Context) HostAssurancePolicyScopeArrayOutput + ToImageAssurancePolicyScopeArrayOutput() ImageAssurancePolicyScopeArrayOutput + ToImageAssurancePolicyScopeArrayOutputWithContext(context.Context) ImageAssurancePolicyScopeArrayOutput } -type HostAssurancePolicyScopeArray []HostAssurancePolicyScopeInput - -func (HostAssurancePolicyScopeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyScope)(nil)).Elem() -} +type ImageAssurancePolicyScopeArray []ImageAssurancePolicyScopeInput -func (i HostAssurancePolicyScopeArray) ToHostAssurancePolicyScopeArrayOutput() HostAssurancePolicyScopeArrayOutput { - return i.ToHostAssurancePolicyScopeArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyScope)(nil)).Elem() } -func (i HostAssurancePolicyScopeArray) ToHostAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeArrayOutput) +func (i ImageAssurancePolicyScopeArray) ToImageAssurancePolicyScopeArrayOutput() ImageAssurancePolicyScopeArrayOutput { + return i.ToImageAssurancePolicyScopeArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyScope] { - return pulumix.Output[[]HostAssurancePolicyScope]{ - OutputState: i.ToHostAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyScopeArray) ToImageAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeArrayOutput) } -type HostAssurancePolicyScopeOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyScopeOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyScopeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyScope)(nil)).Elem() +func (ImageAssurancePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyScope)(nil)).Elem() } -func (o HostAssurancePolicyScopeOutput) ToHostAssurancePolicyScopeOutput() HostAssurancePolicyScopeOutput { +func (o ImageAssurancePolicyScopeOutput) ToImageAssurancePolicyScopeOutput() ImageAssurancePolicyScopeOutput { return o } -func (o HostAssurancePolicyScopeOutput) ToHostAssurancePolicyScopeOutputWithContext(ctx context.Context) HostAssurancePolicyScopeOutput { +func (o ImageAssurancePolicyScopeOutput) ToImageAssurancePolicyScopeOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeOutput { return o } -func (o HostAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyScope] { - return pulumix.Output[HostAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyScopeOutput) Variables() HostAssurancePolicyScopeVariableArrayOutput { - return o.ApplyT(func(v HostAssurancePolicyScope) []HostAssurancePolicyScopeVariable { return v.Variables }).(HostAssurancePolicyScopeVariableArrayOutput) +func (o ImageAssurancePolicyScopeOutput) Variables() ImageAssurancePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v ImageAssurancePolicyScope) []ImageAssurancePolicyScopeVariable { return v.Variables }).(ImageAssurancePolicyScopeVariableArrayOutput) } -type HostAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyScope)(nil)).Elem() +func (ImageAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyScope)(nil)).Elem() } -func (o HostAssurancePolicyScopeArrayOutput) ToHostAssurancePolicyScopeArrayOutput() HostAssurancePolicyScopeArrayOutput { +func (o ImageAssurancePolicyScopeArrayOutput) ToImageAssurancePolicyScopeArrayOutput() ImageAssurancePolicyScopeArrayOutput { return o } -func (o HostAssurancePolicyScopeArrayOutput) ToHostAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeArrayOutput { +func (o ImageAssurancePolicyScopeArrayOutput) ToImageAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeArrayOutput { return o } -func (o HostAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyScope] { - return pulumix.Output[[]HostAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyScopeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyScope { - return vs[0].([]HostAssurancePolicyScope)[vs[1].(int)] - }).(HostAssurancePolicyScopeOutput) +func (o ImageAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyScope { + return vs[0].([]ImageAssurancePolicyScope)[vs[1].(int)] + }).(ImageAssurancePolicyScopeOutput) } -type HostAssurancePolicyScopeVariable struct { +type ImageAssurancePolicyScopeVariable struct { Attribute *string `pulumi:"attribute"` Name *string `pulumi:"name"` Value *string `pulumi:"value"` } -// HostAssurancePolicyScopeVariableInput is an input type that accepts HostAssurancePolicyScopeVariableArgs and HostAssurancePolicyScopeVariableOutput values. -// You can construct a concrete instance of `HostAssurancePolicyScopeVariableInput` via: +// ImageAssurancePolicyScopeVariableInput is an input type that accepts ImageAssurancePolicyScopeVariableArgs and ImageAssurancePolicyScopeVariableOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyScopeVariableInput` via: // -// HostAssurancePolicyScopeVariableArgs{...} -type HostAssurancePolicyScopeVariableInput interface { +// ImageAssurancePolicyScopeVariableArgs{...} +type ImageAssurancePolicyScopeVariableInput interface { pulumi.Input - ToHostAssurancePolicyScopeVariableOutput() HostAssurancePolicyScopeVariableOutput - ToHostAssurancePolicyScopeVariableOutputWithContext(context.Context) HostAssurancePolicyScopeVariableOutput + ToImageAssurancePolicyScopeVariableOutput() ImageAssurancePolicyScopeVariableOutput + ToImageAssurancePolicyScopeVariableOutputWithContext(context.Context) ImageAssurancePolicyScopeVariableOutput } -type HostAssurancePolicyScopeVariableArgs struct { +type ImageAssurancePolicyScopeVariableArgs struct { Attribute pulumi.StringPtrInput `pulumi:"attribute"` Name pulumi.StringPtrInput `pulumi:"name"` Value pulumi.StringPtrInput `pulumi:"value"` } -func (HostAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyScopeVariable)(nil)).Elem() -} - -func (i HostAssurancePolicyScopeVariableArgs) ToHostAssurancePolicyScopeVariableOutput() HostAssurancePolicyScopeVariableOutput { - return i.ToHostAssurancePolicyScopeVariableOutputWithContext(context.Background()) +func (ImageAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyScopeVariable)(nil)).Elem() } -func (i HostAssurancePolicyScopeVariableArgs) ToHostAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeVariableOutput) +func (i ImageAssurancePolicyScopeVariableArgs) ToImageAssurancePolicyScopeVariableOutput() ImageAssurancePolicyScopeVariableOutput { + return i.ToImageAssurancePolicyScopeVariableOutputWithContext(context.Background()) } -func (i HostAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyScopeVariable] { - return pulumix.Output[HostAssurancePolicyScopeVariable]{ - OutputState: i.ToHostAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyScopeVariableArgs) ToImageAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeVariableOutput) } -// HostAssurancePolicyScopeVariableArrayInput is an input type that accepts HostAssurancePolicyScopeVariableArray and HostAssurancePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyScopeVariableArrayInput` via: +// ImageAssurancePolicyScopeVariableArrayInput is an input type that accepts ImageAssurancePolicyScopeVariableArray and ImageAssurancePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyScopeVariableArrayInput` via: // -// HostAssurancePolicyScopeVariableArray{ HostAssurancePolicyScopeVariableArgs{...} } -type HostAssurancePolicyScopeVariableArrayInput interface { +// ImageAssurancePolicyScopeVariableArray{ ImageAssurancePolicyScopeVariableArgs{...} } +type ImageAssurancePolicyScopeVariableArrayInput interface { pulumi.Input - ToHostAssurancePolicyScopeVariableArrayOutput() HostAssurancePolicyScopeVariableArrayOutput - ToHostAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) HostAssurancePolicyScopeVariableArrayOutput + ToImageAssurancePolicyScopeVariableArrayOutput() ImageAssurancePolicyScopeVariableArrayOutput + ToImageAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) ImageAssurancePolicyScopeVariableArrayOutput } -type HostAssurancePolicyScopeVariableArray []HostAssurancePolicyScopeVariableInput - -func (HostAssurancePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyScopeVariable)(nil)).Elem() -} +type ImageAssurancePolicyScopeVariableArray []ImageAssurancePolicyScopeVariableInput -func (i HostAssurancePolicyScopeVariableArray) ToHostAssurancePolicyScopeVariableArrayOutput() HostAssurancePolicyScopeVariableArrayOutput { - return i.ToHostAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyScopeVariable)(nil)).Elem() } -func (i HostAssurancePolicyScopeVariableArray) ToHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyScopeVariableArrayOutput) +func (i ImageAssurancePolicyScopeVariableArray) ToImageAssurancePolicyScopeVariableArrayOutput() ImageAssurancePolicyScopeVariableArrayOutput { + return i.ToImageAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyScopeVariable] { - return pulumix.Output[[]HostAssurancePolicyScopeVariable]{ - OutputState: i.ToHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyScopeVariableArray) ToImageAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeVariableArrayOutput) } -type HostAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyScopeVariable)(nil)).Elem() +func (ImageAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyScopeVariable)(nil)).Elem() } -func (o HostAssurancePolicyScopeVariableOutput) ToHostAssurancePolicyScopeVariableOutput() HostAssurancePolicyScopeVariableOutput { +func (o ImageAssurancePolicyScopeVariableOutput) ToImageAssurancePolicyScopeVariableOutput() ImageAssurancePolicyScopeVariableOutput { return o } -func (o HostAssurancePolicyScopeVariableOutput) ToHostAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableOutput { +func (o ImageAssurancePolicyScopeVariableOutput) ToImageAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableOutput { return o } -func (o HostAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyScopeVariable] { - return pulumix.Output[HostAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyScopeVariable)(nil)).Elem() +func (ImageAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyScopeVariable)(nil)).Elem() } -func (o HostAssurancePolicyScopeVariableArrayOutput) ToHostAssurancePolicyScopeVariableArrayOutput() HostAssurancePolicyScopeVariableArrayOutput { +func (o ImageAssurancePolicyScopeVariableArrayOutput) ToImageAssurancePolicyScopeVariableArrayOutput() ImageAssurancePolicyScopeVariableArrayOutput { return o } -func (o HostAssurancePolicyScopeVariableArrayOutput) ToHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostAssurancePolicyScopeVariableArrayOutput { +func (o ImageAssurancePolicyScopeVariableArrayOutput) ToImageAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableArrayOutput { return o } -func (o HostAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyScopeVariable] { - return pulumix.Output[[]HostAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyScopeVariable { - return vs[0].([]HostAssurancePolicyScopeVariable)[vs[1].(int)] - }).(HostAssurancePolicyScopeVariableOutput) +func (o ImageAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyScopeVariable { + return vs[0].([]ImageAssurancePolicyScopeVariable)[vs[1].(int)] + }).(ImageAssurancePolicyScopeVariableOutput) } -type HostAssurancePolicyTrustedBaseImage struct { +type ImageAssurancePolicyTrustedBaseImage struct { Imagename *string `pulumi:"imagename"` Registry *string `pulumi:"registry"` } -// HostAssurancePolicyTrustedBaseImageInput is an input type that accepts HostAssurancePolicyTrustedBaseImageArgs and HostAssurancePolicyTrustedBaseImageOutput values. -// You can construct a concrete instance of `HostAssurancePolicyTrustedBaseImageInput` via: +// ImageAssurancePolicyTrustedBaseImageInput is an input type that accepts ImageAssurancePolicyTrustedBaseImageArgs and ImageAssurancePolicyTrustedBaseImageOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyTrustedBaseImageInput` via: // -// HostAssurancePolicyTrustedBaseImageArgs{...} -type HostAssurancePolicyTrustedBaseImageInput interface { +// ImageAssurancePolicyTrustedBaseImageArgs{...} +type ImageAssurancePolicyTrustedBaseImageInput interface { pulumi.Input - ToHostAssurancePolicyTrustedBaseImageOutput() HostAssurancePolicyTrustedBaseImageOutput - ToHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) HostAssurancePolicyTrustedBaseImageOutput + ToImageAssurancePolicyTrustedBaseImageOutput() ImageAssurancePolicyTrustedBaseImageOutput + ToImageAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) ImageAssurancePolicyTrustedBaseImageOutput } -type HostAssurancePolicyTrustedBaseImageArgs struct { +type ImageAssurancePolicyTrustedBaseImageArgs struct { Imagename pulumi.StringPtrInput `pulumi:"imagename"` Registry pulumi.StringPtrInput `pulumi:"registry"` } -func (HostAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyTrustedBaseImage)(nil)).Elem() -} - -func (i HostAssurancePolicyTrustedBaseImageArgs) ToHostAssurancePolicyTrustedBaseImageOutput() HostAssurancePolicyTrustedBaseImageOutput { - return i.ToHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +func (ImageAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (i HostAssurancePolicyTrustedBaseImageArgs) ToHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyTrustedBaseImageOutput) +func (i ImageAssurancePolicyTrustedBaseImageArgs) ToImageAssurancePolicyTrustedBaseImageOutput() ImageAssurancePolicyTrustedBaseImageOutput { + return i.ToImageAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) } -func (i HostAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[HostAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyTrustedBaseImageArgs) ToImageAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyTrustedBaseImageOutput) } -// HostAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts HostAssurancePolicyTrustedBaseImageArray and HostAssurancePolicyTrustedBaseImageArrayOutput values. -// You can construct a concrete instance of `HostAssurancePolicyTrustedBaseImageArrayInput` via: +// ImageAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts ImageAssurancePolicyTrustedBaseImageArray and ImageAssurancePolicyTrustedBaseImageArrayOutput values. +// You can construct a concrete instance of `ImageAssurancePolicyTrustedBaseImageArrayInput` via: // -// HostAssurancePolicyTrustedBaseImageArray{ HostAssurancePolicyTrustedBaseImageArgs{...} } -type HostAssurancePolicyTrustedBaseImageArrayInput interface { +// ImageAssurancePolicyTrustedBaseImageArray{ ImageAssurancePolicyTrustedBaseImageArgs{...} } +type ImageAssurancePolicyTrustedBaseImageArrayInput interface { pulumi.Input - ToHostAssurancePolicyTrustedBaseImageArrayOutput() HostAssurancePolicyTrustedBaseImageArrayOutput - ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) HostAssurancePolicyTrustedBaseImageArrayOutput + ToImageAssurancePolicyTrustedBaseImageArrayOutput() ImageAssurancePolicyTrustedBaseImageArrayOutput + ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) ImageAssurancePolicyTrustedBaseImageArrayOutput } -type HostAssurancePolicyTrustedBaseImageArray []HostAssurancePolicyTrustedBaseImageInput - -func (HostAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyTrustedBaseImage)(nil)).Elem() -} +type ImageAssurancePolicyTrustedBaseImageArray []ImageAssurancePolicyTrustedBaseImageInput -func (i HostAssurancePolicyTrustedBaseImageArray) ToHostAssurancePolicyTrustedBaseImageArrayOutput() HostAssurancePolicyTrustedBaseImageArrayOutput { - return i.ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +func (ImageAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (i HostAssurancePolicyTrustedBaseImageArray) ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostAssurancePolicyTrustedBaseImageArrayOutput) +func (i ImageAssurancePolicyTrustedBaseImageArray) ToImageAssurancePolicyTrustedBaseImageArrayOutput() ImageAssurancePolicyTrustedBaseImageArrayOutput { + return i.ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) } -func (i HostAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]HostAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } +func (i ImageAssurancePolicyTrustedBaseImageArray) ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyTrustedBaseImageArrayOutput) } -type HostAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } +type ImageAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } -func (HostAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (ImageAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (o HostAssurancePolicyTrustedBaseImageOutput) ToHostAssurancePolicyTrustedBaseImageOutput() HostAssurancePolicyTrustedBaseImageOutput { +func (o ImageAssurancePolicyTrustedBaseImageOutput) ToImageAssurancePolicyTrustedBaseImageOutput() ImageAssurancePolicyTrustedBaseImageOutput { return o } -func (o HostAssurancePolicyTrustedBaseImageOutput) ToHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageOutput { +func (o ImageAssurancePolicyTrustedBaseImageOutput) ToImageAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageOutput { return o } -func (o HostAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[HostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[HostAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) } -func (o HostAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +func (o ImageAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) } -type HostAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } - -func (HostAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostAssurancePolicyTrustedBaseImage)(nil)).Elem() -} +type ImageAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } -func (o HostAssurancePolicyTrustedBaseImageArrayOutput) ToHostAssurancePolicyTrustedBaseImageArrayOutput() HostAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (ImageAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (o HostAssurancePolicyTrustedBaseImageArrayOutput) ToHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) HostAssurancePolicyTrustedBaseImageArrayOutput { +func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) ToImageAssurancePolicyTrustedBaseImageArrayOutput() ImageAssurancePolicyTrustedBaseImageArrayOutput { return o } -func (o HostAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]HostAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - -func (o HostAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) HostAssurancePolicyTrustedBaseImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostAssurancePolicyTrustedBaseImage { - return vs[0].([]HostAssurancePolicyTrustedBaseImage)[vs[1].(int)] - }).(HostAssurancePolicyTrustedBaseImageOutput) -} - -type HostRuntimePolicyFileIntegrityMonitoring struct { - // List of paths to be excluded from being monitored. - ExcludedPaths []string `pulumi:"excludedPaths"` - // List of processes to be excluded from being monitored. - ExcludedProcesses []string `pulumi:"excludedProcesses"` - // List of users to be excluded from being monitored. - ExcludedUsers []string `pulumi:"excludedUsers"` - // If true, add attributes operations will be monitored. - MonitorAttributes *bool `pulumi:"monitorAttributes"` - // If true, create operations will be monitored. - MonitorCreate *bool `pulumi:"monitorCreate"` - // If true, deletion operations will be monitored. - MonitorDelete *bool `pulumi:"monitorDelete"` - // If true, modification operations will be monitored. - MonitorModify *bool `pulumi:"monitorModify"` - // If true, read operations will be monitored. - MonitorRead *bool `pulumi:"monitorRead"` - // List of paths to be monitored. - MonitoredPaths []string `pulumi:"monitoredPaths"` - // List of processes to be monitored. - MonitoredProcesses []string `pulumi:"monitoredProcesses"` - // List of users to be monitored. - MonitoredUsers []string `pulumi:"monitoredUsers"` -} - -// HostRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts HostRuntimePolicyFileIntegrityMonitoringArgs and HostRuntimePolicyFileIntegrityMonitoringOutput values. -// You can construct a concrete instance of `HostRuntimePolicyFileIntegrityMonitoringInput` via: -// -// HostRuntimePolicyFileIntegrityMonitoringArgs{...} -type HostRuntimePolicyFileIntegrityMonitoringInput interface { - pulumi.Input - - ToHostRuntimePolicyFileIntegrityMonitoringOutput() HostRuntimePolicyFileIntegrityMonitoringOutput - ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) HostRuntimePolicyFileIntegrityMonitoringOutput +func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageArrayOutput { + return o } -type HostRuntimePolicyFileIntegrityMonitoringArgs struct { - // List of paths to be excluded from being monitored. - ExcludedPaths pulumi.StringArrayInput `pulumi:"excludedPaths"` - // List of processes to be excluded from being monitored. - ExcludedProcesses pulumi.StringArrayInput `pulumi:"excludedProcesses"` - // List of users to be excluded from being monitored. - ExcludedUsers pulumi.StringArrayInput `pulumi:"excludedUsers"` - // If true, add attributes operations will be monitored. - MonitorAttributes pulumi.BoolPtrInput `pulumi:"monitorAttributes"` - // If true, create operations will be monitored. - MonitorCreate pulumi.BoolPtrInput `pulumi:"monitorCreate"` - // If true, deletion operations will be monitored. - MonitorDelete pulumi.BoolPtrInput `pulumi:"monitorDelete"` - // If true, modification operations will be monitored. - MonitorModify pulumi.BoolPtrInput `pulumi:"monitorModify"` - // If true, read operations will be monitored. - MonitorRead pulumi.BoolPtrInput `pulumi:"monitorRead"` - // List of paths to be monitored. - MonitoredPaths pulumi.StringArrayInput `pulumi:"monitoredPaths"` - // List of processes to be monitored. - MonitoredProcesses pulumi.StringArrayInput `pulumi:"monitoredProcesses"` - // List of users to be monitored. - MonitoredUsers pulumi.StringArrayInput `pulumi:"monitoredUsers"` +func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyTrustedBaseImage { + return vs[0].([]ImageAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(ImageAssurancePolicyTrustedBaseImageOutput) } -func (HostRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +type ImageHistory struct { + Comment *string `pulumi:"comment"` + Created *string `pulumi:"created"` + CreatedBy *string `pulumi:"createdBy"` + Id *string `pulumi:"id"` + Size *int `pulumi:"size"` } -func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringOutput() HostRuntimePolicyFileIntegrityMonitoringOutput { - return i.ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) +// ImageHistoryInput is an input type that accepts ImageHistoryArgs and ImageHistoryOutput values. +// You can construct a concrete instance of `ImageHistoryInput` via: +// +// ImageHistoryArgs{...} +type ImageHistoryInput interface { + pulumi.Input + + ToImageHistoryOutput() ImageHistoryOutput + ToImageHistoryOutputWithContext(context.Context) ImageHistoryOutput } -func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileIntegrityMonitoringOutput) +type ImageHistoryArgs struct { + Comment pulumi.StringPtrInput `pulumi:"comment"` + Created pulumi.StringPtrInput `pulumi:"created"` + CreatedBy pulumi.StringPtrInput `pulumi:"createdBy"` + Id pulumi.StringPtrInput `pulumi:"id"` + Size pulumi.IntPtrInput `pulumi:"size"` } -func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[HostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx).OutputState, - } +func (ImageHistoryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageHistory)(nil)).Elem() } -func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return i.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +func (i ImageHistoryArgs) ToImageHistoryOutput() ImageHistoryOutput { + return i.ToImageHistoryOutputWithContext(context.Background()) } -func (i HostRuntimePolicyFileIntegrityMonitoringArgs) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileIntegrityMonitoringOutput).ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx) +func (i ImageHistoryArgs) ToImageHistoryOutputWithContext(ctx context.Context) ImageHistoryOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageHistoryOutput) } -// HostRuntimePolicyFileIntegrityMonitoringPtrInput is an input type that accepts HostRuntimePolicyFileIntegrityMonitoringArgs, HostRuntimePolicyFileIntegrityMonitoringPtr and HostRuntimePolicyFileIntegrityMonitoringPtrOutput values. -// You can construct a concrete instance of `HostRuntimePolicyFileIntegrityMonitoringPtrInput` via: -// -// HostRuntimePolicyFileIntegrityMonitoringArgs{...} -// -// or: +// ImageHistoryArrayInput is an input type that accepts ImageHistoryArray and ImageHistoryArrayOutput values. +// You can construct a concrete instance of `ImageHistoryArrayInput` via: // -// nil -type HostRuntimePolicyFileIntegrityMonitoringPtrInput interface { +// ImageHistoryArray{ ImageHistoryArgs{...} } +type ImageHistoryArrayInput interface { pulumi.Input - ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput - ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput -} - -type hostRuntimePolicyFileIntegrityMonitoringPtrType HostRuntimePolicyFileIntegrityMonitoringArgs - -func HostRuntimePolicyFileIntegrityMonitoringPtr(v *HostRuntimePolicyFileIntegrityMonitoringArgs) HostRuntimePolicyFileIntegrityMonitoringPtrInput { - return (*hostRuntimePolicyFileIntegrityMonitoringPtrType)(v) + ToImageHistoryArrayOutput() ImageHistoryArrayOutput + ToImageHistoryArrayOutputWithContext(context.Context) ImageHistoryArrayOutput } -func (*hostRuntimePolicyFileIntegrityMonitoringPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() -} +type ImageHistoryArray []ImageHistoryInput -func (i *hostRuntimePolicyFileIntegrityMonitoringPtrType) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return i.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +func (ImageHistoryArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageHistory)(nil)).Elem() } -func (i *hostRuntimePolicyFileIntegrityMonitoringPtrType) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyFileIntegrityMonitoringPtrOutput) +func (i ImageHistoryArray) ToImageHistoryArrayOutput() ImageHistoryArrayOutput { + return i.ToImageHistoryArrayOutputWithContext(context.Background()) } -func (i *hostRuntimePolicyFileIntegrityMonitoringPtrType) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[*HostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx).OutputState, - } +func (i ImageHistoryArray) ToImageHistoryArrayOutputWithContext(ctx context.Context) ImageHistoryArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageHistoryArrayOutput) } -type HostRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } +type ImageHistoryOutput struct{ *pulumi.OutputState } -func (HostRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (ImageHistoryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageHistory)(nil)).Elem() } -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringOutput() HostRuntimePolicyFileIntegrityMonitoringOutput { +func (o ImageHistoryOutput) ToImageHistoryOutput() ImageHistoryOutput { return o } -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringOutput { +func (o ImageHistoryOutput) ToImageHistoryOutputWithContext(ctx context.Context) ImageHistoryOutput { return o } -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o.ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(context.Background()) +func (o ImageHistoryOutput) Comment() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageHistory) *string { return v.Comment }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyFileIntegrityMonitoring) *HostRuntimePolicyFileIntegrityMonitoring { - return &v - }).(HostRuntimePolicyFileIntegrityMonitoringPtrOutput) +func (o ImageHistoryOutput) Created() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageHistory) *string { return v.Created }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[HostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } +func (o ImageHistoryOutput) CreatedBy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageHistory) *string { return v.CreatedBy }).(pulumi.StringPtrOutput) } -// List of paths to be excluded from being monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) +func (o ImageHistoryOutput) Id() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageHistory) *string { return v.Id }).(pulumi.StringPtrOutput) } -// List of processes to be excluded from being monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedProcesses }).(pulumi.StringArrayOutput) +func (o ImageHistoryOutput) Size() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageHistory) *int { return v.Size }).(pulumi.IntPtrOutput) } -// List of users to be excluded from being monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedUsers }).(pulumi.StringArrayOutput) -} +type ImageHistoryArrayOutput struct{ *pulumi.OutputState } -// If true, add attributes operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitorAttributes() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorAttributes }).(pulumi.BoolPtrOutput) +func (ImageHistoryArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageHistory)(nil)).Elem() } -// If true, create operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitorCreate() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorCreate }).(pulumi.BoolPtrOutput) +func (o ImageHistoryArrayOutput) ToImageHistoryArrayOutput() ImageHistoryArrayOutput { + return o } -// If true, deletion operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitorDelete() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorDelete }).(pulumi.BoolPtrOutput) +func (o ImageHistoryArrayOutput) ToImageHistoryArrayOutputWithContext(ctx context.Context) ImageHistoryArrayOutput { + return o } -// If true, modification operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitorModify() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorModify }).(pulumi.BoolPtrOutput) +func (o ImageHistoryArrayOutput) Index(i pulumi.IntInput) ImageHistoryOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageHistory { + return vs[0].([]ImageHistory)[vs[1].(int)] + }).(ImageHistoryOutput) } -// If true, read operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitorRead() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitorRead }).(pulumi.BoolPtrOutput) +type ImageVulnerability struct { + AckAuthor *string `pulumi:"ackAuthor"` + AckComment *string `pulumi:"ackComment"` + AckExpirationConfiguredAt *string `pulumi:"ackExpirationConfiguredAt"` + AckExpirationConfiguredBy *string `pulumi:"ackExpirationConfiguredBy"` + AckExpirationDays *int `pulumi:"ackExpirationDays"` + AckScope *string `pulumi:"ackScope"` + AcknowledgeDate *string `pulumi:"acknowledgeDate"` + AncestorPkg *string `pulumi:"ancestorPkg"` + AquaScore *float64 `pulumi:"aquaScore"` + AquaScoreClassification *string `pulumi:"aquaScoreClassification"` + AquaScoringSystem *string `pulumi:"aquaScoringSystem"` + AquaSeverity *string `pulumi:"aquaSeverity"` + AquaSeverityClassification *string `pulumi:"aquaSeverityClassification"` + AquaVectors *string `pulumi:"aquaVectors"` + AuditEventsCount *int `pulumi:"auditEventsCount"` + BlockEventsCount *int `pulumi:"blockEventsCount"` + Classification *string `pulumi:"classification"` + Description *string `pulumi:"description"` + Digest *string `pulumi:"digest"` + ExploitReference *string `pulumi:"exploitReference"` + ExploitType *string `pulumi:"exploitType"` + FirstFoundDate *string `pulumi:"firstFoundDate"` + FixVersion *string `pulumi:"fixVersion"` + ImageName *string `pulumi:"imageName"` + LastFoundDate *string `pulumi:"lastFoundDate"` + ModificationDate *string `pulumi:"modificationDate"` + Name *string `pulumi:"name"` + NvdCvss2Score *float64 `pulumi:"nvdCvss2Score"` + NvdCvss2Vectors *string `pulumi:"nvdCvss2Vectors"` + NvdCvss3Score *float64 `pulumi:"nvdCvss3Score"` + NvdCvss3Severity *string `pulumi:"nvdCvss3Severity"` + NvdCvss3Vectors *string `pulumi:"nvdCvss3Vectors"` + NvdSeverity *string `pulumi:"nvdSeverity"` + NvdUrl *string `pulumi:"nvdUrl"` + Os *string `pulumi:"os"` + OsVersion *string `pulumi:"osVersion"` + Permission *string `pulumi:"permission"` + PublishDate *string `pulumi:"publishDate"` + Registry *string `pulumi:"registry"` + Repository *string `pulumi:"repository"` + ResourceArchitecture *string `pulumi:"resourceArchitecture"` + ResourceCpe *string `pulumi:"resourceCpe"` + ResourceFormat *string `pulumi:"resourceFormat"` + ResourceHash *string `pulumi:"resourceHash"` + ResourceLicenses []string `pulumi:"resourceLicenses"` + ResourceName *string `pulumi:"resourceName"` + ResourcePath *string `pulumi:"resourcePath"` + ResourceType *string `pulumi:"resourceType"` + ResourceVersion *string `pulumi:"resourceVersion"` + SeverityClassification *string `pulumi:"severityClassification"` + Solution *string `pulumi:"solution"` + TemporalVector *string `pulumi:"temporalVector"` + VPatchAppliedBy *string `pulumi:"vPatchAppliedBy"` + VPatchAppliedOn *string `pulumi:"vPatchAppliedOn"` + VPatchEnforcedBy *string `pulumi:"vPatchEnforcedBy"` + VPatchEnforcedOn *string `pulumi:"vPatchEnforcedOn"` + VPatchPolicyEnforce *bool `pulumi:"vPatchPolicyEnforce"` + VPatchPolicyName *string `pulumi:"vPatchPolicyName"` + VPatchRevertedBy *string `pulumi:"vPatchRevertedBy"` + VPatchRevertedOn *string `pulumi:"vPatchRevertedOn"` + VPatchStatus *string `pulumi:"vPatchStatus"` + VendorCvss2Score *float64 `pulumi:"vendorCvss2Score"` + VendorCvss2Vectors *string `pulumi:"vendorCvss2Vectors"` + VendorSeverity *string `pulumi:"vendorSeverity"` + VendorStatement *string `pulumi:"vendorStatement"` + VendorUrl *string `pulumi:"vendorUrl"` } -// List of paths to be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredPaths }).(pulumi.StringArrayOutput) -} +// ImageVulnerabilityInput is an input type that accepts ImageVulnerabilityArgs and ImageVulnerabilityOutput values. +// You can construct a concrete instance of `ImageVulnerabilityInput` via: +// +// ImageVulnerabilityArgs{...} +type ImageVulnerabilityInput interface { + pulumi.Input -// List of processes to be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredProcesses }).(pulumi.StringArrayOutput) + ToImageVulnerabilityOutput() ImageVulnerabilityOutput + ToImageVulnerabilityOutputWithContext(context.Context) ImageVulnerabilityOutput } -// List of users to be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredUsers }).(pulumi.StringArrayOutput) +type ImageVulnerabilityArgs struct { + AckAuthor pulumi.StringPtrInput `pulumi:"ackAuthor"` + AckComment pulumi.StringPtrInput `pulumi:"ackComment"` + AckExpirationConfiguredAt pulumi.StringPtrInput `pulumi:"ackExpirationConfiguredAt"` + AckExpirationConfiguredBy pulumi.StringPtrInput `pulumi:"ackExpirationConfiguredBy"` + AckExpirationDays pulumi.IntPtrInput `pulumi:"ackExpirationDays"` + AckScope pulumi.StringPtrInput `pulumi:"ackScope"` + AcknowledgeDate pulumi.StringPtrInput `pulumi:"acknowledgeDate"` + AncestorPkg pulumi.StringPtrInput `pulumi:"ancestorPkg"` + AquaScore pulumi.Float64PtrInput `pulumi:"aquaScore"` + AquaScoreClassification pulumi.StringPtrInput `pulumi:"aquaScoreClassification"` + AquaScoringSystem pulumi.StringPtrInput `pulumi:"aquaScoringSystem"` + AquaSeverity pulumi.StringPtrInput `pulumi:"aquaSeverity"` + AquaSeverityClassification pulumi.StringPtrInput `pulumi:"aquaSeverityClassification"` + AquaVectors pulumi.StringPtrInput `pulumi:"aquaVectors"` + AuditEventsCount pulumi.IntPtrInput `pulumi:"auditEventsCount"` + BlockEventsCount pulumi.IntPtrInput `pulumi:"blockEventsCount"` + Classification pulumi.StringPtrInput `pulumi:"classification"` + Description pulumi.StringPtrInput `pulumi:"description"` + Digest pulumi.StringPtrInput `pulumi:"digest"` + ExploitReference pulumi.StringPtrInput `pulumi:"exploitReference"` + ExploitType pulumi.StringPtrInput `pulumi:"exploitType"` + FirstFoundDate pulumi.StringPtrInput `pulumi:"firstFoundDate"` + FixVersion pulumi.StringPtrInput `pulumi:"fixVersion"` + ImageName pulumi.StringPtrInput `pulumi:"imageName"` + LastFoundDate pulumi.StringPtrInput `pulumi:"lastFoundDate"` + ModificationDate pulumi.StringPtrInput `pulumi:"modificationDate"` + Name pulumi.StringPtrInput `pulumi:"name"` + NvdCvss2Score pulumi.Float64PtrInput `pulumi:"nvdCvss2Score"` + NvdCvss2Vectors pulumi.StringPtrInput `pulumi:"nvdCvss2Vectors"` + NvdCvss3Score pulumi.Float64PtrInput `pulumi:"nvdCvss3Score"` + NvdCvss3Severity pulumi.StringPtrInput `pulumi:"nvdCvss3Severity"` + NvdCvss3Vectors pulumi.StringPtrInput `pulumi:"nvdCvss3Vectors"` + NvdSeverity pulumi.StringPtrInput `pulumi:"nvdSeverity"` + NvdUrl pulumi.StringPtrInput `pulumi:"nvdUrl"` + Os pulumi.StringPtrInput `pulumi:"os"` + OsVersion pulumi.StringPtrInput `pulumi:"osVersion"` + Permission pulumi.StringPtrInput `pulumi:"permission"` + PublishDate pulumi.StringPtrInput `pulumi:"publishDate"` + Registry pulumi.StringPtrInput `pulumi:"registry"` + Repository pulumi.StringPtrInput `pulumi:"repository"` + ResourceArchitecture pulumi.StringPtrInput `pulumi:"resourceArchitecture"` + ResourceCpe pulumi.StringPtrInput `pulumi:"resourceCpe"` + ResourceFormat pulumi.StringPtrInput `pulumi:"resourceFormat"` + ResourceHash pulumi.StringPtrInput `pulumi:"resourceHash"` + ResourceLicenses pulumi.StringArrayInput `pulumi:"resourceLicenses"` + ResourceName pulumi.StringPtrInput `pulumi:"resourceName"` + ResourcePath pulumi.StringPtrInput `pulumi:"resourcePath"` + ResourceType pulumi.StringPtrInput `pulumi:"resourceType"` + ResourceVersion pulumi.StringPtrInput `pulumi:"resourceVersion"` + SeverityClassification pulumi.StringPtrInput `pulumi:"severityClassification"` + Solution pulumi.StringPtrInput `pulumi:"solution"` + TemporalVector pulumi.StringPtrInput `pulumi:"temporalVector"` + VPatchAppliedBy pulumi.StringPtrInput `pulumi:"vPatchAppliedBy"` + VPatchAppliedOn pulumi.StringPtrInput `pulumi:"vPatchAppliedOn"` + VPatchEnforcedBy pulumi.StringPtrInput `pulumi:"vPatchEnforcedBy"` + VPatchEnforcedOn pulumi.StringPtrInput `pulumi:"vPatchEnforcedOn"` + VPatchPolicyEnforce pulumi.BoolPtrInput `pulumi:"vPatchPolicyEnforce"` + VPatchPolicyName pulumi.StringPtrInput `pulumi:"vPatchPolicyName"` + VPatchRevertedBy pulumi.StringPtrInput `pulumi:"vPatchRevertedBy"` + VPatchRevertedOn pulumi.StringPtrInput `pulumi:"vPatchRevertedOn"` + VPatchStatus pulumi.StringPtrInput `pulumi:"vPatchStatus"` + VendorCvss2Score pulumi.Float64PtrInput `pulumi:"vendorCvss2Score"` + VendorCvss2Vectors pulumi.StringPtrInput `pulumi:"vendorCvss2Vectors"` + VendorSeverity pulumi.StringPtrInput `pulumi:"vendorSeverity"` + VendorStatement pulumi.StringPtrInput `pulumi:"vendorStatement"` + VendorUrl pulumi.StringPtrInput `pulumi:"vendorUrl"` } -type HostRuntimePolicyFileIntegrityMonitoringPtrOutput struct{ *pulumi.OutputState } - -func (HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (ImageVulnerabilityArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ImageVulnerability)(nil)).Elem() } -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutput() HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o +func (i ImageVulnerabilityArgs) ToImageVulnerabilityOutput() ImageVulnerabilityOutput { + return i.ToImageVulnerabilityOutputWithContext(context.Background()) } -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ToHostRuntimePolicyFileIntegrityMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyFileIntegrityMonitoringPtrOutput { - return o +func (i ImageVulnerabilityArgs) ToImageVulnerabilityOutputWithContext(ctx context.Context) ImageVulnerabilityOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageVulnerabilityOutput) } -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[*HostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } +// ImageVulnerabilityArrayInput is an input type that accepts ImageVulnerabilityArray and ImageVulnerabilityArrayOutput values. +// You can construct a concrete instance of `ImageVulnerabilityArrayInput` via: +// +// ImageVulnerabilityArray{ ImageVulnerabilityArgs{...} } +type ImageVulnerabilityArrayInput interface { + pulumi.Input + + ToImageVulnerabilityArrayOutput() ImageVulnerabilityArrayOutput + ToImageVulnerabilityArrayOutputWithContext(context.Context) ImageVulnerabilityArrayOutput } -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) Elem() HostRuntimePolicyFileIntegrityMonitoringOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) HostRuntimePolicyFileIntegrityMonitoring { - if v != nil { - return *v - } - var ret HostRuntimePolicyFileIntegrityMonitoring - return ret - }).(HostRuntimePolicyFileIntegrityMonitoringOutput) +type ImageVulnerabilityArray []ImageVulnerabilityInput + +func (ImageVulnerabilityArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageVulnerability)(nil)).Elem() } -// List of paths to be excluded from being monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedPaths - }).(pulumi.StringArrayOutput) +func (i ImageVulnerabilityArray) ToImageVulnerabilityArrayOutput() ImageVulnerabilityArrayOutput { + return i.ToImageVulnerabilityArrayOutputWithContext(context.Background()) } -// List of processes to be excluded from being monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedProcesses - }).(pulumi.StringArrayOutput) +func (i ImageVulnerabilityArray) ToImageVulnerabilityArrayOutputWithContext(ctx context.Context) ImageVulnerabilityArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ImageVulnerabilityArrayOutput) } -// List of users to be excluded from being monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedUsers - }).(pulumi.StringArrayOutput) +type ImageVulnerabilityOutput struct{ *pulumi.OutputState } + +func (ImageVulnerabilityOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ImageVulnerability)(nil)).Elem() } -// If true, add attributes operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorAttributes() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorAttributes - }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) ToImageVulnerabilityOutput() ImageVulnerabilityOutput { + return o } -// If true, create operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorCreate() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorCreate - }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) ToImageVulnerabilityOutputWithContext(ctx context.Context) ImageVulnerabilityOutput { + return o } -// If true, deletion operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorDelete() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorDelete - }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) AckAuthor() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AckAuthor }).(pulumi.StringPtrOutput) } -// If true, modification operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorModify() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorModify - }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) AckComment() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AckComment }).(pulumi.StringPtrOutput) } -// If true, read operations will be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitorRead() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorRead - }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) AckExpirationConfiguredAt() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AckExpirationConfiguredAt }).(pulumi.StringPtrOutput) } -// List of paths to be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.MonitoredPaths - }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) AckExpirationConfiguredBy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AckExpirationConfiguredBy }).(pulumi.StringPtrOutput) } -// List of processes to be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.MonitoredProcesses - }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) AckExpirationDays() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *int { return v.AckExpirationDays }).(pulumi.IntPtrOutput) } -// List of users to be monitored. -func (o HostRuntimePolicyFileIntegrityMonitoringPtrOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyFileIntegrityMonitoring) []string { - if v == nil { - return nil - } - return v.MonitoredUsers - }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) AckScope() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AckScope }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyMalwareScanOptions struct { - // Set Action, Defaults to 'Alert' when empty - Action *string `pulumi:"action"` - // Defines if enabled or not - Enabled *bool `pulumi:"enabled"` - // List of registry paths to be excluded from being protected. - ExcludeDirectories []string `pulumi:"excludeDirectories"` - // List of registry processes to be excluded from being protected. - ExcludeProcesses []string `pulumi:"excludeProcesses"` +func (o ImageVulnerabilityOutput) AcknowledgeDate() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AcknowledgeDate }).(pulumi.StringPtrOutput) } -// HostRuntimePolicyMalwareScanOptionsInput is an input type that accepts HostRuntimePolicyMalwareScanOptionsArgs and HostRuntimePolicyMalwareScanOptionsOutput values. -// You can construct a concrete instance of `HostRuntimePolicyMalwareScanOptionsInput` via: -// -// HostRuntimePolicyMalwareScanOptionsArgs{...} -type HostRuntimePolicyMalwareScanOptionsInput interface { - pulumi.Input +func (o ImageVulnerabilityOutput) AncestorPkg() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AncestorPkg }).(pulumi.StringPtrOutput) +} - ToHostRuntimePolicyMalwareScanOptionsOutput() HostRuntimePolicyMalwareScanOptionsOutput - ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(context.Context) HostRuntimePolicyMalwareScanOptionsOutput +func (o ImageVulnerabilityOutput) AquaScore() pulumi.Float64PtrOutput { + return o.ApplyT(func(v ImageVulnerability) *float64 { return v.AquaScore }).(pulumi.Float64PtrOutput) } -type HostRuntimePolicyMalwareScanOptionsArgs struct { - // Set Action, Defaults to 'Alert' when empty - Action pulumi.StringPtrInput `pulumi:"action"` - // Defines if enabled or not - Enabled pulumi.BoolPtrInput `pulumi:"enabled"` - // List of registry paths to be excluded from being protected. - ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` - // List of registry processes to be excluded from being protected. - ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` +func (o ImageVulnerabilityOutput) AquaScoreClassification() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaScoreClassification }).(pulumi.StringPtrOutput) } -func (HostRuntimePolicyMalwareScanOptionsArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +func (o ImageVulnerabilityOutput) AquaScoringSystem() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaScoringSystem }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsOutput() HostRuntimePolicyMalwareScanOptionsOutput { - return i.ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(context.Background()) +func (o ImageVulnerabilityOutput) AquaSeverity() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaSeverity }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMalwareScanOptionsOutput) +func (o ImageVulnerabilityOutput) AquaSeverityClassification() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaSeverityClassification }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyMalwareScanOptionsArgs) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyMalwareScanOptions] { - return pulumix.Output[HostRuntimePolicyMalwareScanOptions]{ - OutputState: i.ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(ctx).OutputState, - } +func (o ImageVulnerabilityOutput) AquaVectors() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaVectors }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { - return i.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +func (o ImageVulnerabilityOutput) AuditEventsCount() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *int { return v.AuditEventsCount }).(pulumi.IntPtrOutput) } -func (i HostRuntimePolicyMalwareScanOptionsArgs) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMalwareScanOptionsOutput).ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx) +func (o ImageVulnerabilityOutput) BlockEventsCount() pulumi.IntPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *int { return v.BlockEventsCount }).(pulumi.IntPtrOutput) } -// HostRuntimePolicyMalwareScanOptionsPtrInput is an input type that accepts HostRuntimePolicyMalwareScanOptionsArgs, HostRuntimePolicyMalwareScanOptionsPtr and HostRuntimePolicyMalwareScanOptionsPtrOutput values. -// You can construct a concrete instance of `HostRuntimePolicyMalwareScanOptionsPtrInput` via: -// -// HostRuntimePolicyMalwareScanOptionsArgs{...} -// -// or: -// -// nil -type HostRuntimePolicyMalwareScanOptionsPtrInput interface { - pulumi.Input +func (o ImageVulnerabilityOutput) Classification() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Classification }).(pulumi.StringPtrOutput) +} - ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput - ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput +func (o ImageVulnerabilityOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Description }).(pulumi.StringPtrOutput) } -type hostRuntimePolicyMalwareScanOptionsPtrType HostRuntimePolicyMalwareScanOptionsArgs +func (o ImageVulnerabilityOutput) Digest() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Digest }).(pulumi.StringPtrOutput) +} -func HostRuntimePolicyMalwareScanOptionsPtr(v *HostRuntimePolicyMalwareScanOptionsArgs) HostRuntimePolicyMalwareScanOptionsPtrInput { - return (*hostRuntimePolicyMalwareScanOptionsPtrType)(v) +func (o ImageVulnerabilityOutput) ExploitReference() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ExploitReference }).(pulumi.StringPtrOutput) } -func (*hostRuntimePolicyMalwareScanOptionsPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +func (o ImageVulnerabilityOutput) ExploitType() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ExploitType }).(pulumi.StringPtrOutput) } -func (i *hostRuntimePolicyMalwareScanOptionsPtrType) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { - return i.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +func (o ImageVulnerabilityOutput) FirstFoundDate() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.FirstFoundDate }).(pulumi.StringPtrOutput) } -func (i *hostRuntimePolicyMalwareScanOptionsPtrType) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyMalwareScanOptionsPtrOutput) +func (o ImageVulnerabilityOutput) FixVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.FixVersion }).(pulumi.StringPtrOutput) } -func (i *hostRuntimePolicyMalwareScanOptionsPtrType) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyMalwareScanOptions] { - return pulumix.Output[*HostRuntimePolicyMalwareScanOptions]{ - OutputState: i.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx).OutputState, - } +func (o ImageVulnerabilityOutput) ImageName() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ImageName }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyMalwareScanOptionsOutput struct{ *pulumi.OutputState } +func (o ImageVulnerabilityOutput) LastFoundDate() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.LastFoundDate }).(pulumi.StringPtrOutput) +} -func (HostRuntimePolicyMalwareScanOptionsOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +func (o ImageVulnerabilityOutput) ModificationDate() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ModificationDate }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsOutput() HostRuntimePolicyMalwareScanOptionsOutput { - return o +func (o ImageVulnerabilityOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsOutput { - return o +func (o ImageVulnerabilityOutput) NvdCvss2Score() pulumi.Float64PtrOutput { + return o.ApplyT(func(v ImageVulnerability) *float64 { return v.NvdCvss2Score }).(pulumi.Float64PtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { - return o.ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(context.Background()) +func (o ImageVulnerabilityOutput) NvdCvss2Vectors() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdCvss2Vectors }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyMalwareScanOptions) *HostRuntimePolicyMalwareScanOptions { - return &v - }).(HostRuntimePolicyMalwareScanOptionsPtrOutput) +func (o ImageVulnerabilityOutput) NvdCvss3Score() pulumi.Float64PtrOutput { + return o.ApplyT(func(v ImageVulnerability) *float64 { return v.NvdCvss3Score }).(pulumi.Float64PtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsOutput) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyMalwareScanOptions] { - return pulumix.Output[HostRuntimePolicyMalwareScanOptions]{ - OutputState: o.OutputState, - } +func (o ImageVulnerabilityOutput) NvdCvss3Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdCvss3Severity }).(pulumi.StringPtrOutput) } -// Set Action, Defaults to 'Alert' when empty -func (o HostRuntimePolicyMalwareScanOptionsOutput) Action() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) *string { return v.Action }).(pulumi.StringPtrOutput) +func (o ImageVulnerabilityOutput) NvdCvss3Vectors() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdCvss3Vectors }).(pulumi.StringPtrOutput) } -// Defines if enabled or not -func (o HostRuntimePolicyMalwareScanOptionsOutput) Enabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) NvdSeverity() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdSeverity }).(pulumi.StringPtrOutput) } -// List of registry paths to be excluded from being protected. -func (o HostRuntimePolicyMalwareScanOptionsOutput) ExcludeDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) NvdUrl() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdUrl }).(pulumi.StringPtrOutput) } -// List of registry processes to be excluded from being protected. -func (o HostRuntimePolicyMalwareScanOptionsOutput) ExcludeProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyMalwareScanOptions) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) Os() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Os }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyMalwareScanOptionsPtrOutput struct{ *pulumi.OutputState } +func (o ImageVulnerabilityOutput) OsVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.OsVersion }).(pulumi.StringPtrOutput) +} -func (HostRuntimePolicyMalwareScanOptionsPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyMalwareScanOptions)(nil)).Elem() +func (o ImageVulnerabilityOutput) Permission() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Permission }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutput() HostRuntimePolicyMalwareScanOptionsPtrOutput { - return o +func (o ImageVulnerabilityOutput) PublishDate() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.PublishDate }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ToHostRuntimePolicyMalwareScanOptionsPtrOutputWithContext(ctx context.Context) HostRuntimePolicyMalwareScanOptionsPtrOutput { - return o +func (o ImageVulnerabilityOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Registry }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyMalwareScanOptions] { - return pulumix.Output[*HostRuntimePolicyMalwareScanOptions]{ - OutputState: o.OutputState, - } +func (o ImageVulnerabilityOutput) Repository() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Repository }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) Elem() HostRuntimePolicyMalwareScanOptionsOutput { - return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) HostRuntimePolicyMalwareScanOptions { - if v != nil { - return *v - } - var ret HostRuntimePolicyMalwareScanOptions - return ret - }).(HostRuntimePolicyMalwareScanOptionsOutput) +func (o ImageVulnerabilityOutput) ResourceArchitecture() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceArchitecture }).(pulumi.StringPtrOutput) } -// Set Action, Defaults to 'Alert' when empty -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) Action() pulumi.StringPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) *string { - if v == nil { - return nil - } - return v.Action - }).(pulumi.StringPtrOutput) +func (o ImageVulnerabilityOutput) ResourceCpe() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceCpe }).(pulumi.StringPtrOutput) } -// Defines if enabled or not -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) Enabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) *bool { - if v == nil { - return nil - } - return v.Enabled - }).(pulumi.BoolPtrOutput) +func (o ImageVulnerabilityOutput) ResourceFormat() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceFormat }).(pulumi.StringPtrOutput) } -// List of registry paths to be excluded from being protected. -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) []string { - if v == nil { - return nil - } - return v.ExcludeDirectories - }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) ResourceHash() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceHash }).(pulumi.StringPtrOutput) } -// List of registry processes to be excluded from being protected. -func (o HostRuntimePolicyMalwareScanOptionsPtrOutput) ExcludeProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyMalwareScanOptions) []string { - if v == nil { - return nil - } - return v.ExcludeProcesses - }).(pulumi.StringArrayOutput) +func (o ImageVulnerabilityOutput) ResourceLicenses() pulumi.StringArrayOutput { + return o.ApplyT(func(v ImageVulnerability) []string { return v.ResourceLicenses }).(pulumi.StringArrayOutput) } -type HostRuntimePolicyScopeVariable struct { - // Class of supported scope. - Attribute string `pulumi:"attribute"` - // Name assigned to the attribute. - Name *string `pulumi:"name"` - // Value assigned to the attribute. - Value string `pulumi:"value"` +func (o ImageVulnerabilityOutput) ResourceName() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceName }).(pulumi.StringPtrOutput) } -// HostRuntimePolicyScopeVariableInput is an input type that accepts HostRuntimePolicyScopeVariableArgs and HostRuntimePolicyScopeVariableOutput values. -// You can construct a concrete instance of `HostRuntimePolicyScopeVariableInput` via: -// -// HostRuntimePolicyScopeVariableArgs{...} -type HostRuntimePolicyScopeVariableInput interface { - pulumi.Input +func (o ImageVulnerabilityOutput) ResourcePath() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourcePath }).(pulumi.StringPtrOutput) +} - ToHostRuntimePolicyScopeVariableOutput() HostRuntimePolicyScopeVariableOutput - ToHostRuntimePolicyScopeVariableOutputWithContext(context.Context) HostRuntimePolicyScopeVariableOutput +func (o ImageVulnerabilityOutput) ResourceType() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceType }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyScopeVariableArgs struct { - // Class of supported scope. - Attribute pulumi.StringInput `pulumi:"attribute"` - // Name assigned to the attribute. - Name pulumi.StringPtrInput `pulumi:"name"` - // Value assigned to the attribute. - Value pulumi.StringInput `pulumi:"value"` +func (o ImageVulnerabilityOutput) ResourceVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceVersion }).(pulumi.StringPtrOutput) } -func (HostRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyScopeVariable)(nil)).Elem() +func (o ImageVulnerabilityOutput) SeverityClassification() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.SeverityClassification }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyScopeVariableArgs) ToHostRuntimePolicyScopeVariableOutput() HostRuntimePolicyScopeVariableOutput { - return i.ToHostRuntimePolicyScopeVariableOutputWithContext(context.Background()) +func (o ImageVulnerabilityOutput) Solution() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.Solution }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyScopeVariableArgs) ToHostRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyScopeVariableOutput) +func (o ImageVulnerabilityOutput) TemporalVector() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.TemporalVector }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyScopeVariable] { - return pulumix.Output[HostRuntimePolicyScopeVariable]{ - OutputState: i.ToHostRuntimePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (o ImageVulnerabilityOutput) VPatchAppliedBy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchAppliedBy }).(pulumi.StringPtrOutput) } -// HostRuntimePolicyScopeVariableArrayInput is an input type that accepts HostRuntimePolicyScopeVariableArray and HostRuntimePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `HostRuntimePolicyScopeVariableArrayInput` via: -// -// HostRuntimePolicyScopeVariableArray{ HostRuntimePolicyScopeVariableArgs{...} } -type HostRuntimePolicyScopeVariableArrayInput interface { - pulumi.Input - - ToHostRuntimePolicyScopeVariableArrayOutput() HostRuntimePolicyScopeVariableArrayOutput - ToHostRuntimePolicyScopeVariableArrayOutputWithContext(context.Context) HostRuntimePolicyScopeVariableArrayOutput +func (o ImageVulnerabilityOutput) VPatchAppliedOn() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchAppliedOn }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyScopeVariableArray []HostRuntimePolicyScopeVariableInput - -func (HostRuntimePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostRuntimePolicyScopeVariable)(nil)).Elem() +func (o ImageVulnerabilityOutput) VPatchEnforcedBy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchEnforcedBy }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyScopeVariableArray) ToHostRuntimePolicyScopeVariableArrayOutput() HostRuntimePolicyScopeVariableArrayOutput { - return i.ToHostRuntimePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (o ImageVulnerabilityOutput) VPatchEnforcedOn() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchEnforcedOn }).(pulumi.StringPtrOutput) } -func (i HostRuntimePolicyScopeVariableArray) ToHostRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyScopeVariableArrayOutput) +func (o ImageVulnerabilityOutput) VPatchPolicyEnforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *bool { return v.VPatchPolicyEnforce }).(pulumi.BoolPtrOutput) } -func (i HostRuntimePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]HostRuntimePolicyScopeVariable] { - return pulumix.Output[[]HostRuntimePolicyScopeVariable]{ - OutputState: i.ToHostRuntimePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (o ImageVulnerabilityOutput) VPatchPolicyName() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchPolicyName }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } +func (o ImageVulnerabilityOutput) VPatchRevertedBy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchRevertedBy }).(pulumi.StringPtrOutput) +} -func (HostRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyScopeVariable)(nil)).Elem() +func (o ImageVulnerabilityOutput) VPatchRevertedOn() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchRevertedOn }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyScopeVariableOutput) ToHostRuntimePolicyScopeVariableOutput() HostRuntimePolicyScopeVariableOutput { - return o +func (o ImageVulnerabilityOutput) VPatchStatus() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchStatus }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyScopeVariableOutput) ToHostRuntimePolicyScopeVariableOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableOutput { - return o +func (o ImageVulnerabilityOutput) VendorCvss2Score() pulumi.Float64PtrOutput { + return o.ApplyT(func(v ImageVulnerability) *float64 { return v.VendorCvss2Score }).(pulumi.Float64PtrOutput) } -func (o HostRuntimePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyScopeVariable] { - return pulumix.Output[HostRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (o ImageVulnerabilityOutput) VendorCvss2Vectors() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorCvss2Vectors }).(pulumi.StringPtrOutput) } -// Class of supported scope. -func (o HostRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v HostRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (o ImageVulnerabilityOutput) VendorSeverity() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorSeverity }).(pulumi.StringPtrOutput) } -// Name assigned to the attribute. -func (o HostRuntimePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o ImageVulnerabilityOutput) VendorStatement() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorStatement }).(pulumi.StringPtrOutput) } -// Value assigned to the attribute. -func (o HostRuntimePolicyScopeVariableOutput) Value() pulumi.StringOutput { - return o.ApplyT(func(v HostRuntimePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +func (o ImageVulnerabilityOutput) VendorUrl() pulumi.StringPtrOutput { + return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorUrl }).(pulumi.StringPtrOutput) } -type HostRuntimePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +type ImageVulnerabilityArrayOutput struct{ *pulumi.OutputState } -func (HostRuntimePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]HostRuntimePolicyScopeVariable)(nil)).Elem() +func (ImageVulnerabilityArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ImageVulnerability)(nil)).Elem() } -func (o HostRuntimePolicyScopeVariableArrayOutput) ToHostRuntimePolicyScopeVariableArrayOutput() HostRuntimePolicyScopeVariableArrayOutput { +func (o ImageVulnerabilityArrayOutput) ToImageVulnerabilityArrayOutput() ImageVulnerabilityArrayOutput { return o } -func (o HostRuntimePolicyScopeVariableArrayOutput) ToHostRuntimePolicyScopeVariableArrayOutputWithContext(ctx context.Context) HostRuntimePolicyScopeVariableArrayOutput { +func (o ImageVulnerabilityArrayOutput) ToImageVulnerabilityArrayOutputWithContext(ctx context.Context) ImageVulnerabilityArrayOutput { return o } -func (o HostRuntimePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]HostRuntimePolicyScopeVariable] { - return pulumix.Output[[]HostRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o HostRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) HostRuntimePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostRuntimePolicyScopeVariable { - return vs[0].([]HostRuntimePolicyScopeVariable)[vs[1].(int)] - }).(HostRuntimePolicyScopeVariableOutput) +func (o ImageVulnerabilityArrayOutput) Index(i pulumi.IntInput) ImageVulnerabilityOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageVulnerability { + return vs[0].([]ImageVulnerability)[vs[1].(int)] + }).(ImageVulnerabilityOutput) } -type HostRuntimePolicyWindowsRegistryMonitoring struct { - // List of paths to be excluded from being monitored. - ExcludedPaths []string `pulumi:"excludedPaths"` - // List of registry processes to be excluded from being monitored. - ExcludedProcesses []string `pulumi:"excludedProcesses"` - // List of registry users to be excluded from being monitored. - ExcludedUsers []string `pulumi:"excludedUsers"` - // If true, add attributes operations will be monitored. - MonitorAttributes *bool `pulumi:"monitorAttributes"` - // If true, create operations will be monitored. - MonitorCreate *bool `pulumi:"monitorCreate"` - // If true, deletion operations will be monitored. - MonitorDelete *bool `pulumi:"monitorDelete"` - // If true, modification operations will be monitored. - MonitorModify *bool `pulumi:"monitorModify"` - // If true, read operations will be monitored. - MonitorRead *bool `pulumi:"monitorRead"` - // List of paths to be monitored. - MonitoredPaths []string `pulumi:"monitoredPaths"` - // List of registry processes to be monitored. - MonitoredProcesses []string `pulumi:"monitoredProcesses"` - // List of registry users to be monitored. - MonitoredUsers []string `pulumi:"monitoredUsers"` -} - -// HostRuntimePolicyWindowsRegistryMonitoringInput is an input type that accepts HostRuntimePolicyWindowsRegistryMonitoringArgs and HostRuntimePolicyWindowsRegistryMonitoringOutput values. -// You can construct a concrete instance of `HostRuntimePolicyWindowsRegistryMonitoringInput` via: -// -// HostRuntimePolicyWindowsRegistryMonitoringArgs{...} -type HostRuntimePolicyWindowsRegistryMonitoringInput interface { - pulumi.Input - - ToHostRuntimePolicyWindowsRegistryMonitoringOutput() HostRuntimePolicyWindowsRegistryMonitoringOutput - ToHostRuntimePolicyWindowsRegistryMonitoringOutputWithContext(context.Context) HostRuntimePolicyWindowsRegistryMonitoringOutput -} - -type HostRuntimePolicyWindowsRegistryMonitoringArgs struct { - // List of paths to be excluded from being monitored. - ExcludedPaths pulumi.StringArrayInput `pulumi:"excludedPaths"` - // List of registry processes to be excluded from being monitored. - ExcludedProcesses pulumi.StringArrayInput `pulumi:"excludedProcesses"` - // List of registry users to be excluded from being monitored. - ExcludedUsers pulumi.StringArrayInput `pulumi:"excludedUsers"` - // If true, add attributes operations will be monitored. - MonitorAttributes pulumi.BoolPtrInput `pulumi:"monitorAttributes"` - // If true, create operations will be monitored. - MonitorCreate pulumi.BoolPtrInput `pulumi:"monitorCreate"` - // If true, deletion operations will be monitored. - MonitorDelete pulumi.BoolPtrInput `pulumi:"monitorDelete"` - // If true, modification operations will be monitored. - MonitorModify pulumi.BoolPtrInput `pulumi:"monitorModify"` - // If true, read operations will be monitored. - MonitorRead pulumi.BoolPtrInput `pulumi:"monitorRead"` - // List of paths to be monitored. - MonitoredPaths pulumi.StringArrayInput `pulumi:"monitoredPaths"` - // List of registry processes to be monitored. - MonitoredProcesses pulumi.StringArrayInput `pulumi:"monitoredProcesses"` - // List of registry users to be monitored. - MonitoredUsers pulumi.StringArrayInput `pulumi:"monitoredUsers"` +type IntegrationRegistryOption struct { + Option *string `pulumi:"option"` + Value *string `pulumi:"value"` } -func (HostRuntimePolicyWindowsRegistryMonitoringArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyWindowsRegistryMonitoring)(nil)).Elem() -} +// IntegrationRegistryOptionInput is an input type that accepts IntegrationRegistryOptionArgs and IntegrationRegistryOptionOutput values. +// You can construct a concrete instance of `IntegrationRegistryOptionInput` via: +// +// IntegrationRegistryOptionArgs{...} +type IntegrationRegistryOptionInput interface { + pulumi.Input -func (i HostRuntimePolicyWindowsRegistryMonitoringArgs) ToHostRuntimePolicyWindowsRegistryMonitoringOutput() HostRuntimePolicyWindowsRegistryMonitoringOutput { - return i.ToHostRuntimePolicyWindowsRegistryMonitoringOutputWithContext(context.Background()) + ToIntegrationRegistryOptionOutput() IntegrationRegistryOptionOutput + ToIntegrationRegistryOptionOutputWithContext(context.Context) IntegrationRegistryOptionOutput } -func (i HostRuntimePolicyWindowsRegistryMonitoringArgs) ToHostRuntimePolicyWindowsRegistryMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryMonitoringOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWindowsRegistryMonitoringOutput) +type IntegrationRegistryOptionArgs struct { + Option pulumi.StringPtrInput `pulumi:"option"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i HostRuntimePolicyWindowsRegistryMonitoringArgs) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[HostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: i.ToHostRuntimePolicyWindowsRegistryMonitoringOutputWithContext(ctx).OutputState, - } +func (IntegrationRegistryOptionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*IntegrationRegistryOption)(nil)).Elem() } -func (i HostRuntimePolicyWindowsRegistryMonitoringArgs) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutput() HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return i.ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(context.Background()) +func (i IntegrationRegistryOptionArgs) ToIntegrationRegistryOptionOutput() IntegrationRegistryOptionOutput { + return i.ToIntegrationRegistryOptionOutputWithContext(context.Background()) } -func (i HostRuntimePolicyWindowsRegistryMonitoringArgs) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWindowsRegistryMonitoringOutput).ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(ctx) +func (i IntegrationRegistryOptionArgs) ToIntegrationRegistryOptionOutputWithContext(ctx context.Context) IntegrationRegistryOptionOutput { + return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryOptionOutput) } -// HostRuntimePolicyWindowsRegistryMonitoringPtrInput is an input type that accepts HostRuntimePolicyWindowsRegistryMonitoringArgs, HostRuntimePolicyWindowsRegistryMonitoringPtr and HostRuntimePolicyWindowsRegistryMonitoringPtrOutput values. -// You can construct a concrete instance of `HostRuntimePolicyWindowsRegistryMonitoringPtrInput` via: -// -// HostRuntimePolicyWindowsRegistryMonitoringArgs{...} -// -// or: +// IntegrationRegistryOptionArrayInput is an input type that accepts IntegrationRegistryOptionArray and IntegrationRegistryOptionArrayOutput values. +// You can construct a concrete instance of `IntegrationRegistryOptionArrayInput` via: // -// nil -type HostRuntimePolicyWindowsRegistryMonitoringPtrInput interface { +// IntegrationRegistryOptionArray{ IntegrationRegistryOptionArgs{...} } +type IntegrationRegistryOptionArrayInput interface { pulumi.Input - ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutput() HostRuntimePolicyWindowsRegistryMonitoringPtrOutput - ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(context.Context) HostRuntimePolicyWindowsRegistryMonitoringPtrOutput -} - -type hostRuntimePolicyWindowsRegistryMonitoringPtrType HostRuntimePolicyWindowsRegistryMonitoringArgs - -func HostRuntimePolicyWindowsRegistryMonitoringPtr(v *HostRuntimePolicyWindowsRegistryMonitoringArgs) HostRuntimePolicyWindowsRegistryMonitoringPtrInput { - return (*hostRuntimePolicyWindowsRegistryMonitoringPtrType)(v) + ToIntegrationRegistryOptionArrayOutput() IntegrationRegistryOptionArrayOutput + ToIntegrationRegistryOptionArrayOutputWithContext(context.Context) IntegrationRegistryOptionArrayOutput } -func (*hostRuntimePolicyWindowsRegistryMonitoringPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyWindowsRegistryMonitoring)(nil)).Elem() -} +type IntegrationRegistryOptionArray []IntegrationRegistryOptionInput -func (i *hostRuntimePolicyWindowsRegistryMonitoringPtrType) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutput() HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return i.ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(context.Background()) +func (IntegrationRegistryOptionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]IntegrationRegistryOption)(nil)).Elem() } -func (i *hostRuntimePolicyWindowsRegistryMonitoringPtrType) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) +func (i IntegrationRegistryOptionArray) ToIntegrationRegistryOptionArrayOutput() IntegrationRegistryOptionArrayOutput { + return i.ToIntegrationRegistryOptionArrayOutputWithContext(context.Background()) } -func (i *hostRuntimePolicyWindowsRegistryMonitoringPtrType) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[*HostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: i.ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(ctx).OutputState, - } +func (i IntegrationRegistryOptionArray) ToIntegrationRegistryOptionArrayOutputWithContext(ctx context.Context) IntegrationRegistryOptionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryOptionArrayOutput) } -type HostRuntimePolicyWindowsRegistryMonitoringOutput struct{ *pulumi.OutputState } +type IntegrationRegistryOptionOutput struct{ *pulumi.OutputState } -func (HostRuntimePolicyWindowsRegistryMonitoringOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyWindowsRegistryMonitoring)(nil)).Elem() +func (IntegrationRegistryOptionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*IntegrationRegistryOption)(nil)).Elem() } -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ToHostRuntimePolicyWindowsRegistryMonitoringOutput() HostRuntimePolicyWindowsRegistryMonitoringOutput { +func (o IntegrationRegistryOptionOutput) ToIntegrationRegistryOptionOutput() IntegrationRegistryOptionOutput { return o } -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ToHostRuntimePolicyWindowsRegistryMonitoringOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryMonitoringOutput { +func (o IntegrationRegistryOptionOutput) ToIntegrationRegistryOptionOutputWithContext(ctx context.Context) IntegrationRegistryOptionOutput { return o } -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutput() HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return o.ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(context.Background()) +func (o IntegrationRegistryOptionOutput) Option() pulumi.StringPtrOutput { + return o.ApplyT(func(v IntegrationRegistryOption) *string { return v.Option }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyWindowsRegistryMonitoring) *HostRuntimePolicyWindowsRegistryMonitoring { - return &v - }).(HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) +func (o IntegrationRegistryOptionOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v IntegrationRegistryOption) *string { return v.Value }).(pulumi.StringPtrOutput) } -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[HostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: o.OutputState, - } -} +type IntegrationRegistryOptionArrayOutput struct{ *pulumi.OutputState } -// List of paths to be excluded from being monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) +func (IntegrationRegistryOptionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]IntegrationRegistryOption)(nil)).Elem() } -// List of registry processes to be excluded from being monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) []string { return v.ExcludedProcesses }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryOptionArrayOutput) ToIntegrationRegistryOptionArrayOutput() IntegrationRegistryOptionArrayOutput { + return o } -// List of registry users to be excluded from being monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) []string { return v.ExcludedUsers }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryOptionArrayOutput) ToIntegrationRegistryOptionArrayOutputWithContext(ctx context.Context) IntegrationRegistryOptionArrayOutput { + return o } -// If true, add attributes operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitorAttributes() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) *bool { return v.MonitorAttributes }).(pulumi.BoolPtrOutput) +func (o IntegrationRegistryOptionArrayOutput) Index(i pulumi.IntInput) IntegrationRegistryOptionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) IntegrationRegistryOption { + return vs[0].([]IntegrationRegistryOption)[vs[1].(int)] + }).(IntegrationRegistryOptionOutput) } -// If true, create operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitorCreate() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) *bool { return v.MonitorCreate }).(pulumi.BoolPtrOutput) +type IntegrationRegistryWebhook struct { + AuthToken *string `pulumi:"authToken"` + Enabled *bool `pulumi:"enabled"` + UnQuarantine *bool `pulumi:"unQuarantine"` + Url *string `pulumi:"url"` } -// If true, deletion operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitorDelete() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) *bool { return v.MonitorDelete }).(pulumi.BoolPtrOutput) -} +// IntegrationRegistryWebhookInput is an input type that accepts IntegrationRegistryWebhookArgs and IntegrationRegistryWebhookOutput values. +// You can construct a concrete instance of `IntegrationRegistryWebhookInput` via: +// +// IntegrationRegistryWebhookArgs{...} +type IntegrationRegistryWebhookInput interface { + pulumi.Input -// If true, modification operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitorModify() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) *bool { return v.MonitorModify }).(pulumi.BoolPtrOutput) + ToIntegrationRegistryWebhookOutput() IntegrationRegistryWebhookOutput + ToIntegrationRegistryWebhookOutputWithContext(context.Context) IntegrationRegistryWebhookOutput } -// If true, read operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitorRead() pulumi.BoolPtrOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) *bool { return v.MonitorRead }).(pulumi.BoolPtrOutput) +type IntegrationRegistryWebhookArgs struct { + AuthToken pulumi.StringPtrInput `pulumi:"authToken"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + UnQuarantine pulumi.BoolPtrInput `pulumi:"unQuarantine"` + Url pulumi.StringPtrInput `pulumi:"url"` } -// List of paths to be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) []string { return v.MonitoredPaths }).(pulumi.StringArrayOutput) +func (IntegrationRegistryWebhookArgs) ElementType() reflect.Type { + return reflect.TypeOf((*IntegrationRegistryWebhook)(nil)).Elem() } -// List of registry processes to be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) []string { return v.MonitoredProcesses }).(pulumi.StringArrayOutput) +func (i IntegrationRegistryWebhookArgs) ToIntegrationRegistryWebhookOutput() IntegrationRegistryWebhookOutput { + return i.ToIntegrationRegistryWebhookOutputWithContext(context.Background()) } -// List of registry users to be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryMonitoring) []string { return v.MonitoredUsers }).(pulumi.StringArrayOutput) +func (i IntegrationRegistryWebhookArgs) ToIntegrationRegistryWebhookOutputWithContext(ctx context.Context) IntegrationRegistryWebhookOutput { + return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryWebhookOutput) } -type HostRuntimePolicyWindowsRegistryMonitoringPtrOutput struct{ *pulumi.OutputState } +// IntegrationRegistryWebhookArrayInput is an input type that accepts IntegrationRegistryWebhookArray and IntegrationRegistryWebhookArrayOutput values. +// You can construct a concrete instance of `IntegrationRegistryWebhookArrayInput` via: +// +// IntegrationRegistryWebhookArray{ IntegrationRegistryWebhookArgs{...} } +type IntegrationRegistryWebhookArrayInput interface { + pulumi.Input -func (HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyWindowsRegistryMonitoring)(nil)).Elem() + ToIntegrationRegistryWebhookArrayOutput() IntegrationRegistryWebhookArrayOutput + ToIntegrationRegistryWebhookArrayOutputWithContext(context.Context) IntegrationRegistryWebhookArrayOutput } -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutput() HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return o -} +type IntegrationRegistryWebhookArray []IntegrationRegistryWebhookInput -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ToHostRuntimePolicyWindowsRegistryMonitoringPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryMonitoringPtrOutput { - return o +func (IntegrationRegistryWebhookArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]IntegrationRegistryWebhook)(nil)).Elem() } -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[*HostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: o.OutputState, - } +func (i IntegrationRegistryWebhookArray) ToIntegrationRegistryWebhookArrayOutput() IntegrationRegistryWebhookArrayOutput { + return i.ToIntegrationRegistryWebhookArrayOutputWithContext(context.Background()) } -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) Elem() HostRuntimePolicyWindowsRegistryMonitoringOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) HostRuntimePolicyWindowsRegistryMonitoring { - if v != nil { - return *v - } - var ret HostRuntimePolicyWindowsRegistryMonitoring - return ret - }).(HostRuntimePolicyWindowsRegistryMonitoringOutput) +func (i IntegrationRegistryWebhookArray) ToIntegrationRegistryWebhookArrayOutputWithContext(ctx context.Context) IntegrationRegistryWebhookArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryWebhookArrayOutput) } -// List of paths to be excluded from being monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedPaths - }).(pulumi.StringArrayOutput) +type IntegrationRegistryWebhookOutput struct{ *pulumi.OutputState } + +func (IntegrationRegistryWebhookOutput) ElementType() reflect.Type { + return reflect.TypeOf((*IntegrationRegistryWebhook)(nil)).Elem() } -// List of registry processes to be excluded from being monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedProcesses - }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryWebhookOutput) ToIntegrationRegistryWebhookOutput() IntegrationRegistryWebhookOutput { + return o } -// List of registry users to be excluded from being monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) []string { - if v == nil { - return nil - } - return v.ExcludedUsers - }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryWebhookOutput) ToIntegrationRegistryWebhookOutputWithContext(ctx context.Context) IntegrationRegistryWebhookOutput { + return o } -// If true, add attributes operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitorAttributes() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorAttributes - }).(pulumi.BoolPtrOutput) +func (o IntegrationRegistryWebhookOutput) AuthToken() pulumi.StringPtrOutput { + return o.ApplyT(func(v IntegrationRegistryWebhook) *string { return v.AuthToken }).(pulumi.StringPtrOutput) } -// If true, create operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitorCreate() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorCreate - }).(pulumi.BoolPtrOutput) +func (o IntegrationRegistryWebhookOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v IntegrationRegistryWebhook) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// If true, deletion operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitorDelete() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorDelete - }).(pulumi.BoolPtrOutput) +func (o IntegrationRegistryWebhookOutput) UnQuarantine() pulumi.BoolPtrOutput { + return o.ApplyT(func(v IntegrationRegistryWebhook) *bool { return v.UnQuarantine }).(pulumi.BoolPtrOutput) } -// If true, modification operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitorModify() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorModify - }).(pulumi.BoolPtrOutput) +func (o IntegrationRegistryWebhookOutput) Url() pulumi.StringPtrOutput { + return o.ApplyT(func(v IntegrationRegistryWebhook) *string { return v.Url }).(pulumi.StringPtrOutput) } -// If true, read operations will be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitorRead() pulumi.BoolPtrOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) *bool { - if v == nil { - return nil - } - return v.MonitorRead - }).(pulumi.BoolPtrOutput) +type IntegrationRegistryWebhookArrayOutput struct{ *pulumi.OutputState } + +func (IntegrationRegistryWebhookArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]IntegrationRegistryWebhook)(nil)).Elem() } -// List of paths to be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) []string { - if v == nil { - return nil - } - return v.MonitoredPaths - }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryWebhookArrayOutput) ToIntegrationRegistryWebhookArrayOutput() IntegrationRegistryWebhookArrayOutput { + return o } -// List of registry processes to be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) []string { - if v == nil { - return nil - } - return v.MonitoredProcesses - }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryWebhookArrayOutput) ToIntegrationRegistryWebhookArrayOutputWithContext(ctx context.Context) IntegrationRegistryWebhookArrayOutput { + return o } -// List of registry users to be monitored. -func (o HostRuntimePolicyWindowsRegistryMonitoringPtrOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryMonitoring) []string { - if v == nil { - return nil - } - return v.MonitoredUsers - }).(pulumi.StringArrayOutput) +func (o IntegrationRegistryWebhookArrayOutput) Index(i pulumi.IntInput) IntegrationRegistryWebhookOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) IntegrationRegistryWebhook { + return vs[0].([]IntegrationRegistryWebhook)[vs[1].(int)] + }).(IntegrationRegistryWebhookOutput) } -type HostRuntimePolicyWindowsRegistryProtection struct { - // List of registry paths to be excluded from being protected. - ExcludedPaths []string `pulumi:"excludedPaths"` - // List of registry processes to be excluded from being protected. - ExcludedProcesses []string `pulumi:"excludedProcesses"` - // List of registry paths to be users from being protected. - ExcludedUsers []string `pulumi:"excludedUsers"` - // List of registry paths to be protected. - ProtectedPaths []string `pulumi:"protectedPaths"` - // List of registry processes to be protected. - ProtectedProcesses []string `pulumi:"protectedProcesses"` - // List of registry users to be protected. - ProtectedUsers []string `pulumi:"protectedUsers"` +type KubernetesAssurancePolicyAutoScanTime struct { + Iteration *int `pulumi:"iteration"` + IterationType *string `pulumi:"iterationType"` + Time *string `pulumi:"time"` + WeekDays []string `pulumi:"weekDays"` } -// HostRuntimePolicyWindowsRegistryProtectionInput is an input type that accepts HostRuntimePolicyWindowsRegistryProtectionArgs and HostRuntimePolicyWindowsRegistryProtectionOutput values. -// You can construct a concrete instance of `HostRuntimePolicyWindowsRegistryProtectionInput` via: +// KubernetesAssurancePolicyAutoScanTimeInput is an input type that accepts KubernetesAssurancePolicyAutoScanTimeArgs and KubernetesAssurancePolicyAutoScanTimeOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyAutoScanTimeInput` via: // -// HostRuntimePolicyWindowsRegistryProtectionArgs{...} -type HostRuntimePolicyWindowsRegistryProtectionInput interface { +// KubernetesAssurancePolicyAutoScanTimeArgs{...} +type KubernetesAssurancePolicyAutoScanTimeInput interface { pulumi.Input - ToHostRuntimePolicyWindowsRegistryProtectionOutput() HostRuntimePolicyWindowsRegistryProtectionOutput - ToHostRuntimePolicyWindowsRegistryProtectionOutputWithContext(context.Context) HostRuntimePolicyWindowsRegistryProtectionOutput + ToKubernetesAssurancePolicyAutoScanTimeOutput() KubernetesAssurancePolicyAutoScanTimeOutput + ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(context.Context) KubernetesAssurancePolicyAutoScanTimeOutput } -type HostRuntimePolicyWindowsRegistryProtectionArgs struct { - // List of registry paths to be excluded from being protected. - ExcludedPaths pulumi.StringArrayInput `pulumi:"excludedPaths"` - // List of registry processes to be excluded from being protected. - ExcludedProcesses pulumi.StringArrayInput `pulumi:"excludedProcesses"` - // List of registry paths to be users from being protected. - ExcludedUsers pulumi.StringArrayInput `pulumi:"excludedUsers"` - // List of registry paths to be protected. - ProtectedPaths pulumi.StringArrayInput `pulumi:"protectedPaths"` - // List of registry processes to be protected. - ProtectedProcesses pulumi.StringArrayInput `pulumi:"protectedProcesses"` - // List of registry users to be protected. - ProtectedUsers pulumi.StringArrayInput `pulumi:"protectedUsers"` +type KubernetesAssurancePolicyAutoScanTimeArgs struct { + Iteration pulumi.IntPtrInput `pulumi:"iteration"` + IterationType pulumi.StringPtrInput `pulumi:"iterationType"` + Time pulumi.StringPtrInput `pulumi:"time"` + WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` } -func (HostRuntimePolicyWindowsRegistryProtectionArgs) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyWindowsRegistryProtection)(nil)).Elem() +func (KubernetesAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() } -func (i HostRuntimePolicyWindowsRegistryProtectionArgs) ToHostRuntimePolicyWindowsRegistryProtectionOutput() HostRuntimePolicyWindowsRegistryProtectionOutput { - return i.ToHostRuntimePolicyWindowsRegistryProtectionOutputWithContext(context.Background()) +func (i KubernetesAssurancePolicyAutoScanTimeArgs) ToKubernetesAssurancePolicyAutoScanTimeOutput() KubernetesAssurancePolicyAutoScanTimeOutput { + return i.ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) } -func (i HostRuntimePolicyWindowsRegistryProtectionArgs) ToHostRuntimePolicyWindowsRegistryProtectionOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryProtectionOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWindowsRegistryProtectionOutput) +func (i KubernetesAssurancePolicyAutoScanTimeArgs) ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyAutoScanTimeOutput) } -func (i HostRuntimePolicyWindowsRegistryProtectionArgs) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[HostRuntimePolicyWindowsRegistryProtection]{ - OutputState: i.ToHostRuntimePolicyWindowsRegistryProtectionOutputWithContext(ctx).OutputState, - } +// KubernetesAssurancePolicyAutoScanTimeArrayInput is an input type that accepts KubernetesAssurancePolicyAutoScanTimeArray and KubernetesAssurancePolicyAutoScanTimeArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyAutoScanTimeArrayInput` via: +// +// KubernetesAssurancePolicyAutoScanTimeArray{ KubernetesAssurancePolicyAutoScanTimeArgs{...} } +type KubernetesAssurancePolicyAutoScanTimeArrayInput interface { + pulumi.Input + + ToKubernetesAssurancePolicyAutoScanTimeArrayOutput() KubernetesAssurancePolicyAutoScanTimeArrayOutput + ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) KubernetesAssurancePolicyAutoScanTimeArrayOutput } -func (i HostRuntimePolicyWindowsRegistryProtectionArgs) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutput() HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return i.ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(context.Background()) +type KubernetesAssurancePolicyAutoScanTimeArray []KubernetesAssurancePolicyAutoScanTimeInput + +func (KubernetesAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() } -func (i HostRuntimePolicyWindowsRegistryProtectionArgs) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWindowsRegistryProtectionOutput).ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(ctx) +func (i KubernetesAssurancePolicyAutoScanTimeArray) ToKubernetesAssurancePolicyAutoScanTimeArrayOutput() KubernetesAssurancePolicyAutoScanTimeArrayOutput { + return i.ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) } -// HostRuntimePolicyWindowsRegistryProtectionPtrInput is an input type that accepts HostRuntimePolicyWindowsRegistryProtectionArgs, HostRuntimePolicyWindowsRegistryProtectionPtr and HostRuntimePolicyWindowsRegistryProtectionPtrOutput values. -// You can construct a concrete instance of `HostRuntimePolicyWindowsRegistryProtectionPtrInput` via: -// -// HostRuntimePolicyWindowsRegistryProtectionArgs{...} -// -// or: -// -// nil -type HostRuntimePolicyWindowsRegistryProtectionPtrInput interface { - pulumi.Input +func (i KubernetesAssurancePolicyAutoScanTimeArray) ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyAutoScanTimeArrayOutput) +} + +type KubernetesAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } - ToHostRuntimePolicyWindowsRegistryProtectionPtrOutput() HostRuntimePolicyWindowsRegistryProtectionPtrOutput - ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(context.Context) HostRuntimePolicyWindowsRegistryProtectionPtrOutput +func (KubernetesAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() } -type hostRuntimePolicyWindowsRegistryProtectionPtrType HostRuntimePolicyWindowsRegistryProtectionArgs +func (o KubernetesAssurancePolicyAutoScanTimeOutput) ToKubernetesAssurancePolicyAutoScanTimeOutput() KubernetesAssurancePolicyAutoScanTimeOutput { + return o +} -func HostRuntimePolicyWindowsRegistryProtectionPtr(v *HostRuntimePolicyWindowsRegistryProtectionArgs) HostRuntimePolicyWindowsRegistryProtectionPtrInput { - return (*hostRuntimePolicyWindowsRegistryProtectionPtrType)(v) +func (o KubernetesAssurancePolicyAutoScanTimeOutput) ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeOutput { + return o } -func (*hostRuntimePolicyWindowsRegistryProtectionPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyWindowsRegistryProtection)(nil)).Elem() +func (o KubernetesAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) } -func (i *hostRuntimePolicyWindowsRegistryProtectionPtrType) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutput() HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return i.ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(context.Background()) +func (o KubernetesAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) } -func (i *hostRuntimePolicyWindowsRegistryProtectionPtrType) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(HostRuntimePolicyWindowsRegistryProtectionPtrOutput) +func (o KubernetesAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) } -func (i *hostRuntimePolicyWindowsRegistryProtectionPtrType) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[*HostRuntimePolicyWindowsRegistryProtection]{ - OutputState: i.ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(ctx).OutputState, - } +func (o KubernetesAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) } -type HostRuntimePolicyWindowsRegistryProtectionOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } -func (HostRuntimePolicyWindowsRegistryProtectionOutput) ElementType() reflect.Type { - return reflect.TypeOf((*HostRuntimePolicyWindowsRegistryProtection)(nil)).Elem() +func (KubernetesAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() } -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ToHostRuntimePolicyWindowsRegistryProtectionOutput() HostRuntimePolicyWindowsRegistryProtectionOutput { +func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) ToKubernetesAssurancePolicyAutoScanTimeArrayOutput() KubernetesAssurancePolicyAutoScanTimeArrayOutput { return o } -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ToHostRuntimePolicyWindowsRegistryProtectionOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryProtectionOutput { +func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeArrayOutput { return o } -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutput() HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return o.ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(context.Background()) +func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyAutoScanTimeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyAutoScanTime { + return vs[0].([]KubernetesAssurancePolicyAutoScanTime)[vs[1].(int)] + }).(KubernetesAssurancePolicyAutoScanTimeOutput) } -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v HostRuntimePolicyWindowsRegistryProtection) *HostRuntimePolicyWindowsRegistryProtection { - return &v - }).(HostRuntimePolicyWindowsRegistryProtectionPtrOutput) +type KubernetesAssurancePolicyCustomCheck struct { + // Name of user account that created the policy. + Author *string `pulumi:"author"` + Description *string `pulumi:"description"` + Engine *string `pulumi:"engine"` + LastModified *int `pulumi:"lastModified"` + Name *string `pulumi:"name"` + Path *string `pulumi:"path"` + ReadOnly *bool `pulumi:"readOnly"` + ScriptId *string `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` + Snippet *string `pulumi:"snippet"` } -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ToOutput(ctx context.Context) pulumix.Output[HostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[HostRuntimePolicyWindowsRegistryProtection]{ - OutputState: o.OutputState, - } +// KubernetesAssurancePolicyCustomCheckInput is an input type that accepts KubernetesAssurancePolicyCustomCheckArgs and KubernetesAssurancePolicyCustomCheckOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyCustomCheckInput` via: +// +// KubernetesAssurancePolicyCustomCheckArgs{...} +type KubernetesAssurancePolicyCustomCheckInput interface { + pulumi.Input + + ToKubernetesAssurancePolicyCustomCheckOutput() KubernetesAssurancePolicyCustomCheckOutput + ToKubernetesAssurancePolicyCustomCheckOutputWithContext(context.Context) KubernetesAssurancePolicyCustomCheckOutput } -// List of registry paths to be excluded from being protected. -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryProtection) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) +type KubernetesAssurancePolicyCustomCheckArgs struct { + // Name of user account that created the policy. + Author pulumi.StringPtrInput `pulumi:"author"` + Description pulumi.StringPtrInput `pulumi:"description"` + Engine pulumi.StringPtrInput `pulumi:"engine"` + LastModified pulumi.IntPtrInput `pulumi:"lastModified"` + Name pulumi.StringPtrInput `pulumi:"name"` + Path pulumi.StringPtrInput `pulumi:"path"` + ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` + ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` + Snippet pulumi.StringPtrInput `pulumi:"snippet"` } -// List of registry processes to be excluded from being protected. -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryProtection) []string { return v.ExcludedProcesses }).(pulumi.StringArrayOutput) +func (KubernetesAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyCustomCheck)(nil)).Elem() } -// List of registry paths to be users from being protected. -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryProtection) []string { return v.ExcludedUsers }).(pulumi.StringArrayOutput) +func (i KubernetesAssurancePolicyCustomCheckArgs) ToKubernetesAssurancePolicyCustomCheckOutput() KubernetesAssurancePolicyCustomCheckOutput { + return i.ToKubernetesAssurancePolicyCustomCheckOutputWithContext(context.Background()) } -// List of registry paths to be protected. -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ProtectedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryProtection) []string { return v.ProtectedPaths }).(pulumi.StringArrayOutput) +func (i KubernetesAssurancePolicyCustomCheckArgs) ToKubernetesAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyCustomCheckOutput) } -// List of registry processes to be protected. -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ProtectedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryProtection) []string { return v.ProtectedProcesses }).(pulumi.StringArrayOutput) +// KubernetesAssurancePolicyCustomCheckArrayInput is an input type that accepts KubernetesAssurancePolicyCustomCheckArray and KubernetesAssurancePolicyCustomCheckArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyCustomCheckArrayInput` via: +// +// KubernetesAssurancePolicyCustomCheckArray{ KubernetesAssurancePolicyCustomCheckArgs{...} } +type KubernetesAssurancePolicyCustomCheckArrayInput interface { + pulumi.Input + + ToKubernetesAssurancePolicyCustomCheckArrayOutput() KubernetesAssurancePolicyCustomCheckArrayOutput + ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) KubernetesAssurancePolicyCustomCheckArrayOutput } -// List of registry users to be protected. -func (o HostRuntimePolicyWindowsRegistryProtectionOutput) ProtectedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v HostRuntimePolicyWindowsRegistryProtection) []string { return v.ProtectedUsers }).(pulumi.StringArrayOutput) +type KubernetesAssurancePolicyCustomCheckArray []KubernetesAssurancePolicyCustomCheckInput + +func (KubernetesAssurancePolicyCustomCheckArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyCustomCheck)(nil)).Elem() } -type HostRuntimePolicyWindowsRegistryProtectionPtrOutput struct{ *pulumi.OutputState } +func (i KubernetesAssurancePolicyCustomCheckArray) ToKubernetesAssurancePolicyCustomCheckArrayOutput() KubernetesAssurancePolicyCustomCheckArrayOutput { + return i.ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +} -func (HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**HostRuntimePolicyWindowsRegistryProtection)(nil)).Elem() +func (i KubernetesAssurancePolicyCustomCheckArray) ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyCustomCheckArrayOutput) } -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutput() HostRuntimePolicyWindowsRegistryProtectionPtrOutput { - return o +type KubernetesAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyCustomCheck)(nil)).Elem() } -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ToHostRuntimePolicyWindowsRegistryProtectionPtrOutputWithContext(ctx context.Context) HostRuntimePolicyWindowsRegistryProtectionPtrOutput { +func (o KubernetesAssurancePolicyCustomCheckOutput) ToKubernetesAssurancePolicyCustomCheckOutput() KubernetesAssurancePolicyCustomCheckOutput { return o } -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*HostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[*HostRuntimePolicyWindowsRegistryProtection]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyCustomCheckOutput) ToKubernetesAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckOutput { + return o } -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) Elem() HostRuntimePolicyWindowsRegistryProtectionOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) HostRuntimePolicyWindowsRegistryProtection { - if v != nil { - return *v - } - var ret HostRuntimePolicyWindowsRegistryProtection - return ret - }).(HostRuntimePolicyWindowsRegistryProtectionOutput) +// Name of user account that created the policy. +func (o KubernetesAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) } -// List of registry paths to be excluded from being protected. -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) []string { - if v == nil { - return nil - } - return v.ExcludedPaths - }).(pulumi.StringArrayOutput) +func (o KubernetesAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) } -// List of registry processes to be excluded from being protected. -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) []string { - if v == nil { - return nil - } - return v.ExcludedProcesses - }).(pulumi.StringArrayOutput) +func (o KubernetesAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) } -// List of registry paths to be users from being protected. -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) []string { - if v == nil { - return nil - } - return v.ExcludedUsers - }).(pulumi.StringArrayOutput) +func (o KubernetesAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) } -// List of registry paths to be protected. -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ProtectedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) []string { - if v == nil { - return nil - } - return v.ProtectedPaths - }).(pulumi.StringArrayOutput) +func (o KubernetesAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) } -// List of registry processes to be protected. -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ProtectedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) []string { - if v == nil { - return nil - } - return v.ProtectedProcesses - }).(pulumi.StringArrayOutput) +func (o KubernetesAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) } -// List of registry users to be protected. -func (o HostRuntimePolicyWindowsRegistryProtectionPtrOutput) ProtectedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v *HostRuntimePolicyWindowsRegistryProtection) []string { - if v == nil { - return nil - } - return v.ProtectedUsers - }).(pulumi.StringArrayOutput) +func (o KubernetesAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) } -type ImageAssuranceChecksPerformed struct { - AssuranceType *string `pulumi:"assuranceType"` - Blocking *bool `pulumi:"blocking"` - Control *string `pulumi:"control"` - // If DTA was skipped. - DtaSkipped *bool `pulumi:"dtaSkipped"` - // The reason why DTA was skipped. - DtaSkippedReason *string `pulumi:"dtaSkippedReason"` - Failed *bool `pulumi:"failed"` - PolicyName *string `pulumi:"policyName"` +func (o KubernetesAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) } -// ImageAssuranceChecksPerformedInput is an input type that accepts ImageAssuranceChecksPerformedArgs and ImageAssuranceChecksPerformedOutput values. -// You can construct a concrete instance of `ImageAssuranceChecksPerformedInput` via: -// -// ImageAssuranceChecksPerformedArgs{...} -type ImageAssuranceChecksPerformedInput interface { - pulumi.Input +func (o KubernetesAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +} - ToImageAssuranceChecksPerformedOutput() ImageAssuranceChecksPerformedOutput - ToImageAssuranceChecksPerformedOutputWithContext(context.Context) ImageAssuranceChecksPerformedOutput +func (o KubernetesAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) } -type ImageAssuranceChecksPerformedArgs struct { - AssuranceType pulumi.StringPtrInput `pulumi:"assuranceType"` - Blocking pulumi.BoolPtrInput `pulumi:"blocking"` - Control pulumi.StringPtrInput `pulumi:"control"` - // If DTA was skipped. - DtaSkipped pulumi.BoolPtrInput `pulumi:"dtaSkipped"` - // The reason why DTA was skipped. - DtaSkippedReason pulumi.StringPtrInput `pulumi:"dtaSkippedReason"` - Failed pulumi.BoolPtrInput `pulumi:"failed"` - PolicyName pulumi.StringPtrInput `pulumi:"policyName"` +type KubernetesAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyCustomCheck)(nil)).Elem() } -func (ImageAssuranceChecksPerformedArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssuranceChecksPerformed)(nil)).Elem() +func (o KubernetesAssurancePolicyCustomCheckArrayOutput) ToKubernetesAssurancePolicyCustomCheckArrayOutput() KubernetesAssurancePolicyCustomCheckArrayOutput { + return o } -func (i ImageAssuranceChecksPerformedArgs) ToImageAssuranceChecksPerformedOutput() ImageAssuranceChecksPerformedOutput { - return i.ToImageAssuranceChecksPerformedOutputWithContext(context.Background()) +func (o KubernetesAssurancePolicyCustomCheckArrayOutput) ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckArrayOutput { + return o } -func (i ImageAssuranceChecksPerformedArgs) ToImageAssuranceChecksPerformedOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssuranceChecksPerformedOutput) +func (o KubernetesAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyCustomCheckOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyCustomCheck { + return vs[0].([]KubernetesAssurancePolicyCustomCheck)[vs[1].(int)] + }).(KubernetesAssurancePolicyCustomCheckOutput) } -func (i ImageAssuranceChecksPerformedArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssuranceChecksPerformed] { - return pulumix.Output[ImageAssuranceChecksPerformed]{ - OutputState: i.ToImageAssuranceChecksPerformedOutputWithContext(ctx).OutputState, - } +type KubernetesAssurancePolicyForbiddenLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` } -// ImageAssuranceChecksPerformedArrayInput is an input type that accepts ImageAssuranceChecksPerformedArray and ImageAssuranceChecksPerformedArrayOutput values. -// You can construct a concrete instance of `ImageAssuranceChecksPerformedArrayInput` via: -// -// ImageAssuranceChecksPerformedArray{ ImageAssuranceChecksPerformedArgs{...} } -type ImageAssuranceChecksPerformedArrayInput interface { +// KubernetesAssurancePolicyForbiddenLabelInput is an input type that accepts KubernetesAssurancePolicyForbiddenLabelArgs and KubernetesAssurancePolicyForbiddenLabelOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyForbiddenLabelInput` via: +// +// KubernetesAssurancePolicyForbiddenLabelArgs{...} +type KubernetesAssurancePolicyForbiddenLabelInput interface { pulumi.Input - ToImageAssuranceChecksPerformedArrayOutput() ImageAssuranceChecksPerformedArrayOutput - ToImageAssuranceChecksPerformedArrayOutputWithContext(context.Context) ImageAssuranceChecksPerformedArrayOutput + ToKubernetesAssurancePolicyForbiddenLabelOutput() KubernetesAssurancePolicyForbiddenLabelOutput + ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(context.Context) KubernetesAssurancePolicyForbiddenLabelOutput } -type ImageAssuranceChecksPerformedArray []ImageAssuranceChecksPerformedInput - -func (ImageAssuranceChecksPerformedArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssuranceChecksPerformed)(nil)).Elem() +type KubernetesAssurancePolicyForbiddenLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i ImageAssuranceChecksPerformedArray) ToImageAssuranceChecksPerformedArrayOutput() ImageAssuranceChecksPerformedArrayOutput { - return i.ToImageAssuranceChecksPerformedArrayOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (i ImageAssuranceChecksPerformedArray) ToImageAssuranceChecksPerformedArrayOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssuranceChecksPerformedArrayOutput) +func (i KubernetesAssurancePolicyForbiddenLabelArgs) ToKubernetesAssurancePolicyForbiddenLabelOutput() KubernetesAssurancePolicyForbiddenLabelOutput { + return i.ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) } -func (i ImageAssuranceChecksPerformedArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssuranceChecksPerformed] { - return pulumix.Output[[]ImageAssuranceChecksPerformed]{ - OutputState: i.ToImageAssuranceChecksPerformedArrayOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyForbiddenLabelArgs) ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyForbiddenLabelOutput) } -type ImageAssuranceChecksPerformedOutput struct{ *pulumi.OutputState } +// KubernetesAssurancePolicyForbiddenLabelArrayInput is an input type that accepts KubernetesAssurancePolicyForbiddenLabelArray and KubernetesAssurancePolicyForbiddenLabelArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyForbiddenLabelArrayInput` via: +// +// KubernetesAssurancePolicyForbiddenLabelArray{ KubernetesAssurancePolicyForbiddenLabelArgs{...} } +type KubernetesAssurancePolicyForbiddenLabelArrayInput interface { + pulumi.Input -func (ImageAssuranceChecksPerformedOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssuranceChecksPerformed)(nil)).Elem() + ToKubernetesAssurancePolicyForbiddenLabelArrayOutput() KubernetesAssurancePolicyForbiddenLabelArrayOutput + ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) KubernetesAssurancePolicyForbiddenLabelArrayOutput } -func (o ImageAssuranceChecksPerformedOutput) ToImageAssuranceChecksPerformedOutput() ImageAssuranceChecksPerformedOutput { - return o -} +type KubernetesAssurancePolicyForbiddenLabelArray []KubernetesAssurancePolicyForbiddenLabelInput -func (o ImageAssuranceChecksPerformedOutput) ToImageAssuranceChecksPerformedOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedOutput { - return o +func (KubernetesAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (o ImageAssuranceChecksPerformedOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssuranceChecksPerformed] { - return pulumix.Output[ImageAssuranceChecksPerformed]{ - OutputState: o.OutputState, - } +func (i KubernetesAssurancePolicyForbiddenLabelArray) ToKubernetesAssurancePolicyForbiddenLabelArrayOutput() KubernetesAssurancePolicyForbiddenLabelArrayOutput { + return i.ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) } -func (o ImageAssuranceChecksPerformedOutput) AssuranceType() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.AssuranceType }).(pulumi.StringPtrOutput) +func (i KubernetesAssurancePolicyForbiddenLabelArray) ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyForbiddenLabelArrayOutput) } -func (o ImageAssuranceChecksPerformedOutput) Blocking() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *bool { return v.Blocking }).(pulumi.BoolPtrOutput) -} +type KubernetesAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } -func (o ImageAssuranceChecksPerformedOutput) Control() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.Control }).(pulumi.StringPtrOutput) +func (KubernetesAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() } -// If DTA was skipped. -func (o ImageAssuranceChecksPerformedOutput) DtaSkipped() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *bool { return v.DtaSkipped }).(pulumi.BoolPtrOutput) +func (o KubernetesAssurancePolicyForbiddenLabelOutput) ToKubernetesAssurancePolicyForbiddenLabelOutput() KubernetesAssurancePolicyForbiddenLabelOutput { + return o } -// The reason why DTA was skipped. -func (o ImageAssuranceChecksPerformedOutput) DtaSkippedReason() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.DtaSkippedReason }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyForbiddenLabelOutput) ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelOutput { + return o } -func (o ImageAssuranceChecksPerformedOutput) Failed() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *bool { return v.Failed }).(pulumi.BoolPtrOutput) +func (o KubernetesAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) } -func (o ImageAssuranceChecksPerformedOutput) PolicyName() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssuranceChecksPerformed) *string { return v.PolicyName }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) } -type ImageAssuranceChecksPerformedArrayOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } -func (ImageAssuranceChecksPerformedArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssuranceChecksPerformed)(nil)).Elem() +func (KubernetesAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (o ImageAssuranceChecksPerformedArrayOutput) ToImageAssuranceChecksPerformedArrayOutput() ImageAssuranceChecksPerformedArrayOutput { +func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) ToKubernetesAssurancePolicyForbiddenLabelArrayOutput() KubernetesAssurancePolicyForbiddenLabelArrayOutput { return o } -func (o ImageAssuranceChecksPerformedArrayOutput) ToImageAssuranceChecksPerformedArrayOutputWithContext(ctx context.Context) ImageAssuranceChecksPerformedArrayOutput { +func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelArrayOutput { return o } -func (o ImageAssuranceChecksPerformedArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssuranceChecksPerformed] { - return pulumix.Output[[]ImageAssuranceChecksPerformed]{ - OutputState: o.OutputState, - } -} - -func (o ImageAssuranceChecksPerformedArrayOutput) Index(i pulumi.IntInput) ImageAssuranceChecksPerformedOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssuranceChecksPerformed { - return vs[0].([]ImageAssuranceChecksPerformed)[vs[1].(int)] - }).(ImageAssuranceChecksPerformedOutput) +func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyForbiddenLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyForbiddenLabel { + return vs[0].([]KubernetesAssurancePolicyForbiddenLabel)[vs[1].(int)] + }).(KubernetesAssurancePolicyForbiddenLabelOutput) } -type ImageAssurancePolicyAutoScanTime struct { - Iteration *int `pulumi:"iteration"` - IterationType *string `pulumi:"iterationType"` - Time *string `pulumi:"time"` - WeekDays []string `pulumi:"weekDays"` +type KubernetesAssurancePolicyKubernetesControl struct { + // AVD ID. + AvdId *string `pulumi:"avdId"` + // Description of the control. + Description *string `pulumi:"description"` + // Is the control enabled? + Enabled *bool `pulumi:"enabled"` + // Kind of the control. + Kind *string `pulumi:"kind"` + // Name of the control. + Name *string `pulumi:"name"` + // Out-of-the-box status of the control. + Ootb *bool `pulumi:"ootb"` + // Script ID. + ScriptId *int `pulumi:"scriptId"` + // Severity of the control. + Severity *string `pulumi:"severity"` } -// ImageAssurancePolicyAutoScanTimeInput is an input type that accepts ImageAssurancePolicyAutoScanTimeArgs and ImageAssurancePolicyAutoScanTimeOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyAutoScanTimeInput` via: +// KubernetesAssurancePolicyKubernetesControlInput is an input type that accepts KubernetesAssurancePolicyKubernetesControlArgs and KubernetesAssurancePolicyKubernetesControlOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyKubernetesControlInput` via: // -// ImageAssurancePolicyAutoScanTimeArgs{...} -type ImageAssurancePolicyAutoScanTimeInput interface { +// KubernetesAssurancePolicyKubernetesControlArgs{...} +type KubernetesAssurancePolicyKubernetesControlInput interface { pulumi.Input - ToImageAssurancePolicyAutoScanTimeOutput() ImageAssurancePolicyAutoScanTimeOutput - ToImageAssurancePolicyAutoScanTimeOutputWithContext(context.Context) ImageAssurancePolicyAutoScanTimeOutput -} - -type ImageAssurancePolicyAutoScanTimeArgs struct { - Iteration pulumi.IntPtrInput `pulumi:"iteration"` - IterationType pulumi.StringPtrInput `pulumi:"iterationType"` - Time pulumi.StringPtrInput `pulumi:"time"` - WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` + ToKubernetesAssurancePolicyKubernetesControlOutput() KubernetesAssurancePolicyKubernetesControlOutput + ToKubernetesAssurancePolicyKubernetesControlOutputWithContext(context.Context) KubernetesAssurancePolicyKubernetesControlOutput } -func (ImageAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyAutoScanTime)(nil)).Elem() +type KubernetesAssurancePolicyKubernetesControlArgs struct { + // AVD ID. + AvdId pulumi.StringPtrInput `pulumi:"avdId"` + // Description of the control. + Description pulumi.StringPtrInput `pulumi:"description"` + // Is the control enabled? + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Kind of the control. + Kind pulumi.StringPtrInput `pulumi:"kind"` + // Name of the control. + Name pulumi.StringPtrInput `pulumi:"name"` + // Out-of-the-box status of the control. + Ootb pulumi.BoolPtrInput `pulumi:"ootb"` + // Script ID. + ScriptId pulumi.IntPtrInput `pulumi:"scriptId"` + // Severity of the control. + Severity pulumi.StringPtrInput `pulumi:"severity"` } -func (i ImageAssurancePolicyAutoScanTimeArgs) ToImageAssurancePolicyAutoScanTimeOutput() ImageAssurancePolicyAutoScanTimeOutput { - return i.ToImageAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyKubernetesControlArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyKubernetesControl)(nil)).Elem() } -func (i ImageAssurancePolicyAutoScanTimeArgs) ToImageAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyAutoScanTimeOutput) +func (i KubernetesAssurancePolicyKubernetesControlArgs) ToKubernetesAssurancePolicyKubernetesControlOutput() KubernetesAssurancePolicyKubernetesControlOutput { + return i.ToKubernetesAssurancePolicyKubernetesControlOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyAutoScanTime] { - return pulumix.Output[ImageAssurancePolicyAutoScanTime]{ - OutputState: i.ToImageAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyKubernetesControlArgs) ToKubernetesAssurancePolicyKubernetesControlOutputWithContext(ctx context.Context) KubernetesAssurancePolicyKubernetesControlOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyKubernetesControlOutput) } -// ImageAssurancePolicyAutoScanTimeArrayInput is an input type that accepts ImageAssurancePolicyAutoScanTimeArray and ImageAssurancePolicyAutoScanTimeArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyAutoScanTimeArrayInput` via: +// KubernetesAssurancePolicyKubernetesControlArrayInput is an input type that accepts KubernetesAssurancePolicyKubernetesControlArray and KubernetesAssurancePolicyKubernetesControlArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyKubernetesControlArrayInput` via: // -// ImageAssurancePolicyAutoScanTimeArray{ ImageAssurancePolicyAutoScanTimeArgs{...} } -type ImageAssurancePolicyAutoScanTimeArrayInput interface { +// KubernetesAssurancePolicyKubernetesControlArray{ KubernetesAssurancePolicyKubernetesControlArgs{...} } +type KubernetesAssurancePolicyKubernetesControlArrayInput interface { pulumi.Input - ToImageAssurancePolicyAutoScanTimeArrayOutput() ImageAssurancePolicyAutoScanTimeArrayOutput - ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) ImageAssurancePolicyAutoScanTimeArrayOutput + ToKubernetesAssurancePolicyKubernetesControlArrayOutput() KubernetesAssurancePolicyKubernetesControlArrayOutput + ToKubernetesAssurancePolicyKubernetesControlArrayOutputWithContext(context.Context) KubernetesAssurancePolicyKubernetesControlArrayOutput } -type ImageAssurancePolicyAutoScanTimeArray []ImageAssurancePolicyAutoScanTimeInput - -func (ImageAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyAutoScanTime)(nil)).Elem() -} +type KubernetesAssurancePolicyKubernetesControlArray []KubernetesAssurancePolicyKubernetesControlInput -func (i ImageAssurancePolicyAutoScanTimeArray) ToImageAssurancePolicyAutoScanTimeArrayOutput() ImageAssurancePolicyAutoScanTimeArrayOutput { - return i.ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyKubernetesControlArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyKubernetesControl)(nil)).Elem() } -func (i ImageAssurancePolicyAutoScanTimeArray) ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyAutoScanTimeArrayOutput) +func (i KubernetesAssurancePolicyKubernetesControlArray) ToKubernetesAssurancePolicyKubernetesControlArrayOutput() KubernetesAssurancePolicyKubernetesControlArrayOutput { + return i.ToKubernetesAssurancePolicyKubernetesControlArrayOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyAutoScanTime] { - return pulumix.Output[[]ImageAssurancePolicyAutoScanTime]{ - OutputState: i.ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyKubernetesControlArray) ToKubernetesAssurancePolicyKubernetesControlArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyKubernetesControlArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyKubernetesControlArrayOutput) } -type ImageAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyKubernetesControlOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyAutoScanTime)(nil)).Elem() +func (KubernetesAssurancePolicyKubernetesControlOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyKubernetesControl)(nil)).Elem() } -func (o ImageAssurancePolicyAutoScanTimeOutput) ToImageAssurancePolicyAutoScanTimeOutput() ImageAssurancePolicyAutoScanTimeOutput { +func (o KubernetesAssurancePolicyKubernetesControlOutput) ToKubernetesAssurancePolicyKubernetesControlOutput() KubernetesAssurancePolicyKubernetesControlOutput { return o } -func (o ImageAssurancePolicyAutoScanTimeOutput) ToImageAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeOutput { +func (o KubernetesAssurancePolicyKubernetesControlOutput) ToKubernetesAssurancePolicyKubernetesControlOutputWithContext(ctx context.Context) KubernetesAssurancePolicyKubernetesControlOutput { return o } -func (o ImageAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyAutoScanTime] { - return pulumix.Output[ImageAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } +// AVD ID. +func (o KubernetesAssurancePolicyKubernetesControlOutput) AvdId() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *string { return v.AvdId }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) +// Description of the control. +func (o KubernetesAssurancePolicyKubernetesControlOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *string { return v.Description }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) +// Is the control enabled? +func (o KubernetesAssurancePolicyKubernetesControlOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) +// Kind of the control. +func (o KubernetesAssurancePolicyKubernetesControlOutput) Kind() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *string { return v.Kind }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { - return o.ApplyT(func(v ImageAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) +// Name of the control. +func (o KubernetesAssurancePolicyKubernetesControlOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *string { return v.Name }).(pulumi.StringPtrOutput) } -type ImageAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } +// Out-of-the-box status of the control. +func (o KubernetesAssurancePolicyKubernetesControlOutput) Ootb() pulumi.BoolPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *bool { return v.Ootb }).(pulumi.BoolPtrOutput) +} -func (ImageAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyAutoScanTime)(nil)).Elem() +// Script ID. +func (o KubernetesAssurancePolicyKubernetesControlOutput) ScriptId() pulumi.IntPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *int { return v.ScriptId }).(pulumi.IntPtrOutput) } -func (o ImageAssurancePolicyAutoScanTimeArrayOutput) ToImageAssurancePolicyAutoScanTimeArrayOutput() ImageAssurancePolicyAutoScanTimeArrayOutput { - return o +// Severity of the control. +func (o KubernetesAssurancePolicyKubernetesControlOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyKubernetesControl) *string { return v.Severity }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyAutoScanTimeArrayOutput) ToImageAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyAutoScanTimeArrayOutput { +type KubernetesAssurancePolicyKubernetesControlArrayOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyKubernetesControlArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyKubernetesControl)(nil)).Elem() +} + +func (o KubernetesAssurancePolicyKubernetesControlArrayOutput) ToKubernetesAssurancePolicyKubernetesControlArrayOutput() KubernetesAssurancePolicyKubernetesControlArrayOutput { return o } -func (o ImageAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyAutoScanTime] { - return pulumix.Output[[]ImageAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyKubernetesControlArrayOutput) ToKubernetesAssurancePolicyKubernetesControlArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyKubernetesControlArrayOutput { + return o } -func (o ImageAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyAutoScanTimeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyAutoScanTime { - return vs[0].([]ImageAssurancePolicyAutoScanTime)[vs[1].(int)] - }).(ImageAssurancePolicyAutoScanTimeOutput) +func (o KubernetesAssurancePolicyKubernetesControlArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyKubernetesControlOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyKubernetesControl { + return vs[0].([]KubernetesAssurancePolicyKubernetesControl)[vs[1].(int)] + }).(KubernetesAssurancePolicyKubernetesControlOutput) } -type ImageAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. - Author *string `pulumi:"author"` - Description *string `pulumi:"description"` - Engine *string `pulumi:"engine"` - LastModified *int `pulumi:"lastModified"` +type KubernetesAssurancePolicyPackagesBlackList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` Name *string `pulumi:"name"` - Path *string `pulumi:"path"` - ReadOnly *bool `pulumi:"readOnly"` - ScriptId *string `pulumi:"scriptId"` - Severity *string `pulumi:"severity"` - Snippet *string `pulumi:"snippet"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` } -// ImageAssurancePolicyCustomCheckInput is an input type that accepts ImageAssurancePolicyCustomCheckArgs and ImageAssurancePolicyCustomCheckOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyCustomCheckInput` via: +// KubernetesAssurancePolicyPackagesBlackListInput is an input type that accepts KubernetesAssurancePolicyPackagesBlackListArgs and KubernetesAssurancePolicyPackagesBlackListOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesBlackListInput` via: // -// ImageAssurancePolicyCustomCheckArgs{...} -type ImageAssurancePolicyCustomCheckInput interface { +// KubernetesAssurancePolicyPackagesBlackListArgs{...} +type KubernetesAssurancePolicyPackagesBlackListInput interface { pulumi.Input - ToImageAssurancePolicyCustomCheckOutput() ImageAssurancePolicyCustomCheckOutput - ToImageAssurancePolicyCustomCheckOutputWithContext(context.Context) ImageAssurancePolicyCustomCheckOutput + ToKubernetesAssurancePolicyPackagesBlackListOutput() KubernetesAssurancePolicyPackagesBlackListOutput + ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesBlackListOutput } -type ImageAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. - Author pulumi.StringPtrInput `pulumi:"author"` - Description pulumi.StringPtrInput `pulumi:"description"` - Engine pulumi.StringPtrInput `pulumi:"engine"` - LastModified pulumi.IntPtrInput `pulumi:"lastModified"` +type KubernetesAssurancePolicyPackagesBlackListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` Name pulumi.StringPtrInput `pulumi:"name"` - Path pulumi.StringPtrInput `pulumi:"path"` - ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` - ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` - Severity pulumi.StringPtrInput `pulumi:"severity"` - Snippet pulumi.StringPtrInput `pulumi:"snippet"` -} - -func (ImageAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyCustomCheck)(nil)).Elem() + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` } -func (i ImageAssurancePolicyCustomCheckArgs) ToImageAssurancePolicyCustomCheckOutput() ImageAssurancePolicyCustomCheckOutput { - return i.ToImageAssurancePolicyCustomCheckOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (i ImageAssurancePolicyCustomCheckArgs) ToImageAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyCustomCheckOutput) +func (i KubernetesAssurancePolicyPackagesBlackListArgs) ToKubernetesAssurancePolicyPackagesBlackListOutput() KubernetesAssurancePolicyPackagesBlackListOutput { + return i.ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyCustomCheck] { - return pulumix.Output[ImageAssurancePolicyCustomCheck]{ - OutputState: i.ToImageAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyPackagesBlackListArgs) ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesBlackListOutput) } -// ImageAssurancePolicyCustomCheckArrayInput is an input type that accepts ImageAssurancePolicyCustomCheckArray and ImageAssurancePolicyCustomCheckArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyCustomCheckArrayInput` via: +// KubernetesAssurancePolicyPackagesBlackListArrayInput is an input type that accepts KubernetesAssurancePolicyPackagesBlackListArray and KubernetesAssurancePolicyPackagesBlackListArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesBlackListArrayInput` via: // -// ImageAssurancePolicyCustomCheckArray{ ImageAssurancePolicyCustomCheckArgs{...} } -type ImageAssurancePolicyCustomCheckArrayInput interface { +// KubernetesAssurancePolicyPackagesBlackListArray{ KubernetesAssurancePolicyPackagesBlackListArgs{...} } +type KubernetesAssurancePolicyPackagesBlackListArrayInput interface { pulumi.Input - ToImageAssurancePolicyCustomCheckArrayOutput() ImageAssurancePolicyCustomCheckArrayOutput - ToImageAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) ImageAssurancePolicyCustomCheckArrayOutput + ToKubernetesAssurancePolicyPackagesBlackListArrayOutput() KubernetesAssurancePolicyPackagesBlackListArrayOutput + ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesBlackListArrayOutput } -type ImageAssurancePolicyCustomCheckArray []ImageAssurancePolicyCustomCheckInput - -func (ImageAssurancePolicyCustomCheckArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyCustomCheck)(nil)).Elem() -} +type KubernetesAssurancePolicyPackagesBlackListArray []KubernetesAssurancePolicyPackagesBlackListInput -func (i ImageAssurancePolicyCustomCheckArray) ToImageAssurancePolicyCustomCheckArrayOutput() ImageAssurancePolicyCustomCheckArrayOutput { - return i.ToImageAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (i ImageAssurancePolicyCustomCheckArray) ToImageAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyCustomCheckArrayOutput) +func (i KubernetesAssurancePolicyPackagesBlackListArray) ToKubernetesAssurancePolicyPackagesBlackListArrayOutput() KubernetesAssurancePolicyPackagesBlackListArrayOutput { + return i.ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyCustomCheck] { - return pulumix.Output[[]ImageAssurancePolicyCustomCheck]{ - OutputState: i.ToImageAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyPackagesBlackListArray) ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesBlackListArrayOutput) } -type ImageAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyCustomCheck)(nil)).Elem() +func (KubernetesAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (o ImageAssurancePolicyCustomCheckOutput) ToImageAssurancePolicyCustomCheckOutput() ImageAssurancePolicyCustomCheckOutput { +func (o KubernetesAssurancePolicyPackagesBlackListOutput) ToKubernetesAssurancePolicyPackagesBlackListOutput() KubernetesAssurancePolicyPackagesBlackListOutput { return o } -func (o ImageAssurancePolicyCustomCheckOutput) ToImageAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckOutput { +func (o KubernetesAssurancePolicyPackagesBlackListOutput) ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListOutput { return o } -func (o ImageAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyCustomCheck] { - return pulumix.Output[ImageAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - -// Name of user account that created the policy. -func (o ImageAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) -} - -func (o ImageAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) } -type ImageAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyCustomCheck)(nil)).Elem() +func (KubernetesAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (o ImageAssurancePolicyCustomCheckArrayOutput) ToImageAssurancePolicyCustomCheckArrayOutput() ImageAssurancePolicyCustomCheckArrayOutput { +func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) ToKubernetesAssurancePolicyPackagesBlackListArrayOutput() KubernetesAssurancePolicyPackagesBlackListArrayOutput { return o } -func (o ImageAssurancePolicyCustomCheckArrayOutput) ToImageAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyCustomCheckArrayOutput { +func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListArrayOutput { return o } -func (o ImageAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyCustomCheck] { - return pulumix.Output[[]ImageAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - -func (o ImageAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyCustomCheckOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyCustomCheck { - return vs[0].([]ImageAssurancePolicyCustomCheck)[vs[1].(int)] - }).(ImageAssurancePolicyCustomCheckOutput) +func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyPackagesBlackListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyPackagesBlackList { + return vs[0].([]KubernetesAssurancePolicyPackagesBlackList)[vs[1].(int)] + }).(KubernetesAssurancePolicyPackagesBlackListOutput) } -type ImageAssurancePolicyForbiddenLabel struct { - Key *string `pulumi:"key"` - Value *string `pulumi:"value"` +type KubernetesAssurancePolicyPackagesWhiteList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` } -// ImageAssurancePolicyForbiddenLabelInput is an input type that accepts ImageAssurancePolicyForbiddenLabelArgs and ImageAssurancePolicyForbiddenLabelOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyForbiddenLabelInput` via: +// KubernetesAssurancePolicyPackagesWhiteListInput is an input type that accepts KubernetesAssurancePolicyPackagesWhiteListArgs and KubernetesAssurancePolicyPackagesWhiteListOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesWhiteListInput` via: // -// ImageAssurancePolicyForbiddenLabelArgs{...} -type ImageAssurancePolicyForbiddenLabelInput interface { +// KubernetesAssurancePolicyPackagesWhiteListArgs{...} +type KubernetesAssurancePolicyPackagesWhiteListInput interface { pulumi.Input - ToImageAssurancePolicyForbiddenLabelOutput() ImageAssurancePolicyForbiddenLabelOutput - ToImageAssurancePolicyForbiddenLabelOutputWithContext(context.Context) ImageAssurancePolicyForbiddenLabelOutput -} - -type ImageAssurancePolicyForbiddenLabelArgs struct { - Key pulumi.StringPtrInput `pulumi:"key"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToKubernetesAssurancePolicyPackagesWhiteListOutput() KubernetesAssurancePolicyPackagesWhiteListOutput + ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesWhiteListOutput } -func (ImageAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyForbiddenLabel)(nil)).Elem() +type KubernetesAssurancePolicyPackagesWhiteListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` } -func (i ImageAssurancePolicyForbiddenLabelArgs) ToImageAssurancePolicyForbiddenLabelOutput() ImageAssurancePolicyForbiddenLabelOutput { - return i.ToImageAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (i ImageAssurancePolicyForbiddenLabelArgs) ToImageAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyForbiddenLabelOutput) +func (i KubernetesAssurancePolicyPackagesWhiteListArgs) ToKubernetesAssurancePolicyPackagesWhiteListOutput() KubernetesAssurancePolicyPackagesWhiteListOutput { + return i.ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[ImageAssurancePolicyForbiddenLabel]{ - OutputState: i.ToImageAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyPackagesWhiteListArgs) ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesWhiteListOutput) } -// ImageAssurancePolicyForbiddenLabelArrayInput is an input type that accepts ImageAssurancePolicyForbiddenLabelArray and ImageAssurancePolicyForbiddenLabelArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyForbiddenLabelArrayInput` via: +// KubernetesAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts KubernetesAssurancePolicyPackagesWhiteListArray and KubernetesAssurancePolicyPackagesWhiteListArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesWhiteListArrayInput` via: // -// ImageAssurancePolicyForbiddenLabelArray{ ImageAssurancePolicyForbiddenLabelArgs{...} } -type ImageAssurancePolicyForbiddenLabelArrayInput interface { +// KubernetesAssurancePolicyPackagesWhiteListArray{ KubernetesAssurancePolicyPackagesWhiteListArgs{...} } +type KubernetesAssurancePolicyPackagesWhiteListArrayInput interface { pulumi.Input - ToImageAssurancePolicyForbiddenLabelArrayOutput() ImageAssurancePolicyForbiddenLabelArrayOutput - ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) ImageAssurancePolicyForbiddenLabelArrayOutput + ToKubernetesAssurancePolicyPackagesWhiteListArrayOutput() KubernetesAssurancePolicyPackagesWhiteListArrayOutput + ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesWhiteListArrayOutput } -type ImageAssurancePolicyForbiddenLabelArray []ImageAssurancePolicyForbiddenLabelInput - -func (ImageAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyForbiddenLabel)(nil)).Elem() -} +type KubernetesAssurancePolicyPackagesWhiteListArray []KubernetesAssurancePolicyPackagesWhiteListInput -func (i ImageAssurancePolicyForbiddenLabelArray) ToImageAssurancePolicyForbiddenLabelArrayOutput() ImageAssurancePolicyForbiddenLabelArrayOutput { - return i.ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (i ImageAssurancePolicyForbiddenLabelArray) ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyForbiddenLabelArrayOutput) +func (i KubernetesAssurancePolicyPackagesWhiteListArray) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutput() KubernetesAssurancePolicyPackagesWhiteListArrayOutput { + return i.ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]ImageAssurancePolicyForbiddenLabel]{ - OutputState: i.ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyPackagesWhiteListArray) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesWhiteListArrayOutput) } -type ImageAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyForbiddenLabel)(nil)).Elem() +func (KubernetesAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (o ImageAssurancePolicyForbiddenLabelOutput) ToImageAssurancePolicyForbiddenLabelOutput() ImageAssurancePolicyForbiddenLabelOutput { +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) ToKubernetesAssurancePolicyPackagesWhiteListOutput() KubernetesAssurancePolicyPackagesWhiteListOutput { return o } -func (o ImageAssurancePolicyForbiddenLabelOutput) ToImageAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelOutput { +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListOutput { return o } -func (o ImageAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[ImageAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) } -type ImageAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +} -func (ImageAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyForbiddenLabel)(nil)).Elem() +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyForbiddenLabelArrayOutput) ToImageAssurancePolicyForbiddenLabelArrayOutput() ImageAssurancePolicyForbiddenLabelArrayOutput { - return o +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyForbiddenLabelArrayOutput) ToImageAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyForbiddenLabelArrayOutput { +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +} + +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +} + +func (o KubernetesAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +} + +type KubernetesAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() +} + +func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutput() KubernetesAssurancePolicyPackagesWhiteListArrayOutput { return o } -func (o ImageAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]ImageAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListArrayOutput { + return o } -func (o ImageAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyForbiddenLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyForbiddenLabel { - return vs[0].([]ImageAssurancePolicyForbiddenLabel)[vs[1].(int)] - }).(ImageAssurancePolicyForbiddenLabelOutput) +func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyPackagesWhiteListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyPackagesWhiteList { + return vs[0].([]KubernetesAssurancePolicyPackagesWhiteList)[vs[1].(int)] + }).(KubernetesAssurancePolicyPackagesWhiteListOutput) } -type ImageAssurancePolicyPackagesBlackList struct { - Arch *string `pulumi:"arch"` - Display *string `pulumi:"display"` - Epoch *string `pulumi:"epoch"` - Format *string `pulumi:"format"` - License *string `pulumi:"license"` - Name *string `pulumi:"name"` - Release *string `pulumi:"release"` - Version *string `pulumi:"version"` - VersionRange *string `pulumi:"versionRange"` +type KubernetesAssurancePolicyPolicySettings struct { + Enforce *bool `pulumi:"enforce"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + Warn *bool `pulumi:"warn"` + WarningMessage *string `pulumi:"warningMessage"` } -// ImageAssurancePolicyPackagesBlackListInput is an input type that accepts ImageAssurancePolicyPackagesBlackListArgs and ImageAssurancePolicyPackagesBlackListOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyPackagesBlackListInput` via: +// KubernetesAssurancePolicyPolicySettingsInput is an input type that accepts KubernetesAssurancePolicyPolicySettingsArgs and KubernetesAssurancePolicyPolicySettingsOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyPolicySettingsInput` via: // -// ImageAssurancePolicyPackagesBlackListArgs{...} -type ImageAssurancePolicyPackagesBlackListInput interface { +// KubernetesAssurancePolicyPolicySettingsArgs{...} +type KubernetesAssurancePolicyPolicySettingsInput interface { pulumi.Input - ToImageAssurancePolicyPackagesBlackListOutput() ImageAssurancePolicyPackagesBlackListOutput - ToImageAssurancePolicyPackagesBlackListOutputWithContext(context.Context) ImageAssurancePolicyPackagesBlackListOutput + ToKubernetesAssurancePolicyPolicySettingsOutput() KubernetesAssurancePolicyPolicySettingsOutput + ToKubernetesAssurancePolicyPolicySettingsOutputWithContext(context.Context) KubernetesAssurancePolicyPolicySettingsOutput } -type ImageAssurancePolicyPackagesBlackListArgs struct { - Arch pulumi.StringPtrInput `pulumi:"arch"` - Display pulumi.StringPtrInput `pulumi:"display"` - Epoch pulumi.StringPtrInput `pulumi:"epoch"` - Format pulumi.StringPtrInput `pulumi:"format"` - License pulumi.StringPtrInput `pulumi:"license"` - Name pulumi.StringPtrInput `pulumi:"name"` - Release pulumi.StringPtrInput `pulumi:"release"` - Version pulumi.StringPtrInput `pulumi:"version"` - VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +type KubernetesAssurancePolicyPolicySettingsArgs struct { + Enforce pulumi.BoolPtrInput `pulumi:"enforce"` + IsAuditChecked pulumi.BoolPtrInput `pulumi:"isAuditChecked"` + Warn pulumi.BoolPtrInput `pulumi:"warn"` + WarningMessage pulumi.StringPtrInput `pulumi:"warningMessage"` } -func (ImageAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyPackagesBlackList)(nil)).Elem() +func (KubernetesAssurancePolicyPolicySettingsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyPolicySettings)(nil)).Elem() } -func (i ImageAssurancePolicyPackagesBlackListArgs) ToImageAssurancePolicyPackagesBlackListOutput() ImageAssurancePolicyPackagesBlackListOutput { - return i.ToImageAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) +func (i KubernetesAssurancePolicyPolicySettingsArgs) ToKubernetesAssurancePolicyPolicySettingsOutput() KubernetesAssurancePolicyPolicySettingsOutput { + return i.ToKubernetesAssurancePolicyPolicySettingsOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyPackagesBlackListArgs) ToImageAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesBlackListOutput) +func (i KubernetesAssurancePolicyPolicySettingsArgs) ToKubernetesAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPolicySettingsOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPolicySettingsOutput) } -func (i ImageAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[ImageAssurancePolicyPackagesBlackList]{ - OutputState: i.ToImageAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyPolicySettingsArgs) ToKubernetesAssurancePolicyPolicySettingsPtrOutput() KubernetesAssurancePolicyPolicySettingsPtrOutput { + return i.ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -// ImageAssurancePolicyPackagesBlackListArrayInput is an input type that accepts ImageAssurancePolicyPackagesBlackListArray and ImageAssurancePolicyPackagesBlackListArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyPackagesBlackListArrayInput` via: +func (i KubernetesAssurancePolicyPolicySettingsArgs) ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPolicySettingsOutput).ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(ctx) +} + +// KubernetesAssurancePolicyPolicySettingsPtrInput is an input type that accepts KubernetesAssurancePolicyPolicySettingsArgs, KubernetesAssurancePolicyPolicySettingsPtr and KubernetesAssurancePolicyPolicySettingsPtrOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyPolicySettingsPtrInput` via: +// +// KubernetesAssurancePolicyPolicySettingsArgs{...} +// +// or: // -// ImageAssurancePolicyPackagesBlackListArray{ ImageAssurancePolicyPackagesBlackListArgs{...} } -type ImageAssurancePolicyPackagesBlackListArrayInput interface { +// nil +type KubernetesAssurancePolicyPolicySettingsPtrInput interface { pulumi.Input - ToImageAssurancePolicyPackagesBlackListArrayOutput() ImageAssurancePolicyPackagesBlackListArrayOutput - ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) ImageAssurancePolicyPackagesBlackListArrayOutput + ToKubernetesAssurancePolicyPolicySettingsPtrOutput() KubernetesAssurancePolicyPolicySettingsPtrOutput + ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(context.Context) KubernetesAssurancePolicyPolicySettingsPtrOutput } -type ImageAssurancePolicyPackagesBlackListArray []ImageAssurancePolicyPackagesBlackListInput +type kubernetesAssurancePolicyPolicySettingsPtrType KubernetesAssurancePolicyPolicySettingsArgs -func (ImageAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyPackagesBlackList)(nil)).Elem() +func KubernetesAssurancePolicyPolicySettingsPtr(v *KubernetesAssurancePolicyPolicySettingsArgs) KubernetesAssurancePolicyPolicySettingsPtrInput { + return (*kubernetesAssurancePolicyPolicySettingsPtrType)(v) } -func (i ImageAssurancePolicyPackagesBlackListArray) ToImageAssurancePolicyPackagesBlackListArrayOutput() ImageAssurancePolicyPackagesBlackListArrayOutput { - return i.ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) +func (*kubernetesAssurancePolicyPolicySettingsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**KubernetesAssurancePolicyPolicySettings)(nil)).Elem() } -func (i ImageAssurancePolicyPackagesBlackListArray) ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesBlackListArrayOutput) +func (i *kubernetesAssurancePolicyPolicySettingsPtrType) ToKubernetesAssurancePolicyPolicySettingsPtrOutput() KubernetesAssurancePolicyPolicySettingsPtrOutput { + return i.ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]ImageAssurancePolicyPackagesBlackList]{ - OutputState: i.ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } +func (i *kubernetesAssurancePolicyPolicySettingsPtrType) ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPolicySettingsPtrOutput) } -type ImageAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyPolicySettingsOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyPackagesBlackList)(nil)).Elem() +func (KubernetesAssurancePolicyPolicySettingsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyPolicySettings)(nil)).Elem() } -func (o ImageAssurancePolicyPackagesBlackListOutput) ToImageAssurancePolicyPackagesBlackListOutput() ImageAssurancePolicyPackagesBlackListOutput { +func (o KubernetesAssurancePolicyPolicySettingsOutput) ToKubernetesAssurancePolicyPolicySettingsOutput() KubernetesAssurancePolicyPolicySettingsOutput { return o } -func (o ImageAssurancePolicyPackagesBlackListOutput) ToImageAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListOutput { +func (o KubernetesAssurancePolicyPolicySettingsOutput) ToKubernetesAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPolicySettingsOutput { return o } -func (o ImageAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[ImageAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyPolicySettingsOutput) ToKubernetesAssurancePolicyPolicySettingsPtrOutput() KubernetesAssurancePolicyPolicySettingsPtrOutput { + return o.ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (o ImageAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsOutput) ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPolicySettingsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v KubernetesAssurancePolicyPolicySettings) *KubernetesAssurancePolicyPolicySettings { + return &v + }).(KubernetesAssurancePolicyPolicySettingsPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPolicySettings) *bool { return v.Enforce }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPolicySettings) *bool { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPolicySettings) *bool { return v.Warn }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyPolicySettings) *string { return v.WarningMessage }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) -} +type KubernetesAssurancePolicyPolicySettingsPtrOutput struct{ *pulumi.OutputState } -func (o ImageAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) +func (KubernetesAssurancePolicyPolicySettingsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**KubernetesAssurancePolicyPolicySettings)(nil)).Elem() } -func (o ImageAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) ToKubernetesAssurancePolicyPolicySettingsPtrOutput() KubernetesAssurancePolicyPolicySettingsPtrOutput { + return o } -func (o ImageAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) ToKubernetesAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPolicySettingsPtrOutput { + return o } -type ImageAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } - -func (ImageAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyPackagesBlackList)(nil)).Elem() +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) Elem() KubernetesAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicyPolicySettings) KubernetesAssurancePolicyPolicySettings { + if v != nil { + return *v + } + var ret KubernetesAssurancePolicyPolicySettings + return ret + }).(KubernetesAssurancePolicyPolicySettingsOutput) } -func (o ImageAssurancePolicyPackagesBlackListArrayOutput) ToImageAssurancePolicyPackagesBlackListArrayOutput() ImageAssurancePolicyPackagesBlackListArrayOutput { - return o +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Enforce + }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListArrayOutput) ToImageAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesBlackListArrayOutput { - return o +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.IsAuditChecked + }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]ImageAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Warn + }).(pulumi.BoolPtrOutput) } -func (o ImageAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyPackagesBlackListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyPackagesBlackList { - return vs[0].([]ImageAssurancePolicyPackagesBlackList)[vs[1].(int)] - }).(ImageAssurancePolicyPackagesBlackListOutput) +func (o KubernetesAssurancePolicyPolicySettingsPtrOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v *KubernetesAssurancePolicyPolicySettings) *string { + if v == nil { + return nil + } + return v.WarningMessage + }).(pulumi.StringPtrOutput) } -type ImageAssurancePolicyPackagesWhiteList struct { - Arch *string `pulumi:"arch"` - Display *string `pulumi:"display"` - Epoch *string `pulumi:"epoch"` - Format *string `pulumi:"format"` - License *string `pulumi:"license"` - Name *string `pulumi:"name"` - Release *string `pulumi:"release"` - Version *string `pulumi:"version"` - VersionRange *string `pulumi:"versionRange"` +type KubernetesAssurancePolicyRequiredLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` } -// ImageAssurancePolicyPackagesWhiteListInput is an input type that accepts ImageAssurancePolicyPackagesWhiteListArgs and ImageAssurancePolicyPackagesWhiteListOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyPackagesWhiteListInput` via: +// KubernetesAssurancePolicyRequiredLabelInput is an input type that accepts KubernetesAssurancePolicyRequiredLabelArgs and KubernetesAssurancePolicyRequiredLabelOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyRequiredLabelInput` via: // -// ImageAssurancePolicyPackagesWhiteListArgs{...} -type ImageAssurancePolicyPackagesWhiteListInput interface { +// KubernetesAssurancePolicyRequiredLabelArgs{...} +type KubernetesAssurancePolicyRequiredLabelInput interface { pulumi.Input - ToImageAssurancePolicyPackagesWhiteListOutput() ImageAssurancePolicyPackagesWhiteListOutput - ToImageAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) ImageAssurancePolicyPackagesWhiteListOutput -} - -type ImageAssurancePolicyPackagesWhiteListArgs struct { - Arch pulumi.StringPtrInput `pulumi:"arch"` - Display pulumi.StringPtrInput `pulumi:"display"` - Epoch pulumi.StringPtrInput `pulumi:"epoch"` - Format pulumi.StringPtrInput `pulumi:"format"` - License pulumi.StringPtrInput `pulumi:"license"` - Name pulumi.StringPtrInput `pulumi:"name"` - Release pulumi.StringPtrInput `pulumi:"release"` - Version pulumi.StringPtrInput `pulumi:"version"` - VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` + ToKubernetesAssurancePolicyRequiredLabelOutput() KubernetesAssurancePolicyRequiredLabelOutput + ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(context.Context) KubernetesAssurancePolicyRequiredLabelOutput } -func (ImageAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() +type KubernetesAssurancePolicyRequiredLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i ImageAssurancePolicyPackagesWhiteListArgs) ToImageAssurancePolicyPackagesWhiteListOutput() ImageAssurancePolicyPackagesWhiteListOutput { - return i.ToImageAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() } -func (i ImageAssurancePolicyPackagesWhiteListArgs) ToImageAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesWhiteListOutput) +func (i KubernetesAssurancePolicyRequiredLabelArgs) ToKubernetesAssurancePolicyRequiredLabelOutput() KubernetesAssurancePolicyRequiredLabelOutput { + return i.ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[ImageAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToImageAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyRequiredLabelArgs) ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyRequiredLabelOutput) } -// ImageAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts ImageAssurancePolicyPackagesWhiteListArray and ImageAssurancePolicyPackagesWhiteListArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyPackagesWhiteListArrayInput` via: +// KubernetesAssurancePolicyRequiredLabelArrayInput is an input type that accepts KubernetesAssurancePolicyRequiredLabelArray and KubernetesAssurancePolicyRequiredLabelArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyRequiredLabelArrayInput` via: // -// ImageAssurancePolicyPackagesWhiteListArray{ ImageAssurancePolicyPackagesWhiteListArgs{...} } -type ImageAssurancePolicyPackagesWhiteListArrayInput interface { +// KubernetesAssurancePolicyRequiredLabelArray{ KubernetesAssurancePolicyRequiredLabelArgs{...} } +type KubernetesAssurancePolicyRequiredLabelArrayInput interface { pulumi.Input - ToImageAssurancePolicyPackagesWhiteListArrayOutput() ImageAssurancePolicyPackagesWhiteListArrayOutput - ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) ImageAssurancePolicyPackagesWhiteListArrayOutput + ToKubernetesAssurancePolicyRequiredLabelArrayOutput() KubernetesAssurancePolicyRequiredLabelArrayOutput + ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) KubernetesAssurancePolicyRequiredLabelArrayOutput } -type ImageAssurancePolicyPackagesWhiteListArray []ImageAssurancePolicyPackagesWhiteListInput +type KubernetesAssurancePolicyRequiredLabelArray []KubernetesAssurancePolicyRequiredLabelInput -func (ImageAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (KubernetesAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() } -func (i ImageAssurancePolicyPackagesWhiteListArray) ToImageAssurancePolicyPackagesWhiteListArrayOutput() ImageAssurancePolicyPackagesWhiteListArrayOutput { - return i.ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) +func (i KubernetesAssurancePolicyRequiredLabelArray) ToKubernetesAssurancePolicyRequiredLabelArrayOutput() KubernetesAssurancePolicyRequiredLabelArrayOutput { + return i.ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyPackagesWhiteListArray) ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyPackagesWhiteListArrayOutput) +func (i KubernetesAssurancePolicyRequiredLabelArray) ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyRequiredLabelArrayOutput) } -func (i ImageAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]ImageAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } +type KubernetesAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() } -type ImageAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } +func (o KubernetesAssurancePolicyRequiredLabelOutput) ToKubernetesAssurancePolicyRequiredLabelOutput() KubernetesAssurancePolicyRequiredLabelOutput { + return o +} -func (ImageAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (o KubernetesAssurancePolicyRequiredLabelOutput) ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelOutput { + return o } -func (o ImageAssurancePolicyPackagesWhiteListOutput) ToImageAssurancePolicyPackagesWhiteListOutput() ImageAssurancePolicyPackagesWhiteListOutput { +func (o KubernetesAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +} + +func (o KubernetesAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type KubernetesAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) ToKubernetesAssurancePolicyRequiredLabelArrayOutput() KubernetesAssurancePolicyRequiredLabelArrayOutput { return o } -func (o ImageAssurancePolicyPackagesWhiteListOutput) ToImageAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListOutput { +func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelArrayOutput { return o } -func (o ImageAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[ImageAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyRequiredLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyRequiredLabel { + return vs[0].([]KubernetesAssurancePolicyRequiredLabel)[vs[1].(int)] + }).(KubernetesAssurancePolicyRequiredLabelOutput) } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) +type KubernetesAssurancePolicyScope struct { + Expression *string `pulumi:"expression"` + Variables []KubernetesAssurancePolicyScopeVariable `pulumi:"variables"` } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) +// KubernetesAssurancePolicyScopeInput is an input type that accepts KubernetesAssurancePolicyScopeArgs and KubernetesAssurancePolicyScopeOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyScopeInput` via: +// +// KubernetesAssurancePolicyScopeArgs{...} +type KubernetesAssurancePolicyScopeInput interface { + pulumi.Input + + ToKubernetesAssurancePolicyScopeOutput() KubernetesAssurancePolicyScopeOutput + ToKubernetesAssurancePolicyScopeOutputWithContext(context.Context) KubernetesAssurancePolicyScopeOutput } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +type KubernetesAssurancePolicyScopeArgs struct { + Expression pulumi.StringPtrInput `pulumi:"expression"` + Variables KubernetesAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (KubernetesAssurancePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyScope)(nil)).Elem() } -func (o ImageAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) +func (i KubernetesAssurancePolicyScopeArgs) ToKubernetesAssurancePolicyScopeOutput() KubernetesAssurancePolicyScopeOutput { + return i.ToKubernetesAssurancePolicyScopeOutputWithContext(context.Background()) } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) +func (i KubernetesAssurancePolicyScopeArgs) ToKubernetesAssurancePolicyScopeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeOutput) } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +// KubernetesAssurancePolicyScopeArrayInput is an input type that accepts KubernetesAssurancePolicyScopeArray and KubernetesAssurancePolicyScopeArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyScopeArrayInput` via: +// +// KubernetesAssurancePolicyScopeArray{ KubernetesAssurancePolicyScopeArgs{...} } +type KubernetesAssurancePolicyScopeArrayInput interface { + pulumi.Input + + ToKubernetesAssurancePolicyScopeArrayOutput() KubernetesAssurancePolicyScopeArrayOutput + ToKubernetesAssurancePolicyScopeArrayOutputWithContext(context.Context) KubernetesAssurancePolicyScopeArrayOutput } -func (o ImageAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +type KubernetesAssurancePolicyScopeArray []KubernetesAssurancePolicyScopeInput + +func (KubernetesAssurancePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyScope)(nil)).Elem() +} + +func (i KubernetesAssurancePolicyScopeArray) ToKubernetesAssurancePolicyScopeArrayOutput() KubernetesAssurancePolicyScopeArrayOutput { + return i.ToKubernetesAssurancePolicyScopeArrayOutputWithContext(context.Background()) +} + +func (i KubernetesAssurancePolicyScopeArray) ToKubernetesAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeArrayOutput) +} + +type KubernetesAssurancePolicyScopeOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyScope)(nil)).Elem() +} + +func (o KubernetesAssurancePolicyScopeOutput) ToKubernetesAssurancePolicyScopeOutput() KubernetesAssurancePolicyScopeOutput { + return o +} + +func (o KubernetesAssurancePolicyScopeOutput) ToKubernetesAssurancePolicyScopeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeOutput { + return o +} + +func (o KubernetesAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyScopeOutput) Variables() KubernetesAssurancePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyScope) []KubernetesAssurancePolicyScopeVariable { return v.Variables }).(KubernetesAssurancePolicyScopeVariableArrayOutput) } -type ImageAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (KubernetesAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyScope)(nil)).Elem() } -func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) ToImageAssurancePolicyPackagesWhiteListArrayOutput() ImageAssurancePolicyPackagesWhiteListArrayOutput { +func (o KubernetesAssurancePolicyScopeArrayOutput) ToKubernetesAssurancePolicyScopeArrayOutput() KubernetesAssurancePolicyScopeArrayOutput { return o } -func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) ToImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyPackagesWhiteListArrayOutput { +func (o KubernetesAssurancePolicyScopeArrayOutput) ToKubernetesAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeArrayOutput { return o } -func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]ImageAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - -func (o ImageAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyPackagesWhiteListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyPackagesWhiteList { - return vs[0].([]ImageAssurancePolicyPackagesWhiteList)[vs[1].(int)] - }).(ImageAssurancePolicyPackagesWhiteListOutput) +func (o KubernetesAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyScope { + return vs[0].([]KubernetesAssurancePolicyScope)[vs[1].(int)] + }).(KubernetesAssurancePolicyScopeOutput) } -type ImageAssurancePolicyRequiredLabel struct { - Key *string `pulumi:"key"` - Value *string `pulumi:"value"` +type KubernetesAssurancePolicyScopeVariable struct { + Attribute *string `pulumi:"attribute"` + Name *string `pulumi:"name"` + Value *string `pulumi:"value"` } -// ImageAssurancePolicyRequiredLabelInput is an input type that accepts ImageAssurancePolicyRequiredLabelArgs and ImageAssurancePolicyRequiredLabelOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyRequiredLabelInput` via: +// KubernetesAssurancePolicyScopeVariableInput is an input type that accepts KubernetesAssurancePolicyScopeVariableArgs and KubernetesAssurancePolicyScopeVariableOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyScopeVariableInput` via: // -// ImageAssurancePolicyRequiredLabelArgs{...} -type ImageAssurancePolicyRequiredLabelInput interface { +// KubernetesAssurancePolicyScopeVariableArgs{...} +type KubernetesAssurancePolicyScopeVariableInput interface { pulumi.Input - ToImageAssurancePolicyRequiredLabelOutput() ImageAssurancePolicyRequiredLabelOutput - ToImageAssurancePolicyRequiredLabelOutputWithContext(context.Context) ImageAssurancePolicyRequiredLabelOutput -} - -type ImageAssurancePolicyRequiredLabelArgs struct { - Key pulumi.StringPtrInput `pulumi:"key"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToKubernetesAssurancePolicyScopeVariableOutput() KubernetesAssurancePolicyScopeVariableOutput + ToKubernetesAssurancePolicyScopeVariableOutputWithContext(context.Context) KubernetesAssurancePolicyScopeVariableOutput } -func (ImageAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyRequiredLabel)(nil)).Elem() +type KubernetesAssurancePolicyScopeVariableArgs struct { + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + Name pulumi.StringPtrInput `pulumi:"name"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i ImageAssurancePolicyRequiredLabelArgs) ToImageAssurancePolicyRequiredLabelOutput() ImageAssurancePolicyRequiredLabelOutput { - return i.ToImageAssurancePolicyRequiredLabelOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyScopeVariable)(nil)).Elem() } -func (i ImageAssurancePolicyRequiredLabelArgs) ToImageAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyRequiredLabelOutput) +func (i KubernetesAssurancePolicyScopeVariableArgs) ToKubernetesAssurancePolicyScopeVariableOutput() KubernetesAssurancePolicyScopeVariableOutput { + return i.ToKubernetesAssurancePolicyScopeVariableOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyRequiredLabel] { - return pulumix.Output[ImageAssurancePolicyRequiredLabel]{ - OutputState: i.ToImageAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyScopeVariableArgs) ToKubernetesAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeVariableOutput) } -// ImageAssurancePolicyRequiredLabelArrayInput is an input type that accepts ImageAssurancePolicyRequiredLabelArray and ImageAssurancePolicyRequiredLabelArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyRequiredLabelArrayInput` via: +// KubernetesAssurancePolicyScopeVariableArrayInput is an input type that accepts KubernetesAssurancePolicyScopeVariableArray and KubernetesAssurancePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyScopeVariableArrayInput` via: // -// ImageAssurancePolicyRequiredLabelArray{ ImageAssurancePolicyRequiredLabelArgs{...} } -type ImageAssurancePolicyRequiredLabelArrayInput interface { +// KubernetesAssurancePolicyScopeVariableArray{ KubernetesAssurancePolicyScopeVariableArgs{...} } +type KubernetesAssurancePolicyScopeVariableArrayInput interface { pulumi.Input - ToImageAssurancePolicyRequiredLabelArrayOutput() ImageAssurancePolicyRequiredLabelArrayOutput - ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) ImageAssurancePolicyRequiredLabelArrayOutput + ToKubernetesAssurancePolicyScopeVariableArrayOutput() KubernetesAssurancePolicyScopeVariableArrayOutput + ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) KubernetesAssurancePolicyScopeVariableArrayOutput } -type ImageAssurancePolicyRequiredLabelArray []ImageAssurancePolicyRequiredLabelInput - -func (ImageAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyRequiredLabel)(nil)).Elem() -} +type KubernetesAssurancePolicyScopeVariableArray []KubernetesAssurancePolicyScopeVariableInput -func (i ImageAssurancePolicyRequiredLabelArray) ToImageAssurancePolicyRequiredLabelArrayOutput() ImageAssurancePolicyRequiredLabelArrayOutput { - return i.ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyScopeVariable)(nil)).Elem() } -func (i ImageAssurancePolicyRequiredLabelArray) ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyRequiredLabelArrayOutput) +func (i KubernetesAssurancePolicyScopeVariableArray) ToKubernetesAssurancePolicyScopeVariableArrayOutput() KubernetesAssurancePolicyScopeVariableArrayOutput { + return i.ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyRequiredLabel] { - return pulumix.Output[[]ImageAssurancePolicyRequiredLabel]{ - OutputState: i.ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyScopeVariableArray) ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeVariableArrayOutput) } -type ImageAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyRequiredLabel)(nil)).Elem() +func (KubernetesAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyScopeVariable)(nil)).Elem() } -func (o ImageAssurancePolicyRequiredLabelOutput) ToImageAssurancePolicyRequiredLabelOutput() ImageAssurancePolicyRequiredLabelOutput { +func (o KubernetesAssurancePolicyScopeVariableOutput) ToKubernetesAssurancePolicyScopeVariableOutput() KubernetesAssurancePolicyScopeVariableOutput { return o } -func (o ImageAssurancePolicyRequiredLabelOutput) ToImageAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelOutput { +func (o KubernetesAssurancePolicyScopeVariableOutput) ToKubernetesAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableOutput { return o } -func (o ImageAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyRequiredLabel] { - return pulumix.Output[ImageAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o ImageAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type ImageAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } +type KubernetesAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyRequiredLabel)(nil)).Elem() +func (KubernetesAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyScopeVariable)(nil)).Elem() } -func (o ImageAssurancePolicyRequiredLabelArrayOutput) ToImageAssurancePolicyRequiredLabelArrayOutput() ImageAssurancePolicyRequiredLabelArrayOutput { +func (o KubernetesAssurancePolicyScopeVariableArrayOutput) ToKubernetesAssurancePolicyScopeVariableArrayOutput() KubernetesAssurancePolicyScopeVariableArrayOutput { return o } -func (o ImageAssurancePolicyRequiredLabelArrayOutput) ToImageAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyRequiredLabelArrayOutput { +func (o KubernetesAssurancePolicyScopeVariableArrayOutput) ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableArrayOutput { return o } -func (o ImageAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyRequiredLabel] { - return pulumix.Output[[]ImageAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - -func (o ImageAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyRequiredLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyRequiredLabel { - return vs[0].([]ImageAssurancePolicyRequiredLabel)[vs[1].(int)] - }).(ImageAssurancePolicyRequiredLabelOutput) +func (o KubernetesAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyScopeVariable { + return vs[0].([]KubernetesAssurancePolicyScopeVariable)[vs[1].(int)] + }).(KubernetesAssurancePolicyScopeVariableOutput) } -type ImageAssurancePolicyScope struct { - Expression *string `pulumi:"expression"` - Variables []ImageAssurancePolicyScopeVariable `pulumi:"variables"` +type KubernetesAssurancePolicyTrustedBaseImage struct { + Imagename *string `pulumi:"imagename"` + Registry *string `pulumi:"registry"` } -// ImageAssurancePolicyScopeInput is an input type that accepts ImageAssurancePolicyScopeArgs and ImageAssurancePolicyScopeOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyScopeInput` via: +// KubernetesAssurancePolicyTrustedBaseImageInput is an input type that accepts KubernetesAssurancePolicyTrustedBaseImageArgs and KubernetesAssurancePolicyTrustedBaseImageOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyTrustedBaseImageInput` via: // -// ImageAssurancePolicyScopeArgs{...} -type ImageAssurancePolicyScopeInput interface { +// KubernetesAssurancePolicyTrustedBaseImageArgs{...} +type KubernetesAssurancePolicyTrustedBaseImageInput interface { pulumi.Input - ToImageAssurancePolicyScopeOutput() ImageAssurancePolicyScopeOutput - ToImageAssurancePolicyScopeOutputWithContext(context.Context) ImageAssurancePolicyScopeOutput -} - -type ImageAssurancePolicyScopeArgs struct { - Expression pulumi.StringPtrInput `pulumi:"expression"` - Variables ImageAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` + ToKubernetesAssurancePolicyTrustedBaseImageOutput() KubernetesAssurancePolicyTrustedBaseImageOutput + ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) KubernetesAssurancePolicyTrustedBaseImageOutput } -func (ImageAssurancePolicyScopeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyScope)(nil)).Elem() +type KubernetesAssurancePolicyTrustedBaseImageArgs struct { + Imagename pulumi.StringPtrInput `pulumi:"imagename"` + Registry pulumi.StringPtrInput `pulumi:"registry"` } -func (i ImageAssurancePolicyScopeArgs) ToImageAssurancePolicyScopeOutput() ImageAssurancePolicyScopeOutput { - return i.ToImageAssurancePolicyScopeOutputWithContext(context.Background()) +func (KubernetesAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (i ImageAssurancePolicyScopeArgs) ToImageAssurancePolicyScopeOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeOutput) +func (i KubernetesAssurancePolicyTrustedBaseImageArgs) ToKubernetesAssurancePolicyTrustedBaseImageOutput() KubernetesAssurancePolicyTrustedBaseImageOutput { + return i.ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyScope] { - return pulumix.Output[ImageAssurancePolicyScope]{ - OutputState: i.ToImageAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } +func (i KubernetesAssurancePolicyTrustedBaseImageArgs) ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyTrustedBaseImageOutput) } -// ImageAssurancePolicyScopeArrayInput is an input type that accepts ImageAssurancePolicyScopeArray and ImageAssurancePolicyScopeArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyScopeArrayInput` via: +// KubernetesAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts KubernetesAssurancePolicyTrustedBaseImageArray and KubernetesAssurancePolicyTrustedBaseImageArrayOutput values. +// You can construct a concrete instance of `KubernetesAssurancePolicyTrustedBaseImageArrayInput` via: // -// ImageAssurancePolicyScopeArray{ ImageAssurancePolicyScopeArgs{...} } -type ImageAssurancePolicyScopeArrayInput interface { +// KubernetesAssurancePolicyTrustedBaseImageArray{ KubernetesAssurancePolicyTrustedBaseImageArgs{...} } +type KubernetesAssurancePolicyTrustedBaseImageArrayInput interface { pulumi.Input - ToImageAssurancePolicyScopeArrayOutput() ImageAssurancePolicyScopeArrayOutput - ToImageAssurancePolicyScopeArrayOutputWithContext(context.Context) ImageAssurancePolicyScopeArrayOutput + ToKubernetesAssurancePolicyTrustedBaseImageArrayOutput() KubernetesAssurancePolicyTrustedBaseImageArrayOutput + ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) KubernetesAssurancePolicyTrustedBaseImageArrayOutput } -type ImageAssurancePolicyScopeArray []ImageAssurancePolicyScopeInput +type KubernetesAssurancePolicyTrustedBaseImageArray []KubernetesAssurancePolicyTrustedBaseImageInput -func (ImageAssurancePolicyScopeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyScope)(nil)).Elem() +func (KubernetesAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (i ImageAssurancePolicyScopeArray) ToImageAssurancePolicyScopeArrayOutput() ImageAssurancePolicyScopeArrayOutput { - return i.ToImageAssurancePolicyScopeArrayOutputWithContext(context.Background()) +func (i KubernetesAssurancePolicyTrustedBaseImageArray) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutput() KubernetesAssurancePolicyTrustedBaseImageArrayOutput { + return i.ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyScopeArray) ToImageAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeArrayOutput) +func (i KubernetesAssurancePolicyTrustedBaseImageArray) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyTrustedBaseImageArrayOutput) } -func (i ImageAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyScope] { - return pulumix.Output[[]ImageAssurancePolicyScope]{ - OutputState: i.ToImageAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } -} +type KubernetesAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } -type ImageAssurancePolicyScopeOutput struct{ *pulumi.OutputState } +func (KubernetesAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() +} -func (ImageAssurancePolicyScopeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyScope)(nil)).Elem() +func (o KubernetesAssurancePolicyTrustedBaseImageOutput) ToKubernetesAssurancePolicyTrustedBaseImageOutput() KubernetesAssurancePolicyTrustedBaseImageOutput { + return o } -func (o ImageAssurancePolicyScopeOutput) ToImageAssurancePolicyScopeOutput() ImageAssurancePolicyScopeOutput { +func (o KubernetesAssurancePolicyTrustedBaseImageOutput) ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageOutput { return o } -func (o ImageAssurancePolicyScopeOutput) ToImageAssurancePolicyScopeOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeOutput { +func (o KubernetesAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +} + +func (o KubernetesAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v KubernetesAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +} + +type KubernetesAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } + +func (KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutput() KubernetesAssurancePolicyTrustedBaseImageArrayOutput { return o } -func (o ImageAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyScope] { - return pulumix.Output[ImageAssurancePolicyScope]{ - OutputState: o.OutputState, - } +func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageArrayOutput { + return o } -func (o ImageAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyTrustedBaseImage { + return vs[0].([]KubernetesAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(KubernetesAssurancePolicyTrustedBaseImageOutput) } -func (o ImageAssurancePolicyScopeOutput) Variables() ImageAssurancePolicyScopeVariableArrayOutput { - return o.ApplyT(func(v ImageAssurancePolicyScope) []ImageAssurancePolicyScopeVariable { return v.Variables }).(ImageAssurancePolicyScopeVariableArrayOutput) +type RoleMappingLdap struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping map[string]string `pulumi:"roleMapping"` } -type ImageAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } +// RoleMappingLdapInput is an input type that accepts RoleMappingLdapArgs and RoleMappingLdapOutput values. +// You can construct a concrete instance of `RoleMappingLdapInput` via: +// +// RoleMappingLdapArgs{...} +type RoleMappingLdapInput interface { + pulumi.Input -func (ImageAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyScope)(nil)).Elem() + ToRoleMappingLdapOutput() RoleMappingLdapOutput + ToRoleMappingLdapOutputWithContext(context.Context) RoleMappingLdapOutput } -func (o ImageAssurancePolicyScopeArrayOutput) ToImageAssurancePolicyScopeArrayOutput() ImageAssurancePolicyScopeArrayOutput { - return o +type RoleMappingLdapArgs struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` +} + +func (RoleMappingLdapArgs) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingLdap)(nil)).Elem() } -func (o ImageAssurancePolicyScopeArrayOutput) ToImageAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeArrayOutput { - return o +func (i RoleMappingLdapArgs) ToRoleMappingLdapOutput() RoleMappingLdapOutput { + return i.ToRoleMappingLdapOutputWithContext(context.Background()) } -func (o ImageAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyScope] { - return pulumix.Output[[]ImageAssurancePolicyScope]{ - OutputState: o.OutputState, - } +func (i RoleMappingLdapArgs) ToRoleMappingLdapOutputWithContext(ctx context.Context) RoleMappingLdapOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingLdapOutput) } -func (o ImageAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyScopeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyScope { - return vs[0].([]ImageAssurancePolicyScope)[vs[1].(int)] - }).(ImageAssurancePolicyScopeOutput) +func (i RoleMappingLdapArgs) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { + return i.ToRoleMappingLdapPtrOutputWithContext(context.Background()) } -type ImageAssurancePolicyScopeVariable struct { - Attribute *string `pulumi:"attribute"` - Name *string `pulumi:"name"` - Value *string `pulumi:"value"` +func (i RoleMappingLdapArgs) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingLdapOutput).ToRoleMappingLdapPtrOutputWithContext(ctx) } -// ImageAssurancePolicyScopeVariableInput is an input type that accepts ImageAssurancePolicyScopeVariableArgs and ImageAssurancePolicyScopeVariableOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyScopeVariableInput` via: +// RoleMappingLdapPtrInput is an input type that accepts RoleMappingLdapArgs, RoleMappingLdapPtr and RoleMappingLdapPtrOutput values. +// You can construct a concrete instance of `RoleMappingLdapPtrInput` via: // -// ImageAssurancePolicyScopeVariableArgs{...} -type ImageAssurancePolicyScopeVariableInput interface { +// RoleMappingLdapArgs{...} +// +// or: +// +// nil +type RoleMappingLdapPtrInput interface { pulumi.Input - ToImageAssurancePolicyScopeVariableOutput() ImageAssurancePolicyScopeVariableOutput - ToImageAssurancePolicyScopeVariableOutputWithContext(context.Context) ImageAssurancePolicyScopeVariableOutput + ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput + ToRoleMappingLdapPtrOutputWithContext(context.Context) RoleMappingLdapPtrOutput } -type ImageAssurancePolicyScopeVariableArgs struct { - Attribute pulumi.StringPtrInput `pulumi:"attribute"` - Name pulumi.StringPtrInput `pulumi:"name"` - Value pulumi.StringPtrInput `pulumi:"value"` -} +type roleMappingLdapPtrType RoleMappingLdapArgs -func (ImageAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyScopeVariable)(nil)).Elem() +func RoleMappingLdapPtr(v *RoleMappingLdapArgs) RoleMappingLdapPtrInput { + return (*roleMappingLdapPtrType)(v) } -func (i ImageAssurancePolicyScopeVariableArgs) ToImageAssurancePolicyScopeVariableOutput() ImageAssurancePolicyScopeVariableOutput { - return i.ToImageAssurancePolicyScopeVariableOutputWithContext(context.Background()) +func (*roleMappingLdapPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingLdap)(nil)).Elem() } -func (i ImageAssurancePolicyScopeVariableArgs) ToImageAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeVariableOutput) +func (i *roleMappingLdapPtrType) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { + return i.ToRoleMappingLdapPtrOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyScopeVariable] { - return pulumix.Output[ImageAssurancePolicyScopeVariable]{ - OutputState: i.ToImageAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (i *roleMappingLdapPtrType) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingLdapPtrOutput) } -// ImageAssurancePolicyScopeVariableArrayInput is an input type that accepts ImageAssurancePolicyScopeVariableArray and ImageAssurancePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyScopeVariableArrayInput` via: -// -// ImageAssurancePolicyScopeVariableArray{ ImageAssurancePolicyScopeVariableArgs{...} } -type ImageAssurancePolicyScopeVariableArrayInput interface { - pulumi.Input +type RoleMappingLdapOutput struct{ *pulumi.OutputState } - ToImageAssurancePolicyScopeVariableArrayOutput() ImageAssurancePolicyScopeVariableArrayOutput - ToImageAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) ImageAssurancePolicyScopeVariableArrayOutput +func (RoleMappingLdapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingLdap)(nil)).Elem() } -type ImageAssurancePolicyScopeVariableArray []ImageAssurancePolicyScopeVariableInput +func (o RoleMappingLdapOutput) ToRoleMappingLdapOutput() RoleMappingLdapOutput { + return o +} -func (ImageAssurancePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyScopeVariable)(nil)).Elem() +func (o RoleMappingLdapOutput) ToRoleMappingLdapOutputWithContext(ctx context.Context) RoleMappingLdapOutput { + return o } -func (i ImageAssurancePolicyScopeVariableArray) ToImageAssurancePolicyScopeVariableArrayOutput() ImageAssurancePolicyScopeVariableArrayOutput { - return i.ToImageAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (o RoleMappingLdapOutput) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { + return o.ToRoleMappingLdapPtrOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyScopeVariableArray) ToImageAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyScopeVariableArrayOutput) +func (o RoleMappingLdapOutput) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingLdap) *RoleMappingLdap { + return &v + }).(RoleMappingLdapPtrOutput) } -func (i ImageAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyScopeVariable] { - return pulumix.Output[[]ImageAssurancePolicyScopeVariable]{ - OutputState: i.ToImageAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingLdapOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v RoleMappingLdap) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } -type ImageAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } +type RoleMappingLdapPtrOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyScopeVariable)(nil)).Elem() +func (RoleMappingLdapPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingLdap)(nil)).Elem() } -func (o ImageAssurancePolicyScopeVariableOutput) ToImageAssurancePolicyScopeVariableOutput() ImageAssurancePolicyScopeVariableOutput { +func (o RoleMappingLdapPtrOutput) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { return o } -func (o ImageAssurancePolicyScopeVariableOutput) ToImageAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableOutput { +func (o RoleMappingLdapPtrOutput) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { return o } -func (o ImageAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyScopeVariable] { - return pulumix.Output[ImageAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (o RoleMappingLdapPtrOutput) Elem() RoleMappingLdapOutput { + return o.ApplyT(func(v *RoleMappingLdap) RoleMappingLdap { + if v != nil { + return *v + } + var ret RoleMappingLdap + return ret + }).(RoleMappingLdapOutput) } -func (o ImageAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingLdapPtrOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v *RoleMappingLdap) map[string]string { + if v == nil { + return nil + } + return v.RoleMapping + }).(pulumi.StringMapOutput) } -func (o ImageAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +type RoleMappingOauth2 struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping map[string]string `pulumi:"roleMapping"` } -func (o ImageAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) -} +// RoleMappingOauth2Input is an input type that accepts RoleMappingOauth2Args and RoleMappingOauth2Output values. +// You can construct a concrete instance of `RoleMappingOauth2Input` via: +// +// RoleMappingOauth2Args{...} +type RoleMappingOauth2Input interface { + pulumi.Input -type ImageAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + ToRoleMappingOauth2Output() RoleMappingOauth2Output + ToRoleMappingOauth2OutputWithContext(context.Context) RoleMappingOauth2Output +} -func (ImageAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyScopeVariable)(nil)).Elem() +type RoleMappingOauth2Args struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` } -func (o ImageAssurancePolicyScopeVariableArrayOutput) ToImageAssurancePolicyScopeVariableArrayOutput() ImageAssurancePolicyScopeVariableArrayOutput { - return o +func (RoleMappingOauth2Args) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingOauth2)(nil)).Elem() } -func (o ImageAssurancePolicyScopeVariableArrayOutput) ToImageAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyScopeVariableArrayOutput { - return o +func (i RoleMappingOauth2Args) ToRoleMappingOauth2Output() RoleMappingOauth2Output { + return i.ToRoleMappingOauth2OutputWithContext(context.Background()) } -func (o ImageAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyScopeVariable] { - return pulumix.Output[[]ImageAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (i RoleMappingOauth2Args) ToRoleMappingOauth2OutputWithContext(ctx context.Context) RoleMappingOauth2Output { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOauth2Output) } -func (o ImageAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyScopeVariable { - return vs[0].([]ImageAssurancePolicyScopeVariable)[vs[1].(int)] - }).(ImageAssurancePolicyScopeVariableOutput) +func (i RoleMappingOauth2Args) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { + return i.ToRoleMappingOauth2PtrOutputWithContext(context.Background()) } -type ImageAssurancePolicyTrustedBaseImage struct { - Imagename *string `pulumi:"imagename"` - Registry *string `pulumi:"registry"` +func (i RoleMappingOauth2Args) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOauth2Output).ToRoleMappingOauth2PtrOutputWithContext(ctx) } -// ImageAssurancePolicyTrustedBaseImageInput is an input type that accepts ImageAssurancePolicyTrustedBaseImageArgs and ImageAssurancePolicyTrustedBaseImageOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyTrustedBaseImageInput` via: +// RoleMappingOauth2PtrInput is an input type that accepts RoleMappingOauth2Args, RoleMappingOauth2Ptr and RoleMappingOauth2PtrOutput values. +// You can construct a concrete instance of `RoleMappingOauth2PtrInput` via: // -// ImageAssurancePolicyTrustedBaseImageArgs{...} -type ImageAssurancePolicyTrustedBaseImageInput interface { +// RoleMappingOauth2Args{...} +// +// or: +// +// nil +type RoleMappingOauth2PtrInput interface { pulumi.Input - ToImageAssurancePolicyTrustedBaseImageOutput() ImageAssurancePolicyTrustedBaseImageOutput - ToImageAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) ImageAssurancePolicyTrustedBaseImageOutput + ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput + ToRoleMappingOauth2PtrOutputWithContext(context.Context) RoleMappingOauth2PtrOutput } -type ImageAssurancePolicyTrustedBaseImageArgs struct { - Imagename pulumi.StringPtrInput `pulumi:"imagename"` - Registry pulumi.StringPtrInput `pulumi:"registry"` -} +type roleMappingOauth2PtrType RoleMappingOauth2Args -func (ImageAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() +func RoleMappingOauth2Ptr(v *RoleMappingOauth2Args) RoleMappingOauth2PtrInput { + return (*roleMappingOauth2PtrType)(v) } -func (i ImageAssurancePolicyTrustedBaseImageArgs) ToImageAssurancePolicyTrustedBaseImageOutput() ImageAssurancePolicyTrustedBaseImageOutput { - return i.ToImageAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +func (*roleMappingOauth2PtrType) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingOauth2)(nil)).Elem() } -func (i ImageAssurancePolicyTrustedBaseImageArgs) ToImageAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyTrustedBaseImageOutput) +func (i *roleMappingOauth2PtrType) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { + return i.ToRoleMappingOauth2PtrOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[ImageAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToImageAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } +func (i *roleMappingOauth2PtrType) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOauth2PtrOutput) } -// ImageAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts ImageAssurancePolicyTrustedBaseImageArray and ImageAssurancePolicyTrustedBaseImageArrayOutput values. -// You can construct a concrete instance of `ImageAssurancePolicyTrustedBaseImageArrayInput` via: -// -// ImageAssurancePolicyTrustedBaseImageArray{ ImageAssurancePolicyTrustedBaseImageArgs{...} } -type ImageAssurancePolicyTrustedBaseImageArrayInput interface { - pulumi.Input +type RoleMappingOauth2Output struct{ *pulumi.OutputState } - ToImageAssurancePolicyTrustedBaseImageArrayOutput() ImageAssurancePolicyTrustedBaseImageArrayOutput - ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) ImageAssurancePolicyTrustedBaseImageArrayOutput +func (RoleMappingOauth2Output) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingOauth2)(nil)).Elem() } -type ImageAssurancePolicyTrustedBaseImageArray []ImageAssurancePolicyTrustedBaseImageInput +func (o RoleMappingOauth2Output) ToRoleMappingOauth2Output() RoleMappingOauth2Output { + return o +} -func (ImageAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (o RoleMappingOauth2Output) ToRoleMappingOauth2OutputWithContext(ctx context.Context) RoleMappingOauth2Output { + return o } -func (i ImageAssurancePolicyTrustedBaseImageArray) ToImageAssurancePolicyTrustedBaseImageArrayOutput() ImageAssurancePolicyTrustedBaseImageArrayOutput { - return i.ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +func (o RoleMappingOauth2Output) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { + return o.ToRoleMappingOauth2PtrOutputWithContext(context.Background()) } -func (i ImageAssurancePolicyTrustedBaseImageArray) ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageAssurancePolicyTrustedBaseImageArrayOutput) +func (o RoleMappingOauth2Output) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingOauth2) *RoleMappingOauth2 { + return &v + }).(RoleMappingOauth2PtrOutput) } -func (i ImageAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]ImageAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingOauth2Output) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v RoleMappingOauth2) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } -type ImageAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } +type RoleMappingOauth2PtrOutput struct{ *pulumi.OutputState } -func (ImageAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (RoleMappingOauth2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingOauth2)(nil)).Elem() } -func (o ImageAssurancePolicyTrustedBaseImageOutput) ToImageAssurancePolicyTrustedBaseImageOutput() ImageAssurancePolicyTrustedBaseImageOutput { +func (o RoleMappingOauth2PtrOutput) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { return o } -func (o ImageAssurancePolicyTrustedBaseImageOutput) ToImageAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageOutput { +func (o RoleMappingOauth2PtrOutput) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { return o } -func (o ImageAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[ImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[ImageAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o RoleMappingOauth2PtrOutput) Elem() RoleMappingOauth2Output { + return o.ApplyT(func(v *RoleMappingOauth2) RoleMappingOauth2 { + if v != nil { + return *v + } + var ret RoleMappingOauth2 + return ret + }).(RoleMappingOauth2Output) +} + +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingOauth2PtrOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v *RoleMappingOauth2) map[string]string { + if v == nil { + return nil + } + return v.RoleMapping + }).(pulumi.StringMapOutput) } -func (o ImageAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +type RoleMappingOpenid struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping map[string]string `pulumi:"roleMapping"` } -func (o ImageAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +// RoleMappingOpenidInput is an input type that accepts RoleMappingOpenidArgs and RoleMappingOpenidOutput values. +// You can construct a concrete instance of `RoleMappingOpenidInput` via: +// +// RoleMappingOpenidArgs{...} +type RoleMappingOpenidInput interface { + pulumi.Input + + ToRoleMappingOpenidOutput() RoleMappingOpenidOutput + ToRoleMappingOpenidOutputWithContext(context.Context) RoleMappingOpenidOutput } -type ImageAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } - -func (ImageAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageAssurancePolicyTrustedBaseImage)(nil)).Elem() +type RoleMappingOpenidArgs struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` } -func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) ToImageAssurancePolicyTrustedBaseImageArrayOutput() ImageAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (RoleMappingOpenidArgs) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingOpenid)(nil)).Elem() } -func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) ToImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) ImageAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (i RoleMappingOpenidArgs) ToRoleMappingOpenidOutput() RoleMappingOpenidOutput { + return i.ToRoleMappingOpenidOutputWithContext(context.Background()) } -func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]ImageAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (i RoleMappingOpenidArgs) ToRoleMappingOpenidOutputWithContext(ctx context.Context) RoleMappingOpenidOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOpenidOutput) } -func (o ImageAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) ImageAssurancePolicyTrustedBaseImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageAssurancePolicyTrustedBaseImage { - return vs[0].([]ImageAssurancePolicyTrustedBaseImage)[vs[1].(int)] - }).(ImageAssurancePolicyTrustedBaseImageOutput) +func (i RoleMappingOpenidArgs) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { + return i.ToRoleMappingOpenidPtrOutputWithContext(context.Background()) } -type ImageHistory struct { - // The image creation comment. - Comment *string `pulumi:"comment"` - // The date and time when the image was registered. - Created *string `pulumi:"created"` - CreatedBy *string `pulumi:"createdBy"` - // The ID of this resource. - Id *string `pulumi:"id"` - Size *int `pulumi:"size"` +func (i RoleMappingOpenidArgs) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOpenidOutput).ToRoleMappingOpenidPtrOutputWithContext(ctx) } -// ImageHistoryInput is an input type that accepts ImageHistoryArgs and ImageHistoryOutput values. -// You can construct a concrete instance of `ImageHistoryInput` via: +// RoleMappingOpenidPtrInput is an input type that accepts RoleMappingOpenidArgs, RoleMappingOpenidPtr and RoleMappingOpenidPtrOutput values. +// You can construct a concrete instance of `RoleMappingOpenidPtrInput` via: // -// ImageHistoryArgs{...} -type ImageHistoryInput interface { +// RoleMappingOpenidArgs{...} +// +// or: +// +// nil +type RoleMappingOpenidPtrInput interface { pulumi.Input - ToImageHistoryOutput() ImageHistoryOutput - ToImageHistoryOutputWithContext(context.Context) ImageHistoryOutput + ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput + ToRoleMappingOpenidPtrOutputWithContext(context.Context) RoleMappingOpenidPtrOutput } -type ImageHistoryArgs struct { - // The image creation comment. - Comment pulumi.StringPtrInput `pulumi:"comment"` - // The date and time when the image was registered. - Created pulumi.StringPtrInput `pulumi:"created"` - CreatedBy pulumi.StringPtrInput `pulumi:"createdBy"` - // The ID of this resource. - Id pulumi.StringPtrInput `pulumi:"id"` - Size pulumi.IntPtrInput `pulumi:"size"` -} +type roleMappingOpenidPtrType RoleMappingOpenidArgs -func (ImageHistoryArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageHistory)(nil)).Elem() +func RoleMappingOpenidPtr(v *RoleMappingOpenidArgs) RoleMappingOpenidPtrInput { + return (*roleMappingOpenidPtrType)(v) } -func (i ImageHistoryArgs) ToImageHistoryOutput() ImageHistoryOutput { - return i.ToImageHistoryOutputWithContext(context.Background()) +func (*roleMappingOpenidPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingOpenid)(nil)).Elem() } -func (i ImageHistoryArgs) ToImageHistoryOutputWithContext(ctx context.Context) ImageHistoryOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageHistoryOutput) +func (i *roleMappingOpenidPtrType) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { + return i.ToRoleMappingOpenidPtrOutputWithContext(context.Background()) } -func (i ImageHistoryArgs) ToOutput(ctx context.Context) pulumix.Output[ImageHistory] { - return pulumix.Output[ImageHistory]{ - OutputState: i.ToImageHistoryOutputWithContext(ctx).OutputState, - } +func (i *roleMappingOpenidPtrType) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOpenidPtrOutput) } -// ImageHistoryArrayInput is an input type that accepts ImageHistoryArray and ImageHistoryArrayOutput values. -// You can construct a concrete instance of `ImageHistoryArrayInput` via: -// -// ImageHistoryArray{ ImageHistoryArgs{...} } -type ImageHistoryArrayInput interface { - pulumi.Input +type RoleMappingOpenidOutput struct{ *pulumi.OutputState } - ToImageHistoryArrayOutput() ImageHistoryArrayOutput - ToImageHistoryArrayOutputWithContext(context.Context) ImageHistoryArrayOutput +func (RoleMappingOpenidOutput) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingOpenid)(nil)).Elem() } -type ImageHistoryArray []ImageHistoryInput +func (o RoleMappingOpenidOutput) ToRoleMappingOpenidOutput() RoleMappingOpenidOutput { + return o +} -func (ImageHistoryArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageHistory)(nil)).Elem() +func (o RoleMappingOpenidOutput) ToRoleMappingOpenidOutputWithContext(ctx context.Context) RoleMappingOpenidOutput { + return o } -func (i ImageHistoryArray) ToImageHistoryArrayOutput() ImageHistoryArrayOutput { - return i.ToImageHistoryArrayOutputWithContext(context.Background()) +func (o RoleMappingOpenidOutput) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { + return o.ToRoleMappingOpenidPtrOutputWithContext(context.Background()) } -func (i ImageHistoryArray) ToImageHistoryArrayOutputWithContext(ctx context.Context) ImageHistoryArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageHistoryArrayOutput) +func (o RoleMappingOpenidOutput) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingOpenid) *RoleMappingOpenid { + return &v + }).(RoleMappingOpenidPtrOutput) } -func (i ImageHistoryArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageHistory] { - return pulumix.Output[[]ImageHistory]{ - OutputState: i.ToImageHistoryArrayOutputWithContext(ctx).OutputState, - } +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingOpenidOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v RoleMappingOpenid) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } -type ImageHistoryOutput struct{ *pulumi.OutputState } +type RoleMappingOpenidPtrOutput struct{ *pulumi.OutputState } -func (ImageHistoryOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageHistory)(nil)).Elem() +func (RoleMappingOpenidPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingOpenid)(nil)).Elem() } -func (o ImageHistoryOutput) ToImageHistoryOutput() ImageHistoryOutput { +func (o RoleMappingOpenidPtrOutput) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { return o } -func (o ImageHistoryOutput) ToImageHistoryOutputWithContext(ctx context.Context) ImageHistoryOutput { +func (o RoleMappingOpenidPtrOutput) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { return o } -func (o ImageHistoryOutput) ToOutput(ctx context.Context) pulumix.Output[ImageHistory] { - return pulumix.Output[ImageHistory]{ - OutputState: o.OutputState, - } -} - -// The image creation comment. -func (o ImageHistoryOutput) Comment() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageHistory) *string { return v.Comment }).(pulumi.StringPtrOutput) +func (o RoleMappingOpenidPtrOutput) Elem() RoleMappingOpenidOutput { + return o.ApplyT(func(v *RoleMappingOpenid) RoleMappingOpenid { + if v != nil { + return *v + } + var ret RoleMappingOpenid + return ret + }).(RoleMappingOpenidOutput) } -// The date and time when the image was registered. -func (o ImageHistoryOutput) Created() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageHistory) *string { return v.Created }).(pulumi.StringPtrOutput) +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingOpenidPtrOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v *RoleMappingOpenid) map[string]string { + if v == nil { + return nil + } + return v.RoleMapping + }).(pulumi.StringMapOutput) } -func (o ImageHistoryOutput) CreatedBy() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageHistory) *string { return v.CreatedBy }).(pulumi.StringPtrOutput) +type RoleMappingSaml struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping map[string]string `pulumi:"roleMapping"` } -// The ID of this resource. -func (o ImageHistoryOutput) Id() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageHistory) *string { return v.Id }).(pulumi.StringPtrOutput) -} +// RoleMappingSamlInput is an input type that accepts RoleMappingSamlArgs and RoleMappingSamlOutput values. +// You can construct a concrete instance of `RoleMappingSamlInput` via: +// +// RoleMappingSamlArgs{...} +type RoleMappingSamlInput interface { + pulumi.Input -func (o ImageHistoryOutput) Size() pulumi.IntPtrOutput { - return o.ApplyT(func(v ImageHistory) *int { return v.Size }).(pulumi.IntPtrOutput) + ToRoleMappingSamlOutput() RoleMappingSamlOutput + ToRoleMappingSamlOutputWithContext(context.Context) RoleMappingSamlOutput } -type ImageHistoryArrayOutput struct{ *pulumi.OutputState } - -func (ImageHistoryArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageHistory)(nil)).Elem() +type RoleMappingSamlArgs struct { + // Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` } -func (o ImageHistoryArrayOutput) ToImageHistoryArrayOutput() ImageHistoryArrayOutput { - return o +func (RoleMappingSamlArgs) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingSaml)(nil)).Elem() } -func (o ImageHistoryArrayOutput) ToImageHistoryArrayOutputWithContext(ctx context.Context) ImageHistoryArrayOutput { - return o +func (i RoleMappingSamlArgs) ToRoleMappingSamlOutput() RoleMappingSamlOutput { + return i.ToRoleMappingSamlOutputWithContext(context.Background()) } -func (o ImageHistoryArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageHistory] { - return pulumix.Output[[]ImageHistory]{ - OutputState: o.OutputState, - } +func (i RoleMappingSamlArgs) ToRoleMappingSamlOutputWithContext(ctx context.Context) RoleMappingSamlOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSamlOutput) } -func (o ImageHistoryArrayOutput) Index(i pulumi.IntInput) ImageHistoryOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageHistory { - return vs[0].([]ImageHistory)[vs[1].(int)] - }).(ImageHistoryOutput) +func (i RoleMappingSamlArgs) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { + return i.ToRoleMappingSamlPtrOutputWithContext(context.Background()) } -type ImageVulnerability struct { - AckAuthor *string `pulumi:"ackAuthor"` - AckComment *string `pulumi:"ackComment"` - AckExpirationConfiguredAt *string `pulumi:"ackExpirationConfiguredAt"` - AckExpirationConfiguredBy *string `pulumi:"ackExpirationConfiguredBy"` - AckExpirationDays *int `pulumi:"ackExpirationDays"` - AckScope *string `pulumi:"ackScope"` - AcknowledgeDate *string `pulumi:"acknowledgeDate"` - AncestorPkg *string `pulumi:"ancestorPkg"` - AquaScore *float64 `pulumi:"aquaScore"` - AquaScoreClassification *string `pulumi:"aquaScoreClassification"` - AquaScoringSystem *string `pulumi:"aquaScoringSystem"` - AquaSeverity *string `pulumi:"aquaSeverity"` - AquaSeverityClassification *string `pulumi:"aquaSeverityClassification"` - AquaVectors *string `pulumi:"aquaVectors"` - AuditEventsCount *int `pulumi:"auditEventsCount"` - BlockEventsCount *int `pulumi:"blockEventsCount"` - Classification *string `pulumi:"classification"` - Description *string `pulumi:"description"` - // The content digest of the image. - Digest *string `pulumi:"digest"` - ExploitReference *string `pulumi:"exploitReference"` - ExploitType *string `pulumi:"exploitType"` - FirstFoundDate *string `pulumi:"firstFoundDate"` - FixVersion *string `pulumi:"fixVersion"` - ImageName *string `pulumi:"imageName"` - LastFoundDate *string `pulumi:"lastFoundDate"` - ModificationDate *string `pulumi:"modificationDate"` - // The name of the image. - Name *string `pulumi:"name"` - NvdCvss2Score *float64 `pulumi:"nvdCvss2Score"` - NvdCvss2Vectors *string `pulumi:"nvdCvss2Vectors"` - NvdCvss3Score *float64 `pulumi:"nvdCvss3Score"` - NvdCvss3Severity *string `pulumi:"nvdCvss3Severity"` - NvdCvss3Vectors *string `pulumi:"nvdCvss3Vectors"` - NvdSeverity *string `pulumi:"nvdSeverity"` - NvdUrl *string `pulumi:"nvdUrl"` - // The operating system detected in the image - Os *string `pulumi:"os"` - // The version of the OS detected in the image. - OsVersion *string `pulumi:"osVersion"` - // Permission of the image. - Permission *string `pulumi:"permission"` - PublishDate *string `pulumi:"publishDate"` - // The name of the registry where the image is stored. - Registry *string `pulumi:"registry"` - // The name of the image's repository. - Repository *string `pulumi:"repository"` - ResourceArchitecture *string `pulumi:"resourceArchitecture"` - ResourceCpe *string `pulumi:"resourceCpe"` - ResourceFormat *string `pulumi:"resourceFormat"` - ResourceHash *string `pulumi:"resourceHash"` - ResourceLicenses []string `pulumi:"resourceLicenses"` - ResourceName *string `pulumi:"resourceName"` - ResourcePath *string `pulumi:"resourcePath"` - ResourceType *string `pulumi:"resourceType"` - ResourceVersion *string `pulumi:"resourceVersion"` - SeverityClassification *string `pulumi:"severityClassification"` - Solution *string `pulumi:"solution"` - TemporalVector *string `pulumi:"temporalVector"` - VPatchAppliedBy *string `pulumi:"vPatchAppliedBy"` - VPatchAppliedOn *string `pulumi:"vPatchAppliedOn"` - VPatchEnforcedBy *string `pulumi:"vPatchEnforcedBy"` - VPatchEnforcedOn *string `pulumi:"vPatchEnforcedOn"` - VPatchPolicyEnforce *bool `pulumi:"vPatchPolicyEnforce"` - VPatchPolicyName *string `pulumi:"vPatchPolicyName"` - VPatchRevertedBy *string `pulumi:"vPatchRevertedBy"` - VPatchRevertedOn *string `pulumi:"vPatchRevertedOn"` - VPatchStatus *string `pulumi:"vPatchStatus"` - VendorCvss2Score *float64 `pulumi:"vendorCvss2Score"` - VendorCvss2Vectors *string `pulumi:"vendorCvss2Vectors"` - VendorSeverity *string `pulumi:"vendorSeverity"` - VendorStatement *string `pulumi:"vendorStatement"` - VendorUrl *string `pulumi:"vendorUrl"` +func (i RoleMappingSamlArgs) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSamlOutput).ToRoleMappingSamlPtrOutputWithContext(ctx) } -// ImageVulnerabilityInput is an input type that accepts ImageVulnerabilityArgs and ImageVulnerabilityOutput values. -// You can construct a concrete instance of `ImageVulnerabilityInput` via: +// RoleMappingSamlPtrInput is an input type that accepts RoleMappingSamlArgs, RoleMappingSamlPtr and RoleMappingSamlPtrOutput values. +// You can construct a concrete instance of `RoleMappingSamlPtrInput` via: // -// ImageVulnerabilityArgs{...} -type ImageVulnerabilityInput interface { +// RoleMappingSamlArgs{...} +// +// or: +// +// nil +type RoleMappingSamlPtrInput interface { pulumi.Input - ToImageVulnerabilityOutput() ImageVulnerabilityOutput - ToImageVulnerabilityOutputWithContext(context.Context) ImageVulnerabilityOutput + ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput + ToRoleMappingSamlPtrOutputWithContext(context.Context) RoleMappingSamlPtrOutput } -type ImageVulnerabilityArgs struct { - AckAuthor pulumi.StringPtrInput `pulumi:"ackAuthor"` - AckComment pulumi.StringPtrInput `pulumi:"ackComment"` - AckExpirationConfiguredAt pulumi.StringPtrInput `pulumi:"ackExpirationConfiguredAt"` - AckExpirationConfiguredBy pulumi.StringPtrInput `pulumi:"ackExpirationConfiguredBy"` - AckExpirationDays pulumi.IntPtrInput `pulumi:"ackExpirationDays"` - AckScope pulumi.StringPtrInput `pulumi:"ackScope"` - AcknowledgeDate pulumi.StringPtrInput `pulumi:"acknowledgeDate"` - AncestorPkg pulumi.StringPtrInput `pulumi:"ancestorPkg"` - AquaScore pulumi.Float64PtrInput `pulumi:"aquaScore"` - AquaScoreClassification pulumi.StringPtrInput `pulumi:"aquaScoreClassification"` - AquaScoringSystem pulumi.StringPtrInput `pulumi:"aquaScoringSystem"` - AquaSeverity pulumi.StringPtrInput `pulumi:"aquaSeverity"` - AquaSeverityClassification pulumi.StringPtrInput `pulumi:"aquaSeverityClassification"` - AquaVectors pulumi.StringPtrInput `pulumi:"aquaVectors"` - AuditEventsCount pulumi.IntPtrInput `pulumi:"auditEventsCount"` - BlockEventsCount pulumi.IntPtrInput `pulumi:"blockEventsCount"` - Classification pulumi.StringPtrInput `pulumi:"classification"` - Description pulumi.StringPtrInput `pulumi:"description"` - // The content digest of the image. - Digest pulumi.StringPtrInput `pulumi:"digest"` - ExploitReference pulumi.StringPtrInput `pulumi:"exploitReference"` - ExploitType pulumi.StringPtrInput `pulumi:"exploitType"` - FirstFoundDate pulumi.StringPtrInput `pulumi:"firstFoundDate"` - FixVersion pulumi.StringPtrInput `pulumi:"fixVersion"` - ImageName pulumi.StringPtrInput `pulumi:"imageName"` - LastFoundDate pulumi.StringPtrInput `pulumi:"lastFoundDate"` - ModificationDate pulumi.StringPtrInput `pulumi:"modificationDate"` - // The name of the image. - Name pulumi.StringPtrInput `pulumi:"name"` - NvdCvss2Score pulumi.Float64PtrInput `pulumi:"nvdCvss2Score"` - NvdCvss2Vectors pulumi.StringPtrInput `pulumi:"nvdCvss2Vectors"` - NvdCvss3Score pulumi.Float64PtrInput `pulumi:"nvdCvss3Score"` - NvdCvss3Severity pulumi.StringPtrInput `pulumi:"nvdCvss3Severity"` - NvdCvss3Vectors pulumi.StringPtrInput `pulumi:"nvdCvss3Vectors"` - NvdSeverity pulumi.StringPtrInput `pulumi:"nvdSeverity"` - NvdUrl pulumi.StringPtrInput `pulumi:"nvdUrl"` - // The operating system detected in the image - Os pulumi.StringPtrInput `pulumi:"os"` - // The version of the OS detected in the image. - OsVersion pulumi.StringPtrInput `pulumi:"osVersion"` - // Permission of the image. - Permission pulumi.StringPtrInput `pulumi:"permission"` - PublishDate pulumi.StringPtrInput `pulumi:"publishDate"` - // The name of the registry where the image is stored. - Registry pulumi.StringPtrInput `pulumi:"registry"` - // The name of the image's repository. - Repository pulumi.StringPtrInput `pulumi:"repository"` - ResourceArchitecture pulumi.StringPtrInput `pulumi:"resourceArchitecture"` - ResourceCpe pulumi.StringPtrInput `pulumi:"resourceCpe"` - ResourceFormat pulumi.StringPtrInput `pulumi:"resourceFormat"` - ResourceHash pulumi.StringPtrInput `pulumi:"resourceHash"` - ResourceLicenses pulumi.StringArrayInput `pulumi:"resourceLicenses"` - ResourceName pulumi.StringPtrInput `pulumi:"resourceName"` - ResourcePath pulumi.StringPtrInput `pulumi:"resourcePath"` - ResourceType pulumi.StringPtrInput `pulumi:"resourceType"` - ResourceVersion pulumi.StringPtrInput `pulumi:"resourceVersion"` - SeverityClassification pulumi.StringPtrInput `pulumi:"severityClassification"` - Solution pulumi.StringPtrInput `pulumi:"solution"` - TemporalVector pulumi.StringPtrInput `pulumi:"temporalVector"` - VPatchAppliedBy pulumi.StringPtrInput `pulumi:"vPatchAppliedBy"` - VPatchAppliedOn pulumi.StringPtrInput `pulumi:"vPatchAppliedOn"` - VPatchEnforcedBy pulumi.StringPtrInput `pulumi:"vPatchEnforcedBy"` - VPatchEnforcedOn pulumi.StringPtrInput `pulumi:"vPatchEnforcedOn"` - VPatchPolicyEnforce pulumi.BoolPtrInput `pulumi:"vPatchPolicyEnforce"` - VPatchPolicyName pulumi.StringPtrInput `pulumi:"vPatchPolicyName"` - VPatchRevertedBy pulumi.StringPtrInput `pulumi:"vPatchRevertedBy"` - VPatchRevertedOn pulumi.StringPtrInput `pulumi:"vPatchRevertedOn"` - VPatchStatus pulumi.StringPtrInput `pulumi:"vPatchStatus"` - VendorCvss2Score pulumi.Float64PtrInput `pulumi:"vendorCvss2Score"` - VendorCvss2Vectors pulumi.StringPtrInput `pulumi:"vendorCvss2Vectors"` - VendorSeverity pulumi.StringPtrInput `pulumi:"vendorSeverity"` - VendorStatement pulumi.StringPtrInput `pulumi:"vendorStatement"` - VendorUrl pulumi.StringPtrInput `pulumi:"vendorUrl"` -} +type roleMappingSamlPtrType RoleMappingSamlArgs -func (ImageVulnerabilityArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ImageVulnerability)(nil)).Elem() +func RoleMappingSamlPtr(v *RoleMappingSamlArgs) RoleMappingSamlPtrInput { + return (*roleMappingSamlPtrType)(v) } -func (i ImageVulnerabilityArgs) ToImageVulnerabilityOutput() ImageVulnerabilityOutput { - return i.ToImageVulnerabilityOutputWithContext(context.Background()) +func (*roleMappingSamlPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingSaml)(nil)).Elem() } -func (i ImageVulnerabilityArgs) ToImageVulnerabilityOutputWithContext(ctx context.Context) ImageVulnerabilityOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageVulnerabilityOutput) +func (i *roleMappingSamlPtrType) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { + return i.ToRoleMappingSamlPtrOutputWithContext(context.Background()) } -func (i ImageVulnerabilityArgs) ToOutput(ctx context.Context) pulumix.Output[ImageVulnerability] { - return pulumix.Output[ImageVulnerability]{ - OutputState: i.ToImageVulnerabilityOutputWithContext(ctx).OutputState, - } +func (i *roleMappingSamlPtrType) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSamlPtrOutput) } -// ImageVulnerabilityArrayInput is an input type that accepts ImageVulnerabilityArray and ImageVulnerabilityArrayOutput values. -// You can construct a concrete instance of `ImageVulnerabilityArrayInput` via: -// -// ImageVulnerabilityArray{ ImageVulnerabilityArgs{...} } -type ImageVulnerabilityArrayInput interface { - pulumi.Input +type RoleMappingSamlOutput struct{ *pulumi.OutputState } - ToImageVulnerabilityArrayOutput() ImageVulnerabilityArrayOutput - ToImageVulnerabilityArrayOutputWithContext(context.Context) ImageVulnerabilityArrayOutput +func (RoleMappingSamlOutput) ElementType() reflect.Type { + return reflect.TypeOf((*RoleMappingSaml)(nil)).Elem() } -type ImageVulnerabilityArray []ImageVulnerabilityInput +func (o RoleMappingSamlOutput) ToRoleMappingSamlOutput() RoleMappingSamlOutput { + return o +} -func (ImageVulnerabilityArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageVulnerability)(nil)).Elem() +func (o RoleMappingSamlOutput) ToRoleMappingSamlOutputWithContext(ctx context.Context) RoleMappingSamlOutput { + return o } -func (i ImageVulnerabilityArray) ToImageVulnerabilityArrayOutput() ImageVulnerabilityArrayOutput { - return i.ToImageVulnerabilityArrayOutputWithContext(context.Background()) +func (o RoleMappingSamlOutput) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { + return o.ToRoleMappingSamlPtrOutputWithContext(context.Background()) } -func (i ImageVulnerabilityArray) ToImageVulnerabilityArrayOutputWithContext(ctx context.Context) ImageVulnerabilityArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ImageVulnerabilityArrayOutput) +func (o RoleMappingSamlOutput) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingSaml) *RoleMappingSaml { + return &v + }).(RoleMappingSamlPtrOutput) } -func (i ImageVulnerabilityArray) ToOutput(ctx context.Context) pulumix.Output[[]ImageVulnerability] { - return pulumix.Output[[]ImageVulnerability]{ - OutputState: i.ToImageVulnerabilityArrayOutputWithContext(ctx).OutputState, - } +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingSamlOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v RoleMappingSaml) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } -type ImageVulnerabilityOutput struct{ *pulumi.OutputState } +type RoleMappingSamlPtrOutput struct{ *pulumi.OutputState } -func (ImageVulnerabilityOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ImageVulnerability)(nil)).Elem() +func (RoleMappingSamlPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**RoleMappingSaml)(nil)).Elem() } -func (o ImageVulnerabilityOutput) ToImageVulnerabilityOutput() ImageVulnerabilityOutput { +func (o RoleMappingSamlPtrOutput) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { return o } -func (o ImageVulnerabilityOutput) ToImageVulnerabilityOutputWithContext(ctx context.Context) ImageVulnerabilityOutput { +func (o RoleMappingSamlPtrOutput) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { return o } -func (o ImageVulnerabilityOutput) ToOutput(ctx context.Context) pulumix.Output[ImageVulnerability] { - return pulumix.Output[ImageVulnerability]{ - OutputState: o.OutputState, - } +func (o RoleMappingSamlPtrOutput) Elem() RoleMappingSamlOutput { + return o.ApplyT(func(v *RoleMappingSaml) RoleMappingSaml { + if v != nil { + return *v + } + var ret RoleMappingSaml + return ret + }).(RoleMappingSamlOutput) } -func (o ImageVulnerabilityOutput) AckAuthor() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AckAuthor }).(pulumi.StringPtrOutput) +// Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. +func (o RoleMappingSamlPtrOutput) RoleMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v *RoleMappingSaml) map[string]string { + if v == nil { + return nil + } + return v.RoleMapping + }).(pulumi.StringMapOutput) } -func (o ImageVulnerabilityOutput) AckComment() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AckComment }).(pulumi.StringPtrOutput) +type ServiceScopeVariable struct { + // Class of supported scope. + Attribute *string `pulumi:"attribute"` + // Name assigned to the attribute. + Name *string `pulumi:"name"` + // Value assigned to the attribute. + Value *string `pulumi:"value"` } -func (o ImageVulnerabilityOutput) AckExpirationConfiguredAt() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AckExpirationConfiguredAt }).(pulumi.StringPtrOutput) -} +// ServiceScopeVariableInput is an input type that accepts ServiceScopeVariableArgs and ServiceScopeVariableOutput values. +// You can construct a concrete instance of `ServiceScopeVariableInput` via: +// +// ServiceScopeVariableArgs{...} +type ServiceScopeVariableInput interface { + pulumi.Input -func (o ImageVulnerabilityOutput) AckExpirationConfiguredBy() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AckExpirationConfiguredBy }).(pulumi.StringPtrOutput) + ToServiceScopeVariableOutput() ServiceScopeVariableOutput + ToServiceScopeVariableOutputWithContext(context.Context) ServiceScopeVariableOutput } -func (o ImageVulnerabilityOutput) AckExpirationDays() pulumi.IntPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *int { return v.AckExpirationDays }).(pulumi.IntPtrOutput) +type ServiceScopeVariableArgs struct { + // Class of supported scope. + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + // Name assigned to the attribute. + Name pulumi.StringPtrInput `pulumi:"name"` + // Value assigned to the attribute. + Value pulumi.StringPtrInput `pulumi:"value"` } -func (o ImageVulnerabilityOutput) AckScope() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AckScope }).(pulumi.StringPtrOutput) +func (ServiceScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServiceScopeVariable)(nil)).Elem() } -func (o ImageVulnerabilityOutput) AcknowledgeDate() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AcknowledgeDate }).(pulumi.StringPtrOutput) +func (i ServiceScopeVariableArgs) ToServiceScopeVariableOutput() ServiceScopeVariableOutput { + return i.ToServiceScopeVariableOutputWithContext(context.Background()) } -func (o ImageVulnerabilityOutput) AncestorPkg() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AncestorPkg }).(pulumi.StringPtrOutput) +func (i ServiceScopeVariableArgs) ToServiceScopeVariableOutputWithContext(ctx context.Context) ServiceScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServiceScopeVariableOutput) } -func (o ImageVulnerabilityOutput) AquaScore() pulumi.Float64PtrOutput { - return o.ApplyT(func(v ImageVulnerability) *float64 { return v.AquaScore }).(pulumi.Float64PtrOutput) -} +// ServiceScopeVariableArrayInput is an input type that accepts ServiceScopeVariableArray and ServiceScopeVariableArrayOutput values. +// You can construct a concrete instance of `ServiceScopeVariableArrayInput` via: +// +// ServiceScopeVariableArray{ ServiceScopeVariableArgs{...} } +type ServiceScopeVariableArrayInput interface { + pulumi.Input -func (o ImageVulnerabilityOutput) AquaScoreClassification() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaScoreClassification }).(pulumi.StringPtrOutput) + ToServiceScopeVariableArrayOutput() ServiceScopeVariableArrayOutput + ToServiceScopeVariableArrayOutputWithContext(context.Context) ServiceScopeVariableArrayOutput } -func (o ImageVulnerabilityOutput) AquaScoringSystem() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaScoringSystem }).(pulumi.StringPtrOutput) -} +type ServiceScopeVariableArray []ServiceScopeVariableInput -func (o ImageVulnerabilityOutput) AquaSeverity() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaSeverity }).(pulumi.StringPtrOutput) +func (ServiceScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServiceScopeVariable)(nil)).Elem() } -func (o ImageVulnerabilityOutput) AquaSeverityClassification() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaSeverityClassification }).(pulumi.StringPtrOutput) +func (i ServiceScopeVariableArray) ToServiceScopeVariableArrayOutput() ServiceScopeVariableArrayOutput { + return i.ToServiceScopeVariableArrayOutputWithContext(context.Background()) } -func (o ImageVulnerabilityOutput) AquaVectors() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.AquaVectors }).(pulumi.StringPtrOutput) +func (i ServiceScopeVariableArray) ToServiceScopeVariableArrayOutputWithContext(ctx context.Context) ServiceScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServiceScopeVariableArrayOutput) } -func (o ImageVulnerabilityOutput) AuditEventsCount() pulumi.IntPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *int { return v.AuditEventsCount }).(pulumi.IntPtrOutput) -} +type ServiceScopeVariableOutput struct{ *pulumi.OutputState } -func (o ImageVulnerabilityOutput) BlockEventsCount() pulumi.IntPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *int { return v.BlockEventsCount }).(pulumi.IntPtrOutput) +func (ServiceScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServiceScopeVariable)(nil)).Elem() } -func (o ImageVulnerabilityOutput) Classification() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Classification }).(pulumi.StringPtrOutput) +func (o ServiceScopeVariableOutput) ToServiceScopeVariableOutput() ServiceScopeVariableOutput { + return o } -func (o ImageVulnerabilityOutput) Description() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Description }).(pulumi.StringPtrOutput) +func (o ServiceScopeVariableOutput) ToServiceScopeVariableOutputWithContext(ctx context.Context) ServiceScopeVariableOutput { + return o } -// The content digest of the image. -func (o ImageVulnerabilityOutput) Digest() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Digest }).(pulumi.StringPtrOutput) +// Class of supported scope. +func (o ServiceScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServiceScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } -func (o ImageVulnerabilityOutput) ExploitReference() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ExploitReference }).(pulumi.StringPtrOutput) +// Name assigned to the attribute. +func (o ServiceScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServiceScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o ImageVulnerabilityOutput) ExploitType() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ExploitType }).(pulumi.StringPtrOutput) +// Value assigned to the attribute. +func (o ServiceScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServiceScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -func (o ImageVulnerabilityOutput) FirstFoundDate() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.FirstFoundDate }).(pulumi.StringPtrOutput) -} +type ServiceScopeVariableArrayOutput struct{ *pulumi.OutputState } -func (o ImageVulnerabilityOutput) FixVersion() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.FixVersion }).(pulumi.StringPtrOutput) +func (ServiceScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServiceScopeVariable)(nil)).Elem() } -func (o ImageVulnerabilityOutput) ImageName() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ImageName }).(pulumi.StringPtrOutput) +func (o ServiceScopeVariableArrayOutput) ToServiceScopeVariableArrayOutput() ServiceScopeVariableArrayOutput { + return o } -func (o ImageVulnerabilityOutput) LastFoundDate() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.LastFoundDate }).(pulumi.StringPtrOutput) +func (o ServiceScopeVariableArrayOutput) ToServiceScopeVariableArrayOutputWithContext(ctx context.Context) ServiceScopeVariableArrayOutput { + return o } -func (o ImageVulnerabilityOutput) ModificationDate() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ModificationDate }).(pulumi.StringPtrOutput) +func (o ServiceScopeVariableArrayOutput) Index(i pulumi.IntInput) ServiceScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServiceScopeVariable { + return vs[0].([]ServiceScopeVariable)[vs[1].(int)] + }).(ServiceScopeVariableOutput) } -// The name of the image. -func (o ImageVulnerabilityOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Name }).(pulumi.StringPtrOutput) +type UserSaasGroup struct { + GroupAdmin *bool `pulumi:"groupAdmin"` + Name *string `pulumi:"name"` } -func (o ImageVulnerabilityOutput) NvdCvss2Score() pulumi.Float64PtrOutput { - return o.ApplyT(func(v ImageVulnerability) *float64 { return v.NvdCvss2Score }).(pulumi.Float64PtrOutput) +// UserSaasGroupInput is an input type that accepts UserSaasGroupArgs and UserSaasGroupOutput values. +// You can construct a concrete instance of `UserSaasGroupInput` via: +// +// UserSaasGroupArgs{...} +type UserSaasGroupInput interface { + pulumi.Input + + ToUserSaasGroupOutput() UserSaasGroupOutput + ToUserSaasGroupOutputWithContext(context.Context) UserSaasGroupOutput } -func (o ImageVulnerabilityOutput) NvdCvss2Vectors() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdCvss2Vectors }).(pulumi.StringPtrOutput) +type UserSaasGroupArgs struct { + GroupAdmin pulumi.BoolPtrInput `pulumi:"groupAdmin"` + Name pulumi.StringPtrInput `pulumi:"name"` } -func (o ImageVulnerabilityOutput) NvdCvss3Score() pulumi.Float64PtrOutput { - return o.ApplyT(func(v ImageVulnerability) *float64 { return v.NvdCvss3Score }).(pulumi.Float64PtrOutput) +func (UserSaasGroupArgs) ElementType() reflect.Type { + return reflect.TypeOf((*UserSaasGroup)(nil)).Elem() } -func (o ImageVulnerabilityOutput) NvdCvss3Severity() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdCvss3Severity }).(pulumi.StringPtrOutput) +func (i UserSaasGroupArgs) ToUserSaasGroupOutput() UserSaasGroupOutput { + return i.ToUserSaasGroupOutputWithContext(context.Background()) } -func (o ImageVulnerabilityOutput) NvdCvss3Vectors() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdCvss3Vectors }).(pulumi.StringPtrOutput) +func (i UserSaasGroupArgs) ToUserSaasGroupOutputWithContext(ctx context.Context) UserSaasGroupOutput { + return pulumi.ToOutputWithContext(ctx, i).(UserSaasGroupOutput) } -func (o ImageVulnerabilityOutput) NvdSeverity() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdSeverity }).(pulumi.StringPtrOutput) +// UserSaasGroupArrayInput is an input type that accepts UserSaasGroupArray and UserSaasGroupArrayOutput values. +// You can construct a concrete instance of `UserSaasGroupArrayInput` via: +// +// UserSaasGroupArray{ UserSaasGroupArgs{...} } +type UserSaasGroupArrayInput interface { + pulumi.Input + + ToUserSaasGroupArrayOutput() UserSaasGroupArrayOutput + ToUserSaasGroupArrayOutputWithContext(context.Context) UserSaasGroupArrayOutput } -func (o ImageVulnerabilityOutput) NvdUrl() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.NvdUrl }).(pulumi.StringPtrOutput) +type UserSaasGroupArray []UserSaasGroupInput + +func (UserSaasGroupArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]UserSaasGroup)(nil)).Elem() } -// The operating system detected in the image -func (o ImageVulnerabilityOutput) Os() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Os }).(pulumi.StringPtrOutput) +func (i UserSaasGroupArray) ToUserSaasGroupArrayOutput() UserSaasGroupArrayOutput { + return i.ToUserSaasGroupArrayOutputWithContext(context.Background()) } -// The version of the OS detected in the image. -func (o ImageVulnerabilityOutput) OsVersion() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.OsVersion }).(pulumi.StringPtrOutput) +func (i UserSaasGroupArray) ToUserSaasGroupArrayOutputWithContext(ctx context.Context) UserSaasGroupArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(UserSaasGroupArrayOutput) } -// Permission of the image. -func (o ImageVulnerabilityOutput) Permission() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Permission }).(pulumi.StringPtrOutput) +type UserSaasGroupOutput struct{ *pulumi.OutputState } + +func (UserSaasGroupOutput) ElementType() reflect.Type { + return reflect.TypeOf((*UserSaasGroup)(nil)).Elem() } -func (o ImageVulnerabilityOutput) PublishDate() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.PublishDate }).(pulumi.StringPtrOutput) +func (o UserSaasGroupOutput) ToUserSaasGroupOutput() UserSaasGroupOutput { + return o } -// The name of the registry where the image is stored. -func (o ImageVulnerabilityOutput) Registry() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Registry }).(pulumi.StringPtrOutput) +func (o UserSaasGroupOutput) ToUserSaasGroupOutputWithContext(ctx context.Context) UserSaasGroupOutput { + return o } -// The name of the image's repository. -func (o ImageVulnerabilityOutput) Repository() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Repository }).(pulumi.StringPtrOutput) +func (o UserSaasGroupOutput) GroupAdmin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v UserSaasGroup) *bool { return v.GroupAdmin }).(pulumi.BoolPtrOutput) } -func (o ImageVulnerabilityOutput) ResourceArchitecture() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceArchitecture }).(pulumi.StringPtrOutput) +func (o UserSaasGroupOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v UserSaasGroup) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o ImageVulnerabilityOutput) ResourceCpe() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceCpe }).(pulumi.StringPtrOutput) +type UserSaasGroupArrayOutput struct{ *pulumi.OutputState } + +func (UserSaasGroupArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]UserSaasGroup)(nil)).Elem() } -func (o ImageVulnerabilityOutput) ResourceFormat() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceFormat }).(pulumi.StringPtrOutput) +func (o UserSaasGroupArrayOutput) ToUserSaasGroupArrayOutput() UserSaasGroupArrayOutput { + return o } -func (o ImageVulnerabilityOutput) ResourceHash() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceHash }).(pulumi.StringPtrOutput) +func (o UserSaasGroupArrayOutput) ToUserSaasGroupArrayOutputWithContext(ctx context.Context) UserSaasGroupArrayOutput { + return o } -func (o ImageVulnerabilityOutput) ResourceLicenses() pulumi.StringArrayOutput { - return o.ApplyT(func(v ImageVulnerability) []string { return v.ResourceLicenses }).(pulumi.StringArrayOutput) +func (o UserSaasGroupArrayOutput) Index(i pulumi.IntInput) UserSaasGroupOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) UserSaasGroup { + return vs[0].([]UserSaasGroup)[vs[1].(int)] + }).(UserSaasGroupOutput) } -func (o ImageVulnerabilityOutput) ResourceName() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceName }).(pulumi.StringPtrOutput) +type UserSaasLogin struct { + Created *string `pulumi:"created"` + Id *int `pulumi:"id"` + IpAddress *string `pulumi:"ipAddress"` + UserId *int `pulumi:"userId"` } -func (o ImageVulnerabilityOutput) ResourcePath() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourcePath }).(pulumi.StringPtrOutput) -} +// UserSaasLoginInput is an input type that accepts UserSaasLoginArgs and UserSaasLoginOutput values. +// You can construct a concrete instance of `UserSaasLoginInput` via: +// +// UserSaasLoginArgs{...} +type UserSaasLoginInput interface { + pulumi.Input -func (o ImageVulnerabilityOutput) ResourceType() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceType }).(pulumi.StringPtrOutput) + ToUserSaasLoginOutput() UserSaasLoginOutput + ToUserSaasLoginOutputWithContext(context.Context) UserSaasLoginOutput } -func (o ImageVulnerabilityOutput) ResourceVersion() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.ResourceVersion }).(pulumi.StringPtrOutput) +type UserSaasLoginArgs struct { + Created pulumi.StringPtrInput `pulumi:"created"` + Id pulumi.IntPtrInput `pulumi:"id"` + IpAddress pulumi.StringPtrInput `pulumi:"ipAddress"` + UserId pulumi.IntPtrInput `pulumi:"userId"` } -func (o ImageVulnerabilityOutput) SeverityClassification() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.SeverityClassification }).(pulumi.StringPtrOutput) +func (UserSaasLoginArgs) ElementType() reflect.Type { + return reflect.TypeOf((*UserSaasLogin)(nil)).Elem() } -func (o ImageVulnerabilityOutput) Solution() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.Solution }).(pulumi.StringPtrOutput) +func (i UserSaasLoginArgs) ToUserSaasLoginOutput() UserSaasLoginOutput { + return i.ToUserSaasLoginOutputWithContext(context.Background()) } -func (o ImageVulnerabilityOutput) TemporalVector() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.TemporalVector }).(pulumi.StringPtrOutput) +func (i UserSaasLoginArgs) ToUserSaasLoginOutputWithContext(ctx context.Context) UserSaasLoginOutput { + return pulumi.ToOutputWithContext(ctx, i).(UserSaasLoginOutput) } -func (o ImageVulnerabilityOutput) VPatchAppliedBy() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchAppliedBy }).(pulumi.StringPtrOutput) -} +// UserSaasLoginArrayInput is an input type that accepts UserSaasLoginArray and UserSaasLoginArrayOutput values. +// You can construct a concrete instance of `UserSaasLoginArrayInput` via: +// +// UserSaasLoginArray{ UserSaasLoginArgs{...} } +type UserSaasLoginArrayInput interface { + pulumi.Input -func (o ImageVulnerabilityOutput) VPatchAppliedOn() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchAppliedOn }).(pulumi.StringPtrOutput) + ToUserSaasLoginArrayOutput() UserSaasLoginArrayOutput + ToUserSaasLoginArrayOutputWithContext(context.Context) UserSaasLoginArrayOutput } -func (o ImageVulnerabilityOutput) VPatchEnforcedBy() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchEnforcedBy }).(pulumi.StringPtrOutput) -} +type UserSaasLoginArray []UserSaasLoginInput -func (o ImageVulnerabilityOutput) VPatchEnforcedOn() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchEnforcedOn }).(pulumi.StringPtrOutput) +func (UserSaasLoginArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]UserSaasLogin)(nil)).Elem() } -func (o ImageVulnerabilityOutput) VPatchPolicyEnforce() pulumi.BoolPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *bool { return v.VPatchPolicyEnforce }).(pulumi.BoolPtrOutput) +func (i UserSaasLoginArray) ToUserSaasLoginArrayOutput() UserSaasLoginArrayOutput { + return i.ToUserSaasLoginArrayOutputWithContext(context.Background()) } -func (o ImageVulnerabilityOutput) VPatchPolicyName() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchPolicyName }).(pulumi.StringPtrOutput) +func (i UserSaasLoginArray) ToUserSaasLoginArrayOutputWithContext(ctx context.Context) UserSaasLoginArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(UserSaasLoginArrayOutput) } -func (o ImageVulnerabilityOutput) VPatchRevertedBy() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchRevertedBy }).(pulumi.StringPtrOutput) -} +type UserSaasLoginOutput struct{ *pulumi.OutputState } -func (o ImageVulnerabilityOutput) VPatchRevertedOn() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchRevertedOn }).(pulumi.StringPtrOutput) +func (UserSaasLoginOutput) ElementType() reflect.Type { + return reflect.TypeOf((*UserSaasLogin)(nil)).Elem() } -func (o ImageVulnerabilityOutput) VPatchStatus() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VPatchStatus }).(pulumi.StringPtrOutput) +func (o UserSaasLoginOutput) ToUserSaasLoginOutput() UserSaasLoginOutput { + return o } -func (o ImageVulnerabilityOutput) VendorCvss2Score() pulumi.Float64PtrOutput { - return o.ApplyT(func(v ImageVulnerability) *float64 { return v.VendorCvss2Score }).(pulumi.Float64PtrOutput) +func (o UserSaasLoginOutput) ToUserSaasLoginOutputWithContext(ctx context.Context) UserSaasLoginOutput { + return o } -func (o ImageVulnerabilityOutput) VendorCvss2Vectors() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorCvss2Vectors }).(pulumi.StringPtrOutput) +func (o UserSaasLoginOutput) Created() pulumi.StringPtrOutput { + return o.ApplyT(func(v UserSaasLogin) *string { return v.Created }).(pulumi.StringPtrOutput) } -func (o ImageVulnerabilityOutput) VendorSeverity() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorSeverity }).(pulumi.StringPtrOutput) +func (o UserSaasLoginOutput) Id() pulumi.IntPtrOutput { + return o.ApplyT(func(v UserSaasLogin) *int { return v.Id }).(pulumi.IntPtrOutput) } -func (o ImageVulnerabilityOutput) VendorStatement() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorStatement }).(pulumi.StringPtrOutput) +func (o UserSaasLoginOutput) IpAddress() pulumi.StringPtrOutput { + return o.ApplyT(func(v UserSaasLogin) *string { return v.IpAddress }).(pulumi.StringPtrOutput) } -func (o ImageVulnerabilityOutput) VendorUrl() pulumi.StringPtrOutput { - return o.ApplyT(func(v ImageVulnerability) *string { return v.VendorUrl }).(pulumi.StringPtrOutput) +func (o UserSaasLoginOutput) UserId() pulumi.IntPtrOutput { + return o.ApplyT(func(v UserSaasLogin) *int { return v.UserId }).(pulumi.IntPtrOutput) } -type ImageVulnerabilityArrayOutput struct{ *pulumi.OutputState } +type UserSaasLoginArrayOutput struct{ *pulumi.OutputState } -func (ImageVulnerabilityArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ImageVulnerability)(nil)).Elem() +func (UserSaasLoginArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]UserSaasLogin)(nil)).Elem() } -func (o ImageVulnerabilityArrayOutput) ToImageVulnerabilityArrayOutput() ImageVulnerabilityArrayOutput { +func (o UserSaasLoginArrayOutput) ToUserSaasLoginArrayOutput() UserSaasLoginArrayOutput { return o } -func (o ImageVulnerabilityArrayOutput) ToImageVulnerabilityArrayOutputWithContext(ctx context.Context) ImageVulnerabilityArrayOutput { +func (o UserSaasLoginArrayOutput) ToUserSaasLoginArrayOutputWithContext(ctx context.Context) UserSaasLoginArrayOutput { return o } -func (o ImageVulnerabilityArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ImageVulnerability] { - return pulumix.Output[[]ImageVulnerability]{ - OutputState: o.OutputState, - } -} - -func (o ImageVulnerabilityArrayOutput) Index(i pulumi.IntInput) ImageVulnerabilityOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ImageVulnerability { - return vs[0].([]ImageVulnerability)[vs[1].(int)] - }).(ImageVulnerabilityOutput) +func (o UserSaasLoginArrayOutput) Index(i pulumi.IntInput) UserSaasLoginOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) UserSaasLogin { + return vs[0].([]UserSaasLogin)[vs[1].(int)] + }).(UserSaasLoginOutput) } -type IntegrationRegistryOption struct { - Option *string `pulumi:"option"` - Value *string `pulumi:"value"` +type VmwareAssurancePolicyAutoScanTime struct { + Iteration *int `pulumi:"iteration"` + IterationType *string `pulumi:"iterationType"` + Time *string `pulumi:"time"` + WeekDays []string `pulumi:"weekDays"` } -// IntegrationRegistryOptionInput is an input type that accepts IntegrationRegistryOptionArgs and IntegrationRegistryOptionOutput values. -// You can construct a concrete instance of `IntegrationRegistryOptionInput` via: +// VmwareAssurancePolicyAutoScanTimeInput is an input type that accepts VmwareAssurancePolicyAutoScanTimeArgs and VmwareAssurancePolicyAutoScanTimeOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyAutoScanTimeInput` via: // -// IntegrationRegistryOptionArgs{...} -type IntegrationRegistryOptionInput interface { +// VmwareAssurancePolicyAutoScanTimeArgs{...} +type VmwareAssurancePolicyAutoScanTimeInput interface { pulumi.Input - ToIntegrationRegistryOptionOutput() IntegrationRegistryOptionOutput - ToIntegrationRegistryOptionOutputWithContext(context.Context) IntegrationRegistryOptionOutput -} - -type IntegrationRegistryOptionArgs struct { - Option pulumi.StringPtrInput `pulumi:"option"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToVmwareAssurancePolicyAutoScanTimeOutput() VmwareAssurancePolicyAutoScanTimeOutput + ToVmwareAssurancePolicyAutoScanTimeOutputWithContext(context.Context) VmwareAssurancePolicyAutoScanTimeOutput } -func (IntegrationRegistryOptionArgs) ElementType() reflect.Type { - return reflect.TypeOf((*IntegrationRegistryOption)(nil)).Elem() +type VmwareAssurancePolicyAutoScanTimeArgs struct { + Iteration pulumi.IntPtrInput `pulumi:"iteration"` + IterationType pulumi.StringPtrInput `pulumi:"iterationType"` + Time pulumi.StringPtrInput `pulumi:"time"` + WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` } -func (i IntegrationRegistryOptionArgs) ToIntegrationRegistryOptionOutput() IntegrationRegistryOptionOutput { - return i.ToIntegrationRegistryOptionOutputWithContext(context.Background()) +func (VmwareAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyAutoScanTime)(nil)).Elem() } -func (i IntegrationRegistryOptionArgs) ToIntegrationRegistryOptionOutputWithContext(ctx context.Context) IntegrationRegistryOptionOutput { - return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryOptionOutput) +func (i VmwareAssurancePolicyAutoScanTimeArgs) ToVmwareAssurancePolicyAutoScanTimeOutput() VmwareAssurancePolicyAutoScanTimeOutput { + return i.ToVmwareAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) } -func (i IntegrationRegistryOptionArgs) ToOutput(ctx context.Context) pulumix.Output[IntegrationRegistryOption] { - return pulumix.Output[IntegrationRegistryOption]{ - OutputState: i.ToIntegrationRegistryOptionOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyAutoScanTimeArgs) ToVmwareAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) VmwareAssurancePolicyAutoScanTimeOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyAutoScanTimeOutput) } -// IntegrationRegistryOptionArrayInput is an input type that accepts IntegrationRegistryOptionArray and IntegrationRegistryOptionArrayOutput values. -// You can construct a concrete instance of `IntegrationRegistryOptionArrayInput` via: +// VmwareAssurancePolicyAutoScanTimeArrayInput is an input type that accepts VmwareAssurancePolicyAutoScanTimeArray and VmwareAssurancePolicyAutoScanTimeArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyAutoScanTimeArrayInput` via: // -// IntegrationRegistryOptionArray{ IntegrationRegistryOptionArgs{...} } -type IntegrationRegistryOptionArrayInput interface { +// VmwareAssurancePolicyAutoScanTimeArray{ VmwareAssurancePolicyAutoScanTimeArgs{...} } +type VmwareAssurancePolicyAutoScanTimeArrayInput interface { pulumi.Input - ToIntegrationRegistryOptionArrayOutput() IntegrationRegistryOptionArrayOutput - ToIntegrationRegistryOptionArrayOutputWithContext(context.Context) IntegrationRegistryOptionArrayOutput + ToVmwareAssurancePolicyAutoScanTimeArrayOutput() VmwareAssurancePolicyAutoScanTimeArrayOutput + ToVmwareAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) VmwareAssurancePolicyAutoScanTimeArrayOutput } -type IntegrationRegistryOptionArray []IntegrationRegistryOptionInput - -func (IntegrationRegistryOptionArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]IntegrationRegistryOption)(nil)).Elem() -} +type VmwareAssurancePolicyAutoScanTimeArray []VmwareAssurancePolicyAutoScanTimeInput -func (i IntegrationRegistryOptionArray) ToIntegrationRegistryOptionArrayOutput() IntegrationRegistryOptionArrayOutput { - return i.ToIntegrationRegistryOptionArrayOutputWithContext(context.Background()) +func (VmwareAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyAutoScanTime)(nil)).Elem() } -func (i IntegrationRegistryOptionArray) ToIntegrationRegistryOptionArrayOutputWithContext(ctx context.Context) IntegrationRegistryOptionArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryOptionArrayOutput) +func (i VmwareAssurancePolicyAutoScanTimeArray) ToVmwareAssurancePolicyAutoScanTimeArrayOutput() VmwareAssurancePolicyAutoScanTimeArrayOutput { + return i.ToVmwareAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) } -func (i IntegrationRegistryOptionArray) ToOutput(ctx context.Context) pulumix.Output[[]IntegrationRegistryOption] { - return pulumix.Output[[]IntegrationRegistryOption]{ - OutputState: i.ToIntegrationRegistryOptionArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyAutoScanTimeArray) ToVmwareAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyAutoScanTimeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyAutoScanTimeArrayOutput) } -type IntegrationRegistryOptionOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } -func (IntegrationRegistryOptionOutput) ElementType() reflect.Type { - return reflect.TypeOf((*IntegrationRegistryOption)(nil)).Elem() +func (VmwareAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyAutoScanTime)(nil)).Elem() } -func (o IntegrationRegistryOptionOutput) ToIntegrationRegistryOptionOutput() IntegrationRegistryOptionOutput { +func (o VmwareAssurancePolicyAutoScanTimeOutput) ToVmwareAssurancePolicyAutoScanTimeOutput() VmwareAssurancePolicyAutoScanTimeOutput { return o } -func (o IntegrationRegistryOptionOutput) ToIntegrationRegistryOptionOutputWithContext(ctx context.Context) IntegrationRegistryOptionOutput { +func (o VmwareAssurancePolicyAutoScanTimeOutput) ToVmwareAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) VmwareAssurancePolicyAutoScanTimeOutput { return o } -func (o IntegrationRegistryOptionOutput) ToOutput(ctx context.Context) pulumix.Output[IntegrationRegistryOption] { - return pulumix.Output[IntegrationRegistryOption]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) } -func (o IntegrationRegistryOptionOutput) Option() pulumi.StringPtrOutput { - return o.ApplyT(func(v IntegrationRegistryOption) *string { return v.Option }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) } -func (o IntegrationRegistryOptionOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v IntegrationRegistryOption) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) } -type IntegrationRegistryOptionArrayOutput struct{ *pulumi.OutputState } - -func (IntegrationRegistryOptionArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]IntegrationRegistryOption)(nil)).Elem() +func (o VmwareAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { + return o.ApplyT(func(v VmwareAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) } -func (o IntegrationRegistryOptionArrayOutput) ToIntegrationRegistryOptionArrayOutput() IntegrationRegistryOptionArrayOutput { - return o +type VmwareAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyAutoScanTime)(nil)).Elem() } -func (o IntegrationRegistryOptionArrayOutput) ToIntegrationRegistryOptionArrayOutputWithContext(ctx context.Context) IntegrationRegistryOptionArrayOutput { +func (o VmwareAssurancePolicyAutoScanTimeArrayOutput) ToVmwareAssurancePolicyAutoScanTimeArrayOutput() VmwareAssurancePolicyAutoScanTimeArrayOutput { return o } -func (o IntegrationRegistryOptionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]IntegrationRegistryOption] { - return pulumix.Output[[]IntegrationRegistryOption]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyAutoScanTimeArrayOutput) ToVmwareAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyAutoScanTimeArrayOutput { + return o } -func (o IntegrationRegistryOptionArrayOutput) Index(i pulumi.IntInput) IntegrationRegistryOptionOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) IntegrationRegistryOption { - return vs[0].([]IntegrationRegistryOption)[vs[1].(int)] - }).(IntegrationRegistryOptionOutput) +func (o VmwareAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyAutoScanTimeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyAutoScanTime { + return vs[0].([]VmwareAssurancePolicyAutoScanTime)[vs[1].(int)] + }).(VmwareAssurancePolicyAutoScanTimeOutput) } -type IntegrationRegistryWebhook struct { - AuthToken *string `pulumi:"authToken"` - Enabled *bool `pulumi:"enabled"` - UnQuarantine *bool `pulumi:"unQuarantine"` - // The URL, address or region of the registry - Url *string `pulumi:"url"` +type VmwareAssurancePolicyCustomCheck struct { + // Name of user account that created the policy. + Author *string `pulumi:"author"` + Description *string `pulumi:"description"` + Engine *string `pulumi:"engine"` + LastModified *int `pulumi:"lastModified"` + Name *string `pulumi:"name"` + Path *string `pulumi:"path"` + ReadOnly *bool `pulumi:"readOnly"` + ScriptId *string `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` + Snippet *string `pulumi:"snippet"` } -// IntegrationRegistryWebhookInput is an input type that accepts IntegrationRegistryWebhookArgs and IntegrationRegistryWebhookOutput values. -// You can construct a concrete instance of `IntegrationRegistryWebhookInput` via: +// VmwareAssurancePolicyCustomCheckInput is an input type that accepts VmwareAssurancePolicyCustomCheckArgs and VmwareAssurancePolicyCustomCheckOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyCustomCheckInput` via: // -// IntegrationRegistryWebhookArgs{...} -type IntegrationRegistryWebhookInput interface { +// VmwareAssurancePolicyCustomCheckArgs{...} +type VmwareAssurancePolicyCustomCheckInput interface { pulumi.Input - ToIntegrationRegistryWebhookOutput() IntegrationRegistryWebhookOutput - ToIntegrationRegistryWebhookOutputWithContext(context.Context) IntegrationRegistryWebhookOutput -} - -type IntegrationRegistryWebhookArgs struct { - AuthToken pulumi.StringPtrInput `pulumi:"authToken"` - Enabled pulumi.BoolPtrInput `pulumi:"enabled"` - UnQuarantine pulumi.BoolPtrInput `pulumi:"unQuarantine"` - // The URL, address or region of the registry - Url pulumi.StringPtrInput `pulumi:"url"` + ToVmwareAssurancePolicyCustomCheckOutput() VmwareAssurancePolicyCustomCheckOutput + ToVmwareAssurancePolicyCustomCheckOutputWithContext(context.Context) VmwareAssurancePolicyCustomCheckOutput } -func (IntegrationRegistryWebhookArgs) ElementType() reflect.Type { - return reflect.TypeOf((*IntegrationRegistryWebhook)(nil)).Elem() +type VmwareAssurancePolicyCustomCheckArgs struct { + // Name of user account that created the policy. + Author pulumi.StringPtrInput `pulumi:"author"` + Description pulumi.StringPtrInput `pulumi:"description"` + Engine pulumi.StringPtrInput `pulumi:"engine"` + LastModified pulumi.IntPtrInput `pulumi:"lastModified"` + Name pulumi.StringPtrInput `pulumi:"name"` + Path pulumi.StringPtrInput `pulumi:"path"` + ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` + ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` + Snippet pulumi.StringPtrInput `pulumi:"snippet"` } -func (i IntegrationRegistryWebhookArgs) ToIntegrationRegistryWebhookOutput() IntegrationRegistryWebhookOutput { - return i.ToIntegrationRegistryWebhookOutputWithContext(context.Background()) +func (VmwareAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyCustomCheck)(nil)).Elem() } -func (i IntegrationRegistryWebhookArgs) ToIntegrationRegistryWebhookOutputWithContext(ctx context.Context) IntegrationRegistryWebhookOutput { - return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryWebhookOutput) +func (i VmwareAssurancePolicyCustomCheckArgs) ToVmwareAssurancePolicyCustomCheckOutput() VmwareAssurancePolicyCustomCheckOutput { + return i.ToVmwareAssurancePolicyCustomCheckOutputWithContext(context.Background()) } -func (i IntegrationRegistryWebhookArgs) ToOutput(ctx context.Context) pulumix.Output[IntegrationRegistryWebhook] { - return pulumix.Output[IntegrationRegistryWebhook]{ - OutputState: i.ToIntegrationRegistryWebhookOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyCustomCheckArgs) ToVmwareAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) VmwareAssurancePolicyCustomCheckOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyCustomCheckOutput) } -// IntegrationRegistryWebhookArrayInput is an input type that accepts IntegrationRegistryWebhookArray and IntegrationRegistryWebhookArrayOutput values. -// You can construct a concrete instance of `IntegrationRegistryWebhookArrayInput` via: +// VmwareAssurancePolicyCustomCheckArrayInput is an input type that accepts VmwareAssurancePolicyCustomCheckArray and VmwareAssurancePolicyCustomCheckArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyCustomCheckArrayInput` via: // -// IntegrationRegistryWebhookArray{ IntegrationRegistryWebhookArgs{...} } -type IntegrationRegistryWebhookArrayInput interface { +// VmwareAssurancePolicyCustomCheckArray{ VmwareAssurancePolicyCustomCheckArgs{...} } +type VmwareAssurancePolicyCustomCheckArrayInput interface { pulumi.Input - ToIntegrationRegistryWebhookArrayOutput() IntegrationRegistryWebhookArrayOutput - ToIntegrationRegistryWebhookArrayOutputWithContext(context.Context) IntegrationRegistryWebhookArrayOutput + ToVmwareAssurancePolicyCustomCheckArrayOutput() VmwareAssurancePolicyCustomCheckArrayOutput + ToVmwareAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) VmwareAssurancePolicyCustomCheckArrayOutput } -type IntegrationRegistryWebhookArray []IntegrationRegistryWebhookInput +type VmwareAssurancePolicyCustomCheckArray []VmwareAssurancePolicyCustomCheckInput -func (IntegrationRegistryWebhookArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]IntegrationRegistryWebhook)(nil)).Elem() +func (VmwareAssurancePolicyCustomCheckArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyCustomCheck)(nil)).Elem() } -func (i IntegrationRegistryWebhookArray) ToIntegrationRegistryWebhookArrayOutput() IntegrationRegistryWebhookArrayOutput { - return i.ToIntegrationRegistryWebhookArrayOutputWithContext(context.Background()) +func (i VmwareAssurancePolicyCustomCheckArray) ToVmwareAssurancePolicyCustomCheckArrayOutput() VmwareAssurancePolicyCustomCheckArrayOutput { + return i.ToVmwareAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) } -func (i IntegrationRegistryWebhookArray) ToIntegrationRegistryWebhookArrayOutputWithContext(ctx context.Context) IntegrationRegistryWebhookArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(IntegrationRegistryWebhookArrayOutput) +func (i VmwareAssurancePolicyCustomCheckArray) ToVmwareAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyCustomCheckArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyCustomCheckArrayOutput) } -func (i IntegrationRegistryWebhookArray) ToOutput(ctx context.Context) pulumix.Output[[]IntegrationRegistryWebhook] { - return pulumix.Output[[]IntegrationRegistryWebhook]{ - OutputState: i.ToIntegrationRegistryWebhookArrayOutputWithContext(ctx).OutputState, - } +type VmwareAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyCustomCheck)(nil)).Elem() } -type IntegrationRegistryWebhookOutput struct{ *pulumi.OutputState } +func (o VmwareAssurancePolicyCustomCheckOutput) ToVmwareAssurancePolicyCustomCheckOutput() VmwareAssurancePolicyCustomCheckOutput { + return o +} -func (IntegrationRegistryWebhookOutput) ElementType() reflect.Type { - return reflect.TypeOf((*IntegrationRegistryWebhook)(nil)).Elem() +func (o VmwareAssurancePolicyCustomCheckOutput) ToVmwareAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) VmwareAssurancePolicyCustomCheckOutput { + return o +} + +// Name of user account that created the policy. +func (o VmwareAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) } -func (o IntegrationRegistryWebhookOutput) ToIntegrationRegistryWebhookOutput() IntegrationRegistryWebhookOutput { - return o +func (o VmwareAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) } -func (o IntegrationRegistryWebhookOutput) ToIntegrationRegistryWebhookOutputWithContext(ctx context.Context) IntegrationRegistryWebhookOutput { - return o +func (o VmwareAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o IntegrationRegistryWebhookOutput) ToOutput(ctx context.Context) pulumix.Output[IntegrationRegistryWebhook] { - return pulumix.Output[IntegrationRegistryWebhook]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) } -func (o IntegrationRegistryWebhookOutput) AuthToken() pulumi.StringPtrOutput { - return o.ApplyT(func(v IntegrationRegistryWebhook) *string { return v.AuthToken }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) } -func (o IntegrationRegistryWebhookOutput) Enabled() pulumi.BoolPtrOutput { - return o.ApplyT(func(v IntegrationRegistryWebhook) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +func (o VmwareAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) } -func (o IntegrationRegistryWebhookOutput) UnQuarantine() pulumi.BoolPtrOutput { - return o.ApplyT(func(v IntegrationRegistryWebhook) *bool { return v.UnQuarantine }).(pulumi.BoolPtrOutput) +func (o VmwareAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) } -// The URL, address or region of the registry -func (o IntegrationRegistryWebhookOutput) Url() pulumi.StringPtrOutput { - return o.ApplyT(func(v IntegrationRegistryWebhook) *string { return v.Url }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) } -type IntegrationRegistryWebhookArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } -func (IntegrationRegistryWebhookArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]IntegrationRegistryWebhook)(nil)).Elem() +func (VmwareAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyCustomCheck)(nil)).Elem() } -func (o IntegrationRegistryWebhookArrayOutput) ToIntegrationRegistryWebhookArrayOutput() IntegrationRegistryWebhookArrayOutput { +func (o VmwareAssurancePolicyCustomCheckArrayOutput) ToVmwareAssurancePolicyCustomCheckArrayOutput() VmwareAssurancePolicyCustomCheckArrayOutput { return o } -func (o IntegrationRegistryWebhookArrayOutput) ToIntegrationRegistryWebhookArrayOutputWithContext(ctx context.Context) IntegrationRegistryWebhookArrayOutput { +func (o VmwareAssurancePolicyCustomCheckArrayOutput) ToVmwareAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyCustomCheckArrayOutput { return o } -func (o IntegrationRegistryWebhookArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]IntegrationRegistryWebhook] { - return pulumix.Output[[]IntegrationRegistryWebhook]{ - OutputState: o.OutputState, - } -} - -func (o IntegrationRegistryWebhookArrayOutput) Index(i pulumi.IntInput) IntegrationRegistryWebhookOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) IntegrationRegistryWebhook { - return vs[0].([]IntegrationRegistryWebhook)[vs[1].(int)] - }).(IntegrationRegistryWebhookOutput) +func (o VmwareAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyCustomCheckOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyCustomCheck { + return vs[0].([]VmwareAssurancePolicyCustomCheck)[vs[1].(int)] + }).(VmwareAssurancePolicyCustomCheckOutput) } -type KubernetesAssurancePolicyAutoScanTime struct { - Iteration *int `pulumi:"iteration"` - IterationType *string `pulumi:"iterationType"` - Time *string `pulumi:"time"` - WeekDays []string `pulumi:"weekDays"` +type VmwareAssurancePolicyForbiddenLabel struct { + Key *string `pulumi:"key"` + Value *string `pulumi:"value"` } -// KubernetesAssurancePolicyAutoScanTimeInput is an input type that accepts KubernetesAssurancePolicyAutoScanTimeArgs and KubernetesAssurancePolicyAutoScanTimeOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyAutoScanTimeInput` via: +// VmwareAssurancePolicyForbiddenLabelInput is an input type that accepts VmwareAssurancePolicyForbiddenLabelArgs and VmwareAssurancePolicyForbiddenLabelOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyForbiddenLabelInput` via: // -// KubernetesAssurancePolicyAutoScanTimeArgs{...} -type KubernetesAssurancePolicyAutoScanTimeInput interface { +// VmwareAssurancePolicyForbiddenLabelArgs{...} +type VmwareAssurancePolicyForbiddenLabelInput interface { pulumi.Input - ToKubernetesAssurancePolicyAutoScanTimeOutput() KubernetesAssurancePolicyAutoScanTimeOutput - ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(context.Context) KubernetesAssurancePolicyAutoScanTimeOutput -} - -type KubernetesAssurancePolicyAutoScanTimeArgs struct { - Iteration pulumi.IntPtrInput `pulumi:"iteration"` - IterationType pulumi.StringPtrInput `pulumi:"iterationType"` - Time pulumi.StringPtrInput `pulumi:"time"` - WeekDays pulumi.StringArrayInput `pulumi:"weekDays"` + ToVmwareAssurancePolicyForbiddenLabelOutput() VmwareAssurancePolicyForbiddenLabelOutput + ToVmwareAssurancePolicyForbiddenLabelOutputWithContext(context.Context) VmwareAssurancePolicyForbiddenLabelOutput } -func (KubernetesAssurancePolicyAutoScanTimeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() +type VmwareAssurancePolicyForbiddenLabelArgs struct { + Key pulumi.StringPtrInput `pulumi:"key"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i KubernetesAssurancePolicyAutoScanTimeArgs) ToKubernetesAssurancePolicyAutoScanTimeOutput() KubernetesAssurancePolicyAutoScanTimeOutput { - return i.ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(context.Background()) +func (VmwareAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (i KubernetesAssurancePolicyAutoScanTimeArgs) ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyAutoScanTimeOutput) +func (i VmwareAssurancePolicyForbiddenLabelArgs) ToVmwareAssurancePolicyForbiddenLabelOutput() VmwareAssurancePolicyForbiddenLabelOutput { + return i.ToVmwareAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[KubernetesAssurancePolicyAutoScanTime]{ - OutputState: i.ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyForbiddenLabelArgs) ToVmwareAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) VmwareAssurancePolicyForbiddenLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyForbiddenLabelOutput) } -// KubernetesAssurancePolicyAutoScanTimeArrayInput is an input type that accepts KubernetesAssurancePolicyAutoScanTimeArray and KubernetesAssurancePolicyAutoScanTimeArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyAutoScanTimeArrayInput` via: +// VmwareAssurancePolicyForbiddenLabelArrayInput is an input type that accepts VmwareAssurancePolicyForbiddenLabelArray and VmwareAssurancePolicyForbiddenLabelArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyForbiddenLabelArrayInput` via: // -// KubernetesAssurancePolicyAutoScanTimeArray{ KubernetesAssurancePolicyAutoScanTimeArgs{...} } -type KubernetesAssurancePolicyAutoScanTimeArrayInput interface { +// VmwareAssurancePolicyForbiddenLabelArray{ VmwareAssurancePolicyForbiddenLabelArgs{...} } +type VmwareAssurancePolicyForbiddenLabelArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyAutoScanTimeArrayOutput() KubernetesAssurancePolicyAutoScanTimeArrayOutput - ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Context) KubernetesAssurancePolicyAutoScanTimeArrayOutput + ToVmwareAssurancePolicyForbiddenLabelArrayOutput() VmwareAssurancePolicyForbiddenLabelArrayOutput + ToVmwareAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) VmwareAssurancePolicyForbiddenLabelArrayOutput } -type KubernetesAssurancePolicyAutoScanTimeArray []KubernetesAssurancePolicyAutoScanTimeInput - -func (KubernetesAssurancePolicyAutoScanTimeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() -} +type VmwareAssurancePolicyForbiddenLabelArray []VmwareAssurancePolicyForbiddenLabelInput -func (i KubernetesAssurancePolicyAutoScanTimeArray) ToKubernetesAssurancePolicyAutoScanTimeArrayOutput() KubernetesAssurancePolicyAutoScanTimeArrayOutput { - return i.ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(context.Background()) +func (VmwareAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (i KubernetesAssurancePolicyAutoScanTimeArray) ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyAutoScanTimeArrayOutput) +func (i VmwareAssurancePolicyForbiddenLabelArray) ToVmwareAssurancePolicyForbiddenLabelArrayOutput() VmwareAssurancePolicyForbiddenLabelArrayOutput { + return i.ToVmwareAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[[]KubernetesAssurancePolicyAutoScanTime]{ - OutputState: i.ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyForbiddenLabelArray) ToVmwareAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyForbiddenLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyForbiddenLabelArrayOutput) } -type KubernetesAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() +func (VmwareAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (o KubernetesAssurancePolicyAutoScanTimeOutput) ToKubernetesAssurancePolicyAutoScanTimeOutput() KubernetesAssurancePolicyAutoScanTimeOutput { +func (o VmwareAssurancePolicyForbiddenLabelOutput) ToVmwareAssurancePolicyForbiddenLabelOutput() VmwareAssurancePolicyForbiddenLabelOutput { return o } -func (o KubernetesAssurancePolicyAutoScanTimeOutput) ToKubernetesAssurancePolicyAutoScanTimeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeOutput { +func (o VmwareAssurancePolicyForbiddenLabelOutput) ToVmwareAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) VmwareAssurancePolicyForbiddenLabelOutput { return o } -func (o KubernetesAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[KubernetesAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) *int { return v.Iteration }).(pulumi.IntPtrOutput) -} - -func (o KubernetesAssurancePolicyAutoScanTimeOutput) IterationType() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) *string { return v.IterationType }).(pulumi.StringPtrOutput) -} - -func (o KubernetesAssurancePolicyAutoScanTimeOutput) Time() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) *string { return v.Time }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyAutoScanTimeOutput) WeekDays() pulumi.StringArrayOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyAutoScanTime) []string { return v.WeekDays }).(pulumi.StringArrayOutput) +func (o VmwareAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyAutoScanTimeArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyAutoScanTimeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyAutoScanTime)(nil)).Elem() +func (VmwareAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyForbiddenLabel)(nil)).Elem() } -func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) ToKubernetesAssurancePolicyAutoScanTimeArrayOutput() KubernetesAssurancePolicyAutoScanTimeArrayOutput { +func (o VmwareAssurancePolicyForbiddenLabelArrayOutput) ToVmwareAssurancePolicyForbiddenLabelArrayOutput() VmwareAssurancePolicyForbiddenLabelArrayOutput { return o } -func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) ToKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyAutoScanTimeArrayOutput { +func (o VmwareAssurancePolicyForbiddenLabelArrayOutput) ToVmwareAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyForbiddenLabelArrayOutput { return o } -func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[[]KubernetesAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyAutoScanTimeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyAutoScanTime { - return vs[0].([]KubernetesAssurancePolicyAutoScanTime)[vs[1].(int)] - }).(KubernetesAssurancePolicyAutoScanTimeOutput) +func (o VmwareAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyForbiddenLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyForbiddenLabel { + return vs[0].([]VmwareAssurancePolicyForbiddenLabel)[vs[1].(int)] + }).(VmwareAssurancePolicyForbiddenLabelOutput) } -type KubernetesAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. - Author *string `pulumi:"author"` - Description *string `pulumi:"description"` - Engine *string `pulumi:"engine"` - LastModified *int `pulumi:"lastModified"` - Name *string `pulumi:"name"` - Path *string `pulumi:"path"` - ReadOnly *bool `pulumi:"readOnly"` - ScriptId *string `pulumi:"scriptId"` - Severity *string `pulumi:"severity"` - Snippet *string `pulumi:"snippet"` +type VmwareAssurancePolicyKubernetesControl struct { + AvdId *string `pulumi:"avdId"` + Description *string `pulumi:"description"` + Enabled *bool `pulumi:"enabled"` + Kind *string `pulumi:"kind"` + Name *string `pulumi:"name"` + Ootb *bool `pulumi:"ootb"` + ScriptId *int `pulumi:"scriptId"` + Severity *string `pulumi:"severity"` } -// KubernetesAssurancePolicyCustomCheckInput is an input type that accepts KubernetesAssurancePolicyCustomCheckArgs and KubernetesAssurancePolicyCustomCheckOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyCustomCheckInput` via: +// VmwareAssurancePolicyKubernetesControlInput is an input type that accepts VmwareAssurancePolicyKubernetesControlArgs and VmwareAssurancePolicyKubernetesControlOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyKubernetesControlInput` via: // -// KubernetesAssurancePolicyCustomCheckArgs{...} -type KubernetesAssurancePolicyCustomCheckInput interface { +// VmwareAssurancePolicyKubernetesControlArgs{...} +type VmwareAssurancePolicyKubernetesControlInput interface { pulumi.Input - ToKubernetesAssurancePolicyCustomCheckOutput() KubernetesAssurancePolicyCustomCheckOutput - ToKubernetesAssurancePolicyCustomCheckOutputWithContext(context.Context) KubernetesAssurancePolicyCustomCheckOutput -} - -type KubernetesAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. - Author pulumi.StringPtrInput `pulumi:"author"` - Description pulumi.StringPtrInput `pulumi:"description"` - Engine pulumi.StringPtrInput `pulumi:"engine"` - LastModified pulumi.IntPtrInput `pulumi:"lastModified"` - Name pulumi.StringPtrInput `pulumi:"name"` - Path pulumi.StringPtrInput `pulumi:"path"` - ReadOnly pulumi.BoolPtrInput `pulumi:"readOnly"` - ScriptId pulumi.StringPtrInput `pulumi:"scriptId"` - Severity pulumi.StringPtrInput `pulumi:"severity"` - Snippet pulumi.StringPtrInput `pulumi:"snippet"` + ToVmwareAssurancePolicyKubernetesControlOutput() VmwareAssurancePolicyKubernetesControlOutput + ToVmwareAssurancePolicyKubernetesControlOutputWithContext(context.Context) VmwareAssurancePolicyKubernetesControlOutput } -func (KubernetesAssurancePolicyCustomCheckArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyCustomCheck)(nil)).Elem() +type VmwareAssurancePolicyKubernetesControlArgs struct { + AvdId pulumi.StringPtrInput `pulumi:"avdId"` + Description pulumi.StringPtrInput `pulumi:"description"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + Kind pulumi.StringPtrInput `pulumi:"kind"` + Name pulumi.StringPtrInput `pulumi:"name"` + Ootb pulumi.BoolPtrInput `pulumi:"ootb"` + ScriptId pulumi.IntPtrInput `pulumi:"scriptId"` + Severity pulumi.StringPtrInput `pulumi:"severity"` } -func (i KubernetesAssurancePolicyCustomCheckArgs) ToKubernetesAssurancePolicyCustomCheckOutput() KubernetesAssurancePolicyCustomCheckOutput { - return i.ToKubernetesAssurancePolicyCustomCheckOutputWithContext(context.Background()) +func (VmwareAssurancePolicyKubernetesControlArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyKubernetesControl)(nil)).Elem() } -func (i KubernetesAssurancePolicyCustomCheckArgs) ToKubernetesAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyCustomCheckOutput) +func (i VmwareAssurancePolicyKubernetesControlArgs) ToVmwareAssurancePolicyKubernetesControlOutput() VmwareAssurancePolicyKubernetesControlOutput { + return i.ToVmwareAssurancePolicyKubernetesControlOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[KubernetesAssurancePolicyCustomCheck]{ - OutputState: i.ToKubernetesAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyKubernetesControlArgs) ToVmwareAssurancePolicyKubernetesControlOutputWithContext(ctx context.Context) VmwareAssurancePolicyKubernetesControlOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyKubernetesControlOutput) } -// KubernetesAssurancePolicyCustomCheckArrayInput is an input type that accepts KubernetesAssurancePolicyCustomCheckArray and KubernetesAssurancePolicyCustomCheckArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyCustomCheckArrayInput` via: +// VmwareAssurancePolicyKubernetesControlArrayInput is an input type that accepts VmwareAssurancePolicyKubernetesControlArray and VmwareAssurancePolicyKubernetesControlArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyKubernetesControlArrayInput` via: // -// KubernetesAssurancePolicyCustomCheckArray{ KubernetesAssurancePolicyCustomCheckArgs{...} } -type KubernetesAssurancePolicyCustomCheckArrayInput interface { +// VmwareAssurancePolicyKubernetesControlArray{ VmwareAssurancePolicyKubernetesControlArgs{...} } +type VmwareAssurancePolicyKubernetesControlArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyCustomCheckArrayOutput() KubernetesAssurancePolicyCustomCheckArrayOutput - ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(context.Context) KubernetesAssurancePolicyCustomCheckArrayOutput + ToVmwareAssurancePolicyKubernetesControlArrayOutput() VmwareAssurancePolicyKubernetesControlArrayOutput + ToVmwareAssurancePolicyKubernetesControlArrayOutputWithContext(context.Context) VmwareAssurancePolicyKubernetesControlArrayOutput } -type KubernetesAssurancePolicyCustomCheckArray []KubernetesAssurancePolicyCustomCheckInput - -func (KubernetesAssurancePolicyCustomCheckArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyCustomCheck)(nil)).Elem() -} +type VmwareAssurancePolicyKubernetesControlArray []VmwareAssurancePolicyKubernetesControlInput -func (i KubernetesAssurancePolicyCustomCheckArray) ToKubernetesAssurancePolicyCustomCheckArrayOutput() KubernetesAssurancePolicyCustomCheckArrayOutput { - return i.ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(context.Background()) +func (VmwareAssurancePolicyKubernetesControlArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyKubernetesControl)(nil)).Elem() } -func (i KubernetesAssurancePolicyCustomCheckArray) ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyCustomCheckArrayOutput) +func (i VmwareAssurancePolicyKubernetesControlArray) ToVmwareAssurancePolicyKubernetesControlArrayOutput() VmwareAssurancePolicyKubernetesControlArrayOutput { + return i.ToVmwareAssurancePolicyKubernetesControlArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[[]KubernetesAssurancePolicyCustomCheck]{ - OutputState: i.ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyKubernetesControlArray) ToVmwareAssurancePolicyKubernetesControlArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyKubernetesControlArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyKubernetesControlArrayOutput) } -type KubernetesAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyKubernetesControlOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyCustomCheck)(nil)).Elem() +func (VmwareAssurancePolicyKubernetesControlOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyKubernetesControl)(nil)).Elem() } -func (o KubernetesAssurancePolicyCustomCheckOutput) ToKubernetesAssurancePolicyCustomCheckOutput() KubernetesAssurancePolicyCustomCheckOutput { +func (o VmwareAssurancePolicyKubernetesControlOutput) ToVmwareAssurancePolicyKubernetesControlOutput() VmwareAssurancePolicyKubernetesControlOutput { return o } -func (o KubernetesAssurancePolicyCustomCheckOutput) ToKubernetesAssurancePolicyCustomCheckOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckOutput { +func (o VmwareAssurancePolicyKubernetesControlOutput) ToVmwareAssurancePolicyKubernetesControlOutputWithContext(ctx context.Context) VmwareAssurancePolicyKubernetesControlOutput { return o } -func (o KubernetesAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[KubernetesAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyKubernetesControlOutput) AvdId() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *string { return v.AvdId }).(pulumi.StringPtrOutput) } -// Name of user account that created the policy. -func (o KubernetesAssurancePolicyCustomCheckOutput) Author() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Author }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *string { return v.Description }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) Description() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Description }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) Engine() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Engine }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) Kind() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *string { return v.Kind }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) LastModified() pulumi.IntPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *int { return v.LastModified }).(pulumi.IntPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) Ootb() pulumi.BoolPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *bool { return v.Ootb }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) Path() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Path }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) ScriptId() pulumi.IntPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *int { return v.ScriptId }).(pulumi.IntPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) ReadOnly() pulumi.BoolPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *bool { return v.ReadOnly }).(pulumi.BoolPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlOutput) Severity() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyKubernetesControl) *string { return v.Severity }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyCustomCheckOutput) ScriptId() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.ScriptId }).(pulumi.StringPtrOutput) +type VmwareAssurancePolicyKubernetesControlArrayOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyKubernetesControlArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyKubernetesControl)(nil)).Elem() } -func (o KubernetesAssurancePolicyCustomCheckOutput) Severity() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Severity }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlArrayOutput) ToVmwareAssurancePolicyKubernetesControlArrayOutput() VmwareAssurancePolicyKubernetesControlArrayOutput { + return o } -func (o KubernetesAssurancePolicyCustomCheckOutput) Snippet() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyCustomCheck) *string { return v.Snippet }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyKubernetesControlArrayOutput) ToVmwareAssurancePolicyKubernetesControlArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyKubernetesControlArrayOutput { + return o } -type KubernetesAssurancePolicyCustomCheckArrayOutput struct{ *pulumi.OutputState } +func (o VmwareAssurancePolicyKubernetesControlArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyKubernetesControlOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyKubernetesControl { + return vs[0].([]VmwareAssurancePolicyKubernetesControl)[vs[1].(int)] + }).(VmwareAssurancePolicyKubernetesControlOutput) +} -func (KubernetesAssurancePolicyCustomCheckArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyCustomCheck)(nil)).Elem() +type VmwareAssurancePolicyPackagesBlackList struct { + Arch *string `pulumi:"arch"` + Display *string `pulumi:"display"` + Epoch *string `pulumi:"epoch"` + Format *string `pulumi:"format"` + License *string `pulumi:"license"` + Name *string `pulumi:"name"` + Release *string `pulumi:"release"` + Version *string `pulumi:"version"` + VersionRange *string `pulumi:"versionRange"` } -func (o KubernetesAssurancePolicyCustomCheckArrayOutput) ToKubernetesAssurancePolicyCustomCheckArrayOutput() KubernetesAssurancePolicyCustomCheckArrayOutput { - return o +// VmwareAssurancePolicyPackagesBlackListInput is an input type that accepts VmwareAssurancePolicyPackagesBlackListArgs and VmwareAssurancePolicyPackagesBlackListOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyPackagesBlackListInput` via: +// +// VmwareAssurancePolicyPackagesBlackListArgs{...} +type VmwareAssurancePolicyPackagesBlackListInput interface { + pulumi.Input + + ToVmwareAssurancePolicyPackagesBlackListOutput() VmwareAssurancePolicyPackagesBlackListOutput + ToVmwareAssurancePolicyPackagesBlackListOutputWithContext(context.Context) VmwareAssurancePolicyPackagesBlackListOutput } -func (o KubernetesAssurancePolicyCustomCheckArrayOutput) ToKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyCustomCheckArrayOutput { - return o +type VmwareAssurancePolicyPackagesBlackListArgs struct { + Arch pulumi.StringPtrInput `pulumi:"arch"` + Display pulumi.StringPtrInput `pulumi:"display"` + Epoch pulumi.StringPtrInput `pulumi:"epoch"` + Format pulumi.StringPtrInput `pulumi:"format"` + License pulumi.StringPtrInput `pulumi:"license"` + Name pulumi.StringPtrInput `pulumi:"name"` + Release pulumi.StringPtrInput `pulumi:"release"` + Version pulumi.StringPtrInput `pulumi:"version"` + VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` } -func (o KubernetesAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[[]KubernetesAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } +func (VmwareAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (o KubernetesAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyCustomCheckOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyCustomCheck { - return vs[0].([]KubernetesAssurancePolicyCustomCheck)[vs[1].(int)] - }).(KubernetesAssurancePolicyCustomCheckOutput) +func (i VmwareAssurancePolicyPackagesBlackListArgs) ToVmwareAssurancePolicyPackagesBlackListOutput() VmwareAssurancePolicyPackagesBlackListOutput { + return i.ToVmwareAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) } -type KubernetesAssurancePolicyForbiddenLabel struct { - Key *string `pulumi:"key"` - Value *string `pulumi:"value"` +func (i VmwareAssurancePolicyPackagesBlackListArgs) ToVmwareAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesBlackListOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPackagesBlackListOutput) } -// KubernetesAssurancePolicyForbiddenLabelInput is an input type that accepts KubernetesAssurancePolicyForbiddenLabelArgs and KubernetesAssurancePolicyForbiddenLabelOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyForbiddenLabelInput` via: +// VmwareAssurancePolicyPackagesBlackListArrayInput is an input type that accepts VmwareAssurancePolicyPackagesBlackListArray and VmwareAssurancePolicyPackagesBlackListArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyPackagesBlackListArrayInput` via: // -// KubernetesAssurancePolicyForbiddenLabelArgs{...} -type KubernetesAssurancePolicyForbiddenLabelInput interface { +// VmwareAssurancePolicyPackagesBlackListArray{ VmwareAssurancePolicyPackagesBlackListArgs{...} } +type VmwareAssurancePolicyPackagesBlackListArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyForbiddenLabelOutput() KubernetesAssurancePolicyForbiddenLabelOutput - ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(context.Context) KubernetesAssurancePolicyForbiddenLabelOutput -} - -type KubernetesAssurancePolicyForbiddenLabelArgs struct { - Key pulumi.StringPtrInput `pulumi:"key"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToVmwareAssurancePolicyPackagesBlackListArrayOutput() VmwareAssurancePolicyPackagesBlackListArrayOutput + ToVmwareAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) VmwareAssurancePolicyPackagesBlackListArrayOutput } -func (KubernetesAssurancePolicyForbiddenLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() -} +type VmwareAssurancePolicyPackagesBlackListArray []VmwareAssurancePolicyPackagesBlackListInput -func (i KubernetesAssurancePolicyForbiddenLabelArgs) ToKubernetesAssurancePolicyForbiddenLabelOutput() KubernetesAssurancePolicyForbiddenLabelOutput { - return i.ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(context.Background()) +func (VmwareAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (i KubernetesAssurancePolicyForbiddenLabelArgs) ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyForbiddenLabelOutput) +func (i VmwareAssurancePolicyPackagesBlackListArray) ToVmwareAssurancePolicyPackagesBlackListArrayOutput() VmwareAssurancePolicyPackagesBlackListArrayOutput { + return i.ToVmwareAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[KubernetesAssurancePolicyForbiddenLabel]{ - OutputState: i.ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyPackagesBlackListArray) ToVmwareAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesBlackListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPackagesBlackListArrayOutput) } -// KubernetesAssurancePolicyForbiddenLabelArrayInput is an input type that accepts KubernetesAssurancePolicyForbiddenLabelArray and KubernetesAssurancePolicyForbiddenLabelArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyForbiddenLabelArrayInput` via: -// -// KubernetesAssurancePolicyForbiddenLabelArray{ KubernetesAssurancePolicyForbiddenLabelArgs{...} } -type KubernetesAssurancePolicyForbiddenLabelArrayInput interface { - pulumi.Input +type VmwareAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } - ToKubernetesAssurancePolicyForbiddenLabelArrayOutput() KubernetesAssurancePolicyForbiddenLabelArrayOutput - ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Context) KubernetesAssurancePolicyForbiddenLabelArrayOutput +func (VmwareAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyPackagesBlackList)(nil)).Elem() } -type KubernetesAssurancePolicyForbiddenLabelArray []KubernetesAssurancePolicyForbiddenLabelInput - -func (KubernetesAssurancePolicyForbiddenLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() +func (o VmwareAssurancePolicyPackagesBlackListOutput) ToVmwareAssurancePolicyPackagesBlackListOutput() VmwareAssurancePolicyPackagesBlackListOutput { + return o } -func (i KubernetesAssurancePolicyForbiddenLabelArray) ToKubernetesAssurancePolicyForbiddenLabelArrayOutput() KubernetesAssurancePolicyForbiddenLabelArrayOutput { - return i.ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(context.Background()) +func (o VmwareAssurancePolicyPackagesBlackListOutput) ToVmwareAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesBlackListOutput { + return o } -func (i KubernetesAssurancePolicyForbiddenLabelArray) ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyForbiddenLabelArrayOutput) +func (o VmwareAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) } -func (i KubernetesAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]KubernetesAssurancePolicyForbiddenLabel]{ - OutputState: i.ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } +func (o VmwareAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } +func (o VmwareAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +} -func (KubernetesAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() +func (o VmwareAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyForbiddenLabelOutput) ToKubernetesAssurancePolicyForbiddenLabelOutput() KubernetesAssurancePolicyForbiddenLabelOutput { - return o +func (o VmwareAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyForbiddenLabelOutput) ToKubernetesAssurancePolicyForbiddenLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelOutput { - return o +func (o VmwareAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[KubernetesAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyForbiddenLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyForbiddenLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyForbiddenLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyForbiddenLabelArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyForbiddenLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyForbiddenLabel)(nil)).Elem() +func (VmwareAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyPackagesBlackList)(nil)).Elem() } -func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) ToKubernetesAssurancePolicyForbiddenLabelArrayOutput() KubernetesAssurancePolicyForbiddenLabelArrayOutput { +func (o VmwareAssurancePolicyPackagesBlackListArrayOutput) ToVmwareAssurancePolicyPackagesBlackListArrayOutput() VmwareAssurancePolicyPackagesBlackListArrayOutput { return o } -func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) ToKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyForbiddenLabelArrayOutput { +func (o VmwareAssurancePolicyPackagesBlackListArrayOutput) ToVmwareAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesBlackListArrayOutput { return o } -func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]KubernetesAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyForbiddenLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyForbiddenLabel { - return vs[0].([]KubernetesAssurancePolicyForbiddenLabel)[vs[1].(int)] - }).(KubernetesAssurancePolicyForbiddenLabelOutput) +func (o VmwareAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyPackagesBlackListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyPackagesBlackList { + return vs[0].([]VmwareAssurancePolicyPackagesBlackList)[vs[1].(int)] + }).(VmwareAssurancePolicyPackagesBlackListOutput) } -type KubernetesAssurancePolicyPackagesBlackList struct { +type VmwareAssurancePolicyPackagesWhiteList struct { Arch *string `pulumi:"arch"` Display *string `pulumi:"display"` Epoch *string `pulumi:"epoch"` @@ -11193,18 +25114,18 @@ type KubernetesAssurancePolicyPackagesBlackList struct { VersionRange *string `pulumi:"versionRange"` } -// KubernetesAssurancePolicyPackagesBlackListInput is an input type that accepts KubernetesAssurancePolicyPackagesBlackListArgs and KubernetesAssurancePolicyPackagesBlackListOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesBlackListInput` via: +// VmwareAssurancePolicyPackagesWhiteListInput is an input type that accepts VmwareAssurancePolicyPackagesWhiteListArgs and VmwareAssurancePolicyPackagesWhiteListOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyPackagesWhiteListInput` via: // -// KubernetesAssurancePolicyPackagesBlackListArgs{...} -type KubernetesAssurancePolicyPackagesBlackListInput interface { +// VmwareAssurancePolicyPackagesWhiteListArgs{...} +type VmwareAssurancePolicyPackagesWhiteListInput interface { pulumi.Input - ToKubernetesAssurancePolicyPackagesBlackListOutput() KubernetesAssurancePolicyPackagesBlackListOutput - ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesBlackListOutput + ToVmwareAssurancePolicyPackagesWhiteListOutput() VmwareAssurancePolicyPackagesWhiteListOutput + ToVmwareAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) VmwareAssurancePolicyPackagesWhiteListOutput } -type KubernetesAssurancePolicyPackagesBlackListArgs struct { +type VmwareAssurancePolicyPackagesWhiteListArgs struct { Arch pulumi.StringPtrInput `pulumi:"arch"` Display pulumi.StringPtrInput `pulumi:"display"` Epoch pulumi.StringPtrInput `pulumi:"epoch"` @@ -11216,5344 +25137,5168 @@ type KubernetesAssurancePolicyPackagesBlackListArgs struct { VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` } -func (KubernetesAssurancePolicyPackagesBlackListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() -} - -func (i KubernetesAssurancePolicyPackagesBlackListArgs) ToKubernetesAssurancePolicyPackagesBlackListOutput() KubernetesAssurancePolicyPackagesBlackListOutput { - return i.ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(context.Background()) +func (VmwareAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (i KubernetesAssurancePolicyPackagesBlackListArgs) ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesBlackListOutput) +func (i VmwareAssurancePolicyPackagesWhiteListArgs) ToVmwareAssurancePolicyPackagesWhiteListOutput() VmwareAssurancePolicyPackagesWhiteListOutput { + return i.ToVmwareAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[KubernetesAssurancePolicyPackagesBlackList]{ - OutputState: i.ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyPackagesWhiteListArgs) ToVmwareAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesWhiteListOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPackagesWhiteListOutput) } -// KubernetesAssurancePolicyPackagesBlackListArrayInput is an input type that accepts KubernetesAssurancePolicyPackagesBlackListArray and KubernetesAssurancePolicyPackagesBlackListArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesBlackListArrayInput` via: +// VmwareAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts VmwareAssurancePolicyPackagesWhiteListArray and VmwareAssurancePolicyPackagesWhiteListArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyPackagesWhiteListArrayInput` via: // -// KubernetesAssurancePolicyPackagesBlackListArray{ KubernetesAssurancePolicyPackagesBlackListArgs{...} } -type KubernetesAssurancePolicyPackagesBlackListArrayInput interface { +// VmwareAssurancePolicyPackagesWhiteListArray{ VmwareAssurancePolicyPackagesWhiteListArgs{...} } +type VmwareAssurancePolicyPackagesWhiteListArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyPackagesBlackListArrayOutput() KubernetesAssurancePolicyPackagesBlackListArrayOutput - ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesBlackListArrayOutput + ToVmwareAssurancePolicyPackagesWhiteListArrayOutput() VmwareAssurancePolicyPackagesWhiteListArrayOutput + ToVmwareAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) VmwareAssurancePolicyPackagesWhiteListArrayOutput } -type KubernetesAssurancePolicyPackagesBlackListArray []KubernetesAssurancePolicyPackagesBlackListInput - -func (KubernetesAssurancePolicyPackagesBlackListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() -} +type VmwareAssurancePolicyPackagesWhiteListArray []VmwareAssurancePolicyPackagesWhiteListInput -func (i KubernetesAssurancePolicyPackagesBlackListArray) ToKubernetesAssurancePolicyPackagesBlackListArrayOutput() KubernetesAssurancePolicyPackagesBlackListArrayOutput { - return i.ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(context.Background()) +func (VmwareAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (i KubernetesAssurancePolicyPackagesBlackListArray) ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesBlackListArrayOutput) +func (i VmwareAssurancePolicyPackagesWhiteListArray) ToVmwareAssurancePolicyPackagesWhiteListArrayOutput() VmwareAssurancePolicyPackagesWhiteListArrayOutput { + return i.ToVmwareAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]KubernetesAssurancePolicyPackagesBlackList]{ - OutputState: i.ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyPackagesWhiteListArray) ToVmwareAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesWhiteListArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPackagesWhiteListArrayOutput) } -type KubernetesAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() +func (VmwareAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) ToKubernetesAssurancePolicyPackagesBlackListOutput() KubernetesAssurancePolicyPackagesBlackListOutput { +func (o VmwareAssurancePolicyPackagesWhiteListOutput) ToVmwareAssurancePolicyPackagesWhiteListOutput() VmwareAssurancePolicyPackagesWhiteListOutput { return o } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) ToKubernetesAssurancePolicyPackagesBlackListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListOutput { +func (o VmwareAssurancePolicyPackagesWhiteListOutput) ToVmwareAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesWhiteListOutput { return o } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[KubernetesAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Arch }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Display }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.License }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Release }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesBlackListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesBlackList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyPackagesBlackListArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyPackagesBlackListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesBlackList)(nil)).Elem() +func (VmwareAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyPackagesWhiteList)(nil)).Elem() } -func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) ToKubernetesAssurancePolicyPackagesBlackListArrayOutput() KubernetesAssurancePolicyPackagesBlackListArrayOutput { +func (o VmwareAssurancePolicyPackagesWhiteListArrayOutput) ToVmwareAssurancePolicyPackagesWhiteListArrayOutput() VmwareAssurancePolicyPackagesWhiteListArrayOutput { return o } -func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) ToKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesBlackListArrayOutput { +func (o VmwareAssurancePolicyPackagesWhiteListArrayOutput) ToVmwareAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyPackagesWhiteListArrayOutput { return o } -func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]KubernetesAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyPackagesBlackListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyPackagesBlackList { - return vs[0].([]KubernetesAssurancePolicyPackagesBlackList)[vs[1].(int)] - }).(KubernetesAssurancePolicyPackagesBlackListOutput) +func (o VmwareAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyPackagesWhiteListOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyPackagesWhiteList { + return vs[0].([]VmwareAssurancePolicyPackagesWhiteList)[vs[1].(int)] + }).(VmwareAssurancePolicyPackagesWhiteListOutput) } -type KubernetesAssurancePolicyPackagesWhiteList struct { - Arch *string `pulumi:"arch"` - Display *string `pulumi:"display"` - Epoch *string `pulumi:"epoch"` - Format *string `pulumi:"format"` - License *string `pulumi:"license"` - Name *string `pulumi:"name"` - Release *string `pulumi:"release"` - Version *string `pulumi:"version"` - VersionRange *string `pulumi:"versionRange"` +type VmwareAssurancePolicyPolicySettings struct { + Enforce *bool `pulumi:"enforce"` + IsAuditChecked *bool `pulumi:"isAuditChecked"` + Warn *bool `pulumi:"warn"` + WarningMessage *string `pulumi:"warningMessage"` } -// KubernetesAssurancePolicyPackagesWhiteListInput is an input type that accepts KubernetesAssurancePolicyPackagesWhiteListArgs and KubernetesAssurancePolicyPackagesWhiteListOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesWhiteListInput` via: +// VmwareAssurancePolicyPolicySettingsInput is an input type that accepts VmwareAssurancePolicyPolicySettingsArgs and VmwareAssurancePolicyPolicySettingsOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyPolicySettingsInput` via: // -// KubernetesAssurancePolicyPackagesWhiteListArgs{...} -type KubernetesAssurancePolicyPackagesWhiteListInput interface { +// VmwareAssurancePolicyPolicySettingsArgs{...} +type VmwareAssurancePolicyPolicySettingsInput interface { pulumi.Input - ToKubernetesAssurancePolicyPackagesWhiteListOutput() KubernetesAssurancePolicyPackagesWhiteListOutput - ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesWhiteListOutput + ToVmwareAssurancePolicyPolicySettingsOutput() VmwareAssurancePolicyPolicySettingsOutput + ToVmwareAssurancePolicyPolicySettingsOutputWithContext(context.Context) VmwareAssurancePolicyPolicySettingsOutput } -type KubernetesAssurancePolicyPackagesWhiteListArgs struct { - Arch pulumi.StringPtrInput `pulumi:"arch"` - Display pulumi.StringPtrInput `pulumi:"display"` - Epoch pulumi.StringPtrInput `pulumi:"epoch"` - Format pulumi.StringPtrInput `pulumi:"format"` - License pulumi.StringPtrInput `pulumi:"license"` - Name pulumi.StringPtrInput `pulumi:"name"` - Release pulumi.StringPtrInput `pulumi:"release"` - Version pulumi.StringPtrInput `pulumi:"version"` - VersionRange pulumi.StringPtrInput `pulumi:"versionRange"` +type VmwareAssurancePolicyPolicySettingsArgs struct { + Enforce pulumi.BoolPtrInput `pulumi:"enforce"` + IsAuditChecked pulumi.BoolPtrInput `pulumi:"isAuditChecked"` + Warn pulumi.BoolPtrInput `pulumi:"warn"` + WarningMessage pulumi.StringPtrInput `pulumi:"warningMessage"` } -func (KubernetesAssurancePolicyPackagesWhiteListArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (VmwareAssurancePolicyPolicySettingsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyPolicySettings)(nil)).Elem() } -func (i KubernetesAssurancePolicyPackagesWhiteListArgs) ToKubernetesAssurancePolicyPackagesWhiteListOutput() KubernetesAssurancePolicyPackagesWhiteListOutput { - return i.ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(context.Background()) +func (i VmwareAssurancePolicyPolicySettingsArgs) ToVmwareAssurancePolicyPolicySettingsOutput() VmwareAssurancePolicyPolicySettingsOutput { + return i.ToVmwareAssurancePolicyPolicySettingsOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyPackagesWhiteListArgs) ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesWhiteListOutput) +func (i VmwareAssurancePolicyPolicySettingsArgs) ToVmwareAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) VmwareAssurancePolicyPolicySettingsOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPolicySettingsOutput) } -func (i KubernetesAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[KubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyPolicySettingsArgs) ToVmwareAssurancePolicyPolicySettingsPtrOutput() VmwareAssurancePolicyPolicySettingsPtrOutput { + return i.ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -// KubernetesAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts KubernetesAssurancePolicyPackagesWhiteListArray and KubernetesAssurancePolicyPackagesWhiteListArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyPackagesWhiteListArrayInput` via: +func (i VmwareAssurancePolicyPolicySettingsArgs) ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) VmwareAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPolicySettingsOutput).ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(ctx) +} + +// VmwareAssurancePolicyPolicySettingsPtrInput is an input type that accepts VmwareAssurancePolicyPolicySettingsArgs, VmwareAssurancePolicyPolicySettingsPtr and VmwareAssurancePolicyPolicySettingsPtrOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyPolicySettingsPtrInput` via: // -// KubernetesAssurancePolicyPackagesWhiteListArray{ KubernetesAssurancePolicyPackagesWhiteListArgs{...} } -type KubernetesAssurancePolicyPackagesWhiteListArrayInput interface { +// VmwareAssurancePolicyPolicySettingsArgs{...} +// +// or: +// +// nil +type VmwareAssurancePolicyPolicySettingsPtrInput interface { pulumi.Input - ToKubernetesAssurancePolicyPackagesWhiteListArrayOutput() KubernetesAssurancePolicyPackagesWhiteListArrayOutput - ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Context) KubernetesAssurancePolicyPackagesWhiteListArrayOutput + ToVmwareAssurancePolicyPolicySettingsPtrOutput() VmwareAssurancePolicyPolicySettingsPtrOutput + ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(context.Context) VmwareAssurancePolicyPolicySettingsPtrOutput } -type KubernetesAssurancePolicyPackagesWhiteListArray []KubernetesAssurancePolicyPackagesWhiteListInput +type vmwareAssurancePolicyPolicySettingsPtrType VmwareAssurancePolicyPolicySettingsArgs -func (KubernetesAssurancePolicyPackagesWhiteListArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() +func VmwareAssurancePolicyPolicySettingsPtr(v *VmwareAssurancePolicyPolicySettingsArgs) VmwareAssurancePolicyPolicySettingsPtrInput { + return (*vmwareAssurancePolicyPolicySettingsPtrType)(v) } -func (i KubernetesAssurancePolicyPackagesWhiteListArray) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutput() KubernetesAssurancePolicyPackagesWhiteListArrayOutput { - return i.ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(context.Background()) +func (*vmwareAssurancePolicyPolicySettingsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**VmwareAssurancePolicyPolicySettings)(nil)).Elem() } -func (i KubernetesAssurancePolicyPackagesWhiteListArray) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyPackagesWhiteListArrayOutput) +func (i *vmwareAssurancePolicyPolicySettingsPtrType) ToVmwareAssurancePolicyPolicySettingsPtrOutput() VmwareAssurancePolicyPolicySettingsPtrOutput { + return i.ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]KubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } +func (i *vmwareAssurancePolicyPolicySettingsPtrType) ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) VmwareAssurancePolicyPolicySettingsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyPolicySettingsPtrOutput) } -type KubernetesAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyPolicySettingsOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (VmwareAssurancePolicyPolicySettingsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyPolicySettings)(nil)).Elem() } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) ToKubernetesAssurancePolicyPackagesWhiteListOutput() KubernetesAssurancePolicyPackagesWhiteListOutput { +func (o VmwareAssurancePolicyPolicySettingsOutput) ToVmwareAssurancePolicyPolicySettingsOutput() VmwareAssurancePolicyPolicySettingsOutput { return o } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) ToKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListOutput { +func (o VmwareAssurancePolicyPolicySettingsOutput) ToVmwareAssurancePolicyPolicySettingsOutputWithContext(ctx context.Context) VmwareAssurancePolicyPolicySettingsOutput { return o } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[KubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyPolicySettingsOutput) ToVmwareAssurancePolicyPolicySettingsPtrOutput() VmwareAssurancePolicyPolicySettingsPtrOutput { + return o.ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(context.Background()) } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Arch }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsOutput) ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) VmwareAssurancePolicyPolicySettingsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v VmwareAssurancePolicyPolicySettings) *VmwareAssurancePolicyPolicySettings { + return &v + }).(VmwareAssurancePolicyPolicySettingsPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Display() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Display }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPolicySettings) *bool { return v.Enforce }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Epoch() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Epoch }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPolicySettings) *bool { return v.IsAuditChecked }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Format() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Format }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPolicySettings) *bool { return v.Warn }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) License() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.License }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyPolicySettings) *string { return v.WarningMessage }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Name }).(pulumi.StringPtrOutput) -} +type VmwareAssurancePolicyPolicySettingsPtrOutput struct{ *pulumi.OutputState } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Release() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Release }).(pulumi.StringPtrOutput) +func (VmwareAssurancePolicyPolicySettingsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**VmwareAssurancePolicyPolicySettings)(nil)).Elem() } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.Version }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) ToVmwareAssurancePolicyPolicySettingsPtrOutput() VmwareAssurancePolicyPolicySettingsPtrOutput { + return o } -func (o KubernetesAssurancePolicyPackagesWhiteListOutput) VersionRange() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyPackagesWhiteList) *string { return v.VersionRange }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) ToVmwareAssurancePolicyPolicySettingsPtrOutputWithContext(ctx context.Context) VmwareAssurancePolicyPolicySettingsPtrOutput { + return o } -type KubernetesAssurancePolicyPackagesWhiteListArrayOutput struct{ *pulumi.OutputState } - -func (KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyPackagesWhiteList)(nil)).Elem() +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) Elem() VmwareAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *VmwareAssurancePolicyPolicySettings) VmwareAssurancePolicyPolicySettings { + if v != nil { + return *v + } + var ret VmwareAssurancePolicyPolicySettings + return ret + }).(VmwareAssurancePolicyPolicySettingsOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutput() KubernetesAssurancePolicyPackagesWhiteListArrayOutput { - return o +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Enforce + }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyPackagesWhiteListArrayOutput { - return o +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) IsAuditChecked() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.IsAuditChecked + }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]KubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) Warn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicyPolicySettings) *bool { + if v == nil { + return nil + } + return v.Warn + }).(pulumi.BoolPtrOutput) } -func (o KubernetesAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyPackagesWhiteListOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyPackagesWhiteList { - return vs[0].([]KubernetesAssurancePolicyPackagesWhiteList)[vs[1].(int)] - }).(KubernetesAssurancePolicyPackagesWhiteListOutput) +func (o VmwareAssurancePolicyPolicySettingsPtrOutput) WarningMessage() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicyPolicySettings) *string { + if v == nil { + return nil + } + return v.WarningMessage + }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyRequiredLabel struct { +type VmwareAssurancePolicyRequiredLabel struct { Key *string `pulumi:"key"` Value *string `pulumi:"value"` } -// KubernetesAssurancePolicyRequiredLabelInput is an input type that accepts KubernetesAssurancePolicyRequiredLabelArgs and KubernetesAssurancePolicyRequiredLabelOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyRequiredLabelInput` via: +// VmwareAssurancePolicyRequiredLabelInput is an input type that accepts VmwareAssurancePolicyRequiredLabelArgs and VmwareAssurancePolicyRequiredLabelOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyRequiredLabelInput` via: // -// KubernetesAssurancePolicyRequiredLabelArgs{...} -type KubernetesAssurancePolicyRequiredLabelInput interface { +// VmwareAssurancePolicyRequiredLabelArgs{...} +type VmwareAssurancePolicyRequiredLabelInput interface { pulumi.Input - ToKubernetesAssurancePolicyRequiredLabelOutput() KubernetesAssurancePolicyRequiredLabelOutput - ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(context.Context) KubernetesAssurancePolicyRequiredLabelOutput + ToVmwareAssurancePolicyRequiredLabelOutput() VmwareAssurancePolicyRequiredLabelOutput + ToVmwareAssurancePolicyRequiredLabelOutputWithContext(context.Context) VmwareAssurancePolicyRequiredLabelOutput } -type KubernetesAssurancePolicyRequiredLabelArgs struct { +type VmwareAssurancePolicyRequiredLabelArgs struct { Key pulumi.StringPtrInput `pulumi:"key"` Value pulumi.StringPtrInput `pulumi:"value"` } -func (KubernetesAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() +func (VmwareAssurancePolicyRequiredLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyRequiredLabel)(nil)).Elem() } -func (i KubernetesAssurancePolicyRequiredLabelArgs) ToKubernetesAssurancePolicyRequiredLabelOutput() KubernetesAssurancePolicyRequiredLabelOutput { - return i.ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(context.Background()) +func (i VmwareAssurancePolicyRequiredLabelArgs) ToVmwareAssurancePolicyRequiredLabelOutput() VmwareAssurancePolicyRequiredLabelOutput { + return i.ToVmwareAssurancePolicyRequiredLabelOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyRequiredLabelArgs) ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyRequiredLabelOutput) +func (i VmwareAssurancePolicyRequiredLabelArgs) ToVmwareAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) VmwareAssurancePolicyRequiredLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyRequiredLabelOutput) } -func (i KubernetesAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[KubernetesAssurancePolicyRequiredLabel]{ - OutputState: i.ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } +// VmwareAssurancePolicyRequiredLabelArrayInput is an input type that accepts VmwareAssurancePolicyRequiredLabelArray and VmwareAssurancePolicyRequiredLabelArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyRequiredLabelArrayInput` via: +// +// VmwareAssurancePolicyRequiredLabelArray{ VmwareAssurancePolicyRequiredLabelArgs{...} } +type VmwareAssurancePolicyRequiredLabelArrayInput interface { + pulumi.Input + + ToVmwareAssurancePolicyRequiredLabelArrayOutput() VmwareAssurancePolicyRequiredLabelArrayOutput + ToVmwareAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) VmwareAssurancePolicyRequiredLabelArrayOutput } -// KubernetesAssurancePolicyRequiredLabelArrayInput is an input type that accepts KubernetesAssurancePolicyRequiredLabelArray and KubernetesAssurancePolicyRequiredLabelArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyRequiredLabelArrayInput` via: +type VmwareAssurancePolicyRequiredLabelArray []VmwareAssurancePolicyRequiredLabelInput + +func (VmwareAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (i VmwareAssurancePolicyRequiredLabelArray) ToVmwareAssurancePolicyRequiredLabelArrayOutput() VmwareAssurancePolicyRequiredLabelArrayOutput { + return i.ToVmwareAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +} + +func (i VmwareAssurancePolicyRequiredLabelArray) ToVmwareAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyRequiredLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyRequiredLabelArrayOutput) +} + +type VmwareAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o VmwareAssurancePolicyRequiredLabelOutput) ToVmwareAssurancePolicyRequiredLabelOutput() VmwareAssurancePolicyRequiredLabelOutput { + return o +} + +func (o VmwareAssurancePolicyRequiredLabelOutput) ToVmwareAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) VmwareAssurancePolicyRequiredLabelOutput { + return o +} + +func (o VmwareAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type VmwareAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyRequiredLabel)(nil)).Elem() +} + +func (o VmwareAssurancePolicyRequiredLabelArrayOutput) ToVmwareAssurancePolicyRequiredLabelArrayOutput() VmwareAssurancePolicyRequiredLabelArrayOutput { + return o +} + +func (o VmwareAssurancePolicyRequiredLabelArrayOutput) ToVmwareAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyRequiredLabelArrayOutput { + return o +} + +func (o VmwareAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyRequiredLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyRequiredLabel { + return vs[0].([]VmwareAssurancePolicyRequiredLabel)[vs[1].(int)] + }).(VmwareAssurancePolicyRequiredLabelOutput) +} + +type VmwareAssurancePolicyScope struct { + Expression *string `pulumi:"expression"` + Variables []VmwareAssurancePolicyScopeVariable `pulumi:"variables"` +} + +// VmwareAssurancePolicyScopeInput is an input type that accepts VmwareAssurancePolicyScopeArgs and VmwareAssurancePolicyScopeOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyScopeInput` via: // -// KubernetesAssurancePolicyRequiredLabelArray{ KubernetesAssurancePolicyRequiredLabelArgs{...} } -type KubernetesAssurancePolicyRequiredLabelArrayInput interface { +// VmwareAssurancePolicyScopeArgs{...} +type VmwareAssurancePolicyScopeInput interface { pulumi.Input - ToKubernetesAssurancePolicyRequiredLabelArrayOutput() KubernetesAssurancePolicyRequiredLabelArrayOutput - ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(context.Context) KubernetesAssurancePolicyRequiredLabelArrayOutput + ToVmwareAssurancePolicyScopeOutput() VmwareAssurancePolicyScopeOutput + ToVmwareAssurancePolicyScopeOutputWithContext(context.Context) VmwareAssurancePolicyScopeOutput +} + +type VmwareAssurancePolicyScopeArgs struct { + Expression pulumi.StringPtrInput `pulumi:"expression"` + Variables VmwareAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` +} + +func (VmwareAssurancePolicyScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyScope)(nil)).Elem() +} + +func (i VmwareAssurancePolicyScopeArgs) ToVmwareAssurancePolicyScopeOutput() VmwareAssurancePolicyScopeOutput { + return i.ToVmwareAssurancePolicyScopeOutputWithContext(context.Background()) +} + +func (i VmwareAssurancePolicyScopeArgs) ToVmwareAssurancePolicyScopeOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyScopeOutput) } -type KubernetesAssurancePolicyRequiredLabelArray []KubernetesAssurancePolicyRequiredLabelInput +// VmwareAssurancePolicyScopeArrayInput is an input type that accepts VmwareAssurancePolicyScopeArray and VmwareAssurancePolicyScopeArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyScopeArrayInput` via: +// +// VmwareAssurancePolicyScopeArray{ VmwareAssurancePolicyScopeArgs{...} } +type VmwareAssurancePolicyScopeArrayInput interface { + pulumi.Input -func (KubernetesAssurancePolicyRequiredLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() + ToVmwareAssurancePolicyScopeArrayOutput() VmwareAssurancePolicyScopeArrayOutput + ToVmwareAssurancePolicyScopeArrayOutputWithContext(context.Context) VmwareAssurancePolicyScopeArrayOutput } -func (i KubernetesAssurancePolicyRequiredLabelArray) ToKubernetesAssurancePolicyRequiredLabelArrayOutput() KubernetesAssurancePolicyRequiredLabelArrayOutput { - return i.ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(context.Background()) +type VmwareAssurancePolicyScopeArray []VmwareAssurancePolicyScopeInput + +func (VmwareAssurancePolicyScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyScope)(nil)).Elem() } -func (i KubernetesAssurancePolicyRequiredLabelArray) ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyRequiredLabelArrayOutput) +func (i VmwareAssurancePolicyScopeArray) ToVmwareAssurancePolicyScopeArrayOutput() VmwareAssurancePolicyScopeArrayOutput { + return i.ToVmwareAssurancePolicyScopeArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[[]KubernetesAssurancePolicyRequiredLabel]{ - OutputState: i.ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyScopeArray) ToVmwareAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyScopeArrayOutput) } -type KubernetesAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyScopeOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() +func (VmwareAssurancePolicyScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyScope)(nil)).Elem() } -func (o KubernetesAssurancePolicyRequiredLabelOutput) ToKubernetesAssurancePolicyRequiredLabelOutput() KubernetesAssurancePolicyRequiredLabelOutput { +func (o VmwareAssurancePolicyScopeOutput) ToVmwareAssurancePolicyScopeOutput() VmwareAssurancePolicyScopeOutput { return o } -func (o KubernetesAssurancePolicyRequiredLabelOutput) ToKubernetesAssurancePolicyRequiredLabelOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelOutput { +func (o VmwareAssurancePolicyScopeOutput) ToVmwareAssurancePolicyScopeOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeOutput { return o } -func (o KubernetesAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[KubernetesAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyRequiredLabelOutput) Key() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyRequiredLabel) *string { return v.Key }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyRequiredLabelOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyRequiredLabel) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyScopeOutput) Variables() VmwareAssurancePolicyScopeVariableArrayOutput { + return o.ApplyT(func(v VmwareAssurancePolicyScope) []VmwareAssurancePolicyScopeVariable { return v.Variables }).(VmwareAssurancePolicyScopeVariableArrayOutput) } -type KubernetesAssurancePolicyRequiredLabelArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyRequiredLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyRequiredLabel)(nil)).Elem() +func (VmwareAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyScope)(nil)).Elem() } -func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) ToKubernetesAssurancePolicyRequiredLabelArrayOutput() KubernetesAssurancePolicyRequiredLabelArrayOutput { +func (o VmwareAssurancePolicyScopeArrayOutput) ToVmwareAssurancePolicyScopeArrayOutput() VmwareAssurancePolicyScopeArrayOutput { return o } -func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) ToKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyRequiredLabelArrayOutput { +func (o VmwareAssurancePolicyScopeArrayOutput) ToVmwareAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeArrayOutput { return o } -func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[[]KubernetesAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyRequiredLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyRequiredLabel { - return vs[0].([]KubernetesAssurancePolicyRequiredLabel)[vs[1].(int)] - }).(KubernetesAssurancePolicyRequiredLabelOutput) +func (o VmwareAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyScope { + return vs[0].([]VmwareAssurancePolicyScope)[vs[1].(int)] + }).(VmwareAssurancePolicyScopeOutput) } -type KubernetesAssurancePolicyScope struct { - Expression *string `pulumi:"expression"` - Variables []KubernetesAssurancePolicyScopeVariable `pulumi:"variables"` +type VmwareAssurancePolicyScopeVariable struct { + Attribute *string `pulumi:"attribute"` + Name *string `pulumi:"name"` + Value *string `pulumi:"value"` } -// KubernetesAssurancePolicyScopeInput is an input type that accepts KubernetesAssurancePolicyScopeArgs and KubernetesAssurancePolicyScopeOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyScopeInput` via: +// VmwareAssurancePolicyScopeVariableInput is an input type that accepts VmwareAssurancePolicyScopeVariableArgs and VmwareAssurancePolicyScopeVariableOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyScopeVariableInput` via: // -// KubernetesAssurancePolicyScopeArgs{...} -type KubernetesAssurancePolicyScopeInput interface { +// VmwareAssurancePolicyScopeVariableArgs{...} +type VmwareAssurancePolicyScopeVariableInput interface { pulumi.Input - ToKubernetesAssurancePolicyScopeOutput() KubernetesAssurancePolicyScopeOutput - ToKubernetesAssurancePolicyScopeOutputWithContext(context.Context) KubernetesAssurancePolicyScopeOutput -} - -type KubernetesAssurancePolicyScopeArgs struct { - Expression pulumi.StringPtrInput `pulumi:"expression"` - Variables KubernetesAssurancePolicyScopeVariableArrayInput `pulumi:"variables"` + ToVmwareAssurancePolicyScopeVariableOutput() VmwareAssurancePolicyScopeVariableOutput + ToVmwareAssurancePolicyScopeVariableOutputWithContext(context.Context) VmwareAssurancePolicyScopeVariableOutput } -func (KubernetesAssurancePolicyScopeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyScope)(nil)).Elem() +type VmwareAssurancePolicyScopeVariableArgs struct { + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + Name pulumi.StringPtrInput `pulumi:"name"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i KubernetesAssurancePolicyScopeArgs) ToKubernetesAssurancePolicyScopeOutput() KubernetesAssurancePolicyScopeOutput { - return i.ToKubernetesAssurancePolicyScopeOutputWithContext(context.Background()) +func (VmwareAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyScopeVariable)(nil)).Elem() } -func (i KubernetesAssurancePolicyScopeArgs) ToKubernetesAssurancePolicyScopeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeOutput) +func (i VmwareAssurancePolicyScopeVariableArgs) ToVmwareAssurancePolicyScopeVariableOutput() VmwareAssurancePolicyScopeVariableOutput { + return i.ToVmwareAssurancePolicyScopeVariableOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyScope] { - return pulumix.Output[KubernetesAssurancePolicyScope]{ - OutputState: i.ToKubernetesAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyScopeVariableArgs) ToVmwareAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyScopeVariableOutput) } -// KubernetesAssurancePolicyScopeArrayInput is an input type that accepts KubernetesAssurancePolicyScopeArray and KubernetesAssurancePolicyScopeArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyScopeArrayInput` via: +// VmwareAssurancePolicyScopeVariableArrayInput is an input type that accepts VmwareAssurancePolicyScopeVariableArray and VmwareAssurancePolicyScopeVariableArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyScopeVariableArrayInput` via: // -// KubernetesAssurancePolicyScopeArray{ KubernetesAssurancePolicyScopeArgs{...} } -type KubernetesAssurancePolicyScopeArrayInput interface { +// VmwareAssurancePolicyScopeVariableArray{ VmwareAssurancePolicyScopeVariableArgs{...} } +type VmwareAssurancePolicyScopeVariableArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyScopeArrayOutput() KubernetesAssurancePolicyScopeArrayOutput - ToKubernetesAssurancePolicyScopeArrayOutputWithContext(context.Context) KubernetesAssurancePolicyScopeArrayOutput + ToVmwareAssurancePolicyScopeVariableArrayOutput() VmwareAssurancePolicyScopeVariableArrayOutput + ToVmwareAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) VmwareAssurancePolicyScopeVariableArrayOutput } -type KubernetesAssurancePolicyScopeArray []KubernetesAssurancePolicyScopeInput - -func (KubernetesAssurancePolicyScopeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyScope)(nil)).Elem() -} +type VmwareAssurancePolicyScopeVariableArray []VmwareAssurancePolicyScopeVariableInput -func (i KubernetesAssurancePolicyScopeArray) ToKubernetesAssurancePolicyScopeArrayOutput() KubernetesAssurancePolicyScopeArrayOutput { - return i.ToKubernetesAssurancePolicyScopeArrayOutputWithContext(context.Background()) +func (VmwareAssurancePolicyScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyScopeVariable)(nil)).Elem() } -func (i KubernetesAssurancePolicyScopeArray) ToKubernetesAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeArrayOutput) +func (i VmwareAssurancePolicyScopeVariableArray) ToVmwareAssurancePolicyScopeVariableArrayOutput() VmwareAssurancePolicyScopeVariableArrayOutput { + return i.ToVmwareAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyScope] { - return pulumix.Output[[]KubernetesAssurancePolicyScope]{ - OutputState: i.ToKubernetesAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyScopeVariableArray) ToVmwareAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyScopeVariableArrayOutput) } -type KubernetesAssurancePolicyScopeOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyScopeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyScope)(nil)).Elem() +func (VmwareAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyScopeVariable)(nil)).Elem() } -func (o KubernetesAssurancePolicyScopeOutput) ToKubernetesAssurancePolicyScopeOutput() KubernetesAssurancePolicyScopeOutput { +func (o VmwareAssurancePolicyScopeVariableOutput) ToVmwareAssurancePolicyScopeVariableOutput() VmwareAssurancePolicyScopeVariableOutput { return o } -func (o KubernetesAssurancePolicyScopeOutput) ToKubernetesAssurancePolicyScopeOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeOutput { +func (o VmwareAssurancePolicyScopeVariableOutput) ToVmwareAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeVariableOutput { return o } -func (o KubernetesAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyScope] { - return pulumix.Output[KubernetesAssurancePolicyScope]{ - OutputState: o.OutputState, - } +func (o VmwareAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyScopeOutput) Expression() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyScope) *string { return v.Expression }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyScopeOutput) Variables() KubernetesAssurancePolicyScopeVariableArrayOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyScope) []KubernetesAssurancePolicyScopeVariable { return v.Variables }).(KubernetesAssurancePolicyScopeVariableArrayOutput) +func (o VmwareAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyScopeArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyScopeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyScope)(nil)).Elem() +func (VmwareAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyScopeVariable)(nil)).Elem() } -func (o KubernetesAssurancePolicyScopeArrayOutput) ToKubernetesAssurancePolicyScopeArrayOutput() KubernetesAssurancePolicyScopeArrayOutput { +func (o VmwareAssurancePolicyScopeVariableArrayOutput) ToVmwareAssurancePolicyScopeVariableArrayOutput() VmwareAssurancePolicyScopeVariableArrayOutput { return o } -func (o KubernetesAssurancePolicyScopeArrayOutput) ToKubernetesAssurancePolicyScopeArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeArrayOutput { +func (o VmwareAssurancePolicyScopeVariableArrayOutput) ToVmwareAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyScopeVariableArrayOutput { return o } -func (o KubernetesAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyScope] { - return pulumix.Output[[]KubernetesAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyScopeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyScope { - return vs[0].([]KubernetesAssurancePolicyScope)[vs[1].(int)] - }).(KubernetesAssurancePolicyScopeOutput) +func (o VmwareAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyScopeVariable { + return vs[0].([]VmwareAssurancePolicyScopeVariable)[vs[1].(int)] + }).(VmwareAssurancePolicyScopeVariableOutput) } -type KubernetesAssurancePolicyScopeVariable struct { - Attribute *string `pulumi:"attribute"` - Name *string `pulumi:"name"` - Value *string `pulumi:"value"` +type VmwareAssurancePolicyTrustedBaseImage struct { + Imagename *string `pulumi:"imagename"` + Registry *string `pulumi:"registry"` } -// KubernetesAssurancePolicyScopeVariableInput is an input type that accepts KubernetesAssurancePolicyScopeVariableArgs and KubernetesAssurancePolicyScopeVariableOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyScopeVariableInput` via: +// VmwareAssurancePolicyTrustedBaseImageInput is an input type that accepts VmwareAssurancePolicyTrustedBaseImageArgs and VmwareAssurancePolicyTrustedBaseImageOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyTrustedBaseImageInput` via: // -// KubernetesAssurancePolicyScopeVariableArgs{...} -type KubernetesAssurancePolicyScopeVariableInput interface { +// VmwareAssurancePolicyTrustedBaseImageArgs{...} +type VmwareAssurancePolicyTrustedBaseImageInput interface { pulumi.Input - ToKubernetesAssurancePolicyScopeVariableOutput() KubernetesAssurancePolicyScopeVariableOutput - ToKubernetesAssurancePolicyScopeVariableOutputWithContext(context.Context) KubernetesAssurancePolicyScopeVariableOutput -} - -type KubernetesAssurancePolicyScopeVariableArgs struct { - Attribute pulumi.StringPtrInput `pulumi:"attribute"` - Name pulumi.StringPtrInput `pulumi:"name"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToVmwareAssurancePolicyTrustedBaseImageOutput() VmwareAssurancePolicyTrustedBaseImageOutput + ToVmwareAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) VmwareAssurancePolicyTrustedBaseImageOutput } -func (KubernetesAssurancePolicyScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyScopeVariable)(nil)).Elem() +type VmwareAssurancePolicyTrustedBaseImageArgs struct { + Imagename pulumi.StringPtrInput `pulumi:"imagename"` + Registry pulumi.StringPtrInput `pulumi:"registry"` } -func (i KubernetesAssurancePolicyScopeVariableArgs) ToKubernetesAssurancePolicyScopeVariableOutput() KubernetesAssurancePolicyScopeVariableOutput { - return i.ToKubernetesAssurancePolicyScopeVariableOutputWithContext(context.Background()) +func (VmwareAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (i KubernetesAssurancePolicyScopeVariableArgs) ToKubernetesAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeVariableOutput) +func (i VmwareAssurancePolicyTrustedBaseImageArgs) ToVmwareAssurancePolicyTrustedBaseImageOutput() VmwareAssurancePolicyTrustedBaseImageOutput { + return i.ToVmwareAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[KubernetesAssurancePolicyScopeVariable]{ - OutputState: i.ToKubernetesAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyTrustedBaseImageArgs) ToVmwareAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) VmwareAssurancePolicyTrustedBaseImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyTrustedBaseImageOutput) } -// KubernetesAssurancePolicyScopeVariableArrayInput is an input type that accepts KubernetesAssurancePolicyScopeVariableArray and KubernetesAssurancePolicyScopeVariableArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyScopeVariableArrayInput` via: +// VmwareAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts VmwareAssurancePolicyTrustedBaseImageArray and VmwareAssurancePolicyTrustedBaseImageArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyTrustedBaseImageArrayInput` via: // -// KubernetesAssurancePolicyScopeVariableArray{ KubernetesAssurancePolicyScopeVariableArgs{...} } -type KubernetesAssurancePolicyScopeVariableArrayInput interface { +// VmwareAssurancePolicyTrustedBaseImageArray{ VmwareAssurancePolicyTrustedBaseImageArgs{...} } +type VmwareAssurancePolicyTrustedBaseImageArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyScopeVariableArrayOutput() KubernetesAssurancePolicyScopeVariableArrayOutput - ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(context.Context) KubernetesAssurancePolicyScopeVariableArrayOutput + ToVmwareAssurancePolicyTrustedBaseImageArrayOutput() VmwareAssurancePolicyTrustedBaseImageArrayOutput + ToVmwareAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) VmwareAssurancePolicyTrustedBaseImageArrayOutput } -type KubernetesAssurancePolicyScopeVariableArray []KubernetesAssurancePolicyScopeVariableInput - -func (KubernetesAssurancePolicyScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyScopeVariable)(nil)).Elem() -} +type VmwareAssurancePolicyTrustedBaseImageArray []VmwareAssurancePolicyTrustedBaseImageInput -func (i KubernetesAssurancePolicyScopeVariableArray) ToKubernetesAssurancePolicyScopeVariableArrayOutput() KubernetesAssurancePolicyScopeVariableArrayOutput { - return i.ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(context.Background()) +func (VmwareAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (i KubernetesAssurancePolicyScopeVariableArray) ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyScopeVariableArrayOutput) +func (i VmwareAssurancePolicyTrustedBaseImageArray) ToVmwareAssurancePolicyTrustedBaseImageArrayOutput() VmwareAssurancePolicyTrustedBaseImageArrayOutput { + return i.ToVmwareAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[[]KubernetesAssurancePolicyScopeVariable]{ - OutputState: i.ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i VmwareAssurancePolicyTrustedBaseImageArray) ToVmwareAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyTrustedBaseImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyTrustedBaseImageArrayOutput) } -type KubernetesAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyScopeVariable)(nil)).Elem() +func (VmwareAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*VmwareAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (o KubernetesAssurancePolicyScopeVariableOutput) ToKubernetesAssurancePolicyScopeVariableOutput() KubernetesAssurancePolicyScopeVariableOutput { +func (o VmwareAssurancePolicyTrustedBaseImageOutput) ToVmwareAssurancePolicyTrustedBaseImageOutput() VmwareAssurancePolicyTrustedBaseImageOutput { return o } -func (o KubernetesAssurancePolicyScopeVariableOutput) ToKubernetesAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableOutput { +func (o VmwareAssurancePolicyTrustedBaseImageOutput) ToVmwareAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) VmwareAssurancePolicyTrustedBaseImageOutput { return o } -func (o KubernetesAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[KubernetesAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) -} - -func (o KubernetesAssurancePolicyScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) } -func (o KubernetesAssurancePolicyScopeVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o VmwareAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v VmwareAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) } -type KubernetesAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +type VmwareAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyScopeVariable)(nil)).Elem() +func (VmwareAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]VmwareAssurancePolicyTrustedBaseImage)(nil)).Elem() } -func (o KubernetesAssurancePolicyScopeVariableArrayOutput) ToKubernetesAssurancePolicyScopeVariableArrayOutput() KubernetesAssurancePolicyScopeVariableArrayOutput { +func (o VmwareAssurancePolicyTrustedBaseImageArrayOutput) ToVmwareAssurancePolicyTrustedBaseImageArrayOutput() VmwareAssurancePolicyTrustedBaseImageArrayOutput { return o } -func (o KubernetesAssurancePolicyScopeVariableArrayOutput) ToKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyScopeVariableArrayOutput { +func (o VmwareAssurancePolicyTrustedBaseImageArrayOutput) ToVmwareAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyTrustedBaseImageArrayOutput { return o } -func (o KubernetesAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[[]KubernetesAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o KubernetesAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyScopeVariable { - return vs[0].([]KubernetesAssurancePolicyScopeVariable)[vs[1].(int)] - }).(KubernetesAssurancePolicyScopeVariableOutput) +func (o VmwareAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) VmwareAssurancePolicyTrustedBaseImage { + return vs[0].([]VmwareAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(VmwareAssurancePolicyTrustedBaseImageOutput) } -type KubernetesAssurancePolicyTrustedBaseImage struct { - Imagename *string `pulumi:"imagename"` - Registry *string `pulumi:"registry"` +type GetAcknowledgesAcknowledge struct { + Author string `pulumi:"author"` + Comment string `pulumi:"comment"` + Date string `pulumi:"date"` + DockerId string `pulumi:"dockerId"` + ExpirationConfiguredAt string `pulumi:"expirationConfiguredAt"` + ExpirationConfiguredBy string `pulumi:"expirationConfiguredBy"` + ExpirationDays int `pulumi:"expirationDays"` + FixVersion string `pulumi:"fixVersion"` + ImageName string `pulumi:"imageName"` + IssueName string `pulumi:"issueName"` + IssueType string `pulumi:"issueType"` + Os string `pulumi:"os"` + OsVersion string `pulumi:"osVersion"` + Permission string `pulumi:"permission"` + RegistryName string `pulumi:"registryName"` + ResourceCpe string `pulumi:"resourceCpe"` + ResourceFormat string `pulumi:"resourceFormat"` + ResourceHash string `pulumi:"resourceHash"` + ResourceName string `pulumi:"resourceName"` + ResourcePath string `pulumi:"resourcePath"` + ResourceType string `pulumi:"resourceType"` + ResourceVersion string `pulumi:"resourceVersion"` } -// KubernetesAssurancePolicyTrustedBaseImageInput is an input type that accepts KubernetesAssurancePolicyTrustedBaseImageArgs and KubernetesAssurancePolicyTrustedBaseImageOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyTrustedBaseImageInput` via: +// GetAcknowledgesAcknowledgeInput is an input type that accepts GetAcknowledgesAcknowledgeArgs and GetAcknowledgesAcknowledgeOutput values. +// You can construct a concrete instance of `GetAcknowledgesAcknowledgeInput` via: // -// KubernetesAssurancePolicyTrustedBaseImageArgs{...} -type KubernetesAssurancePolicyTrustedBaseImageInput interface { +// GetAcknowledgesAcknowledgeArgs{...} +type GetAcknowledgesAcknowledgeInput interface { pulumi.Input - ToKubernetesAssurancePolicyTrustedBaseImageOutput() KubernetesAssurancePolicyTrustedBaseImageOutput - ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) KubernetesAssurancePolicyTrustedBaseImageOutput -} - -type KubernetesAssurancePolicyTrustedBaseImageArgs struct { - Imagename pulumi.StringPtrInput `pulumi:"imagename"` - Registry pulumi.StringPtrInput `pulumi:"registry"` + ToGetAcknowledgesAcknowledgeOutput() GetAcknowledgesAcknowledgeOutput + ToGetAcknowledgesAcknowledgeOutputWithContext(context.Context) GetAcknowledgesAcknowledgeOutput } -func (KubernetesAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() +type GetAcknowledgesAcknowledgeArgs struct { + Author pulumi.StringInput `pulumi:"author"` + Comment pulumi.StringInput `pulumi:"comment"` + Date pulumi.StringInput `pulumi:"date"` + DockerId pulumi.StringInput `pulumi:"dockerId"` + ExpirationConfiguredAt pulumi.StringInput `pulumi:"expirationConfiguredAt"` + ExpirationConfiguredBy pulumi.StringInput `pulumi:"expirationConfiguredBy"` + ExpirationDays pulumi.IntInput `pulumi:"expirationDays"` + FixVersion pulumi.StringInput `pulumi:"fixVersion"` + ImageName pulumi.StringInput `pulumi:"imageName"` + IssueName pulumi.StringInput `pulumi:"issueName"` + IssueType pulumi.StringInput `pulumi:"issueType"` + Os pulumi.StringInput `pulumi:"os"` + OsVersion pulumi.StringInput `pulumi:"osVersion"` + Permission pulumi.StringInput `pulumi:"permission"` + RegistryName pulumi.StringInput `pulumi:"registryName"` + ResourceCpe pulumi.StringInput `pulumi:"resourceCpe"` + ResourceFormat pulumi.StringInput `pulumi:"resourceFormat"` + ResourceHash pulumi.StringInput `pulumi:"resourceHash"` + ResourceName pulumi.StringInput `pulumi:"resourceName"` + ResourcePath pulumi.StringInput `pulumi:"resourcePath"` + ResourceType pulumi.StringInput `pulumi:"resourceType"` + ResourceVersion pulumi.StringInput `pulumi:"resourceVersion"` } -func (i KubernetesAssurancePolicyTrustedBaseImageArgs) ToKubernetesAssurancePolicyTrustedBaseImageOutput() KubernetesAssurancePolicyTrustedBaseImageOutput { - return i.ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +func (GetAcknowledgesAcknowledgeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetAcknowledgesAcknowledge)(nil)).Elem() } -func (i KubernetesAssurancePolicyTrustedBaseImageArgs) ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyTrustedBaseImageOutput) +func (i GetAcknowledgesAcknowledgeArgs) ToGetAcknowledgesAcknowledgeOutput() GetAcknowledgesAcknowledgeOutput { + return i.ToGetAcknowledgesAcknowledgeOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[KubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } +func (i GetAcknowledgesAcknowledgeArgs) ToGetAcknowledgesAcknowledgeOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetAcknowledgesAcknowledgeOutput) } -// KubernetesAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts KubernetesAssurancePolicyTrustedBaseImageArray and KubernetesAssurancePolicyTrustedBaseImageArrayOutput values. -// You can construct a concrete instance of `KubernetesAssurancePolicyTrustedBaseImageArrayInput` via: +// GetAcknowledgesAcknowledgeArrayInput is an input type that accepts GetAcknowledgesAcknowledgeArray and GetAcknowledgesAcknowledgeArrayOutput values. +// You can construct a concrete instance of `GetAcknowledgesAcknowledgeArrayInput` via: // -// KubernetesAssurancePolicyTrustedBaseImageArray{ KubernetesAssurancePolicyTrustedBaseImageArgs{...} } -type KubernetesAssurancePolicyTrustedBaseImageArrayInput interface { +// GetAcknowledgesAcknowledgeArray{ GetAcknowledgesAcknowledgeArgs{...} } +type GetAcknowledgesAcknowledgeArrayInput interface { pulumi.Input - ToKubernetesAssurancePolicyTrustedBaseImageArrayOutput() KubernetesAssurancePolicyTrustedBaseImageArrayOutput - ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) KubernetesAssurancePolicyTrustedBaseImageArrayOutput -} - -type KubernetesAssurancePolicyTrustedBaseImageArray []KubernetesAssurancePolicyTrustedBaseImageInput - -func (KubernetesAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() + ToGetAcknowledgesAcknowledgeArrayOutput() GetAcknowledgesAcknowledgeArrayOutput + ToGetAcknowledgesAcknowledgeArrayOutputWithContext(context.Context) GetAcknowledgesAcknowledgeArrayOutput } -func (i KubernetesAssurancePolicyTrustedBaseImageArray) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutput() KubernetesAssurancePolicyTrustedBaseImageArrayOutput { - return i.ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +type GetAcknowledgesAcknowledgeArray []GetAcknowledgesAcknowledgeInput + +func (GetAcknowledgesAcknowledgeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetAcknowledgesAcknowledge)(nil)).Elem() } -func (i KubernetesAssurancePolicyTrustedBaseImageArray) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(KubernetesAssurancePolicyTrustedBaseImageArrayOutput) +func (i GetAcknowledgesAcknowledgeArray) ToGetAcknowledgesAcknowledgeArrayOutput() GetAcknowledgesAcknowledgeArrayOutput { + return i.ToGetAcknowledgesAcknowledgeArrayOutputWithContext(context.Background()) } -func (i KubernetesAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]KubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } +func (i GetAcknowledgesAcknowledgeArray) ToGetAcknowledgesAcknowledgeArrayOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetAcknowledgesAcknowledgeArrayOutput) } -type KubernetesAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } +type GetAcknowledgesAcknowledgeOutput struct{ *pulumi.OutputState } -func (KubernetesAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { - return reflect.TypeOf((*KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (GetAcknowledgesAcknowledgeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetAcknowledgesAcknowledge)(nil)).Elem() } -func (o KubernetesAssurancePolicyTrustedBaseImageOutput) ToKubernetesAssurancePolicyTrustedBaseImageOutput() KubernetesAssurancePolicyTrustedBaseImageOutput { +func (o GetAcknowledgesAcknowledgeOutput) ToGetAcknowledgesAcknowledgeOutput() GetAcknowledgesAcknowledgeOutput { return o } -func (o KubernetesAssurancePolicyTrustedBaseImageOutput) ToKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageOutput { +func (o GetAcknowledgesAcknowledgeOutput) ToGetAcknowledgesAcknowledgeOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeOutput { return o } -func (o KubernetesAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[KubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[KubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o GetAcknowledgesAcknowledgeOutput) Author() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Author }).(pulumi.StringOutput) } -func (o KubernetesAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyTrustedBaseImage) *string { return v.Imagename }).(pulumi.StringPtrOutput) +func (o GetAcknowledgesAcknowledgeOutput) Comment() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Comment }).(pulumi.StringOutput) } -func (o KubernetesAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringPtrOutput { - return o.ApplyT(func(v KubernetesAssurancePolicyTrustedBaseImage) *string { return v.Registry }).(pulumi.StringPtrOutput) +func (o GetAcknowledgesAcknowledgeOutput) Date() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Date }).(pulumi.StringOutput) } -type KubernetesAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } +func (o GetAcknowledgesAcknowledgeOutput) DockerId() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.DockerId }).(pulumi.StringOutput) +} -func (KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]KubernetesAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (o GetAcknowledgesAcknowledgeOutput) ExpirationConfiguredAt() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ExpirationConfiguredAt }).(pulumi.StringOutput) } -func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutput() KubernetesAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (o GetAcknowledgesAcknowledgeOutput) ExpirationConfiguredBy() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ExpirationConfiguredBy }).(pulumi.StringOutput) } -func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) KubernetesAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (o GetAcknowledgesAcknowledgeOutput) ExpirationDays() pulumi.IntOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) int { return v.ExpirationDays }).(pulumi.IntOutput) } -func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]KubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]KubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o GetAcknowledgesAcknowledgeOutput) FixVersion() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.FixVersion }).(pulumi.StringOutput) } -func (o KubernetesAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) KubernetesAssurancePolicyTrustedBaseImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) KubernetesAssurancePolicyTrustedBaseImage { - return vs[0].([]KubernetesAssurancePolicyTrustedBaseImage)[vs[1].(int)] - }).(KubernetesAssurancePolicyTrustedBaseImageOutput) +func (o GetAcknowledgesAcknowledgeOutput) ImageName() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ImageName }).(pulumi.StringOutput) } -type RoleMappingLdap struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping map[string]string `pulumi:"roleMapping"` +func (o GetAcknowledgesAcknowledgeOutput) IssueName() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.IssueName }).(pulumi.StringOutput) } -// RoleMappingLdapInput is an input type that accepts RoleMappingLdapArgs and RoleMappingLdapOutput values. -// You can construct a concrete instance of `RoleMappingLdapInput` via: -// -// RoleMappingLdapArgs{...} -type RoleMappingLdapInput interface { - pulumi.Input +func (o GetAcknowledgesAcknowledgeOutput) IssueType() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.IssueType }).(pulumi.StringOutput) +} - ToRoleMappingLdapOutput() RoleMappingLdapOutput - ToRoleMappingLdapOutputWithContext(context.Context) RoleMappingLdapOutput +func (o GetAcknowledgesAcknowledgeOutput) Os() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Os }).(pulumi.StringOutput) } -type RoleMappingLdapArgs struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` +func (o GetAcknowledgesAcknowledgeOutput) OsVersion() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.OsVersion }).(pulumi.StringOutput) } -func (RoleMappingLdapArgs) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingLdap)(nil)).Elem() +func (o GetAcknowledgesAcknowledgeOutput) Permission() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Permission }).(pulumi.StringOutput) } -func (i RoleMappingLdapArgs) ToRoleMappingLdapOutput() RoleMappingLdapOutput { - return i.ToRoleMappingLdapOutputWithContext(context.Background()) +func (o GetAcknowledgesAcknowledgeOutput) RegistryName() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.RegistryName }).(pulumi.StringOutput) } -func (i RoleMappingLdapArgs) ToRoleMappingLdapOutputWithContext(ctx context.Context) RoleMappingLdapOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingLdapOutput) +func (o GetAcknowledgesAcknowledgeOutput) ResourceCpe() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceCpe }).(pulumi.StringOutput) } -func (i RoleMappingLdapArgs) ToOutput(ctx context.Context) pulumix.Output[RoleMappingLdap] { - return pulumix.Output[RoleMappingLdap]{ - OutputState: i.ToRoleMappingLdapOutputWithContext(ctx).OutputState, - } +func (o GetAcknowledgesAcknowledgeOutput) ResourceFormat() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceFormat }).(pulumi.StringOutput) } -func (i RoleMappingLdapArgs) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { - return i.ToRoleMappingLdapPtrOutputWithContext(context.Background()) +func (o GetAcknowledgesAcknowledgeOutput) ResourceHash() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceHash }).(pulumi.StringOutput) } -func (i RoleMappingLdapArgs) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingLdapOutput).ToRoleMappingLdapPtrOutputWithContext(ctx) +func (o GetAcknowledgesAcknowledgeOutput) ResourceName() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceName }).(pulumi.StringOutput) } -// RoleMappingLdapPtrInput is an input type that accepts RoleMappingLdapArgs, RoleMappingLdapPtr and RoleMappingLdapPtrOutput values. -// You can construct a concrete instance of `RoleMappingLdapPtrInput` via: -// -// RoleMappingLdapArgs{...} -// -// or: -// -// nil -type RoleMappingLdapPtrInput interface { - pulumi.Input +func (o GetAcknowledgesAcknowledgeOutput) ResourcePath() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourcePath }).(pulumi.StringOutput) +} - ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput - ToRoleMappingLdapPtrOutputWithContext(context.Context) RoleMappingLdapPtrOutput +func (o GetAcknowledgesAcknowledgeOutput) ResourceType() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceType }).(pulumi.StringOutput) } -type roleMappingLdapPtrType RoleMappingLdapArgs +func (o GetAcknowledgesAcknowledgeOutput) ResourceVersion() pulumi.StringOutput { + return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceVersion }).(pulumi.StringOutput) +} -func RoleMappingLdapPtr(v *RoleMappingLdapArgs) RoleMappingLdapPtrInput { - return (*roleMappingLdapPtrType)(v) +type GetAcknowledgesAcknowledgeArrayOutput struct{ *pulumi.OutputState } + +func (GetAcknowledgesAcknowledgeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetAcknowledgesAcknowledge)(nil)).Elem() } -func (*roleMappingLdapPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingLdap)(nil)).Elem() +func (o GetAcknowledgesAcknowledgeArrayOutput) ToGetAcknowledgesAcknowledgeArrayOutput() GetAcknowledgesAcknowledgeArrayOutput { + return o } -func (i *roleMappingLdapPtrType) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { - return i.ToRoleMappingLdapPtrOutputWithContext(context.Background()) +func (o GetAcknowledgesAcknowledgeArrayOutput) ToGetAcknowledgesAcknowledgeArrayOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeArrayOutput { + return o } -func (i *roleMappingLdapPtrType) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingLdapPtrOutput) +func (o GetAcknowledgesAcknowledgeArrayOutput) Index(i pulumi.IntInput) GetAcknowledgesAcknowledgeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetAcknowledgesAcknowledge { + return vs[0].([]GetAcknowledgesAcknowledge)[vs[1].(int)] + }).(GetAcknowledgesAcknowledgeOutput) } -func (i *roleMappingLdapPtrType) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingLdap] { - return pulumix.Output[*RoleMappingLdap]{ - OutputState: i.ToRoleMappingLdapPtrOutputWithContext(ctx).OutputState, - } +type GetApplicationScopeCategory struct { + Artifacts []GetApplicationScopeCategoryArtifact `pulumi:"artifacts"` + EntityScopes []GetApplicationScopeCategoryEntityScope `pulumi:"entityScopes"` + Infrastructures []GetApplicationScopeCategoryInfrastructure `pulumi:"infrastructures"` + Workloads []GetApplicationScopeCategoryWorkload `pulumi:"workloads"` } -type RoleMappingLdapOutput struct{ *pulumi.OutputState } +// GetApplicationScopeCategoryInput is an input type that accepts GetApplicationScopeCategoryArgs and GetApplicationScopeCategoryOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInput` via: +// +// GetApplicationScopeCategoryArgs{...} +type GetApplicationScopeCategoryInput interface { + pulumi.Input -func (RoleMappingLdapOutput) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingLdap)(nil)).Elem() + ToGetApplicationScopeCategoryOutput() GetApplicationScopeCategoryOutput + ToGetApplicationScopeCategoryOutputWithContext(context.Context) GetApplicationScopeCategoryOutput } -func (o RoleMappingLdapOutput) ToRoleMappingLdapOutput() RoleMappingLdapOutput { - return o +type GetApplicationScopeCategoryArgs struct { + Artifacts GetApplicationScopeCategoryArtifactArrayInput `pulumi:"artifacts"` + EntityScopes GetApplicationScopeCategoryEntityScopeArrayInput `pulumi:"entityScopes"` + Infrastructures GetApplicationScopeCategoryInfrastructureArrayInput `pulumi:"infrastructures"` + Workloads GetApplicationScopeCategoryWorkloadArrayInput `pulumi:"workloads"` } -func (o RoleMappingLdapOutput) ToRoleMappingLdapOutputWithContext(ctx context.Context) RoleMappingLdapOutput { - return o +func (GetApplicationScopeCategoryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategory)(nil)).Elem() } -func (o RoleMappingLdapOutput) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { - return o.ToRoleMappingLdapPtrOutputWithContext(context.Background()) +func (i GetApplicationScopeCategoryArgs) ToGetApplicationScopeCategoryOutput() GetApplicationScopeCategoryOutput { + return i.ToGetApplicationScopeCategoryOutputWithContext(context.Background()) } -func (o RoleMappingLdapOutput) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingLdap) *RoleMappingLdap { - return &v - }).(RoleMappingLdapPtrOutput) +func (i GetApplicationScopeCategoryArgs) ToGetApplicationScopeCategoryOutputWithContext(ctx context.Context) GetApplicationScopeCategoryOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryOutput) } -func (o RoleMappingLdapOutput) ToOutput(ctx context.Context) pulumix.Output[RoleMappingLdap] { - return pulumix.Output[RoleMappingLdap]{ - OutputState: o.OutputState, - } +// GetApplicationScopeCategoryArrayInput is an input type that accepts GetApplicationScopeCategoryArray and GetApplicationScopeCategoryArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArrayInput` via: +// +// GetApplicationScopeCategoryArray{ GetApplicationScopeCategoryArgs{...} } +type GetApplicationScopeCategoryArrayInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryArrayOutput() GetApplicationScopeCategoryArrayOutput + ToGetApplicationScopeCategoryArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArrayOutput } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingLdapOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v RoleMappingLdap) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) +type GetApplicationScopeCategoryArray []GetApplicationScopeCategoryInput + +func (GetApplicationScopeCategoryArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategory)(nil)).Elem() } -type RoleMappingLdapPtrOutput struct{ *pulumi.OutputState } +func (i GetApplicationScopeCategoryArray) ToGetApplicationScopeCategoryArrayOutput() GetApplicationScopeCategoryArrayOutput { + return i.ToGetApplicationScopeCategoryArrayOutputWithContext(context.Background()) +} -func (RoleMappingLdapPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingLdap)(nil)).Elem() +func (i GetApplicationScopeCategoryArray) ToGetApplicationScopeCategoryArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArrayOutput) } -func (o RoleMappingLdapPtrOutput) ToRoleMappingLdapPtrOutput() RoleMappingLdapPtrOutput { +type GetApplicationScopeCategoryOutput struct{ *pulumi.OutputState } + +func (GetApplicationScopeCategoryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategory)(nil)).Elem() +} + +func (o GetApplicationScopeCategoryOutput) ToGetApplicationScopeCategoryOutput() GetApplicationScopeCategoryOutput { return o } -func (o RoleMappingLdapPtrOutput) ToRoleMappingLdapPtrOutputWithContext(ctx context.Context) RoleMappingLdapPtrOutput { +func (o GetApplicationScopeCategoryOutput) ToGetApplicationScopeCategoryOutputWithContext(ctx context.Context) GetApplicationScopeCategoryOutput { return o } -func (o RoleMappingLdapPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingLdap] { - return pulumix.Output[*RoleMappingLdap]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryOutput) Artifacts() GetApplicationScopeCategoryArtifactArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryArtifact { return v.Artifacts }).(GetApplicationScopeCategoryArtifactArrayOutput) } -func (o RoleMappingLdapPtrOutput) Elem() RoleMappingLdapOutput { - return o.ApplyT(func(v *RoleMappingLdap) RoleMappingLdap { - if v != nil { - return *v - } - var ret RoleMappingLdap - return ret - }).(RoleMappingLdapOutput) +func (o GetApplicationScopeCategoryOutput) EntityScopes() GetApplicationScopeCategoryEntityScopeArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryEntityScope { return v.EntityScopes }).(GetApplicationScopeCategoryEntityScopeArrayOutput) } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingLdapPtrOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v *RoleMappingLdap) map[string]string { - if v == nil { - return nil - } - return v.RoleMapping - }).(pulumi.StringMapOutput) +func (o GetApplicationScopeCategoryOutput) Infrastructures() GetApplicationScopeCategoryInfrastructureArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryInfrastructure { + return v.Infrastructures + }).(GetApplicationScopeCategoryInfrastructureArrayOutput) } -type RoleMappingOauth2 struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping map[string]string `pulumi:"roleMapping"` +func (o GetApplicationScopeCategoryOutput) Workloads() GetApplicationScopeCategoryWorkloadArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryWorkload { return v.Workloads }).(GetApplicationScopeCategoryWorkloadArrayOutput) } -// RoleMappingOauth2Input is an input type that accepts RoleMappingOauth2Args and RoleMappingOauth2Output values. -// You can construct a concrete instance of `RoleMappingOauth2Input` via: -// -// RoleMappingOauth2Args{...} -type RoleMappingOauth2Input interface { - pulumi.Input +type GetApplicationScopeCategoryArrayOutput struct{ *pulumi.OutputState } - ToRoleMappingOauth2Output() RoleMappingOauth2Output - ToRoleMappingOauth2OutputWithContext(context.Context) RoleMappingOauth2Output +func (GetApplicationScopeCategoryArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategory)(nil)).Elem() +} + +func (o GetApplicationScopeCategoryArrayOutput) ToGetApplicationScopeCategoryArrayOutput() GetApplicationScopeCategoryArrayOutput { + return o +} + +func (o GetApplicationScopeCategoryArrayOutput) ToGetApplicationScopeCategoryArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArrayOutput { + return o } -type RoleMappingOauth2Args struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` +func (o GetApplicationScopeCategoryArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategory { + return vs[0].([]GetApplicationScopeCategory)[vs[1].(int)] + }).(GetApplicationScopeCategoryOutput) } -func (RoleMappingOauth2Args) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingOauth2)(nil)).Elem() +type GetApplicationScopeCategoryArtifact struct { + Cfs []GetApplicationScopeCategoryArtifactCf `pulumi:"cfs"` + Functions []GetApplicationScopeCategoryArtifactFunction `pulumi:"functions"` + Images []GetApplicationScopeCategoryArtifactImage `pulumi:"images"` } -func (i RoleMappingOauth2Args) ToRoleMappingOauth2Output() RoleMappingOauth2Output { - return i.ToRoleMappingOauth2OutputWithContext(context.Background()) +// GetApplicationScopeCategoryArtifactInput is an input type that accepts GetApplicationScopeCategoryArtifactArgs and GetApplicationScopeCategoryArtifactOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactInput` via: +// +// GetApplicationScopeCategoryArtifactArgs{...} +type GetApplicationScopeCategoryArtifactInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryArtifactOutput() GetApplicationScopeCategoryArtifactOutput + ToGetApplicationScopeCategoryArtifactOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactOutput } -func (i RoleMappingOauth2Args) ToRoleMappingOauth2OutputWithContext(ctx context.Context) RoleMappingOauth2Output { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOauth2Output) +type GetApplicationScopeCategoryArtifactArgs struct { + Cfs GetApplicationScopeCategoryArtifactCfArrayInput `pulumi:"cfs"` + Functions GetApplicationScopeCategoryArtifactFunctionArrayInput `pulumi:"functions"` + Images GetApplicationScopeCategoryArtifactImageArrayInput `pulumi:"images"` } -func (i RoleMappingOauth2Args) ToOutput(ctx context.Context) pulumix.Output[RoleMappingOauth2] { - return pulumix.Output[RoleMappingOauth2]{ - OutputState: i.ToRoleMappingOauth2OutputWithContext(ctx).OutputState, - } +func (GetApplicationScopeCategoryArtifactArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifact)(nil)).Elem() } -func (i RoleMappingOauth2Args) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { - return i.ToRoleMappingOauth2PtrOutputWithContext(context.Background()) +func (i GetApplicationScopeCategoryArtifactArgs) ToGetApplicationScopeCategoryArtifactOutput() GetApplicationScopeCategoryArtifactOutput { + return i.ToGetApplicationScopeCategoryArtifactOutputWithContext(context.Background()) } -func (i RoleMappingOauth2Args) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOauth2Output).ToRoleMappingOauth2PtrOutputWithContext(ctx) +func (i GetApplicationScopeCategoryArtifactArgs) ToGetApplicationScopeCategoryArtifactOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactOutput) } -// RoleMappingOauth2PtrInput is an input type that accepts RoleMappingOauth2Args, RoleMappingOauth2Ptr and RoleMappingOauth2PtrOutput values. -// You can construct a concrete instance of `RoleMappingOauth2PtrInput` via: -// -// RoleMappingOauth2Args{...} -// -// or: +// GetApplicationScopeCategoryArtifactArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactArray and GetApplicationScopeCategoryArtifactArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactArrayInput` via: // -// nil -type RoleMappingOauth2PtrInput interface { +// GetApplicationScopeCategoryArtifactArray{ GetApplicationScopeCategoryArtifactArgs{...} } +type GetApplicationScopeCategoryArtifactArrayInput interface { pulumi.Input - ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput - ToRoleMappingOauth2PtrOutputWithContext(context.Context) RoleMappingOauth2PtrOutput + ToGetApplicationScopeCategoryArtifactArrayOutput() GetApplicationScopeCategoryArtifactArrayOutput + ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactArrayOutput } -type roleMappingOauth2PtrType RoleMappingOauth2Args +type GetApplicationScopeCategoryArtifactArray []GetApplicationScopeCategoryArtifactInput -func RoleMappingOauth2Ptr(v *RoleMappingOauth2Args) RoleMappingOauth2PtrInput { - return (*roleMappingOauth2PtrType)(v) +func (GetApplicationScopeCategoryArtifactArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifact)(nil)).Elem() } -func (*roleMappingOauth2PtrType) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingOauth2)(nil)).Elem() +func (i GetApplicationScopeCategoryArtifactArray) ToGetApplicationScopeCategoryArtifactArrayOutput() GetApplicationScopeCategoryArtifactArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(context.Background()) } -func (i *roleMappingOauth2PtrType) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { - return i.ToRoleMappingOauth2PtrOutputWithContext(context.Background()) +func (i GetApplicationScopeCategoryArtifactArray) ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactArrayOutput) } -func (i *roleMappingOauth2PtrType) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOauth2PtrOutput) -} +type GetApplicationScopeCategoryArtifactOutput struct{ *pulumi.OutputState } -func (i *roleMappingOauth2PtrType) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingOauth2] { - return pulumix.Output[*RoleMappingOauth2]{ - OutputState: i.ToRoleMappingOauth2PtrOutputWithContext(ctx).OutputState, - } +func (GetApplicationScopeCategoryArtifactOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifact)(nil)).Elem() } -type RoleMappingOauth2Output struct{ *pulumi.OutputState } - -func (RoleMappingOauth2Output) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingOauth2)(nil)).Elem() +func (o GetApplicationScopeCategoryArtifactOutput) ToGetApplicationScopeCategoryArtifactOutput() GetApplicationScopeCategoryArtifactOutput { + return o } -func (o RoleMappingOauth2Output) ToRoleMappingOauth2Output() RoleMappingOauth2Output { +func (o GetApplicationScopeCategoryArtifactOutput) ToGetApplicationScopeCategoryArtifactOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactOutput { return o } -func (o RoleMappingOauth2Output) ToRoleMappingOauth2OutputWithContext(ctx context.Context) RoleMappingOauth2Output { - return o +func (o GetApplicationScopeCategoryArtifactOutput) Cfs() GetApplicationScopeCategoryArtifactCfArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifact) []GetApplicationScopeCategoryArtifactCf { return v.Cfs }).(GetApplicationScopeCategoryArtifactCfArrayOutput) } -func (o RoleMappingOauth2Output) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { - return o.ToRoleMappingOauth2PtrOutputWithContext(context.Background()) +func (o GetApplicationScopeCategoryArtifactOutput) Functions() GetApplicationScopeCategoryArtifactFunctionArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifact) []GetApplicationScopeCategoryArtifactFunction { + return v.Functions + }).(GetApplicationScopeCategoryArtifactFunctionArrayOutput) } -func (o RoleMappingOauth2Output) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingOauth2) *RoleMappingOauth2 { - return &v - }).(RoleMappingOauth2PtrOutput) +func (o GetApplicationScopeCategoryArtifactOutput) Images() GetApplicationScopeCategoryArtifactImageArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifact) []GetApplicationScopeCategoryArtifactImage { + return v.Images + }).(GetApplicationScopeCategoryArtifactImageArrayOutput) } -func (o RoleMappingOauth2Output) ToOutput(ctx context.Context) pulumix.Output[RoleMappingOauth2] { - return pulumix.Output[RoleMappingOauth2]{ - OutputState: o.OutputState, - } +type GetApplicationScopeCategoryArtifactArrayOutput struct{ *pulumi.OutputState } + +func (GetApplicationScopeCategoryArtifactArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifact)(nil)).Elem() } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingOauth2Output) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v RoleMappingOauth2) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) +func (o GetApplicationScopeCategoryArtifactArrayOutput) ToGetApplicationScopeCategoryArtifactArrayOutput() GetApplicationScopeCategoryArtifactArrayOutput { + return o } -type RoleMappingOauth2PtrOutput struct{ *pulumi.OutputState } +func (o GetApplicationScopeCategoryArtifactArrayOutput) ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactArrayOutput { + return o +} -func (RoleMappingOauth2PtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingOauth2)(nil)).Elem() +func (o GetApplicationScopeCategoryArtifactArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifact { + return vs[0].([]GetApplicationScopeCategoryArtifact)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactOutput) } -func (o RoleMappingOauth2PtrOutput) ToRoleMappingOauth2PtrOutput() RoleMappingOauth2PtrOutput { - return o +type GetApplicationScopeCategoryArtifactCf struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryArtifactCfVariable `pulumi:"variables"` } -func (o RoleMappingOauth2PtrOutput) ToRoleMappingOauth2PtrOutputWithContext(ctx context.Context) RoleMappingOauth2PtrOutput { - return o +// GetApplicationScopeCategoryArtifactCfInput is an input type that accepts GetApplicationScopeCategoryArtifactCfArgs and GetApplicationScopeCategoryArtifactCfOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfInput` via: +// +// GetApplicationScopeCategoryArtifactCfArgs{...} +type GetApplicationScopeCategoryArtifactCfInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryArtifactCfOutput() GetApplicationScopeCategoryArtifactCfOutput + ToGetApplicationScopeCategoryArtifactCfOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfOutput } -func (o RoleMappingOauth2PtrOutput) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingOauth2] { - return pulumix.Output[*RoleMappingOauth2]{ - OutputState: o.OutputState, - } +type GetApplicationScopeCategoryArtifactCfArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryArtifactCfVariableArrayInput `pulumi:"variables"` } -func (o RoleMappingOauth2PtrOutput) Elem() RoleMappingOauth2Output { - return o.ApplyT(func(v *RoleMappingOauth2) RoleMappingOauth2 { - if v != nil { - return *v - } - var ret RoleMappingOauth2 - return ret - }).(RoleMappingOauth2Output) +func (GetApplicationScopeCategoryArtifactCfArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCf)(nil)).Elem() } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingOauth2PtrOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v *RoleMappingOauth2) map[string]string { - if v == nil { - return nil - } - return v.RoleMapping - }).(pulumi.StringMapOutput) +func (i GetApplicationScopeCategoryArtifactCfArgs) ToGetApplicationScopeCategoryArtifactCfOutput() GetApplicationScopeCategoryArtifactCfOutput { + return i.ToGetApplicationScopeCategoryArtifactCfOutputWithContext(context.Background()) } -type RoleMappingOpenid struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping map[string]string `pulumi:"roleMapping"` +func (i GetApplicationScopeCategoryArtifactCfArgs) ToGetApplicationScopeCategoryArtifactCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfOutput) } -// RoleMappingOpenidInput is an input type that accepts RoleMappingOpenidArgs and RoleMappingOpenidOutput values. -// You can construct a concrete instance of `RoleMappingOpenidInput` via: +// GetApplicationScopeCategoryArtifactCfArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactCfArray and GetApplicationScopeCategoryArtifactCfArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfArrayInput` via: // -// RoleMappingOpenidArgs{...} -type RoleMappingOpenidInput interface { +// GetApplicationScopeCategoryArtifactCfArray{ GetApplicationScopeCategoryArtifactCfArgs{...} } +type GetApplicationScopeCategoryArtifactCfArrayInput interface { pulumi.Input - ToRoleMappingOpenidOutput() RoleMappingOpenidOutput - ToRoleMappingOpenidOutputWithContext(context.Context) RoleMappingOpenidOutput + ToGetApplicationScopeCategoryArtifactCfArrayOutput() GetApplicationScopeCategoryArtifactCfArrayOutput + ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfArrayOutput } -type RoleMappingOpenidArgs struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` +type GetApplicationScopeCategoryArtifactCfArray []GetApplicationScopeCategoryArtifactCfInput + +func (GetApplicationScopeCategoryArtifactCfArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCf)(nil)).Elem() } -func (RoleMappingOpenidArgs) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingOpenid)(nil)).Elem() +func (i GetApplicationScopeCategoryArtifactCfArray) ToGetApplicationScopeCategoryArtifactCfArrayOutput() GetApplicationScopeCategoryArtifactCfArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(context.Background()) } -func (i RoleMappingOpenidArgs) ToRoleMappingOpenidOutput() RoleMappingOpenidOutput { - return i.ToRoleMappingOpenidOutputWithContext(context.Background()) +func (i GetApplicationScopeCategoryArtifactCfArray) ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfArrayOutput) } -func (i RoleMappingOpenidArgs) ToRoleMappingOpenidOutputWithContext(ctx context.Context) RoleMappingOpenidOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOpenidOutput) +type GetApplicationScopeCategoryArtifactCfOutput struct{ *pulumi.OutputState } + +func (GetApplicationScopeCategoryArtifactCfOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCf)(nil)).Elem() } -func (i RoleMappingOpenidArgs) ToOutput(ctx context.Context) pulumix.Output[RoleMappingOpenid] { - return pulumix.Output[RoleMappingOpenid]{ - OutputState: i.ToRoleMappingOpenidOutputWithContext(ctx).OutputState, - } +func (o GetApplicationScopeCategoryArtifactCfOutput) ToGetApplicationScopeCategoryArtifactCfOutput() GetApplicationScopeCategoryArtifactCfOutput { + return o } -func (i RoleMappingOpenidArgs) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { - return i.ToRoleMappingOpenidPtrOutputWithContext(context.Background()) +func (o GetApplicationScopeCategoryArtifactCfOutput) ToGetApplicationScopeCategoryArtifactCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfOutput { + return o } -func (i RoleMappingOpenidArgs) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOpenidOutput).ToRoleMappingOpenidPtrOutputWithContext(ctx) +func (o GetApplicationScopeCategoryArtifactCfOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCf) string { return v.Expression }).(pulumi.StringOutput) } -// RoleMappingOpenidPtrInput is an input type that accepts RoleMappingOpenidArgs, RoleMappingOpenidPtr and RoleMappingOpenidPtrOutput values. -// You can construct a concrete instance of `RoleMappingOpenidPtrInput` via: -// -// RoleMappingOpenidArgs{...} -// -// or: -// -// nil -type RoleMappingOpenidPtrInput interface { - pulumi.Input +func (o GetApplicationScopeCategoryArtifactCfOutput) Variables() GetApplicationScopeCategoryArtifactCfVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCf) []GetApplicationScopeCategoryArtifactCfVariable { + return v.Variables + }).(GetApplicationScopeCategoryArtifactCfVariableArrayOutput) +} - ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput - ToRoleMappingOpenidPtrOutputWithContext(context.Context) RoleMappingOpenidPtrOutput +type GetApplicationScopeCategoryArtifactCfArrayOutput struct{ *pulumi.OutputState } + +func (GetApplicationScopeCategoryArtifactCfArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCf)(nil)).Elem() } -type roleMappingOpenidPtrType RoleMappingOpenidArgs +func (o GetApplicationScopeCategoryArtifactCfArrayOutput) ToGetApplicationScopeCategoryArtifactCfArrayOutput() GetApplicationScopeCategoryArtifactCfArrayOutput { + return o +} -func RoleMappingOpenidPtr(v *RoleMappingOpenidArgs) RoleMappingOpenidPtrInput { - return (*roleMappingOpenidPtrType)(v) +func (o GetApplicationScopeCategoryArtifactCfArrayOutput) ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfArrayOutput { + return o } -func (*roleMappingOpenidPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingOpenid)(nil)).Elem() +func (o GetApplicationScopeCategoryArtifactCfArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactCfOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactCf { + return vs[0].([]GetApplicationScopeCategoryArtifactCf)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactCfOutput) } -func (i *roleMappingOpenidPtrType) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { - return i.ToRoleMappingOpenidPtrOutputWithContext(context.Background()) +type GetApplicationScopeCategoryArtifactCfVariable struct { + Attribute string `pulumi:"attribute"` + Value *string `pulumi:"value"` +} + +// GetApplicationScopeCategoryArtifactCfVariableInput is an input type that accepts GetApplicationScopeCategoryArtifactCfVariableArgs and GetApplicationScopeCategoryArtifactCfVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfVariableInput` via: +// +// GetApplicationScopeCategoryArtifactCfVariableArgs{...} +type GetApplicationScopeCategoryArtifactCfVariableInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryArtifactCfVariableOutput() GetApplicationScopeCategoryArtifactCfVariableOutput + ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfVariableOutput } -func (i *roleMappingOpenidPtrType) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOpenidPtrOutput) +type GetApplicationScopeCategoryArtifactCfVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i *roleMappingOpenidPtrType) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingOpenid] { - return pulumix.Output[*RoleMappingOpenid]{ - OutputState: i.ToRoleMappingOpenidPtrOutputWithContext(ctx).OutputState, - } +func (GetApplicationScopeCategoryArtifactCfVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() } -type RoleMappingOpenidOutput struct{ *pulumi.OutputState } - -func (RoleMappingOpenidOutput) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingOpenid)(nil)).Elem() +func (i GetApplicationScopeCategoryArtifactCfVariableArgs) ToGetApplicationScopeCategoryArtifactCfVariableOutput() GetApplicationScopeCategoryArtifactCfVariableOutput { + return i.ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(context.Background()) } -func (o RoleMappingOpenidOutput) ToRoleMappingOpenidOutput() RoleMappingOpenidOutput { - return o +func (i GetApplicationScopeCategoryArtifactCfVariableArgs) ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfVariableOutput) } -func (o RoleMappingOpenidOutput) ToRoleMappingOpenidOutputWithContext(ctx context.Context) RoleMappingOpenidOutput { - return o -} +// GetApplicationScopeCategoryArtifactCfVariableArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactCfVariableArray and GetApplicationScopeCategoryArtifactCfVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfVariableArrayInput` via: +// +// GetApplicationScopeCategoryArtifactCfVariableArray{ GetApplicationScopeCategoryArtifactCfVariableArgs{...} } +type GetApplicationScopeCategoryArtifactCfVariableArrayInput interface { + pulumi.Input -func (o RoleMappingOpenidOutput) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { - return o.ToRoleMappingOpenidPtrOutputWithContext(context.Background()) + ToGetApplicationScopeCategoryArtifactCfVariableArrayOutput() GetApplicationScopeCategoryArtifactCfVariableArrayOutput + ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfVariableArrayOutput } -func (o RoleMappingOpenidOutput) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingOpenid) *RoleMappingOpenid { - return &v - }).(RoleMappingOpenidPtrOutput) +type GetApplicationScopeCategoryArtifactCfVariableArray []GetApplicationScopeCategoryArtifactCfVariableInput + +func (GetApplicationScopeCategoryArtifactCfVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() } -func (o RoleMappingOpenidOutput) ToOutput(ctx context.Context) pulumix.Output[RoleMappingOpenid] { - return pulumix.Output[RoleMappingOpenid]{ - OutputState: o.OutputState, - } +func (i GetApplicationScopeCategoryArtifactCfVariableArray) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutput() GetApplicationScopeCategoryArtifactCfVariableArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(context.Background()) } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingOpenidOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v RoleMappingOpenid) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) +func (i GetApplicationScopeCategoryArtifactCfVariableArray) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfVariableArrayOutput) } -type RoleMappingOpenidPtrOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactCfVariableOutput struct{ *pulumi.OutputState } -func (RoleMappingOpenidPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingOpenid)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactCfVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() } -func (o RoleMappingOpenidPtrOutput) ToRoleMappingOpenidPtrOutput() RoleMappingOpenidPtrOutput { +func (o GetApplicationScopeCategoryArtifactCfVariableOutput) ToGetApplicationScopeCategoryArtifactCfVariableOutput() GetApplicationScopeCategoryArtifactCfVariableOutput { return o } -func (o RoleMappingOpenidPtrOutput) ToRoleMappingOpenidPtrOutputWithContext(ctx context.Context) RoleMappingOpenidPtrOutput { +func (o GetApplicationScopeCategoryArtifactCfVariableOutput) ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableOutput { return o } -func (o RoleMappingOpenidPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingOpenid] { - return pulumix.Output[*RoleMappingOpenid]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryArtifactCfVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCfVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o RoleMappingOpenidPtrOutput) Elem() RoleMappingOpenidOutput { - return o.ApplyT(func(v *RoleMappingOpenid) RoleMappingOpenid { - if v != nil { - return *v - } - var ret RoleMappingOpenid - return ret - }).(RoleMappingOpenidOutput) +func (o GetApplicationScopeCategoryArtifactCfVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCfVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingOpenidPtrOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v *RoleMappingOpenid) map[string]string { - if v == nil { - return nil - } - return v.RoleMapping - }).(pulumi.StringMapOutput) -} +type GetApplicationScopeCategoryArtifactCfVariableArrayOutput struct{ *pulumi.OutputState } -type RoleMappingSaml struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping map[string]string `pulumi:"roleMapping"` +func (GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() } -// RoleMappingSamlInput is an input type that accepts RoleMappingSamlArgs and RoleMappingSamlOutput values. -// You can construct a concrete instance of `RoleMappingSamlInput` via: -// -// RoleMappingSamlArgs{...} -type RoleMappingSamlInput interface { - pulumi.Input +func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutput() GetApplicationScopeCategoryArtifactCfVariableArrayOutput { + return o +} - ToRoleMappingSamlOutput() RoleMappingSamlOutput - ToRoleMappingSamlOutputWithContext(context.Context) RoleMappingSamlOutput +func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableArrayOutput { + return o } -type RoleMappingSamlArgs struct { - // Role Mapping is used to define the IdP role that the user will assume in Aqua - RoleMapping pulumi.StringMapInput `pulumi:"roleMapping"` +func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactCfVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactCfVariable { + return vs[0].([]GetApplicationScopeCategoryArtifactCfVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactCfVariableOutput) } -func (RoleMappingSamlArgs) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingSaml)(nil)).Elem() +type GetApplicationScopeCategoryArtifactFunction struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryArtifactFunctionVariable `pulumi:"variables"` } -func (i RoleMappingSamlArgs) ToRoleMappingSamlOutput() RoleMappingSamlOutput { - return i.ToRoleMappingSamlOutputWithContext(context.Background()) +// GetApplicationScopeCategoryArtifactFunctionInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionArgs and GetApplicationScopeCategoryArtifactFunctionOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionInput` via: +// +// GetApplicationScopeCategoryArtifactFunctionArgs{...} +type GetApplicationScopeCategoryArtifactFunctionInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryArtifactFunctionOutput() GetApplicationScopeCategoryArtifactFunctionOutput + ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionOutput } -func (i RoleMappingSamlArgs) ToRoleMappingSamlOutputWithContext(ctx context.Context) RoleMappingSamlOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSamlOutput) +type GetApplicationScopeCategoryArtifactFunctionArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryArtifactFunctionVariableArrayInput `pulumi:"variables"` } -func (i RoleMappingSamlArgs) ToOutput(ctx context.Context) pulumix.Output[RoleMappingSaml] { - return pulumix.Output[RoleMappingSaml]{ - OutputState: i.ToRoleMappingSamlOutputWithContext(ctx).OutputState, - } +func (GetApplicationScopeCategoryArtifactFunctionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() } -func (i RoleMappingSamlArgs) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { - return i.ToRoleMappingSamlPtrOutputWithContext(context.Background()) +func (i GetApplicationScopeCategoryArtifactFunctionArgs) ToGetApplicationScopeCategoryArtifactFunctionOutput() GetApplicationScopeCategoryArtifactFunctionOutput { + return i.ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(context.Background()) } -func (i RoleMappingSamlArgs) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSamlOutput).ToRoleMappingSamlPtrOutputWithContext(ctx) +func (i GetApplicationScopeCategoryArtifactFunctionArgs) ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionOutput) } -// RoleMappingSamlPtrInput is an input type that accepts RoleMappingSamlArgs, RoleMappingSamlPtr and RoleMappingSamlPtrOutput values. -// You can construct a concrete instance of `RoleMappingSamlPtrInput` via: -// -// RoleMappingSamlArgs{...} -// -// or: +// GetApplicationScopeCategoryArtifactFunctionArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionArray and GetApplicationScopeCategoryArtifactFunctionArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionArrayInput` via: // -// nil -type RoleMappingSamlPtrInput interface { +// GetApplicationScopeCategoryArtifactFunctionArray{ GetApplicationScopeCategoryArtifactFunctionArgs{...} } +type GetApplicationScopeCategoryArtifactFunctionArrayInput interface { pulumi.Input - ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput - ToRoleMappingSamlPtrOutputWithContext(context.Context) RoleMappingSamlPtrOutput -} - -type roleMappingSamlPtrType RoleMappingSamlArgs - -func RoleMappingSamlPtr(v *RoleMappingSamlArgs) RoleMappingSamlPtrInput { - return (*roleMappingSamlPtrType)(v) + ToGetApplicationScopeCategoryArtifactFunctionArrayOutput() GetApplicationScopeCategoryArtifactFunctionArrayOutput + ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionArrayOutput } -func (*roleMappingSamlPtrType) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingSaml)(nil)).Elem() -} +type GetApplicationScopeCategoryArtifactFunctionArray []GetApplicationScopeCategoryArtifactFunctionInput -func (i *roleMappingSamlPtrType) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { - return i.ToRoleMappingSamlPtrOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryArtifactFunctionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() } -func (i *roleMappingSamlPtrType) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { - return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSamlPtrOutput) +func (i GetApplicationScopeCategoryArtifactFunctionArray) ToGetApplicationScopeCategoryArtifactFunctionArrayOutput() GetApplicationScopeCategoryArtifactFunctionArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(context.Background()) } -func (i *roleMappingSamlPtrType) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingSaml] { - return pulumix.Output[*RoleMappingSaml]{ - OutputState: i.ToRoleMappingSamlPtrOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryArtifactFunctionArray) ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionArrayOutput) } -type RoleMappingSamlOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactFunctionOutput struct{ *pulumi.OutputState } -func (RoleMappingSamlOutput) ElementType() reflect.Type { - return reflect.TypeOf((*RoleMappingSaml)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactFunctionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() } -func (o RoleMappingSamlOutput) ToRoleMappingSamlOutput() RoleMappingSamlOutput { +func (o GetApplicationScopeCategoryArtifactFunctionOutput) ToGetApplicationScopeCategoryArtifactFunctionOutput() GetApplicationScopeCategoryArtifactFunctionOutput { return o } -func (o RoleMappingSamlOutput) ToRoleMappingSamlOutputWithContext(ctx context.Context) RoleMappingSamlOutput { +func (o GetApplicationScopeCategoryArtifactFunctionOutput) ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionOutput { return o } -func (o RoleMappingSamlOutput) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { - return o.ToRoleMappingSamlPtrOutputWithContext(context.Background()) -} - -func (o RoleMappingSamlOutput) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { - return o.ApplyTWithContext(ctx, func(_ context.Context, v RoleMappingSaml) *RoleMappingSaml { - return &v - }).(RoleMappingSamlPtrOutput) -} - -func (o RoleMappingSamlOutput) ToOutput(ctx context.Context) pulumix.Output[RoleMappingSaml] { - return pulumix.Output[RoleMappingSaml]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryArtifactFunctionOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunction) string { return v.Expression }).(pulumi.StringOutput) } -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingSamlOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v RoleMappingSaml) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) +func (o GetApplicationScopeCategoryArtifactFunctionOutput) Variables() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunction) []GetApplicationScopeCategoryArtifactFunctionVariable { + return v.Variables + }).(GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) } -type RoleMappingSamlPtrOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactFunctionArrayOutput struct{ *pulumi.OutputState } -func (RoleMappingSamlPtrOutput) ElementType() reflect.Type { - return reflect.TypeOf((**RoleMappingSaml)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactFunctionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() } -func (o RoleMappingSamlPtrOutput) ToRoleMappingSamlPtrOutput() RoleMappingSamlPtrOutput { +func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionArrayOutput() GetApplicationScopeCategoryArtifactFunctionArrayOutput { return o } -func (o RoleMappingSamlPtrOutput) ToRoleMappingSamlPtrOutputWithContext(ctx context.Context) RoleMappingSamlPtrOutput { +func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionArrayOutput { return o } -func (o RoleMappingSamlPtrOutput) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingSaml] { - return pulumix.Output[*RoleMappingSaml]{ - OutputState: o.OutputState, - } -} - -func (o RoleMappingSamlPtrOutput) Elem() RoleMappingSamlOutput { - return o.ApplyT(func(v *RoleMappingSaml) RoleMappingSaml { - if v != nil { - return *v - } - var ret RoleMappingSaml - return ret - }).(RoleMappingSamlOutput) -} - -// Role Mapping is used to define the IdP role that the user will assume in Aqua -func (o RoleMappingSamlPtrOutput) RoleMapping() pulumi.StringMapOutput { - return o.ApplyT(func(v *RoleMappingSaml) map[string]string { - if v == nil { - return nil - } - return v.RoleMapping - }).(pulumi.StringMapOutput) +func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactFunctionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactFunction { + return vs[0].([]GetApplicationScopeCategoryArtifactFunction)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactFunctionOutput) } -type ServiceScopeVariable struct { - // Class of supported scope. - Attribute *string `pulumi:"attribute"` - // Name assigned to the attribute. - Name *string `pulumi:"name"` - // Value assigned to the attribute. - Value *string `pulumi:"value"` +type GetApplicationScopeCategoryArtifactFunctionVariable struct { + Attribute string `pulumi:"attribute"` + Value *string `pulumi:"value"` } -// ServiceScopeVariableInput is an input type that accepts ServiceScopeVariableArgs and ServiceScopeVariableOutput values. -// You can construct a concrete instance of `ServiceScopeVariableInput` via: +// GetApplicationScopeCategoryArtifactFunctionVariableInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionVariableArgs and GetApplicationScopeCategoryArtifactFunctionVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionVariableInput` via: // -// ServiceScopeVariableArgs{...} -type ServiceScopeVariableInput interface { +// GetApplicationScopeCategoryArtifactFunctionVariableArgs{...} +type GetApplicationScopeCategoryArtifactFunctionVariableInput interface { pulumi.Input - - ToServiceScopeVariableOutput() ServiceScopeVariableOutput - ToServiceScopeVariableOutputWithContext(context.Context) ServiceScopeVariableOutput -} - -type ServiceScopeVariableArgs struct { - // Class of supported scope. - Attribute pulumi.StringPtrInput `pulumi:"attribute"` - // Name assigned to the attribute. - Name pulumi.StringPtrInput `pulumi:"name"` - // Value assigned to the attribute. - Value pulumi.StringPtrInput `pulumi:"value"` + + ToGetApplicationScopeCategoryArtifactFunctionVariableOutput() GetApplicationScopeCategoryArtifactFunctionVariableOutput + ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionVariableOutput } -func (ServiceScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*ServiceScopeVariable)(nil)).Elem() +type GetApplicationScopeCategoryArtifactFunctionVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i ServiceScopeVariableArgs) ToServiceScopeVariableOutput() ServiceScopeVariableOutput { - return i.ToServiceScopeVariableOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryArtifactFunctionVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() } -func (i ServiceScopeVariableArgs) ToServiceScopeVariableOutputWithContext(ctx context.Context) ServiceScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(ServiceScopeVariableOutput) +func (i GetApplicationScopeCategoryArtifactFunctionVariableArgs) ToGetApplicationScopeCategoryArtifactFunctionVariableOutput() GetApplicationScopeCategoryArtifactFunctionVariableOutput { + return i.ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(context.Background()) } -func (i ServiceScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[ServiceScopeVariable] { - return pulumix.Output[ServiceScopeVariable]{ - OutputState: i.ToServiceScopeVariableOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryArtifactFunctionVariableArgs) ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionVariableOutput) } -// ServiceScopeVariableArrayInput is an input type that accepts ServiceScopeVariableArray and ServiceScopeVariableArrayOutput values. -// You can construct a concrete instance of `ServiceScopeVariableArrayInput` via: +// GetApplicationScopeCategoryArtifactFunctionVariableArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionVariableArray and GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionVariableArrayInput` via: // -// ServiceScopeVariableArray{ ServiceScopeVariableArgs{...} } -type ServiceScopeVariableArrayInput interface { +// GetApplicationScopeCategoryArtifactFunctionVariableArray{ GetApplicationScopeCategoryArtifactFunctionVariableArgs{...} } +type GetApplicationScopeCategoryArtifactFunctionVariableArrayInput interface { pulumi.Input - ToServiceScopeVariableArrayOutput() ServiceScopeVariableArrayOutput - ToServiceScopeVariableArrayOutputWithContext(context.Context) ServiceScopeVariableArrayOutput + ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutput() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput + ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput } -type ServiceScopeVariableArray []ServiceScopeVariableInput - -func (ServiceScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]ServiceScopeVariable)(nil)).Elem() -} +type GetApplicationScopeCategoryArtifactFunctionVariableArray []GetApplicationScopeCategoryArtifactFunctionVariableInput -func (i ServiceScopeVariableArray) ToServiceScopeVariableArrayOutput() ServiceScopeVariableArrayOutput { - return i.ToServiceScopeVariableArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryArtifactFunctionVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() } -func (i ServiceScopeVariableArray) ToServiceScopeVariableArrayOutputWithContext(ctx context.Context) ServiceScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(ServiceScopeVariableArrayOutput) +func (i GetApplicationScopeCategoryArtifactFunctionVariableArray) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutput() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(context.Background()) } -func (i ServiceScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]ServiceScopeVariable] { - return pulumix.Output[[]ServiceScopeVariable]{ - OutputState: i.ToServiceScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryArtifactFunctionVariableArray) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) } -type ServiceScopeVariableOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactFunctionVariableOutput struct{ *pulumi.OutputState } -func (ServiceScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*ServiceScopeVariable)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactFunctionVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() } -func (o ServiceScopeVariableOutput) ToServiceScopeVariableOutput() ServiceScopeVariableOutput { +func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableOutput() GetApplicationScopeCategoryArtifactFunctionVariableOutput { return o } -func (o ServiceScopeVariableOutput) ToServiceScopeVariableOutputWithContext(ctx context.Context) ServiceScopeVariableOutput { +func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableOutput { return o } -func (o ServiceScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[ServiceScopeVariable] { - return pulumix.Output[ServiceScopeVariable]{ - OutputState: o.OutputState, - } -} - -// Class of supported scope. -func (o ServiceScopeVariableOutput) Attribute() pulumi.StringPtrOutput { - return o.ApplyT(func(v ServiceScopeVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) -} - -// Name assigned to the attribute. -func (o ServiceScopeVariableOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v ServiceScopeVariable) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunctionVariable) string { return v.Attribute }).(pulumi.StringOutput) } -// Value assigned to the attribute. -func (o ServiceScopeVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v ServiceScopeVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunctionVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type ServiceScopeVariableArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput struct{ *pulumi.OutputState } -func (ServiceScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]ServiceScopeVariable)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() } -func (o ServiceScopeVariableArrayOutput) ToServiceScopeVariableArrayOutput() ServiceScopeVariableArrayOutput { +func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutput() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { return o } -func (o ServiceScopeVariableArrayOutput) ToServiceScopeVariableArrayOutputWithContext(ctx context.Context) ServiceScopeVariableArrayOutput { +func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { return o } -func (o ServiceScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]ServiceScopeVariable] { - return pulumix.Output[[]ServiceScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o ServiceScopeVariableArrayOutput) Index(i pulumi.IntInput) ServiceScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServiceScopeVariable { - return vs[0].([]ServiceScopeVariable)[vs[1].(int)] - }).(ServiceScopeVariableOutput) +func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactFunctionVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactFunctionVariable { + return vs[0].([]GetApplicationScopeCategoryArtifactFunctionVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactFunctionVariableOutput) } -type UserSaasGroup struct { - GroupAdmin *bool `pulumi:"groupAdmin"` - Name *string `pulumi:"name"` +type GetApplicationScopeCategoryArtifactImage struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryArtifactImageVariable `pulumi:"variables"` } -// UserSaasGroupInput is an input type that accepts UserSaasGroupArgs and UserSaasGroupOutput values. -// You can construct a concrete instance of `UserSaasGroupInput` via: +// GetApplicationScopeCategoryArtifactImageInput is an input type that accepts GetApplicationScopeCategoryArtifactImageArgs and GetApplicationScopeCategoryArtifactImageOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageInput` via: // -// UserSaasGroupArgs{...} -type UserSaasGroupInput interface { +// GetApplicationScopeCategoryArtifactImageArgs{...} +type GetApplicationScopeCategoryArtifactImageInput interface { pulumi.Input - ToUserSaasGroupOutput() UserSaasGroupOutput - ToUserSaasGroupOutputWithContext(context.Context) UserSaasGroupOutput -} - -type UserSaasGroupArgs struct { - GroupAdmin pulumi.BoolPtrInput `pulumi:"groupAdmin"` - Name pulumi.StringPtrInput `pulumi:"name"` + ToGetApplicationScopeCategoryArtifactImageOutput() GetApplicationScopeCategoryArtifactImageOutput + ToGetApplicationScopeCategoryArtifactImageOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageOutput } -func (UserSaasGroupArgs) ElementType() reflect.Type { - return reflect.TypeOf((*UserSaasGroup)(nil)).Elem() +type GetApplicationScopeCategoryArtifactImageArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryArtifactImageVariableArrayInput `pulumi:"variables"` } -func (i UserSaasGroupArgs) ToUserSaasGroupOutput() UserSaasGroupOutput { - return i.ToUserSaasGroupOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryArtifactImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImage)(nil)).Elem() } -func (i UserSaasGroupArgs) ToUserSaasGroupOutputWithContext(ctx context.Context) UserSaasGroupOutput { - return pulumi.ToOutputWithContext(ctx, i).(UserSaasGroupOutput) +func (i GetApplicationScopeCategoryArtifactImageArgs) ToGetApplicationScopeCategoryArtifactImageOutput() GetApplicationScopeCategoryArtifactImageOutput { + return i.ToGetApplicationScopeCategoryArtifactImageOutputWithContext(context.Background()) } -func (i UserSaasGroupArgs) ToOutput(ctx context.Context) pulumix.Output[UserSaasGroup] { - return pulumix.Output[UserSaasGroup]{ - OutputState: i.ToUserSaasGroupOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryArtifactImageArgs) ToGetApplicationScopeCategoryArtifactImageOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageOutput) } -// UserSaasGroupArrayInput is an input type that accepts UserSaasGroupArray and UserSaasGroupArrayOutput values. -// You can construct a concrete instance of `UserSaasGroupArrayInput` via: +// GetApplicationScopeCategoryArtifactImageArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactImageArray and GetApplicationScopeCategoryArtifactImageArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageArrayInput` via: // -// UserSaasGroupArray{ UserSaasGroupArgs{...} } -type UserSaasGroupArrayInput interface { +// GetApplicationScopeCategoryArtifactImageArray{ GetApplicationScopeCategoryArtifactImageArgs{...} } +type GetApplicationScopeCategoryArtifactImageArrayInput interface { pulumi.Input - ToUserSaasGroupArrayOutput() UserSaasGroupArrayOutput - ToUserSaasGroupArrayOutputWithContext(context.Context) UserSaasGroupArrayOutput + ToGetApplicationScopeCategoryArtifactImageArrayOutput() GetApplicationScopeCategoryArtifactImageArrayOutput + ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageArrayOutput } -type UserSaasGroupArray []UserSaasGroupInput - -func (UserSaasGroupArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]UserSaasGroup)(nil)).Elem() -} +type GetApplicationScopeCategoryArtifactImageArray []GetApplicationScopeCategoryArtifactImageInput -func (i UserSaasGroupArray) ToUserSaasGroupArrayOutput() UserSaasGroupArrayOutput { - return i.ToUserSaasGroupArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryArtifactImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImage)(nil)).Elem() } -func (i UserSaasGroupArray) ToUserSaasGroupArrayOutputWithContext(ctx context.Context) UserSaasGroupArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(UserSaasGroupArrayOutput) +func (i GetApplicationScopeCategoryArtifactImageArray) ToGetApplicationScopeCategoryArtifactImageArrayOutput() GetApplicationScopeCategoryArtifactImageArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(context.Background()) } -func (i UserSaasGroupArray) ToOutput(ctx context.Context) pulumix.Output[[]UserSaasGroup] { - return pulumix.Output[[]UserSaasGroup]{ - OutputState: i.ToUserSaasGroupArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryArtifactImageArray) ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageArrayOutput) } -type UserSaasGroupOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactImageOutput struct{ *pulumi.OutputState } -func (UserSaasGroupOutput) ElementType() reflect.Type { - return reflect.TypeOf((*UserSaasGroup)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImage)(nil)).Elem() } -func (o UserSaasGroupOutput) ToUserSaasGroupOutput() UserSaasGroupOutput { +func (o GetApplicationScopeCategoryArtifactImageOutput) ToGetApplicationScopeCategoryArtifactImageOutput() GetApplicationScopeCategoryArtifactImageOutput { return o } -func (o UserSaasGroupOutput) ToUserSaasGroupOutputWithContext(ctx context.Context) UserSaasGroupOutput { +func (o GetApplicationScopeCategoryArtifactImageOutput) ToGetApplicationScopeCategoryArtifactImageOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageOutput { return o } -func (o UserSaasGroupOutput) ToOutput(ctx context.Context) pulumix.Output[UserSaasGroup] { - return pulumix.Output[UserSaasGroup]{ - OutputState: o.OutputState, - } -} - -func (o UserSaasGroupOutput) GroupAdmin() pulumi.BoolPtrOutput { - return o.ApplyT(func(v UserSaasGroup) *bool { return v.GroupAdmin }).(pulumi.BoolPtrOutput) +func (o GetApplicationScopeCategoryArtifactImageOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImage) string { return v.Expression }).(pulumi.StringOutput) } -func (o UserSaasGroupOutput) Name() pulumi.StringPtrOutput { - return o.ApplyT(func(v UserSaasGroup) *string { return v.Name }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryArtifactImageOutput) Variables() GetApplicationScopeCategoryArtifactImageVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImage) []GetApplicationScopeCategoryArtifactImageVariable { + return v.Variables + }).(GetApplicationScopeCategoryArtifactImageVariableArrayOutput) } -type UserSaasGroupArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactImageArrayOutput struct{ *pulumi.OutputState } -func (UserSaasGroupArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]UserSaasGroup)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImage)(nil)).Elem() } -func (o UserSaasGroupArrayOutput) ToUserSaasGroupArrayOutput() UserSaasGroupArrayOutput { +func (o GetApplicationScopeCategoryArtifactImageArrayOutput) ToGetApplicationScopeCategoryArtifactImageArrayOutput() GetApplicationScopeCategoryArtifactImageArrayOutput { return o } -func (o UserSaasGroupArrayOutput) ToUserSaasGroupArrayOutputWithContext(ctx context.Context) UserSaasGroupArrayOutput { +func (o GetApplicationScopeCategoryArtifactImageArrayOutput) ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageArrayOutput { return o } -func (o UserSaasGroupArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]UserSaasGroup] { - return pulumix.Output[[]UserSaasGroup]{ - OutputState: o.OutputState, - } -} - -func (o UserSaasGroupArrayOutput) Index(i pulumi.IntInput) UserSaasGroupOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) UserSaasGroup { - return vs[0].([]UserSaasGroup)[vs[1].(int)] - }).(UserSaasGroupOutput) +func (o GetApplicationScopeCategoryArtifactImageArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactImage { + return vs[0].([]GetApplicationScopeCategoryArtifactImage)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactImageOutput) } -type UserSaasLogin struct { - Created *string `pulumi:"created"` - // The ID of this resource. - Id *int `pulumi:"id"` - IpAddress *string `pulumi:"ipAddress"` - UserId *int `pulumi:"userId"` +type GetApplicationScopeCategoryArtifactImageVariable struct { + Attribute *string `pulumi:"attribute"` + Value *string `pulumi:"value"` } -// UserSaasLoginInput is an input type that accepts UserSaasLoginArgs and UserSaasLoginOutput values. -// You can construct a concrete instance of `UserSaasLoginInput` via: +// GetApplicationScopeCategoryArtifactImageVariableInput is an input type that accepts GetApplicationScopeCategoryArtifactImageVariableArgs and GetApplicationScopeCategoryArtifactImageVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageVariableInput` via: // -// UserSaasLoginArgs{...} -type UserSaasLoginInput interface { +// GetApplicationScopeCategoryArtifactImageVariableArgs{...} +type GetApplicationScopeCategoryArtifactImageVariableInput interface { pulumi.Input - ToUserSaasLoginOutput() UserSaasLoginOutput - ToUserSaasLoginOutputWithContext(context.Context) UserSaasLoginOutput -} - -type UserSaasLoginArgs struct { - Created pulumi.StringPtrInput `pulumi:"created"` - // The ID of this resource. - Id pulumi.IntPtrInput `pulumi:"id"` - IpAddress pulumi.StringPtrInput `pulumi:"ipAddress"` - UserId pulumi.IntPtrInput `pulumi:"userId"` -} - -func (UserSaasLoginArgs) ElementType() reflect.Type { - return reflect.TypeOf((*UserSaasLogin)(nil)).Elem() -} - -func (i UserSaasLoginArgs) ToUserSaasLoginOutput() UserSaasLoginOutput { - return i.ToUserSaasLoginOutputWithContext(context.Background()) -} - -func (i UserSaasLoginArgs) ToUserSaasLoginOutputWithContext(ctx context.Context) UserSaasLoginOutput { - return pulumi.ToOutputWithContext(ctx, i).(UserSaasLoginOutput) -} - -func (i UserSaasLoginArgs) ToOutput(ctx context.Context) pulumix.Output[UserSaasLogin] { - return pulumix.Output[UserSaasLogin]{ - OutputState: i.ToUserSaasLoginOutputWithContext(ctx).OutputState, - } + ToGetApplicationScopeCategoryArtifactImageVariableOutput() GetApplicationScopeCategoryArtifactImageVariableOutput + ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageVariableOutput } -// UserSaasLoginArrayInput is an input type that accepts UserSaasLoginArray and UserSaasLoginArrayOutput values. -// You can construct a concrete instance of `UserSaasLoginArrayInput` via: -// -// UserSaasLoginArray{ UserSaasLoginArgs{...} } -type UserSaasLoginArrayInput interface { - pulumi.Input - - ToUserSaasLoginArrayOutput() UserSaasLoginArrayOutput - ToUserSaasLoginArrayOutputWithContext(context.Context) UserSaasLoginArrayOutput +type GetApplicationScopeCategoryArtifactImageVariableArgs struct { + Attribute pulumi.StringPtrInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -type UserSaasLoginArray []UserSaasLoginInput - -func (UserSaasLoginArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]UserSaasLogin)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactImageVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() } -func (i UserSaasLoginArray) ToUserSaasLoginArrayOutput() UserSaasLoginArrayOutput { - return i.ToUserSaasLoginArrayOutputWithContext(context.Background()) +func (i GetApplicationScopeCategoryArtifactImageVariableArgs) ToGetApplicationScopeCategoryArtifactImageVariableOutput() GetApplicationScopeCategoryArtifactImageVariableOutput { + return i.ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(context.Background()) } -func (i UserSaasLoginArray) ToUserSaasLoginArrayOutputWithContext(ctx context.Context) UserSaasLoginArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(UserSaasLoginArrayOutput) +func (i GetApplicationScopeCategoryArtifactImageVariableArgs) ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageVariableOutput) } -func (i UserSaasLoginArray) ToOutput(ctx context.Context) pulumix.Output[[]UserSaasLogin] { - return pulumix.Output[[]UserSaasLogin]{ - OutputState: i.ToUserSaasLoginArrayOutputWithContext(ctx).OutputState, - } +// GetApplicationScopeCategoryArtifactImageVariableArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactImageVariableArray and GetApplicationScopeCategoryArtifactImageVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageVariableArrayInput` via: +// +// GetApplicationScopeCategoryArtifactImageVariableArray{ GetApplicationScopeCategoryArtifactImageVariableArgs{...} } +type GetApplicationScopeCategoryArtifactImageVariableArrayInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryArtifactImageVariableArrayOutput() GetApplicationScopeCategoryArtifactImageVariableArrayOutput + ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageVariableArrayOutput } -type UserSaasLoginOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactImageVariableArray []GetApplicationScopeCategoryArtifactImageVariableInput -func (UserSaasLoginOutput) ElementType() reflect.Type { - return reflect.TypeOf((*UserSaasLogin)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactImageVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() } -func (o UserSaasLoginOutput) ToUserSaasLoginOutput() UserSaasLoginOutput { - return o +func (i GetApplicationScopeCategoryArtifactImageVariableArray) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutput() GetApplicationScopeCategoryArtifactImageVariableArrayOutput { + return i.ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(context.Background()) } -func (o UserSaasLoginOutput) ToUserSaasLoginOutputWithContext(ctx context.Context) UserSaasLoginOutput { - return o +func (i GetApplicationScopeCategoryArtifactImageVariableArray) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageVariableArrayOutput) } -func (o UserSaasLoginOutput) ToOutput(ctx context.Context) pulumix.Output[UserSaasLogin] { - return pulumix.Output[UserSaasLogin]{ - OutputState: o.OutputState, - } +type GetApplicationScopeCategoryArtifactImageVariableOutput struct{ *pulumi.OutputState } + +func (GetApplicationScopeCategoryArtifactImageVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() } -func (o UserSaasLoginOutput) Created() pulumi.StringPtrOutput { - return o.ApplyT(func(v UserSaasLogin) *string { return v.Created }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryArtifactImageVariableOutput) ToGetApplicationScopeCategoryArtifactImageVariableOutput() GetApplicationScopeCategoryArtifactImageVariableOutput { + return o } -// The ID of this resource. -func (o UserSaasLoginOutput) Id() pulumi.IntPtrOutput { - return o.ApplyT(func(v UserSaasLogin) *int { return v.Id }).(pulumi.IntPtrOutput) +func (o GetApplicationScopeCategoryArtifactImageVariableOutput) ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableOutput { + return o } -func (o UserSaasLoginOutput) IpAddress() pulumi.StringPtrOutput { - return o.ApplyT(func(v UserSaasLogin) *string { return v.IpAddress }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryArtifactImageVariableOutput) Attribute() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImageVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) } -func (o UserSaasLoginOutput) UserId() pulumi.IntPtrOutput { - return o.ApplyT(func(v UserSaasLogin) *int { return v.UserId }).(pulumi.IntPtrOutput) +func (o GetApplicationScopeCategoryArtifactImageVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImageVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type UserSaasLoginArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryArtifactImageVariableArrayOutput struct{ *pulumi.OutputState } -func (UserSaasLoginArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]UserSaasLogin)(nil)).Elem() +func (GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() } -func (o UserSaasLoginArrayOutput) ToUserSaasLoginArrayOutput() UserSaasLoginArrayOutput { +func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutput() GetApplicationScopeCategoryArtifactImageVariableArrayOutput { return o } -func (o UserSaasLoginArrayOutput) ToUserSaasLoginArrayOutputWithContext(ctx context.Context) UserSaasLoginArrayOutput { +func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableArrayOutput { return o } -func (o UserSaasLoginArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]UserSaasLogin] { - return pulumix.Output[[]UserSaasLogin]{ - OutputState: o.OutputState, - } -} - -func (o UserSaasLoginArrayOutput) Index(i pulumi.IntInput) UserSaasLoginOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) UserSaasLogin { - return vs[0].([]UserSaasLogin)[vs[1].(int)] - }).(UserSaasLoginOutput) +func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactImageVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactImageVariable { + return vs[0].([]GetApplicationScopeCategoryArtifactImageVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryArtifactImageVariableOutput) } -type GetAcknowledgesAcknowledge struct { - Author string `pulumi:"author"` - Comment string `pulumi:"comment"` - Date string `pulumi:"date"` - DockerId string `pulumi:"dockerId"` - ExpirationConfiguredAt string `pulumi:"expirationConfiguredAt"` - ExpirationConfiguredBy string `pulumi:"expirationConfiguredBy"` - ExpirationDays int `pulumi:"expirationDays"` - FixVersion string `pulumi:"fixVersion"` - ImageName string `pulumi:"imageName"` - IssueName string `pulumi:"issueName"` - IssueType string `pulumi:"issueType"` - Os string `pulumi:"os"` - OsVersion string `pulumi:"osVersion"` - Permission string `pulumi:"permission"` - RegistryName string `pulumi:"registryName"` - ResourceCpe string `pulumi:"resourceCpe"` - ResourceFormat string `pulumi:"resourceFormat"` - ResourceHash string `pulumi:"resourceHash"` - ResourceName string `pulumi:"resourceName"` - ResourcePath string `pulumi:"resourcePath"` - ResourceType string `pulumi:"resourceType"` - ResourceVersion string `pulumi:"resourceVersion"` +type GetApplicationScopeCategoryEntityScope struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryEntityScopeVariable `pulumi:"variables"` } -// GetAcknowledgesAcknowledgeInput is an input type that accepts GetAcknowledgesAcknowledgeArgs and GetAcknowledgesAcknowledgeOutput values. -// You can construct a concrete instance of `GetAcknowledgesAcknowledgeInput` via: +// GetApplicationScopeCategoryEntityScopeInput is an input type that accepts GetApplicationScopeCategoryEntityScopeArgs and GetApplicationScopeCategoryEntityScopeOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeInput` via: // -// GetAcknowledgesAcknowledgeArgs{...} -type GetAcknowledgesAcknowledgeInput interface { +// GetApplicationScopeCategoryEntityScopeArgs{...} +type GetApplicationScopeCategoryEntityScopeInput interface { pulumi.Input - ToGetAcknowledgesAcknowledgeOutput() GetAcknowledgesAcknowledgeOutput - ToGetAcknowledgesAcknowledgeOutputWithContext(context.Context) GetAcknowledgesAcknowledgeOutput -} - -type GetAcknowledgesAcknowledgeArgs struct { - Author pulumi.StringInput `pulumi:"author"` - Comment pulumi.StringInput `pulumi:"comment"` - Date pulumi.StringInput `pulumi:"date"` - DockerId pulumi.StringInput `pulumi:"dockerId"` - ExpirationConfiguredAt pulumi.StringInput `pulumi:"expirationConfiguredAt"` - ExpirationConfiguredBy pulumi.StringInput `pulumi:"expirationConfiguredBy"` - ExpirationDays pulumi.IntInput `pulumi:"expirationDays"` - FixVersion pulumi.StringInput `pulumi:"fixVersion"` - ImageName pulumi.StringInput `pulumi:"imageName"` - IssueName pulumi.StringInput `pulumi:"issueName"` - IssueType pulumi.StringInput `pulumi:"issueType"` - Os pulumi.StringInput `pulumi:"os"` - OsVersion pulumi.StringInput `pulumi:"osVersion"` - Permission pulumi.StringInput `pulumi:"permission"` - RegistryName pulumi.StringInput `pulumi:"registryName"` - ResourceCpe pulumi.StringInput `pulumi:"resourceCpe"` - ResourceFormat pulumi.StringInput `pulumi:"resourceFormat"` - ResourceHash pulumi.StringInput `pulumi:"resourceHash"` - ResourceName pulumi.StringInput `pulumi:"resourceName"` - ResourcePath pulumi.StringInput `pulumi:"resourcePath"` - ResourceType pulumi.StringInput `pulumi:"resourceType"` - ResourceVersion pulumi.StringInput `pulumi:"resourceVersion"` + ToGetApplicationScopeCategoryEntityScopeOutput() GetApplicationScopeCategoryEntityScopeOutput + ToGetApplicationScopeCategoryEntityScopeOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeOutput } -func (GetAcknowledgesAcknowledgeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetAcknowledgesAcknowledge)(nil)).Elem() +type GetApplicationScopeCategoryEntityScopeArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryEntityScopeVariableArrayInput `pulumi:"variables"` } -func (i GetAcknowledgesAcknowledgeArgs) ToGetAcknowledgesAcknowledgeOutput() GetAcknowledgesAcknowledgeOutput { - return i.ToGetAcknowledgesAcknowledgeOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryEntityScopeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryEntityScope)(nil)).Elem() } -func (i GetAcknowledgesAcknowledgeArgs) ToGetAcknowledgesAcknowledgeOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetAcknowledgesAcknowledgeOutput) +func (i GetApplicationScopeCategoryEntityScopeArgs) ToGetApplicationScopeCategoryEntityScopeOutput() GetApplicationScopeCategoryEntityScopeOutput { + return i.ToGetApplicationScopeCategoryEntityScopeOutputWithContext(context.Background()) } -func (i GetAcknowledgesAcknowledgeArgs) ToOutput(ctx context.Context) pulumix.Output[GetAcknowledgesAcknowledge] { - return pulumix.Output[GetAcknowledgesAcknowledge]{ - OutputState: i.ToGetAcknowledgesAcknowledgeOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryEntityScopeArgs) ToGetApplicationScopeCategoryEntityScopeOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeOutput) } -// GetAcknowledgesAcknowledgeArrayInput is an input type that accepts GetAcknowledgesAcknowledgeArray and GetAcknowledgesAcknowledgeArrayOutput values. -// You can construct a concrete instance of `GetAcknowledgesAcknowledgeArrayInput` via: +// GetApplicationScopeCategoryEntityScopeArrayInput is an input type that accepts GetApplicationScopeCategoryEntityScopeArray and GetApplicationScopeCategoryEntityScopeArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeArrayInput` via: // -// GetAcknowledgesAcknowledgeArray{ GetAcknowledgesAcknowledgeArgs{...} } -type GetAcknowledgesAcknowledgeArrayInput interface { +// GetApplicationScopeCategoryEntityScopeArray{ GetApplicationScopeCategoryEntityScopeArgs{...} } +type GetApplicationScopeCategoryEntityScopeArrayInput interface { pulumi.Input - ToGetAcknowledgesAcknowledgeArrayOutput() GetAcknowledgesAcknowledgeArrayOutput - ToGetAcknowledgesAcknowledgeArrayOutputWithContext(context.Context) GetAcknowledgesAcknowledgeArrayOutput + ToGetApplicationScopeCategoryEntityScopeArrayOutput() GetApplicationScopeCategoryEntityScopeArrayOutput + ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeArrayOutput } -type GetAcknowledgesAcknowledgeArray []GetAcknowledgesAcknowledgeInput - -func (GetAcknowledgesAcknowledgeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetAcknowledgesAcknowledge)(nil)).Elem() -} +type GetApplicationScopeCategoryEntityScopeArray []GetApplicationScopeCategoryEntityScopeInput -func (i GetAcknowledgesAcknowledgeArray) ToGetAcknowledgesAcknowledgeArrayOutput() GetAcknowledgesAcknowledgeArrayOutput { - return i.ToGetAcknowledgesAcknowledgeArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryEntityScopeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScope)(nil)).Elem() } -func (i GetAcknowledgesAcknowledgeArray) ToGetAcknowledgesAcknowledgeArrayOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetAcknowledgesAcknowledgeArrayOutput) +func (i GetApplicationScopeCategoryEntityScopeArray) ToGetApplicationScopeCategoryEntityScopeArrayOutput() GetApplicationScopeCategoryEntityScopeArrayOutput { + return i.ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(context.Background()) } -func (i GetAcknowledgesAcknowledgeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetAcknowledgesAcknowledge] { - return pulumix.Output[[]GetAcknowledgesAcknowledge]{ - OutputState: i.ToGetAcknowledgesAcknowledgeArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryEntityScopeArray) ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeArrayOutput) } -type GetAcknowledgesAcknowledgeOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryEntityScopeOutput struct{ *pulumi.OutputState } -func (GetAcknowledgesAcknowledgeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetAcknowledgesAcknowledge)(nil)).Elem() +func (GetApplicationScopeCategoryEntityScopeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryEntityScope)(nil)).Elem() } -func (o GetAcknowledgesAcknowledgeOutput) ToGetAcknowledgesAcknowledgeOutput() GetAcknowledgesAcknowledgeOutput { +func (o GetApplicationScopeCategoryEntityScopeOutput) ToGetApplicationScopeCategoryEntityScopeOutput() GetApplicationScopeCategoryEntityScopeOutput { return o } -func (o GetAcknowledgesAcknowledgeOutput) ToGetAcknowledgesAcknowledgeOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeOutput { +func (o GetApplicationScopeCategoryEntityScopeOutput) ToGetApplicationScopeCategoryEntityScopeOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeOutput { return o } -func (o GetAcknowledgesAcknowledgeOutput) ToOutput(ctx context.Context) pulumix.Output[GetAcknowledgesAcknowledge] { - return pulumix.Output[GetAcknowledgesAcknowledge]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryEntityScopeOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryEntityScope) string { return v.Expression }).(pulumi.StringOutput) } -func (o GetAcknowledgesAcknowledgeOutput) Author() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Author }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeOutput) Variables() GetApplicationScopeCategoryEntityScopeVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryEntityScope) []GetApplicationScopeCategoryEntityScopeVariable { + return v.Variables + }).(GetApplicationScopeCategoryEntityScopeVariableArrayOutput) } -func (o GetAcknowledgesAcknowledgeOutput) Comment() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Comment }).(pulumi.StringOutput) +type GetApplicationScopeCategoryEntityScopeArrayOutput struct{ *pulumi.OutputState } + +func (GetApplicationScopeCategoryEntityScopeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScope)(nil)).Elem() } -func (o GetAcknowledgesAcknowledgeOutput) Date() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Date }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeArrayOutput) ToGetApplicationScopeCategoryEntityScopeArrayOutput() GetApplicationScopeCategoryEntityScopeArrayOutput { + return o } -func (o GetAcknowledgesAcknowledgeOutput) DockerId() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.DockerId }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeArrayOutput) ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeArrayOutput { + return o } -func (o GetAcknowledgesAcknowledgeOutput) ExpirationConfiguredAt() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ExpirationConfiguredAt }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryEntityScopeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryEntityScope { + return vs[0].([]GetApplicationScopeCategoryEntityScope)[vs[1].(int)] + }).(GetApplicationScopeCategoryEntityScopeOutput) } -func (o GetAcknowledgesAcknowledgeOutput) ExpirationConfiguredBy() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ExpirationConfiguredBy }).(pulumi.StringOutput) +type GetApplicationScopeCategoryEntityScopeVariable struct { + Attribute string `pulumi:"attribute"` + Value string `pulumi:"value"` } -func (o GetAcknowledgesAcknowledgeOutput) ExpirationDays() pulumi.IntOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) int { return v.ExpirationDays }).(pulumi.IntOutput) +// GetApplicationScopeCategoryEntityScopeVariableInput is an input type that accepts GetApplicationScopeCategoryEntityScopeVariableArgs and GetApplicationScopeCategoryEntityScopeVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeVariableInput` via: +// +// GetApplicationScopeCategoryEntityScopeVariableArgs{...} +type GetApplicationScopeCategoryEntityScopeVariableInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryEntityScopeVariableOutput() GetApplicationScopeCategoryEntityScopeVariableOutput + ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeVariableOutput } -func (o GetAcknowledgesAcknowledgeOutput) FixVersion() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.FixVersion }).(pulumi.StringOutput) +type GetApplicationScopeCategoryEntityScopeVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringInput `pulumi:"value"` } -func (o GetAcknowledgesAcknowledgeOutput) ImageName() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ImageName }).(pulumi.StringOutput) +func (GetApplicationScopeCategoryEntityScopeVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() } -func (o GetAcknowledgesAcknowledgeOutput) IssueName() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.IssueName }).(pulumi.StringOutput) +func (i GetApplicationScopeCategoryEntityScopeVariableArgs) ToGetApplicationScopeCategoryEntityScopeVariableOutput() GetApplicationScopeCategoryEntityScopeVariableOutput { + return i.ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(context.Background()) } -func (o GetAcknowledgesAcknowledgeOutput) IssueType() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.IssueType }).(pulumi.StringOutput) +func (i GetApplicationScopeCategoryEntityScopeVariableArgs) ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeVariableOutput) } -func (o GetAcknowledgesAcknowledgeOutput) Os() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Os }).(pulumi.StringOutput) +// GetApplicationScopeCategoryEntityScopeVariableArrayInput is an input type that accepts GetApplicationScopeCategoryEntityScopeVariableArray and GetApplicationScopeCategoryEntityScopeVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeVariableArrayInput` via: +// +// GetApplicationScopeCategoryEntityScopeVariableArray{ GetApplicationScopeCategoryEntityScopeVariableArgs{...} } +type GetApplicationScopeCategoryEntityScopeVariableArrayInput interface { + pulumi.Input + + ToGetApplicationScopeCategoryEntityScopeVariableArrayOutput() GetApplicationScopeCategoryEntityScopeVariableArrayOutput + ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeVariableArrayOutput } -func (o GetAcknowledgesAcknowledgeOutput) OsVersion() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.OsVersion }).(pulumi.StringOutput) -} +type GetApplicationScopeCategoryEntityScopeVariableArray []GetApplicationScopeCategoryEntityScopeVariableInput -func (o GetAcknowledgesAcknowledgeOutput) Permission() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.Permission }).(pulumi.StringOutput) +func (GetApplicationScopeCategoryEntityScopeVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() } -func (o GetAcknowledgesAcknowledgeOutput) RegistryName() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.RegistryName }).(pulumi.StringOutput) +func (i GetApplicationScopeCategoryEntityScopeVariableArray) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutput() GetApplicationScopeCategoryEntityScopeVariableArrayOutput { + return i.ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(context.Background()) } -func (o GetAcknowledgesAcknowledgeOutput) ResourceCpe() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceCpe }).(pulumi.StringOutput) +func (i GetApplicationScopeCategoryEntityScopeVariableArray) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeVariableArrayOutput) } -func (o GetAcknowledgesAcknowledgeOutput) ResourceFormat() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceFormat }).(pulumi.StringOutput) -} +type GetApplicationScopeCategoryEntityScopeVariableOutput struct{ *pulumi.OutputState } -func (o GetAcknowledgesAcknowledgeOutput) ResourceHash() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceHash }).(pulumi.StringOutput) +func (GetApplicationScopeCategoryEntityScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() } -func (o GetAcknowledgesAcknowledgeOutput) ResourceName() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceName }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeVariableOutput) ToGetApplicationScopeCategoryEntityScopeVariableOutput() GetApplicationScopeCategoryEntityScopeVariableOutput { + return o } -func (o GetAcknowledgesAcknowledgeOutput) ResourcePath() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourcePath }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeVariableOutput) ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableOutput { + return o } -func (o GetAcknowledgesAcknowledgeOutput) ResourceType() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceType }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryEntityScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o GetAcknowledgesAcknowledgeOutput) ResourceVersion() pulumi.StringOutput { - return o.ApplyT(func(v GetAcknowledgesAcknowledge) string { return v.ResourceVersion }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryEntityScopeVariableOutput) Value() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryEntityScopeVariable) string { return v.Value }).(pulumi.StringOutput) } -type GetAcknowledgesAcknowledgeArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryEntityScopeVariableArrayOutput struct{ *pulumi.OutputState } -func (GetAcknowledgesAcknowledgeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetAcknowledgesAcknowledge)(nil)).Elem() +func (GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() } -func (o GetAcknowledgesAcknowledgeArrayOutput) ToGetAcknowledgesAcknowledgeArrayOutput() GetAcknowledgesAcknowledgeArrayOutput { +func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutput() GetApplicationScopeCategoryEntityScopeVariableArrayOutput { return o } -func (o GetAcknowledgesAcknowledgeArrayOutput) ToGetAcknowledgesAcknowledgeArrayOutputWithContext(ctx context.Context) GetAcknowledgesAcknowledgeArrayOutput { +func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableArrayOutput { return o } -func (o GetAcknowledgesAcknowledgeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetAcknowledgesAcknowledge] { - return pulumix.Output[[]GetAcknowledgesAcknowledge]{ - OutputState: o.OutputState, - } -} - -func (o GetAcknowledgesAcknowledgeArrayOutput) Index(i pulumi.IntInput) GetAcknowledgesAcknowledgeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetAcknowledgesAcknowledge { - return vs[0].([]GetAcknowledgesAcknowledge)[vs[1].(int)] - }).(GetAcknowledgesAcknowledgeOutput) +func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryEntityScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryEntityScopeVariable { + return vs[0].([]GetApplicationScopeCategoryEntityScopeVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryEntityScopeVariableOutput) } -type GetApplicationScopeCategory struct { - Artifacts []GetApplicationScopeCategoryArtifact `pulumi:"artifacts"` - EntityScopes []GetApplicationScopeCategoryEntityScope `pulumi:"entityScopes"` - Infrastructures []GetApplicationScopeCategoryInfrastructure `pulumi:"infrastructures"` - Workloads []GetApplicationScopeCategoryWorkload `pulumi:"workloads"` +type GetApplicationScopeCategoryInfrastructure struct { + Kubernetes []GetApplicationScopeCategoryInfrastructureKubernete `pulumi:"kubernetes"` + Os []GetApplicationScopeCategoryInfrastructureO `pulumi:"os"` } -// GetApplicationScopeCategoryInput is an input type that accepts GetApplicationScopeCategoryArgs and GetApplicationScopeCategoryOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInput` via: +// GetApplicationScopeCategoryInfrastructureInput is an input type that accepts GetApplicationScopeCategoryInfrastructureArgs and GetApplicationScopeCategoryInfrastructureOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureInput` via: // -// GetApplicationScopeCategoryArgs{...} -type GetApplicationScopeCategoryInput interface { +// GetApplicationScopeCategoryInfrastructureArgs{...} +type GetApplicationScopeCategoryInfrastructureInput interface { pulumi.Input - ToGetApplicationScopeCategoryOutput() GetApplicationScopeCategoryOutput - ToGetApplicationScopeCategoryOutputWithContext(context.Context) GetApplicationScopeCategoryOutput -} - -type GetApplicationScopeCategoryArgs struct { - Artifacts GetApplicationScopeCategoryArtifactArrayInput `pulumi:"artifacts"` - EntityScopes GetApplicationScopeCategoryEntityScopeArrayInput `pulumi:"entityScopes"` - Infrastructures GetApplicationScopeCategoryInfrastructureArrayInput `pulumi:"infrastructures"` - Workloads GetApplicationScopeCategoryWorkloadArrayInput `pulumi:"workloads"` + ToGetApplicationScopeCategoryInfrastructureOutput() GetApplicationScopeCategoryInfrastructureOutput + ToGetApplicationScopeCategoryInfrastructureOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOutput } -func (GetApplicationScopeCategoryArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategory)(nil)).Elem() +type GetApplicationScopeCategoryInfrastructureArgs struct { + Kubernetes GetApplicationScopeCategoryInfrastructureKuberneteArrayInput `pulumi:"kubernetes"` + Os GetApplicationScopeCategoryInfrastructureOArrayInput `pulumi:"os"` } -func (i GetApplicationScopeCategoryArgs) ToGetApplicationScopeCategoryOutput() GetApplicationScopeCategoryOutput { - return i.ToGetApplicationScopeCategoryOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructure)(nil)).Elem() } -func (i GetApplicationScopeCategoryArgs) ToGetApplicationScopeCategoryOutputWithContext(ctx context.Context) GetApplicationScopeCategoryOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryOutput) +func (i GetApplicationScopeCategoryInfrastructureArgs) ToGetApplicationScopeCategoryInfrastructureOutput() GetApplicationScopeCategoryInfrastructureOutput { + return i.ToGetApplicationScopeCategoryInfrastructureOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategory] { - return pulumix.Output[GetApplicationScopeCategory]{ - OutputState: i.ToGetApplicationScopeCategoryOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureArgs) ToGetApplicationScopeCategoryInfrastructureOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOutput) } -// GetApplicationScopeCategoryArrayInput is an input type that accepts GetApplicationScopeCategoryArray and GetApplicationScopeCategoryArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArrayInput` via: +// GetApplicationScopeCategoryInfrastructureArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureArray and GetApplicationScopeCategoryInfrastructureArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureArrayInput` via: // -// GetApplicationScopeCategoryArray{ GetApplicationScopeCategoryArgs{...} } -type GetApplicationScopeCategoryArrayInput interface { +// GetApplicationScopeCategoryInfrastructureArray{ GetApplicationScopeCategoryInfrastructureArgs{...} } +type GetApplicationScopeCategoryInfrastructureArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArrayOutput() GetApplicationScopeCategoryArrayOutput - ToGetApplicationScopeCategoryArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArrayOutput + ToGetApplicationScopeCategoryInfrastructureArrayOutput() GetApplicationScopeCategoryInfrastructureArrayOutput + ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureArrayOutput } -type GetApplicationScopeCategoryArray []GetApplicationScopeCategoryInput - -func (GetApplicationScopeCategoryArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategory)(nil)).Elem() -} +type GetApplicationScopeCategoryInfrastructureArray []GetApplicationScopeCategoryInfrastructureInput -func (i GetApplicationScopeCategoryArray) ToGetApplicationScopeCategoryArrayOutput() GetApplicationScopeCategoryArrayOutput { - return i.ToGetApplicationScopeCategoryArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructure)(nil)).Elem() } -func (i GetApplicationScopeCategoryArray) ToGetApplicationScopeCategoryArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArrayOutput) +func (i GetApplicationScopeCategoryInfrastructureArray) ToGetApplicationScopeCategoryInfrastructureArrayOutput() GetApplicationScopeCategoryInfrastructureArrayOutput { + return i.ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategory] { - return pulumix.Output[[]GetApplicationScopeCategory]{ - OutputState: i.ToGetApplicationScopeCategoryArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureArray) ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureArrayOutput) } -type GetApplicationScopeCategoryOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategory)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructure)(nil)).Elem() } -func (o GetApplicationScopeCategoryOutput) ToGetApplicationScopeCategoryOutput() GetApplicationScopeCategoryOutput { +func (o GetApplicationScopeCategoryInfrastructureOutput) ToGetApplicationScopeCategoryInfrastructureOutput() GetApplicationScopeCategoryInfrastructureOutput { return o } -func (o GetApplicationScopeCategoryOutput) ToGetApplicationScopeCategoryOutputWithContext(ctx context.Context) GetApplicationScopeCategoryOutput { +func (o GetApplicationScopeCategoryInfrastructureOutput) ToGetApplicationScopeCategoryInfrastructureOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOutput { return o } -func (o GetApplicationScopeCategoryOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategory] { - return pulumix.Output[GetApplicationScopeCategory]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryOutput) Artifacts() GetApplicationScopeCategoryArtifactArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryArtifact { return v.Artifacts }).(GetApplicationScopeCategoryArtifactArrayOutput) -} - -func (o GetApplicationScopeCategoryOutput) EntityScopes() GetApplicationScopeCategoryEntityScopeArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryEntityScope { return v.EntityScopes }).(GetApplicationScopeCategoryEntityScopeArrayOutput) -} - -func (o GetApplicationScopeCategoryOutput) Infrastructures() GetApplicationScopeCategoryInfrastructureArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryInfrastructure { - return v.Infrastructures - }).(GetApplicationScopeCategoryInfrastructureArrayOutput) +func (o GetApplicationScopeCategoryInfrastructureOutput) Kubernetes() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructure) []GetApplicationScopeCategoryInfrastructureKubernete { + return v.Kubernetes + }).(GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) } -func (o GetApplicationScopeCategoryOutput) Workloads() GetApplicationScopeCategoryWorkloadArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategory) []GetApplicationScopeCategoryWorkload { return v.Workloads }).(GetApplicationScopeCategoryWorkloadArrayOutput) +func (o GetApplicationScopeCategoryInfrastructureOutput) Os() GetApplicationScopeCategoryInfrastructureOArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructure) []GetApplicationScopeCategoryInfrastructureO { + return v.Os + }).(GetApplicationScopeCategoryInfrastructureOArrayOutput) } -type GetApplicationScopeCategoryArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategory)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructure)(nil)).Elem() } -func (o GetApplicationScopeCategoryArrayOutput) ToGetApplicationScopeCategoryArrayOutput() GetApplicationScopeCategoryArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureArrayOutput) ToGetApplicationScopeCategoryInfrastructureArrayOutput() GetApplicationScopeCategoryInfrastructureArrayOutput { return o } -func (o GetApplicationScopeCategoryArrayOutput) ToGetApplicationScopeCategoryArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureArrayOutput) ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureArrayOutput { return o } -func (o GetApplicationScopeCategoryArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategory] { - return pulumix.Output[[]GetApplicationScopeCategory]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategory { - return vs[0].([]GetApplicationScopeCategory)[vs[1].(int)] - }).(GetApplicationScopeCategoryOutput) +func (o GetApplicationScopeCategoryInfrastructureArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructure { + return vs[0].([]GetApplicationScopeCategoryInfrastructure)[vs[1].(int)] + }).(GetApplicationScopeCategoryInfrastructureOutput) } -type GetApplicationScopeCategoryArtifact struct { - Cfs []GetApplicationScopeCategoryArtifactCf `pulumi:"cfs"` - Functions []GetApplicationScopeCategoryArtifactFunction `pulumi:"functions"` - Images []GetApplicationScopeCategoryArtifactImage `pulumi:"images"` +type GetApplicationScopeCategoryInfrastructureKubernete struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryInfrastructureKuberneteVariable `pulumi:"variables"` } -// GetApplicationScopeCategoryArtifactInput is an input type that accepts GetApplicationScopeCategoryArtifactArgs and GetApplicationScopeCategoryArtifactOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactInput` via: +// GetApplicationScopeCategoryInfrastructureKuberneteInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteArgs and GetApplicationScopeCategoryInfrastructureKuberneteOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteInput` via: // -// GetApplicationScopeCategoryArtifactArgs{...} -type GetApplicationScopeCategoryArtifactInput interface { +// GetApplicationScopeCategoryInfrastructureKuberneteArgs{...} +type GetApplicationScopeCategoryInfrastructureKuberneteInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactOutput() GetApplicationScopeCategoryArtifactOutput - ToGetApplicationScopeCategoryArtifactOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactOutput -} - -type GetApplicationScopeCategoryArtifactArgs struct { - Cfs GetApplicationScopeCategoryArtifactCfArrayInput `pulumi:"cfs"` - Functions GetApplicationScopeCategoryArtifactFunctionArrayInput `pulumi:"functions"` - Images GetApplicationScopeCategoryArtifactImageArrayInput `pulumi:"images"` + ToGetApplicationScopeCategoryInfrastructureKuberneteOutput() GetApplicationScopeCategoryInfrastructureKuberneteOutput + ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteOutput } -func (GetApplicationScopeCategoryArtifactArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifact)(nil)).Elem() +type GetApplicationScopeCategoryInfrastructureKuberneteArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput `pulumi:"variables"` } -func (i GetApplicationScopeCategoryArtifactArgs) ToGetApplicationScopeCategoryArtifactOutput() GetApplicationScopeCategoryArtifactOutput { - return i.ToGetApplicationScopeCategoryArtifactOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureKuberneteArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactArgs) ToGetApplicationScopeCategoryArtifactOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactOutput) +func (i GetApplicationScopeCategoryInfrastructureKuberneteArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteOutput() GetApplicationScopeCategoryInfrastructureKuberneteOutput { + return i.ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifact] { - return pulumix.Output[GetApplicationScopeCategoryArtifact]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureKuberneteArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteOutput) } -// GetApplicationScopeCategoryArtifactArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactArray and GetApplicationScopeCategoryArtifactArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactArrayInput` via: +// GetApplicationScopeCategoryInfrastructureKuberneteArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteArray and GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteArrayInput` via: // -// GetApplicationScopeCategoryArtifactArray{ GetApplicationScopeCategoryArtifactArgs{...} } -type GetApplicationScopeCategoryArtifactArrayInput interface { +// GetApplicationScopeCategoryInfrastructureKuberneteArray{ GetApplicationScopeCategoryInfrastructureKuberneteArgs{...} } +type GetApplicationScopeCategoryInfrastructureKuberneteArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactArrayOutput() GetApplicationScopeCategoryArtifactArrayOutput - ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactArrayOutput + ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput + ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput } -type GetApplicationScopeCategoryArtifactArray []GetApplicationScopeCategoryArtifactInput - -func (GetApplicationScopeCategoryArtifactArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifact)(nil)).Elem() -} +type GetApplicationScopeCategoryInfrastructureKuberneteArray []GetApplicationScopeCategoryInfrastructureKuberneteInput -func (i GetApplicationScopeCategoryArtifactArray) ToGetApplicationScopeCategoryArtifactArrayOutput() GetApplicationScopeCategoryArtifactArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureKuberneteArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactArray) ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactArrayOutput) +func (i GetApplicationScopeCategoryInfrastructureKuberneteArray) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { + return i.ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifact] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifact]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureKuberneteArray) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) } -type GetApplicationScopeCategoryArtifactOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureKuberneteOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifact)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureKuberneteOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactOutput) ToGetApplicationScopeCategoryArtifactOutput() GetApplicationScopeCategoryArtifactOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteOutput() GetApplicationScopeCategoryInfrastructureKuberneteOutput { return o } -func (o GetApplicationScopeCategoryArtifactOutput) ToGetApplicationScopeCategoryArtifactOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteOutput { return o } -func (o GetApplicationScopeCategoryArtifactOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifact] { - return pulumix.Output[GetApplicationScopeCategoryArtifact]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactOutput) Cfs() GetApplicationScopeCategoryArtifactCfArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifact) []GetApplicationScopeCategoryArtifactCf { return v.Cfs }).(GetApplicationScopeCategoryArtifactCfArrayOutput) -} - -func (o GetApplicationScopeCategoryArtifactOutput) Functions() GetApplicationScopeCategoryArtifactFunctionArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifact) []GetApplicationScopeCategoryArtifactFunction { - return v.Functions - }).(GetApplicationScopeCategoryArtifactFunctionArrayOutput) +func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKubernete) string { return v.Expression }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryArtifactOutput) Images() GetApplicationScopeCategoryArtifactImageArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifact) []GetApplicationScopeCategoryArtifactImage { - return v.Images - }).(GetApplicationScopeCategoryArtifactImageArrayOutput) +func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) Variables() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKubernete) []GetApplicationScopeCategoryInfrastructureKuberneteVariable { + return v.Variables + }).(GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) } -type GetApplicationScopeCategoryArtifactArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifact)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactArrayOutput) ToGetApplicationScopeCategoryArtifactArrayOutput() GetApplicationScopeCategoryArtifactArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactArrayOutput) ToGetApplicationScopeCategoryArtifactArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifact] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifact]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifact { - return vs[0].([]GetApplicationScopeCategoryArtifact)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactOutput) +func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureKuberneteOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureKubernete { + return vs[0].([]GetApplicationScopeCategoryInfrastructureKubernete)[vs[1].(int)] + }).(GetApplicationScopeCategoryInfrastructureKuberneteOutput) } -type GetApplicationScopeCategoryArtifactCf struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryArtifactCfVariable `pulumi:"variables"` +type GetApplicationScopeCategoryInfrastructureKuberneteVariable struct { + Attribute string `pulumi:"attribute"` + Value *string `pulumi:"value"` } -// GetApplicationScopeCategoryArtifactCfInput is an input type that accepts GetApplicationScopeCategoryArtifactCfArgs and GetApplicationScopeCategoryArtifactCfOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfInput` via: +// GetApplicationScopeCategoryInfrastructureKuberneteVariableInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs and GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteVariableInput` via: // -// GetApplicationScopeCategoryArtifactCfArgs{...} -type GetApplicationScopeCategoryArtifactCfInput interface { +// GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs{...} +type GetApplicationScopeCategoryInfrastructureKuberneteVariableInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactCfOutput() GetApplicationScopeCategoryArtifactCfOutput - ToGetApplicationScopeCategoryArtifactCfOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfOutput -} - -type GetApplicationScopeCategoryArtifactCfArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryArtifactCfVariableArrayInput `pulumi:"variables"` + ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput + ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput } -func (GetApplicationScopeCategoryArtifactCfArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCf)(nil)).Elem() +type GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i GetApplicationScopeCategoryArtifactCfArgs) ToGetApplicationScopeCategoryArtifactCfOutput() GetApplicationScopeCategoryArtifactCfOutput { - return i.ToGetApplicationScopeCategoryArtifactCfOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactCfArgs) ToGetApplicationScopeCategoryArtifactCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfOutput) +func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { + return i.ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactCfArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactCf] { - return pulumix.Output[GetApplicationScopeCategoryArtifactCf]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactCfOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) } -// GetApplicationScopeCategoryArtifactCfArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactCfArray and GetApplicationScopeCategoryArtifactCfArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfArrayInput` via: +// GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteVariableArray and GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput` via: // -// GetApplicationScopeCategoryArtifactCfArray{ GetApplicationScopeCategoryArtifactCfArgs{...} } -type GetApplicationScopeCategoryArtifactCfArrayInput interface { +// GetApplicationScopeCategoryInfrastructureKuberneteVariableArray{ GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs{...} } +type GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactCfArrayOutput() GetApplicationScopeCategoryArtifactCfArrayOutput - ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfArrayOutput + ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput + ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput } -type GetApplicationScopeCategoryArtifactCfArray []GetApplicationScopeCategoryArtifactCfInput - -func (GetApplicationScopeCategoryArtifactCfArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCf)(nil)).Elem() -} +type GetApplicationScopeCategoryInfrastructureKuberneteVariableArray []GetApplicationScopeCategoryInfrastructureKuberneteVariableInput -func (i GetApplicationScopeCategoryArtifactCfArray) ToGetApplicationScopeCategoryArtifactCfArrayOutput() GetApplicationScopeCategoryArtifactCfArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactCfArray) ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfArrayOutput) +func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { + return i.ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactCfArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactCf] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactCf]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) } -type GetApplicationScopeCategoryArtifactCfOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactCfOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCf)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactCfOutput) ToGetApplicationScopeCategoryArtifactCfOutput() GetApplicationScopeCategoryArtifactCfOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfOutput) ToGetApplicationScopeCategoryArtifactCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactCf] { - return pulumix.Output[GetApplicationScopeCategoryArtifactCf]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactCfOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCf) string { return v.Expression }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKuberneteVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryArtifactCfOutput) Variables() GetApplicationScopeCategoryArtifactCfVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCf) []GetApplicationScopeCategoryArtifactCfVariable { - return v.Variables - }).(GetApplicationScopeCategoryArtifactCfVariableArrayOutput) +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKuberneteVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type GetApplicationScopeCategoryArtifactCfArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactCfArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCf)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactCfArrayOutput) ToGetApplicationScopeCategoryArtifactCfArrayOutput() GetApplicationScopeCategoryArtifactCfArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfArrayOutput) ToGetApplicationScopeCategoryArtifactCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactCf] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactCf]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactCfArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactCfOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactCf { - return vs[0].([]GetApplicationScopeCategoryArtifactCf)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactCfOutput) +func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureKuberneteVariable { + return vs[0].([]GetApplicationScopeCategoryInfrastructureKuberneteVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) } -type GetApplicationScopeCategoryArtifactCfVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +type GetApplicationScopeCategoryInfrastructureO struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryInfrastructureOVariable `pulumi:"variables"` } -// GetApplicationScopeCategoryArtifactCfVariableInput is an input type that accepts GetApplicationScopeCategoryArtifactCfVariableArgs and GetApplicationScopeCategoryArtifactCfVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfVariableInput` via: +// GetApplicationScopeCategoryInfrastructureOInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOArgs and GetApplicationScopeCategoryInfrastructureOOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOInput` via: // -// GetApplicationScopeCategoryArtifactCfVariableArgs{...} -type GetApplicationScopeCategoryArtifactCfVariableInput interface { +// GetApplicationScopeCategoryInfrastructureOArgs{...} +type GetApplicationScopeCategoryInfrastructureOInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactCfVariableOutput() GetApplicationScopeCategoryArtifactCfVariableOutput - ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfVariableOutput -} - -type GetApplicationScopeCategoryArtifactCfVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToGetApplicationScopeCategoryInfrastructureOOutput() GetApplicationScopeCategoryInfrastructureOOutput + ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOOutput } -func (GetApplicationScopeCategoryArtifactCfVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() +type GetApplicationScopeCategoryInfrastructureOArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryInfrastructureOVariableArrayInput `pulumi:"variables"` } -func (i GetApplicationScopeCategoryArtifactCfVariableArgs) ToGetApplicationScopeCategoryArtifactCfVariableOutput() GetApplicationScopeCategoryArtifactCfVariableOutput { - return i.ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureOArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactCfVariableArgs) ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfVariableOutput) +func (i GetApplicationScopeCategoryInfrastructureOArgs) ToGetApplicationScopeCategoryInfrastructureOOutput() GetApplicationScopeCategoryInfrastructureOOutput { + return i.ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactCfVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[GetApplicationScopeCategoryArtifactCfVariable]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureOArgs) ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOOutput) } -// GetApplicationScopeCategoryArtifactCfVariableArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactCfVariableArray and GetApplicationScopeCategoryArtifactCfVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactCfVariableArrayInput` via: +// GetApplicationScopeCategoryInfrastructureOArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOArray and GetApplicationScopeCategoryInfrastructureOArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOArrayInput` via: // -// GetApplicationScopeCategoryArtifactCfVariableArray{ GetApplicationScopeCategoryArtifactCfVariableArgs{...} } -type GetApplicationScopeCategoryArtifactCfVariableArrayInput interface { +// GetApplicationScopeCategoryInfrastructureOArray{ GetApplicationScopeCategoryInfrastructureOArgs{...} } +type GetApplicationScopeCategoryInfrastructureOArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactCfVariableArrayOutput() GetApplicationScopeCategoryArtifactCfVariableArrayOutput - ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactCfVariableArrayOutput + ToGetApplicationScopeCategoryInfrastructureOArrayOutput() GetApplicationScopeCategoryInfrastructureOArrayOutput + ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOArrayOutput } -type GetApplicationScopeCategoryArtifactCfVariableArray []GetApplicationScopeCategoryArtifactCfVariableInput - -func (GetApplicationScopeCategoryArtifactCfVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() -} +type GetApplicationScopeCategoryInfrastructureOArray []GetApplicationScopeCategoryInfrastructureOInput -func (i GetApplicationScopeCategoryArtifactCfVariableArray) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutput() GetApplicationScopeCategoryArtifactCfVariableArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureOArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactCfVariableArray) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactCfVariableArrayOutput) +func (i GetApplicationScopeCategoryInfrastructureOArray) ToGetApplicationScopeCategoryInfrastructureOArrayOutput() GetApplicationScopeCategoryInfrastructureOArrayOutput { + return i.ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactCfVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactCfVariable]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureOArray) ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOArrayOutput) } -type GetApplicationScopeCategoryArtifactCfVariableOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureOOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactCfVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureOOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactCfVariableOutput) ToGetApplicationScopeCategoryArtifactCfVariableOutput() GetApplicationScopeCategoryArtifactCfVariableOutput { +func (o GetApplicationScopeCategoryInfrastructureOOutput) ToGetApplicationScopeCategoryInfrastructureOOutput() GetApplicationScopeCategoryInfrastructureOOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfVariableOutput) ToGetApplicationScopeCategoryArtifactCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableOutput { +func (o GetApplicationScopeCategoryInfrastructureOOutput) ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[GetApplicationScopeCategoryArtifactCfVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactCfVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCfVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryInfrastructureOOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureO) string { return v.Expression }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryArtifactCfVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactCfVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryInfrastructureOOutput) Variables() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureO) []GetApplicationScopeCategoryInfrastructureOVariable { + return v.Variables + }).(GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) } -type GetApplicationScopeCategoryArtifactCfVariableArrayOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactCfVariable)(nil)).Elem() -} +type GetApplicationScopeCategoryInfrastructureOArrayOutput struct{ *pulumi.OutputState } -func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutput() GetApplicationScopeCategoryArtifactCfVariableArrayOutput { - return o +func (GetApplicationScopeCategoryInfrastructureOArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ToGetApplicationScopeCategoryArtifactCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactCfVariableArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) ToGetApplicationScopeCategoryInfrastructureOArrayOutput() GetApplicationScopeCategoryInfrastructureOArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactCfVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactCfVariable]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOArrayOutput { + return o } -func (o GetApplicationScopeCategoryArtifactCfVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactCfVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactCfVariable { - return vs[0].([]GetApplicationScopeCategoryArtifactCfVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactCfVariableOutput) +func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureOOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureO { + return vs[0].([]GetApplicationScopeCategoryInfrastructureO)[vs[1].(int)] + }).(GetApplicationScopeCategoryInfrastructureOOutput) } -type GetApplicationScopeCategoryArtifactFunction struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryArtifactFunctionVariable `pulumi:"variables"` +type GetApplicationScopeCategoryInfrastructureOVariable struct { + Attribute string `pulumi:"attribute"` + Value *string `pulumi:"value"` } -// GetApplicationScopeCategoryArtifactFunctionInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionArgs and GetApplicationScopeCategoryArtifactFunctionOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionInput` via: +// GetApplicationScopeCategoryInfrastructureOVariableInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOVariableArgs and GetApplicationScopeCategoryInfrastructureOVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOVariableInput` via: // -// GetApplicationScopeCategoryArtifactFunctionArgs{...} -type GetApplicationScopeCategoryArtifactFunctionInput interface { +// GetApplicationScopeCategoryInfrastructureOVariableArgs{...} +type GetApplicationScopeCategoryInfrastructureOVariableInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactFunctionOutput() GetApplicationScopeCategoryArtifactFunctionOutput - ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionOutput -} - -type GetApplicationScopeCategoryArtifactFunctionArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryArtifactFunctionVariableArrayInput `pulumi:"variables"` + ToGetApplicationScopeCategoryInfrastructureOVariableOutput() GetApplicationScopeCategoryInfrastructureOVariableOutput + ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOVariableOutput } -func (GetApplicationScopeCategoryArtifactFunctionArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() +type GetApplicationScopeCategoryInfrastructureOVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i GetApplicationScopeCategoryArtifactFunctionArgs) ToGetApplicationScopeCategoryArtifactFunctionOutput() GetApplicationScopeCategoryArtifactFunctionOutput { - return i.ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureOVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactFunctionArgs) ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionOutput) +func (i GetApplicationScopeCategoryInfrastructureOVariableArgs) ToGetApplicationScopeCategoryInfrastructureOVariableOutput() GetApplicationScopeCategoryInfrastructureOVariableOutput { + return i.ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactFunctionArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[GetApplicationScopeCategoryArtifactFunction]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureOVariableArgs) ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOVariableOutput) } -// GetApplicationScopeCategoryArtifactFunctionArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionArray and GetApplicationScopeCategoryArtifactFunctionArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionArrayInput` via: +// GetApplicationScopeCategoryInfrastructureOVariableArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOVariableArray and GetApplicationScopeCategoryInfrastructureOVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOVariableArrayInput` via: // -// GetApplicationScopeCategoryArtifactFunctionArray{ GetApplicationScopeCategoryArtifactFunctionArgs{...} } -type GetApplicationScopeCategoryArtifactFunctionArrayInput interface { +// GetApplicationScopeCategoryInfrastructureOVariableArray{ GetApplicationScopeCategoryInfrastructureOVariableArgs{...} } +type GetApplicationScopeCategoryInfrastructureOVariableArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactFunctionArrayOutput() GetApplicationScopeCategoryArtifactFunctionArrayOutput - ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionArrayOutput + ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutput() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput + ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOVariableArrayOutput } -type GetApplicationScopeCategoryArtifactFunctionArray []GetApplicationScopeCategoryArtifactFunctionInput - -func (GetApplicationScopeCategoryArtifactFunctionArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() -} +type GetApplicationScopeCategoryInfrastructureOVariableArray []GetApplicationScopeCategoryInfrastructureOVariableInput -func (i GetApplicationScopeCategoryArtifactFunctionArray) ToGetApplicationScopeCategoryArtifactFunctionArrayOutput() GetApplicationScopeCategoryArtifactFunctionArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryInfrastructureOVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactFunctionArray) ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionArrayOutput) +func (i GetApplicationScopeCategoryInfrastructureOVariableArray) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutput() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { + return i.ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactFunctionArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactFunction]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryInfrastructureOVariableArray) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) } -type GetApplicationScopeCategoryArtifactFunctionOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureOVariableOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactFunctionOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureOVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactFunctionOutput) ToGetApplicationScopeCategoryArtifactFunctionOutput() GetApplicationScopeCategoryArtifactFunctionOutput { +func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) ToGetApplicationScopeCategoryInfrastructureOVariableOutput() GetApplicationScopeCategoryInfrastructureOVariableOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionOutput) ToGetApplicationScopeCategoryArtifactFunctionOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionOutput { +func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[GetApplicationScopeCategoryArtifactFunction]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactFunctionOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunction) string { return v.Expression }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureOVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryArtifactFunctionOutput) Variables() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunction) []GetApplicationScopeCategoryArtifactFunctionVariable { - return v.Variables - }).(GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) +func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureOVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type GetApplicationScopeCategoryArtifactFunctionArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryInfrastructureOVariableArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactFunctionArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunction)(nil)).Elem() +func (GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionArrayOutput() GetApplicationScopeCategoryArtifactFunctionArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutput() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionArrayOutput { +func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactFunction] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactFunction]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactFunctionArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactFunctionOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactFunction { - return vs[0].([]GetApplicationScopeCategoryArtifactFunction)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactFunctionOutput) +func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureOVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureOVariable { + return vs[0].([]GetApplicationScopeCategoryInfrastructureOVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryInfrastructureOVariableOutput) } -type GetApplicationScopeCategoryArtifactFunctionVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +type GetApplicationScopeCategoryWorkload struct { + Cfs []GetApplicationScopeCategoryWorkloadCf `pulumi:"cfs"` + Kubernetes []GetApplicationScopeCategoryWorkloadKubernete `pulumi:"kubernetes"` + Os []GetApplicationScopeCategoryWorkloadO `pulumi:"os"` } -// GetApplicationScopeCategoryArtifactFunctionVariableInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionVariableArgs and GetApplicationScopeCategoryArtifactFunctionVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionVariableInput` via: +// GetApplicationScopeCategoryWorkloadInput is an input type that accepts GetApplicationScopeCategoryWorkloadArgs and GetApplicationScopeCategoryWorkloadOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadInput` via: // -// GetApplicationScopeCategoryArtifactFunctionVariableArgs{...} -type GetApplicationScopeCategoryArtifactFunctionVariableInput interface { +// GetApplicationScopeCategoryWorkloadArgs{...} +type GetApplicationScopeCategoryWorkloadInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactFunctionVariableOutput() GetApplicationScopeCategoryArtifactFunctionVariableOutput - ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionVariableOutput -} - -type GetApplicationScopeCategoryArtifactFunctionVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToGetApplicationScopeCategoryWorkloadOutput() GetApplicationScopeCategoryWorkloadOutput + ToGetApplicationScopeCategoryWorkloadOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOutput } -func (GetApplicationScopeCategoryArtifactFunctionVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() +type GetApplicationScopeCategoryWorkloadArgs struct { + Cfs GetApplicationScopeCategoryWorkloadCfArrayInput `pulumi:"cfs"` + Kubernetes GetApplicationScopeCategoryWorkloadKuberneteArrayInput `pulumi:"kubernetes"` + Os GetApplicationScopeCategoryWorkloadOArrayInput `pulumi:"os"` } -func (i GetApplicationScopeCategoryArtifactFunctionVariableArgs) ToGetApplicationScopeCategoryArtifactFunctionVariableOutput() GetApplicationScopeCategoryArtifactFunctionVariableOutput { - return i.ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkload)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactFunctionVariableArgs) ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionVariableOutput) +func (i GetApplicationScopeCategoryWorkloadArgs) ToGetApplicationScopeCategoryWorkloadOutput() GetApplicationScopeCategoryWorkloadOutput { + return i.ToGetApplicationScopeCategoryWorkloadOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactFunctionVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[GetApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadArgs) ToGetApplicationScopeCategoryWorkloadOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOutput) } -// GetApplicationScopeCategoryArtifactFunctionVariableArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactFunctionVariableArray and GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactFunctionVariableArrayInput` via: +// GetApplicationScopeCategoryWorkloadArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadArray and GetApplicationScopeCategoryWorkloadArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadArrayInput` via: // -// GetApplicationScopeCategoryArtifactFunctionVariableArray{ GetApplicationScopeCategoryArtifactFunctionVariableArgs{...} } -type GetApplicationScopeCategoryArtifactFunctionVariableArrayInput interface { +// GetApplicationScopeCategoryWorkloadArray{ GetApplicationScopeCategoryWorkloadArgs{...} } +type GetApplicationScopeCategoryWorkloadArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutput() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput - ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput + ToGetApplicationScopeCategoryWorkloadArrayOutput() GetApplicationScopeCategoryWorkloadArrayOutput + ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadArrayOutput } -type GetApplicationScopeCategoryArtifactFunctionVariableArray []GetApplicationScopeCategoryArtifactFunctionVariableInput - -func (GetApplicationScopeCategoryArtifactFunctionVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadArray []GetApplicationScopeCategoryWorkloadInput -func (i GetApplicationScopeCategoryArtifactFunctionVariableArray) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutput() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkload)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactFunctionVariableArray) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) +func (i GetApplicationScopeCategoryWorkloadArray) ToGetApplicationScopeCategoryWorkloadArrayOutput() GetApplicationScopeCategoryWorkloadArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactFunctionVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadArray) ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadArrayOutput) } -type GetApplicationScopeCategoryArtifactFunctionVariableOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactFunctionVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkload)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableOutput() GetApplicationScopeCategoryArtifactFunctionVariableOutput { +func (o GetApplicationScopeCategoryWorkloadOutput) ToGetApplicationScopeCategoryWorkloadOutput() GetApplicationScopeCategoryWorkloadOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableOutput { +func (o GetApplicationScopeCategoryWorkloadOutput) ToGetApplicationScopeCategoryWorkloadOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[GetApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryWorkloadOutput) Cfs() GetApplicationScopeCategoryWorkloadCfArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkload) []GetApplicationScopeCategoryWorkloadCf { return v.Cfs }).(GetApplicationScopeCategoryWorkloadCfArrayOutput) } -func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunctionVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryWorkloadOutput) Kubernetes() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkload) []GetApplicationScopeCategoryWorkloadKubernete { + return v.Kubernetes + }).(GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) } -func (o GetApplicationScopeCategoryArtifactFunctionVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactFunctionVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryWorkloadOutput) Os() GetApplicationScopeCategoryWorkloadOArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkload) []GetApplicationScopeCategoryWorkloadO { return v.Os }).(GetApplicationScopeCategoryWorkloadOArrayOutput) } -type GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactFunctionVariable)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkload)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutput() GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { +func (o GetApplicationScopeCategoryWorkloadArrayOutput) ToGetApplicationScopeCategoryWorkloadArrayOutput() GetApplicationScopeCategoryWorkloadArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToGetApplicationScopeCategoryArtifactFunctionVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput { +func (o GetApplicationScopeCategoryWorkloadArrayOutput) ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactFunctionVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactFunctionVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactFunctionVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactFunctionVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactFunctionVariable { - return vs[0].([]GetApplicationScopeCategoryArtifactFunctionVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactFunctionVariableOutput) +func (o GetApplicationScopeCategoryWorkloadArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkload { + return vs[0].([]GetApplicationScopeCategoryWorkload)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadOutput) } -type GetApplicationScopeCategoryArtifactImage struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryArtifactImageVariable `pulumi:"variables"` +type GetApplicationScopeCategoryWorkloadCf struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryWorkloadCfVariable `pulumi:"variables"` } -// GetApplicationScopeCategoryArtifactImageInput is an input type that accepts GetApplicationScopeCategoryArtifactImageArgs and GetApplicationScopeCategoryArtifactImageOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageInput` via: +// GetApplicationScopeCategoryWorkloadCfInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfArgs and GetApplicationScopeCategoryWorkloadCfOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfInput` via: // -// GetApplicationScopeCategoryArtifactImageArgs{...} -type GetApplicationScopeCategoryArtifactImageInput interface { +// GetApplicationScopeCategoryWorkloadCfArgs{...} +type GetApplicationScopeCategoryWorkloadCfInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactImageOutput() GetApplicationScopeCategoryArtifactImageOutput - ToGetApplicationScopeCategoryArtifactImageOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageOutput -} - -type GetApplicationScopeCategoryArtifactImageArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryArtifactImageVariableArrayInput `pulumi:"variables"` + ToGetApplicationScopeCategoryWorkloadCfOutput() GetApplicationScopeCategoryWorkloadCfOutput + ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfOutput } -func (GetApplicationScopeCategoryArtifactImageArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImage)(nil)).Elem() +type GetApplicationScopeCategoryWorkloadCfArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryWorkloadCfVariableArrayInput `pulumi:"variables"` } -func (i GetApplicationScopeCategoryArtifactImageArgs) ToGetApplicationScopeCategoryArtifactImageOutput() GetApplicationScopeCategoryArtifactImageOutput { - return i.ToGetApplicationScopeCategoryArtifactImageOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadCfArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactImageArgs) ToGetApplicationScopeCategoryArtifactImageOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageOutput) +func (i GetApplicationScopeCategoryWorkloadCfArgs) ToGetApplicationScopeCategoryWorkloadCfOutput() GetApplicationScopeCategoryWorkloadCfOutput { + return i.ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactImageArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactImage] { - return pulumix.Output[GetApplicationScopeCategoryArtifactImage]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactImageOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadCfArgs) ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfOutput) } -// GetApplicationScopeCategoryArtifactImageArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactImageArray and GetApplicationScopeCategoryArtifactImageArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageArrayInput` via: +// GetApplicationScopeCategoryWorkloadCfArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfArray and GetApplicationScopeCategoryWorkloadCfArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfArrayInput` via: // -// GetApplicationScopeCategoryArtifactImageArray{ GetApplicationScopeCategoryArtifactImageArgs{...} } -type GetApplicationScopeCategoryArtifactImageArrayInput interface { +// GetApplicationScopeCategoryWorkloadCfArray{ GetApplicationScopeCategoryWorkloadCfArgs{...} } +type GetApplicationScopeCategoryWorkloadCfArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactImageArrayOutput() GetApplicationScopeCategoryArtifactImageArrayOutput - ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageArrayOutput + ToGetApplicationScopeCategoryWorkloadCfArrayOutput() GetApplicationScopeCategoryWorkloadCfArrayOutput + ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfArrayOutput } -type GetApplicationScopeCategoryArtifactImageArray []GetApplicationScopeCategoryArtifactImageInput - -func (GetApplicationScopeCategoryArtifactImageArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImage)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadCfArray []GetApplicationScopeCategoryWorkloadCfInput -func (i GetApplicationScopeCategoryArtifactImageArray) ToGetApplicationScopeCategoryArtifactImageArrayOutput() GetApplicationScopeCategoryArtifactImageArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadCfArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactImageArray) ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageArrayOutput) +func (i GetApplicationScopeCategoryWorkloadCfArray) ToGetApplicationScopeCategoryWorkloadCfArrayOutput() GetApplicationScopeCategoryWorkloadCfArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactImageArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactImage] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactImage]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadCfArray) ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfArrayOutput) } -type GetApplicationScopeCategoryArtifactImageOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadCfOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactImageOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImage)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadCfOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactImageOutput) ToGetApplicationScopeCategoryArtifactImageOutput() GetApplicationScopeCategoryArtifactImageOutput { +func (o GetApplicationScopeCategoryWorkloadCfOutput) ToGetApplicationScopeCategoryWorkloadCfOutput() GetApplicationScopeCategoryWorkloadCfOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageOutput) ToGetApplicationScopeCategoryArtifactImageOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageOutput { +func (o GetApplicationScopeCategoryWorkloadCfOutput) ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactImage] { - return pulumix.Output[GetApplicationScopeCategoryArtifactImage]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactImageOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImage) string { return v.Expression }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryWorkloadCfOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCf) string { return v.Expression }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryArtifactImageOutput) Variables() GetApplicationScopeCategoryArtifactImageVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImage) []GetApplicationScopeCategoryArtifactImageVariable { +func (o GetApplicationScopeCategoryWorkloadCfOutput) Variables() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCf) []GetApplicationScopeCategoryWorkloadCfVariable { return v.Variables - }).(GetApplicationScopeCategoryArtifactImageVariableArrayOutput) + }).(GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) } -type GetApplicationScopeCategoryArtifactImageArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadCfArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImage)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadCfArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactImageArrayOutput) ToGetApplicationScopeCategoryArtifactImageArrayOutput() GetApplicationScopeCategoryArtifactImageArrayOutput { +func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) ToGetApplicationScopeCategoryWorkloadCfArrayOutput() GetApplicationScopeCategoryWorkloadCfArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageArrayOutput) ToGetApplicationScopeCategoryArtifactImageArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageArrayOutput { +func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactImage] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactImage]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactImageArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactImage { - return vs[0].([]GetApplicationScopeCategoryArtifactImage)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactImageOutput) +func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadCfOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadCf { + return vs[0].([]GetApplicationScopeCategoryWorkloadCf)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadCfOutput) } -type GetApplicationScopeCategoryArtifactImageVariable struct { - Attribute *string `pulumi:"attribute"` +type GetApplicationScopeCategoryWorkloadCfVariable struct { + Attribute string `pulumi:"attribute"` Value *string `pulumi:"value"` } -// GetApplicationScopeCategoryArtifactImageVariableInput is an input type that accepts GetApplicationScopeCategoryArtifactImageVariableArgs and GetApplicationScopeCategoryArtifactImageVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageVariableInput` via: +// GetApplicationScopeCategoryWorkloadCfVariableInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfVariableArgs and GetApplicationScopeCategoryWorkloadCfVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfVariableInput` via: // -// GetApplicationScopeCategoryArtifactImageVariableArgs{...} -type GetApplicationScopeCategoryArtifactImageVariableInput interface { +// GetApplicationScopeCategoryWorkloadCfVariableArgs{...} +type GetApplicationScopeCategoryWorkloadCfVariableInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactImageVariableOutput() GetApplicationScopeCategoryArtifactImageVariableOutput - ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageVariableOutput + ToGetApplicationScopeCategoryWorkloadCfVariableOutput() GetApplicationScopeCategoryWorkloadCfVariableOutput + ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfVariableOutput } -type GetApplicationScopeCategoryArtifactImageVariableArgs struct { - Attribute pulumi.StringPtrInput `pulumi:"attribute"` +type GetApplicationScopeCategoryWorkloadCfVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` Value pulumi.StringPtrInput `pulumi:"value"` } -func (GetApplicationScopeCategoryArtifactImageVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() -} - -func (i GetApplicationScopeCategoryArtifactImageVariableArgs) ToGetApplicationScopeCategoryArtifactImageVariableOutput() GetApplicationScopeCategoryArtifactImageVariableOutput { - return i.ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadCfVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactImageVariableArgs) ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageVariableOutput) +func (i GetApplicationScopeCategoryWorkloadCfVariableArgs) ToGetApplicationScopeCategoryWorkloadCfVariableOutput() GetApplicationScopeCategoryWorkloadCfVariableOutput { + return i.ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactImageVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[GetApplicationScopeCategoryArtifactImageVariable]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadCfVariableArgs) ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfVariableOutput) } -// GetApplicationScopeCategoryArtifactImageVariableArrayInput is an input type that accepts GetApplicationScopeCategoryArtifactImageVariableArray and GetApplicationScopeCategoryArtifactImageVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryArtifactImageVariableArrayInput` via: +// GetApplicationScopeCategoryWorkloadCfVariableArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfVariableArray and GetApplicationScopeCategoryWorkloadCfVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfVariableArrayInput` via: // -// GetApplicationScopeCategoryArtifactImageVariableArray{ GetApplicationScopeCategoryArtifactImageVariableArgs{...} } -type GetApplicationScopeCategoryArtifactImageVariableArrayInput interface { +// GetApplicationScopeCategoryWorkloadCfVariableArray{ GetApplicationScopeCategoryWorkloadCfVariableArgs{...} } +type GetApplicationScopeCategoryWorkloadCfVariableArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryArtifactImageVariableArrayOutput() GetApplicationScopeCategoryArtifactImageVariableArrayOutput - ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryArtifactImageVariableArrayOutput + ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutput() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput + ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfVariableArrayOutput } -type GetApplicationScopeCategoryArtifactImageVariableArray []GetApplicationScopeCategoryArtifactImageVariableInput - -func (GetApplicationScopeCategoryArtifactImageVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadCfVariableArray []GetApplicationScopeCategoryWorkloadCfVariableInput -func (i GetApplicationScopeCategoryArtifactImageVariableArray) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutput() GetApplicationScopeCategoryArtifactImageVariableArrayOutput { - return i.ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadCfVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryArtifactImageVariableArray) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryArtifactImageVariableArrayOutput) +func (i GetApplicationScopeCategoryWorkloadCfVariableArray) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutput() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryArtifactImageVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactImageVariable]{ - OutputState: i.ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadCfVariableArray) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) } -type GetApplicationScopeCategoryArtifactImageVariableOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadCfVariableOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactImageVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadCfVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactImageVariableOutput) ToGetApplicationScopeCategoryArtifactImageVariableOutput() GetApplicationScopeCategoryArtifactImageVariableOutput { +func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) ToGetApplicationScopeCategoryWorkloadCfVariableOutput() GetApplicationScopeCategoryWorkloadCfVariableOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageVariableOutput) ToGetApplicationScopeCategoryArtifactImageVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableOutput { +func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[GetApplicationScopeCategoryArtifactImageVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactImageVariableOutput) Attribute() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImageVariable) *string { return v.Attribute }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCfVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryArtifactImageVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryArtifactImageVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCfVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type GetApplicationScopeCategoryArtifactImageVariableArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadCfVariableArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryArtifactImageVariable)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutput() GetApplicationScopeCategoryArtifactImageVariableArrayOutput { +func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutput() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ToGetApplicationScopeCategoryArtifactImageVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryArtifactImageVariableArrayOutput { +func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryArtifactImageVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryArtifactImageVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryArtifactImageVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryArtifactImageVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryArtifactImageVariable { - return vs[0].([]GetApplicationScopeCategoryArtifactImageVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryArtifactImageVariableOutput) +func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadCfVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadCfVariable { + return vs[0].([]GetApplicationScopeCategoryWorkloadCfVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadCfVariableOutput) } -type GetApplicationScopeCategoryEntityScope struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryEntityScopeVariable `pulumi:"variables"` +type GetApplicationScopeCategoryWorkloadKubernete struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryWorkloadKuberneteVariable `pulumi:"variables"` } -// GetApplicationScopeCategoryEntityScopeInput is an input type that accepts GetApplicationScopeCategoryEntityScopeArgs and GetApplicationScopeCategoryEntityScopeOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeInput` via: +// GetApplicationScopeCategoryWorkloadKuberneteInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteArgs and GetApplicationScopeCategoryWorkloadKuberneteOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteInput` via: // -// GetApplicationScopeCategoryEntityScopeArgs{...} -type GetApplicationScopeCategoryEntityScopeInput interface { +// GetApplicationScopeCategoryWorkloadKuberneteArgs{...} +type GetApplicationScopeCategoryWorkloadKuberneteInput interface { pulumi.Input - ToGetApplicationScopeCategoryEntityScopeOutput() GetApplicationScopeCategoryEntityScopeOutput - ToGetApplicationScopeCategoryEntityScopeOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeOutput -} - -type GetApplicationScopeCategoryEntityScopeArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryEntityScopeVariableArrayInput `pulumi:"variables"` + ToGetApplicationScopeCategoryWorkloadKuberneteOutput() GetApplicationScopeCategoryWorkloadKuberneteOutput + ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteOutput } -func (GetApplicationScopeCategoryEntityScopeArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryEntityScope)(nil)).Elem() +type GetApplicationScopeCategoryWorkloadKuberneteArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput `pulumi:"variables"` } -func (i GetApplicationScopeCategoryEntityScopeArgs) ToGetApplicationScopeCategoryEntityScopeOutput() GetApplicationScopeCategoryEntityScopeOutput { - return i.ToGetApplicationScopeCategoryEntityScopeOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadKuberneteArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() } -func (i GetApplicationScopeCategoryEntityScopeArgs) ToGetApplicationScopeCategoryEntityScopeOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeOutput) +func (i GetApplicationScopeCategoryWorkloadKuberneteArgs) ToGetApplicationScopeCategoryWorkloadKuberneteOutput() GetApplicationScopeCategoryWorkloadKuberneteOutput { + return i.ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryEntityScopeArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryEntityScope] { - return pulumix.Output[GetApplicationScopeCategoryEntityScope]{ - OutputState: i.ToGetApplicationScopeCategoryEntityScopeOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadKuberneteArgs) ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteOutput) } -// GetApplicationScopeCategoryEntityScopeArrayInput is an input type that accepts GetApplicationScopeCategoryEntityScopeArray and GetApplicationScopeCategoryEntityScopeArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeArrayInput` via: +// GetApplicationScopeCategoryWorkloadKuberneteArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteArray and GetApplicationScopeCategoryWorkloadKuberneteArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteArrayInput` via: // -// GetApplicationScopeCategoryEntityScopeArray{ GetApplicationScopeCategoryEntityScopeArgs{...} } -type GetApplicationScopeCategoryEntityScopeArrayInput interface { +// GetApplicationScopeCategoryWorkloadKuberneteArray{ GetApplicationScopeCategoryWorkloadKuberneteArgs{...} } +type GetApplicationScopeCategoryWorkloadKuberneteArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryEntityScopeArrayOutput() GetApplicationScopeCategoryEntityScopeArrayOutput - ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeArrayOutput + ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput + ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteArrayOutput } -type GetApplicationScopeCategoryEntityScopeArray []GetApplicationScopeCategoryEntityScopeInput - -func (GetApplicationScopeCategoryEntityScopeArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScope)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadKuberneteArray []GetApplicationScopeCategoryWorkloadKuberneteInput -func (i GetApplicationScopeCategoryEntityScopeArray) ToGetApplicationScopeCategoryEntityScopeArrayOutput() GetApplicationScopeCategoryEntityScopeArrayOutput { - return i.ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadKuberneteArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() } -func (i GetApplicationScopeCategoryEntityScopeArray) ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeArrayOutput) +func (i GetApplicationScopeCategoryWorkloadKuberneteArray) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryEntityScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryEntityScope] { - return pulumix.Output[[]GetApplicationScopeCategoryEntityScope]{ - OutputState: i.ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadKuberneteArray) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) } -type GetApplicationScopeCategoryEntityScopeOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryEntityScopeOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryEntityScope)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadKuberneteOutput struct{ *pulumi.OutputState } -func (o GetApplicationScopeCategoryEntityScopeOutput) ToGetApplicationScopeCategoryEntityScopeOutput() GetApplicationScopeCategoryEntityScopeOutput { - return o +func (GetApplicationScopeCategoryWorkloadKuberneteOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() } -func (o GetApplicationScopeCategoryEntityScopeOutput) ToGetApplicationScopeCategoryEntityScopeOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) ToGetApplicationScopeCategoryWorkloadKuberneteOutput() GetApplicationScopeCategoryWorkloadKuberneteOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryEntityScope] { - return pulumix.Output[GetApplicationScopeCategoryEntityScope]{ - OutputState: o.OutputState, - } +func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteOutput { + return o } -func (o GetApplicationScopeCategoryEntityScopeOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryEntityScope) string { return v.Expression }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKubernete) string { return v.Expression }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryEntityScopeOutput) Variables() GetApplicationScopeCategoryEntityScopeVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryEntityScope) []GetApplicationScopeCategoryEntityScopeVariable { +func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) Variables() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKubernete) []GetApplicationScopeCategoryWorkloadKuberneteVariable { return v.Variables - }).(GetApplicationScopeCategoryEntityScopeVariableArrayOutput) + }).(GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) } -type GetApplicationScopeCategoryEntityScopeArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadKuberneteArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryEntityScopeArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScope)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() } -func (o GetApplicationScopeCategoryEntityScopeArrayOutput) ToGetApplicationScopeCategoryEntityScopeArrayOutput() GetApplicationScopeCategoryEntityScopeArrayOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeArrayOutput) ToGetApplicationScopeCategoryEntityScopeArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeArrayOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryEntityScope] { - return pulumix.Output[[]GetApplicationScopeCategoryEntityScope]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryEntityScopeArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryEntityScopeOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryEntityScope { - return vs[0].([]GetApplicationScopeCategoryEntityScope)[vs[1].(int)] - }).(GetApplicationScopeCategoryEntityScopeOutput) +func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadKuberneteOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadKubernete { + return vs[0].([]GetApplicationScopeCategoryWorkloadKubernete)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadKuberneteOutput) } -type GetApplicationScopeCategoryEntityScopeVariable struct { - Attribute string `pulumi:"attribute"` - Value string `pulumi:"value"` +type GetApplicationScopeCategoryWorkloadKuberneteVariable struct { + Attribute string `pulumi:"attribute"` + Value *string `pulumi:"value"` } -// GetApplicationScopeCategoryEntityScopeVariableInput is an input type that accepts GetApplicationScopeCategoryEntityScopeVariableArgs and GetApplicationScopeCategoryEntityScopeVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeVariableInput` via: +// GetApplicationScopeCategoryWorkloadKuberneteVariableInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteVariableArgs and GetApplicationScopeCategoryWorkloadKuberneteVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteVariableInput` via: // -// GetApplicationScopeCategoryEntityScopeVariableArgs{...} -type GetApplicationScopeCategoryEntityScopeVariableInput interface { +// GetApplicationScopeCategoryWorkloadKuberneteVariableArgs{...} +type GetApplicationScopeCategoryWorkloadKuberneteVariableInput interface { pulumi.Input - ToGetApplicationScopeCategoryEntityScopeVariableOutput() GetApplicationScopeCategoryEntityScopeVariableOutput - ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeVariableOutput -} - -type GetApplicationScopeCategoryEntityScopeVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringInput `pulumi:"value"` + ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableOutput + ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput } -func (GetApplicationScopeCategoryEntityScopeVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() +type GetApplicationScopeCategoryWorkloadKuberneteVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i GetApplicationScopeCategoryEntityScopeVariableArgs) ToGetApplicationScopeCategoryEntityScopeVariableOutput() GetApplicationScopeCategoryEntityScopeVariableOutput { - return i.ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryEntityScopeVariableArgs) ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeVariableOutput) +func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { + return i.ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryEntityScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[GetApplicationScopeCategoryEntityScopeVariable]{ - OutputState: i.ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) } -// GetApplicationScopeCategoryEntityScopeVariableArrayInput is an input type that accepts GetApplicationScopeCategoryEntityScopeVariableArray and GetApplicationScopeCategoryEntityScopeVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryEntityScopeVariableArrayInput` via: +// GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteVariableArray and GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput` via: // -// GetApplicationScopeCategoryEntityScopeVariableArray{ GetApplicationScopeCategoryEntityScopeVariableArgs{...} } -type GetApplicationScopeCategoryEntityScopeVariableArrayInput interface { +// GetApplicationScopeCategoryWorkloadKuberneteVariableArray{ GetApplicationScopeCategoryWorkloadKuberneteVariableArgs{...} } +type GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryEntityScopeVariableArrayOutput() GetApplicationScopeCategoryEntityScopeVariableArrayOutput - ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryEntityScopeVariableArrayOutput + ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput + ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput } -type GetApplicationScopeCategoryEntityScopeVariableArray []GetApplicationScopeCategoryEntityScopeVariableInput - -func (GetApplicationScopeCategoryEntityScopeVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadKuberneteVariableArray []GetApplicationScopeCategoryWorkloadKuberneteVariableInput -func (i GetApplicationScopeCategoryEntityScopeVariableArray) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutput() GetApplicationScopeCategoryEntityScopeVariableArrayOutput { - return i.ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryEntityScopeVariableArray) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryEntityScopeVariableArrayOutput) +func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryEntityScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryEntityScopeVariable]{ - OutputState: i.ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) } -type GetApplicationScopeCategoryEntityScopeVariableOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadKuberneteVariableOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryEntityScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryEntityScopeVariableOutput) ToGetApplicationScopeCategoryEntityScopeVariableOutput() GetApplicationScopeCategoryEntityScopeVariableOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeVariableOutput) ToGetApplicationScopeCategoryEntityScopeVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[GetApplicationScopeCategoryEntityScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryEntityScopeVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryEntityScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKuberneteVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryEntityScopeVariableOutput) Value() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryEntityScopeVariable) string { return v.Value }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKuberneteVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type GetApplicationScopeCategoryEntityScopeVariableArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryEntityScopeVariable)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutput() GetApplicationScopeCategoryEntityScopeVariableArrayOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ToGetApplicationScopeCategoryEntityScopeVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryEntityScopeVariableArrayOutput { +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryEntityScopeVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryEntityScopeVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryEntityScopeVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryEntityScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryEntityScopeVariable { - return vs[0].([]GetApplicationScopeCategoryEntityScopeVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryEntityScopeVariableOutput) +func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadKuberneteVariable { + return vs[0].([]GetApplicationScopeCategoryWorkloadKuberneteVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) } -type GetApplicationScopeCategoryInfrastructure struct { - Kubernetes []GetApplicationScopeCategoryInfrastructureKubernete `pulumi:"kubernetes"` - Os []GetApplicationScopeCategoryInfrastructureO `pulumi:"os"` +type GetApplicationScopeCategoryWorkloadO struct { + Expression string `pulumi:"expression"` + Variables []GetApplicationScopeCategoryWorkloadOVariable `pulumi:"variables"` } -// GetApplicationScopeCategoryInfrastructureInput is an input type that accepts GetApplicationScopeCategoryInfrastructureArgs and GetApplicationScopeCategoryInfrastructureOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureInput` via: +// GetApplicationScopeCategoryWorkloadOInput is an input type that accepts GetApplicationScopeCategoryWorkloadOArgs and GetApplicationScopeCategoryWorkloadOOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOInput` via: // -// GetApplicationScopeCategoryInfrastructureArgs{...} -type GetApplicationScopeCategoryInfrastructureInput interface { +// GetApplicationScopeCategoryWorkloadOArgs{...} +type GetApplicationScopeCategoryWorkloadOInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureOutput() GetApplicationScopeCategoryInfrastructureOutput - ToGetApplicationScopeCategoryInfrastructureOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOutput -} - -type GetApplicationScopeCategoryInfrastructureArgs struct { - Kubernetes GetApplicationScopeCategoryInfrastructureKuberneteArrayInput `pulumi:"kubernetes"` - Os GetApplicationScopeCategoryInfrastructureOArrayInput `pulumi:"os"` + ToGetApplicationScopeCategoryWorkloadOOutput() GetApplicationScopeCategoryWorkloadOOutput + ToGetApplicationScopeCategoryWorkloadOOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOOutput } -func (GetApplicationScopeCategoryInfrastructureArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructure)(nil)).Elem() +type GetApplicationScopeCategoryWorkloadOArgs struct { + Expression pulumi.StringInput `pulumi:"expression"` + Variables GetApplicationScopeCategoryWorkloadOVariableArrayInput `pulumi:"variables"` } -func (i GetApplicationScopeCategoryInfrastructureArgs) ToGetApplicationScopeCategoryInfrastructureOutput() GetApplicationScopeCategoryInfrastructureOutput { - return i.ToGetApplicationScopeCategoryInfrastructureOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadOArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadO)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureArgs) ToGetApplicationScopeCategoryInfrastructureOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOutput) +func (i GetApplicationScopeCategoryWorkloadOArgs) ToGetApplicationScopeCategoryWorkloadOOutput() GetApplicationScopeCategoryWorkloadOOutput { + return i.ToGetApplicationScopeCategoryWorkloadOOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructure] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructure]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadOArgs) ToGetApplicationScopeCategoryWorkloadOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOOutput) } -// GetApplicationScopeCategoryInfrastructureArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureArray and GetApplicationScopeCategoryInfrastructureArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureArrayInput` via: +// GetApplicationScopeCategoryWorkloadOArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadOArray and GetApplicationScopeCategoryWorkloadOArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOArrayInput` via: // -// GetApplicationScopeCategoryInfrastructureArray{ GetApplicationScopeCategoryInfrastructureArgs{...} } -type GetApplicationScopeCategoryInfrastructureArrayInput interface { +// GetApplicationScopeCategoryWorkloadOArray{ GetApplicationScopeCategoryWorkloadOArgs{...} } +type GetApplicationScopeCategoryWorkloadOArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureArrayOutput() GetApplicationScopeCategoryInfrastructureArrayOutput - ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureArrayOutput + ToGetApplicationScopeCategoryWorkloadOArrayOutput() GetApplicationScopeCategoryWorkloadOArrayOutput + ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOArrayOutput } -type GetApplicationScopeCategoryInfrastructureArray []GetApplicationScopeCategoryInfrastructureInput - -func (GetApplicationScopeCategoryInfrastructureArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructure)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadOArray []GetApplicationScopeCategoryWorkloadOInput -func (i GetApplicationScopeCategoryInfrastructureArray) ToGetApplicationScopeCategoryInfrastructureArrayOutput() GetApplicationScopeCategoryInfrastructureArrayOutput { - return i.ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadOArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadO)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureArray) ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureArrayOutput) +func (i GetApplicationScopeCategoryWorkloadOArray) ToGetApplicationScopeCategoryWorkloadOArrayOutput() GetApplicationScopeCategoryWorkloadOArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructure] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructure]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadOArray) ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOArrayOutput) } -type GetApplicationScopeCategoryInfrastructureOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadOOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructure)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadOOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadO)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureOutput) ToGetApplicationScopeCategoryInfrastructureOutput() GetApplicationScopeCategoryInfrastructureOutput { +func (o GetApplicationScopeCategoryWorkloadOOutput) ToGetApplicationScopeCategoryWorkloadOOutput() GetApplicationScopeCategoryWorkloadOOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOutput) ToGetApplicationScopeCategoryInfrastructureOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOutput { +func (o GetApplicationScopeCategoryWorkloadOOutput) ToGetApplicationScopeCategoryWorkloadOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructure] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructure]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryInfrastructureOutput) Kubernetes() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructure) []GetApplicationScopeCategoryInfrastructureKubernete { - return v.Kubernetes - }).(GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) +func (o GetApplicationScopeCategoryWorkloadOOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadO) string { return v.Expression }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryInfrastructureOutput) Os() GetApplicationScopeCategoryInfrastructureOArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructure) []GetApplicationScopeCategoryInfrastructureO { - return v.Os - }).(GetApplicationScopeCategoryInfrastructureOArrayOutput) +func (o GetApplicationScopeCategoryWorkloadOOutput) Variables() GetApplicationScopeCategoryWorkloadOVariableArrayOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadO) []GetApplicationScopeCategoryWorkloadOVariable { + return v.Variables + }).(GetApplicationScopeCategoryWorkloadOVariableArrayOutput) } -type GetApplicationScopeCategoryInfrastructureArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadOArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructure)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadOArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadO)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureArrayOutput) ToGetApplicationScopeCategoryInfrastructureArrayOutput() GetApplicationScopeCategoryInfrastructureArrayOutput { +func (o GetApplicationScopeCategoryWorkloadOArrayOutput) ToGetApplicationScopeCategoryWorkloadOArrayOutput() GetApplicationScopeCategoryWorkloadOArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureArrayOutput) ToGetApplicationScopeCategoryInfrastructureArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureArrayOutput { +func (o GetApplicationScopeCategoryWorkloadOArrayOutput) ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructure] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructure]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryInfrastructureArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructure { - return vs[0].([]GetApplicationScopeCategoryInfrastructure)[vs[1].(int)] - }).(GetApplicationScopeCategoryInfrastructureOutput) +func (o GetApplicationScopeCategoryWorkloadOArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadOOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadO { + return vs[0].([]GetApplicationScopeCategoryWorkloadO)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadOOutput) } -type GetApplicationScopeCategoryInfrastructureKubernete struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryInfrastructureKuberneteVariable `pulumi:"variables"` +type GetApplicationScopeCategoryWorkloadOVariable struct { + Attribute string `pulumi:"attribute"` + Value *string `pulumi:"value"` } -// GetApplicationScopeCategoryInfrastructureKuberneteInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteArgs and GetApplicationScopeCategoryInfrastructureKuberneteOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteInput` via: +// GetApplicationScopeCategoryWorkloadOVariableInput is an input type that accepts GetApplicationScopeCategoryWorkloadOVariableArgs and GetApplicationScopeCategoryWorkloadOVariableOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOVariableInput` via: // -// GetApplicationScopeCategoryInfrastructureKuberneteArgs{...} -type GetApplicationScopeCategoryInfrastructureKuberneteInput interface { +// GetApplicationScopeCategoryWorkloadOVariableArgs{...} +type GetApplicationScopeCategoryWorkloadOVariableInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureKuberneteOutput() GetApplicationScopeCategoryInfrastructureKuberneteOutput - ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteOutput -} - -type GetApplicationScopeCategoryInfrastructureKuberneteArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput `pulumi:"variables"` + ToGetApplicationScopeCategoryWorkloadOVariableOutput() GetApplicationScopeCategoryWorkloadOVariableOutput + ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOVariableOutput } -func (GetApplicationScopeCategoryInfrastructureKuberneteArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() +type GetApplicationScopeCategoryWorkloadOVariableArgs struct { + Attribute pulumi.StringInput `pulumi:"attribute"` + Value pulumi.StringPtrInput `pulumi:"value"` } -func (i GetApplicationScopeCategoryInfrastructureKuberneteArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteOutput() GetApplicationScopeCategoryInfrastructureKuberneteOutput { - return i.ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadOVariableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureKuberneteArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteOutput) +func (i GetApplicationScopeCategoryWorkloadOVariableArgs) ToGetApplicationScopeCategoryWorkloadOVariableOutput() GetApplicationScopeCategoryWorkloadOVariableOutput { + return i.ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureKuberneteArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadOVariableArgs) ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOVariableOutput) } -// GetApplicationScopeCategoryInfrastructureKuberneteArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteArray and GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteArrayInput` via: +// GetApplicationScopeCategoryWorkloadOVariableArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadOVariableArray and GetApplicationScopeCategoryWorkloadOVariableArrayOutput values. +// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOVariableArrayInput` via: // -// GetApplicationScopeCategoryInfrastructureKuberneteArray{ GetApplicationScopeCategoryInfrastructureKuberneteArgs{...} } -type GetApplicationScopeCategoryInfrastructureKuberneteArrayInput interface { +// GetApplicationScopeCategoryWorkloadOVariableArray{ GetApplicationScopeCategoryWorkloadOVariableArgs{...} } +type GetApplicationScopeCategoryWorkloadOVariableArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput - ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput + ToGetApplicationScopeCategoryWorkloadOVariableArrayOutput() GetApplicationScopeCategoryWorkloadOVariableArrayOutput + ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOVariableArrayOutput } -type GetApplicationScopeCategoryInfrastructureKuberneteArray []GetApplicationScopeCategoryInfrastructureKuberneteInput - -func (GetApplicationScopeCategoryInfrastructureKuberneteArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() -} +type GetApplicationScopeCategoryWorkloadOVariableArray []GetApplicationScopeCategoryWorkloadOVariableInput -func (i GetApplicationScopeCategoryInfrastructureKuberneteArray) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { - return i.ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(context.Background()) +func (GetApplicationScopeCategoryWorkloadOVariableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureKuberneteArray) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) +func (i GetApplicationScopeCategoryWorkloadOVariableArray) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutput() GetApplicationScopeCategoryWorkloadOVariableArrayOutput { + return i.ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureKuberneteArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(ctx).OutputState, - } +func (i GetApplicationScopeCategoryWorkloadOVariableArray) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOVariableArrayOutput) } -type GetApplicationScopeCategoryInfrastructureKuberneteOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadOVariableOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureKuberneteOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadOVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteOutput() GetApplicationScopeCategoryInfrastructureKuberneteOutput { +func (o GetApplicationScopeCategoryWorkloadOVariableOutput) ToGetApplicationScopeCategoryWorkloadOVariableOutput() GetApplicationScopeCategoryWorkloadOVariableOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteOutput { +func (o GetApplicationScopeCategoryWorkloadOVariableOutput) ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKubernete) string { return v.Expression }).(pulumi.StringOutput) +func (o GetApplicationScopeCategoryWorkloadOVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadOVariable) string { return v.Attribute }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryInfrastructureKuberneteOutput) Variables() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKubernete) []GetApplicationScopeCategoryInfrastructureKuberneteVariable { - return v.Variables - }).(GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) +func (o GetApplicationScopeCategoryWorkloadOVariableOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadOVariable) *string { return v.Value }).(pulumi.StringPtrOutput) } -type GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput struct{ *pulumi.OutputState } +type GetApplicationScopeCategoryWorkloadOVariableArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKubernete)(nil)).Elem() +func (GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { +func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutput() GetApplicationScopeCategoryWorkloadOVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput { +func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKubernete] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKubernete]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryInfrastructureKuberneteArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureKuberneteOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureKubernete { - return vs[0].([]GetApplicationScopeCategoryInfrastructureKubernete)[vs[1].(int)] - }).(GetApplicationScopeCategoryInfrastructureKuberneteOutput) +func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadOVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadOVariable { + return vs[0].([]GetApplicationScopeCategoryWorkloadOVariable)[vs[1].(int)] + }).(GetApplicationScopeCategoryWorkloadOVariableOutput) } -type GetApplicationScopeCategoryInfrastructureKuberneteVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +type GetAquaLabelsAquaLabel struct { + Author string `pulumi:"author"` + Created string `pulumi:"created"` + Description string `pulumi:"description"` + Name string `pulumi:"name"` } -// GetApplicationScopeCategoryInfrastructureKuberneteVariableInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs and GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteVariableInput` via: +// GetAquaLabelsAquaLabelInput is an input type that accepts GetAquaLabelsAquaLabelArgs and GetAquaLabelsAquaLabelOutput values. +// You can construct a concrete instance of `GetAquaLabelsAquaLabelInput` via: // -// GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs{...} -type GetApplicationScopeCategoryInfrastructureKuberneteVariableInput interface { +// GetAquaLabelsAquaLabelArgs{...} +type GetAquaLabelsAquaLabelInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput - ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput -} - -type GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToGetAquaLabelsAquaLabelOutput() GetAquaLabelsAquaLabelOutput + ToGetAquaLabelsAquaLabelOutputWithContext(context.Context) GetAquaLabelsAquaLabelOutput } -func (GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() +type GetAquaLabelsAquaLabelArgs struct { + Author pulumi.StringInput `pulumi:"author"` + Created pulumi.StringInput `pulumi:"created"` + Description pulumi.StringInput `pulumi:"description"` + Name pulumi.StringInput `pulumi:"name"` } -func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { - return i.ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(context.Background()) +func (GetAquaLabelsAquaLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetAquaLabelsAquaLabel)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) +func (i GetAquaLabelsAquaLabelArgs) ToGetAquaLabelsAquaLabelOutput() GetAquaLabelsAquaLabelOutput { + return i.ToGetAquaLabelsAquaLabelOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(ctx).OutputState, - } +func (i GetAquaLabelsAquaLabelArgs) ToGetAquaLabelsAquaLabelOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetAquaLabelsAquaLabelOutput) } -// GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureKuberneteVariableArray and GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput` via: +// GetAquaLabelsAquaLabelArrayInput is an input type that accepts GetAquaLabelsAquaLabelArray and GetAquaLabelsAquaLabelArrayOutput values. +// You can construct a concrete instance of `GetAquaLabelsAquaLabelArrayInput` via: // -// GetApplicationScopeCategoryInfrastructureKuberneteVariableArray{ GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs{...} } -type GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayInput interface { +// GetAquaLabelsAquaLabelArray{ GetAquaLabelsAquaLabelArgs{...} } +type GetAquaLabelsAquaLabelArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput - ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput + ToGetAquaLabelsAquaLabelArrayOutput() GetAquaLabelsAquaLabelArrayOutput + ToGetAquaLabelsAquaLabelArrayOutputWithContext(context.Context) GetAquaLabelsAquaLabelArrayOutput } -type GetApplicationScopeCategoryInfrastructureKuberneteVariableArray []GetApplicationScopeCategoryInfrastructureKuberneteVariableInput - -func (GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() -} +type GetAquaLabelsAquaLabelArray []GetAquaLabelsAquaLabelInput -func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { - return i.ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(context.Background()) +func (GetAquaLabelsAquaLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetAquaLabelsAquaLabel)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) +func (i GetAquaLabelsAquaLabelArray) ToGetAquaLabelsAquaLabelArrayOutput() GetAquaLabelsAquaLabelArrayOutput { + return i.ToGetAquaLabelsAquaLabelArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureKuberneteVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetAquaLabelsAquaLabelArray) ToGetAquaLabelsAquaLabelArrayOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetAquaLabelsAquaLabelArrayOutput) } -type GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput struct{ *pulumi.OutputState } +type GetAquaLabelsAquaLabelOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() +func (GetAquaLabelsAquaLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetAquaLabelsAquaLabel)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { +func (o GetAquaLabelsAquaLabelOutput) ToGetAquaLabelsAquaLabelOutput() GetAquaLabelsAquaLabelOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { +func (o GetAquaLabelsAquaLabelOutput) ToGetAquaLabelsAquaLabelOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: o.OutputState, - } +func (o GetAquaLabelsAquaLabelOutput) Author() pulumi.StringOutput { + return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Author }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKuberneteVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (o GetAquaLabelsAquaLabelOutput) Created() pulumi.StringOutput { + return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Created }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureKuberneteVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (o GetAquaLabelsAquaLabelOutput) Description() pulumi.StringOutput { + return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Description }).(pulumi.StringOutput) } -type GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureKuberneteVariable)(nil)).Elem() +func (o GetAquaLabelsAquaLabelOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Name }).(pulumi.StringOutput) } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput() GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { - return o +type GetAquaLabelsAquaLabelArrayOutput struct{ *pulumi.OutputState } + +func (GetAquaLabelsAquaLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetAquaLabelsAquaLabel)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput { +func (o GetAquaLabelsAquaLabelArrayOutput) ToGetAquaLabelsAquaLabelArrayOutput() GetAquaLabelsAquaLabelArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKuberneteVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureKuberneteVariable]{ - OutputState: o.OutputState, - } +func (o GetAquaLabelsAquaLabelArrayOutput) ToGetAquaLabelsAquaLabelArrayOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelArrayOutput { + return o } -func (o GetApplicationScopeCategoryInfrastructureKuberneteVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureKuberneteVariable { - return vs[0].([]GetApplicationScopeCategoryInfrastructureKuberneteVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryInfrastructureKuberneteVariableOutput) +func (o GetAquaLabelsAquaLabelArrayOutput) Index(i pulumi.IntInput) GetAquaLabelsAquaLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetAquaLabelsAquaLabel { + return vs[0].([]GetAquaLabelsAquaLabel)[vs[1].(int)] + }).(GetAquaLabelsAquaLabelOutput) } -type GetApplicationScopeCategoryInfrastructureO struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryInfrastructureOVariable `pulumi:"variables"` +type GetContainerRuntimePolicyAllowedExecutable struct { + // List of allowed executables. + AllowExecutables []string `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables []string `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables *bool `pulumi:"separateExecutables"` } -// GetApplicationScopeCategoryInfrastructureOInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOArgs and GetApplicationScopeCategoryInfrastructureOOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOInput` via: +// GetContainerRuntimePolicyAllowedExecutableInput is an input type that accepts GetContainerRuntimePolicyAllowedExecutableArgs and GetContainerRuntimePolicyAllowedExecutableOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyAllowedExecutableInput` via: // -// GetApplicationScopeCategoryInfrastructureOArgs{...} -type GetApplicationScopeCategoryInfrastructureOInput interface { +// GetContainerRuntimePolicyAllowedExecutableArgs{...} +type GetContainerRuntimePolicyAllowedExecutableInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureOOutput() GetApplicationScopeCategoryInfrastructureOOutput - ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOOutput -} - -type GetApplicationScopeCategoryInfrastructureOArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryInfrastructureOVariableArrayInput `pulumi:"variables"` + ToGetContainerRuntimePolicyAllowedExecutableOutput() GetContainerRuntimePolicyAllowedExecutableOutput + ToGetContainerRuntimePolicyAllowedExecutableOutputWithContext(context.Context) GetContainerRuntimePolicyAllowedExecutableOutput } -func (GetApplicationScopeCategoryInfrastructureOArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() +type GetContainerRuntimePolicyAllowedExecutableArgs struct { + // List of allowed executables. + AllowExecutables pulumi.StringArrayInput `pulumi:"allowExecutables"` + // List of allowed root executables. + AllowRootExecutables pulumi.StringArrayInput `pulumi:"allowRootExecutables"` + // Whether allowed executables configuration is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to treat executables separately. + SeparateExecutables pulumi.BoolPtrInput `pulumi:"separateExecutables"` } -func (i GetApplicationScopeCategoryInfrastructureOArgs) ToGetApplicationScopeCategoryInfrastructureOOutput() GetApplicationScopeCategoryInfrastructureOOutput { - return i.ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(context.Background()) +func (GetContainerRuntimePolicyAllowedExecutableArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureOArgs) ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOOutput) +func (i GetContainerRuntimePolicyAllowedExecutableArgs) ToGetContainerRuntimePolicyAllowedExecutableOutput() GetContainerRuntimePolicyAllowedExecutableOutput { + return i.ToGetContainerRuntimePolicyAllowedExecutableOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureOArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureO]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyAllowedExecutableArgs) ToGetContainerRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedExecutableOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAllowedExecutableOutput) } -// GetApplicationScopeCategoryInfrastructureOArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOArray and GetApplicationScopeCategoryInfrastructureOArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOArrayInput` via: +// GetContainerRuntimePolicyAllowedExecutableArrayInput is an input type that accepts GetContainerRuntimePolicyAllowedExecutableArray and GetContainerRuntimePolicyAllowedExecutableArrayOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyAllowedExecutableArrayInput` via: // -// GetApplicationScopeCategoryInfrastructureOArray{ GetApplicationScopeCategoryInfrastructureOArgs{...} } -type GetApplicationScopeCategoryInfrastructureOArrayInput interface { - pulumi.Input - - ToGetApplicationScopeCategoryInfrastructureOArrayOutput() GetApplicationScopeCategoryInfrastructureOArrayOutput - ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOArrayOutput -} - -type GetApplicationScopeCategoryInfrastructureOArray []GetApplicationScopeCategoryInfrastructureOInput +// GetContainerRuntimePolicyAllowedExecutableArray{ GetContainerRuntimePolicyAllowedExecutableArgs{...} } +type GetContainerRuntimePolicyAllowedExecutableArrayInput interface { + pulumi.Input -func (GetApplicationScopeCategoryInfrastructureOArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() + ToGetContainerRuntimePolicyAllowedExecutableArrayOutput() GetContainerRuntimePolicyAllowedExecutableArrayOutput + ToGetContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Context) GetContainerRuntimePolicyAllowedExecutableArrayOutput } -func (i GetApplicationScopeCategoryInfrastructureOArray) ToGetApplicationScopeCategoryInfrastructureOArrayOutput() GetApplicationScopeCategoryInfrastructureOArrayOutput { - return i.ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(context.Background()) +type GetContainerRuntimePolicyAllowedExecutableArray []GetContainerRuntimePolicyAllowedExecutableInput + +func (GetContainerRuntimePolicyAllowedExecutableArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureOArray) ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOArrayOutput) +func (i GetContainerRuntimePolicyAllowedExecutableArray) ToGetContainerRuntimePolicyAllowedExecutableArrayOutput() GetContainerRuntimePolicyAllowedExecutableArrayOutput { + return i.ToGetContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureOArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureO]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyAllowedExecutableArray) ToGetContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedExecutableArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAllowedExecutableArrayOutput) } -type GetApplicationScopeCategoryInfrastructureOOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyAllowedExecutableOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureOOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() +func (GetContainerRuntimePolicyAllowedExecutableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureOOutput) ToGetApplicationScopeCategoryInfrastructureOOutput() GetApplicationScopeCategoryInfrastructureOOutput { +func (o GetContainerRuntimePolicyAllowedExecutableOutput) ToGetContainerRuntimePolicyAllowedExecutableOutput() GetContainerRuntimePolicyAllowedExecutableOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOOutput) ToGetApplicationScopeCategoryInfrastructureOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOOutput { +func (o GetContainerRuntimePolicyAllowedExecutableOutput) ToGetContainerRuntimePolicyAllowedExecutableOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedExecutableOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureO]{ - OutputState: o.OutputState, - } +// List of allowed executables. +func (o GetContainerRuntimePolicyAllowedExecutableOutput) AllowExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAllowedExecutable) []string { return v.AllowExecutables }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryInfrastructureOOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureO) string { return v.Expression }).(pulumi.StringOutput) +// List of allowed root executables. +func (o GetContainerRuntimePolicyAllowedExecutableOutput) AllowRootExecutables() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAllowedExecutable) []string { return v.AllowRootExecutables }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryInfrastructureOOutput) Variables() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureO) []GetApplicationScopeCategoryInfrastructureOVariable { - return v.Variables - }).(GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) +// Whether allowed executables configuration is enabled. +func (o GetContainerRuntimePolicyAllowedExecutableOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAllowedExecutable) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryInfrastructureOArrayOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryInfrastructureOArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureO)(nil)).Elem() +// Whether to treat executables separately. +func (o GetContainerRuntimePolicyAllowedExecutableOutput) SeparateExecutables() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAllowedExecutable) *bool { return v.SeparateExecutables }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) ToGetApplicationScopeCategoryInfrastructureOArrayOutput() GetApplicationScopeCategoryInfrastructureOArrayOutput { - return o +type GetContainerRuntimePolicyAllowedExecutableArrayOutput struct{ *pulumi.OutputState } + +func (GetContainerRuntimePolicyAllowedExecutableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyAllowedExecutable)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) ToGetApplicationScopeCategoryInfrastructureOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOArrayOutput { +func (o GetContainerRuntimePolicyAllowedExecutableArrayOutput) ToGetContainerRuntimePolicyAllowedExecutableArrayOutput() GetContainerRuntimePolicyAllowedExecutableArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureO] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureO]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyAllowedExecutableArrayOutput) ToGetContainerRuntimePolicyAllowedExecutableArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedExecutableArrayOutput { + return o } -func (o GetApplicationScopeCategoryInfrastructureOArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureOOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureO { - return vs[0].([]GetApplicationScopeCategoryInfrastructureO)[vs[1].(int)] - }).(GetApplicationScopeCategoryInfrastructureOOutput) +func (o GetContainerRuntimePolicyAllowedExecutableArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyAllowedExecutableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyAllowedExecutable { + return vs[0].([]GetContainerRuntimePolicyAllowedExecutable)[vs[1].(int)] + }).(GetContainerRuntimePolicyAllowedExecutableOutput) } -type GetApplicationScopeCategoryInfrastructureOVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +type GetContainerRuntimePolicyAllowedRegistry struct { + // List of allowed registries. + AllowedRegistries []string `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled *bool `pulumi:"enabled"` } -// GetApplicationScopeCategoryInfrastructureOVariableInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOVariableArgs and GetApplicationScopeCategoryInfrastructureOVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOVariableInput` via: +// GetContainerRuntimePolicyAllowedRegistryInput is an input type that accepts GetContainerRuntimePolicyAllowedRegistryArgs and GetContainerRuntimePolicyAllowedRegistryOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyAllowedRegistryInput` via: // -// GetApplicationScopeCategoryInfrastructureOVariableArgs{...} -type GetApplicationScopeCategoryInfrastructureOVariableInput interface { +// GetContainerRuntimePolicyAllowedRegistryArgs{...} +type GetContainerRuntimePolicyAllowedRegistryInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureOVariableOutput() GetApplicationScopeCategoryInfrastructureOVariableOutput - ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOVariableOutput -} - -type GetApplicationScopeCategoryInfrastructureOVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToGetContainerRuntimePolicyAllowedRegistryOutput() GetContainerRuntimePolicyAllowedRegistryOutput + ToGetContainerRuntimePolicyAllowedRegistryOutputWithContext(context.Context) GetContainerRuntimePolicyAllowedRegistryOutput } -func (GetApplicationScopeCategoryInfrastructureOVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() +type GetContainerRuntimePolicyAllowedRegistryArgs struct { + // List of allowed registries. + AllowedRegistries pulumi.StringArrayInput `pulumi:"allowedRegistries"` + // Whether allowed registries are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` } -func (i GetApplicationScopeCategoryInfrastructureOVariableArgs) ToGetApplicationScopeCategoryInfrastructureOVariableOutput() GetApplicationScopeCategoryInfrastructureOVariableOutput { - return i.ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(context.Background()) +func (GetContainerRuntimePolicyAllowedRegistryArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureOVariableArgs) ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOVariableOutput) +func (i GetContainerRuntimePolicyAllowedRegistryArgs) ToGetContainerRuntimePolicyAllowedRegistryOutput() GetContainerRuntimePolicyAllowedRegistryOutput { + return i.ToGetContainerRuntimePolicyAllowedRegistryOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureOVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyAllowedRegistryArgs) ToGetContainerRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedRegistryOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAllowedRegistryOutput) } -// GetApplicationScopeCategoryInfrastructureOVariableArrayInput is an input type that accepts GetApplicationScopeCategoryInfrastructureOVariableArray and GetApplicationScopeCategoryInfrastructureOVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryInfrastructureOVariableArrayInput` via: +// GetContainerRuntimePolicyAllowedRegistryArrayInput is an input type that accepts GetContainerRuntimePolicyAllowedRegistryArray and GetContainerRuntimePolicyAllowedRegistryArrayOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyAllowedRegistryArrayInput` via: // -// GetApplicationScopeCategoryInfrastructureOVariableArray{ GetApplicationScopeCategoryInfrastructureOVariableArgs{...} } -type GetApplicationScopeCategoryInfrastructureOVariableArrayInput interface { +// GetContainerRuntimePolicyAllowedRegistryArray{ GetContainerRuntimePolicyAllowedRegistryArgs{...} } +type GetContainerRuntimePolicyAllowedRegistryArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutput() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput - ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryInfrastructureOVariableArrayOutput + ToGetContainerRuntimePolicyAllowedRegistryArrayOutput() GetContainerRuntimePolicyAllowedRegistryArrayOutput + ToGetContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Context) GetContainerRuntimePolicyAllowedRegistryArrayOutput } -type GetApplicationScopeCategoryInfrastructureOVariableArray []GetApplicationScopeCategoryInfrastructureOVariableInput - -func (GetApplicationScopeCategoryInfrastructureOVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() -} +type GetContainerRuntimePolicyAllowedRegistryArray []GetContainerRuntimePolicyAllowedRegistryInput -func (i GetApplicationScopeCategoryInfrastructureOVariableArray) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutput() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { - return i.ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(context.Background()) +func (GetContainerRuntimePolicyAllowedRegistryArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -func (i GetApplicationScopeCategoryInfrastructureOVariableArray) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) +func (i GetContainerRuntimePolicyAllowedRegistryArray) ToGetContainerRuntimePolicyAllowedRegistryArrayOutput() GetContainerRuntimePolicyAllowedRegistryArrayOutput { + return i.ToGetContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryInfrastructureOVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: i.ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyAllowedRegistryArray) ToGetContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedRegistryArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAllowedRegistryArrayOutput) } -type GetApplicationScopeCategoryInfrastructureOVariableOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyAllowedRegistryOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureOVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() +func (GetContainerRuntimePolicyAllowedRegistryOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) ToGetApplicationScopeCategoryInfrastructureOVariableOutput() GetApplicationScopeCategoryInfrastructureOVariableOutput { +func (o GetContainerRuntimePolicyAllowedRegistryOutput) ToGetContainerRuntimePolicyAllowedRegistryOutput() GetContainerRuntimePolicyAllowedRegistryOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) ToGetApplicationScopeCategoryInfrastructureOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableOutput { +func (o GetContainerRuntimePolicyAllowedRegistryOutput) ToGetContainerRuntimePolicyAllowedRegistryOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedRegistryOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[GetApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureOVariable) string { return v.Attribute }).(pulumi.StringOutput) +// List of allowed registries. +func (o GetContainerRuntimePolicyAllowedRegistryOutput) AllowedRegistries() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAllowedRegistry) []string { return v.AllowedRegistries }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryInfrastructureOVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryInfrastructureOVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +// Whether allowed registries are enabled. +func (o GetContainerRuntimePolicyAllowedRegistryOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAllowedRegistry) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryInfrastructureOVariableArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyAllowedRegistryArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryInfrastructureOVariable)(nil)).Elem() +func (GetContainerRuntimePolicyAllowedRegistryArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyAllowedRegistry)(nil)).Elem() } -func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutput() GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { +func (o GetContainerRuntimePolicyAllowedRegistryArrayOutput) ToGetContainerRuntimePolicyAllowedRegistryArrayOutput() GetContainerRuntimePolicyAllowedRegistryArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToGetApplicationScopeCategoryInfrastructureOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryInfrastructureOVariableArrayOutput { +func (o GetContainerRuntimePolicyAllowedRegistryArrayOutput) ToGetContainerRuntimePolicyAllowedRegistryArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAllowedRegistryArrayOutput { return o } -func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryInfrastructureOVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryInfrastructureOVariable]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryInfrastructureOVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryInfrastructureOVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryInfrastructureOVariable { - return vs[0].([]GetApplicationScopeCategoryInfrastructureOVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryInfrastructureOVariableOutput) +func (o GetContainerRuntimePolicyAllowedRegistryArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyAllowedRegistryOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyAllowedRegistry { + return vs[0].([]GetContainerRuntimePolicyAllowedRegistry)[vs[1].(int)] + }).(GetContainerRuntimePolicyAllowedRegistryOutput) } -type GetApplicationScopeCategoryWorkload struct { - Cfs []GetApplicationScopeCategoryWorkloadCf `pulumi:"cfs"` - Kubernetes []GetApplicationScopeCategoryWorkloadKubernete `pulumi:"kubernetes"` - Os []GetApplicationScopeCategoryWorkloadO `pulumi:"os"` +type GetContainerRuntimePolicyAuditing struct { + AuditAllNetwork *bool `pulumi:"auditAllNetwork"` + AuditAllProcesses *bool `pulumi:"auditAllProcesses"` + AuditFailedLogin *bool `pulumi:"auditFailedLogin"` + AuditOsUserActivity *bool `pulumi:"auditOsUserActivity"` + AuditProcessCmdline *bool `pulumi:"auditProcessCmdline"` + AuditSuccessLogin *bool `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Enabled *bool `pulumi:"enabled"` } -// GetApplicationScopeCategoryWorkloadInput is an input type that accepts GetApplicationScopeCategoryWorkloadArgs and GetApplicationScopeCategoryWorkloadOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadInput` via: +// GetContainerRuntimePolicyAuditingInput is an input type that accepts GetContainerRuntimePolicyAuditingArgs and GetContainerRuntimePolicyAuditingOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyAuditingInput` via: // -// GetApplicationScopeCategoryWorkloadArgs{...} -type GetApplicationScopeCategoryWorkloadInput interface { +// GetContainerRuntimePolicyAuditingArgs{...} +type GetContainerRuntimePolicyAuditingInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadOutput() GetApplicationScopeCategoryWorkloadOutput - ToGetApplicationScopeCategoryWorkloadOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOutput + ToGetContainerRuntimePolicyAuditingOutput() GetContainerRuntimePolicyAuditingOutput + ToGetContainerRuntimePolicyAuditingOutputWithContext(context.Context) GetContainerRuntimePolicyAuditingOutput } -type GetApplicationScopeCategoryWorkloadArgs struct { - Cfs GetApplicationScopeCategoryWorkloadCfArrayInput `pulumi:"cfs"` - Kubernetes GetApplicationScopeCategoryWorkloadKuberneteArrayInput `pulumi:"kubernetes"` - Os GetApplicationScopeCategoryWorkloadOArrayInput `pulumi:"os"` +type GetContainerRuntimePolicyAuditingArgs struct { + AuditAllNetwork pulumi.BoolPtrInput `pulumi:"auditAllNetwork"` + AuditAllProcesses pulumi.BoolPtrInput `pulumi:"auditAllProcesses"` + AuditFailedLogin pulumi.BoolPtrInput `pulumi:"auditFailedLogin"` + AuditOsUserActivity pulumi.BoolPtrInput `pulumi:"auditOsUserActivity"` + AuditProcessCmdline pulumi.BoolPtrInput `pulumi:"auditProcessCmdline"` + AuditSuccessLogin pulumi.BoolPtrInput `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement pulumi.BoolPtrInput `pulumi:"auditUserAccountManagement"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` } -func (GetApplicationScopeCategoryWorkloadArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkload)(nil)).Elem() +func (GetContainerRuntimePolicyAuditingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyAuditing)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadArgs) ToGetApplicationScopeCategoryWorkloadOutput() GetApplicationScopeCategoryWorkloadOutput { - return i.ToGetApplicationScopeCategoryWorkloadOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyAuditingArgs) ToGetContainerRuntimePolicyAuditingOutput() GetContainerRuntimePolicyAuditingOutput { + return i.ToGetContainerRuntimePolicyAuditingOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadArgs) ToGetApplicationScopeCategoryWorkloadOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOutput) +func (i GetContainerRuntimePolicyAuditingArgs) ToGetContainerRuntimePolicyAuditingOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAuditingOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAuditingOutput) } -func (i GetApplicationScopeCategoryWorkloadArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkload] { - return pulumix.Output[GetApplicationScopeCategoryWorkload]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyAuditingArgs) ToGetContainerRuntimePolicyAuditingPtrOutput() GetContainerRuntimePolicyAuditingPtrOutput { + return i.ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(context.Background()) } -// GetApplicationScopeCategoryWorkloadArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadArray and GetApplicationScopeCategoryWorkloadArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadArrayInput` via: +func (i GetContainerRuntimePolicyAuditingArgs) ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAuditingOutput).ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(ctx) +} + +// GetContainerRuntimePolicyAuditingPtrInput is an input type that accepts GetContainerRuntimePolicyAuditingArgs, GetContainerRuntimePolicyAuditingPtr and GetContainerRuntimePolicyAuditingPtrOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyAuditingPtrInput` via: // -// GetApplicationScopeCategoryWorkloadArray{ GetApplicationScopeCategoryWorkloadArgs{...} } -type GetApplicationScopeCategoryWorkloadArrayInput interface { +// GetContainerRuntimePolicyAuditingArgs{...} +// +// or: +// +// nil +type GetContainerRuntimePolicyAuditingPtrInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadArrayOutput() GetApplicationScopeCategoryWorkloadArrayOutput - ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadArrayOutput + ToGetContainerRuntimePolicyAuditingPtrOutput() GetContainerRuntimePolicyAuditingPtrOutput + ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(context.Context) GetContainerRuntimePolicyAuditingPtrOutput } -type GetApplicationScopeCategoryWorkloadArray []GetApplicationScopeCategoryWorkloadInput +type getContainerRuntimePolicyAuditingPtrType GetContainerRuntimePolicyAuditingArgs -func (GetApplicationScopeCategoryWorkloadArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkload)(nil)).Elem() +func GetContainerRuntimePolicyAuditingPtr(v *GetContainerRuntimePolicyAuditingArgs) GetContainerRuntimePolicyAuditingPtrInput { + return (*getContainerRuntimePolicyAuditingPtrType)(v) } -func (i GetApplicationScopeCategoryWorkloadArray) ToGetApplicationScopeCategoryWorkloadArrayOutput() GetApplicationScopeCategoryWorkloadArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(context.Background()) +func (*getContainerRuntimePolicyAuditingPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyAuditing)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadArray) ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadArrayOutput) +func (i *getContainerRuntimePolicyAuditingPtrType) ToGetContainerRuntimePolicyAuditingPtrOutput() GetContainerRuntimePolicyAuditingPtrOutput { + return i.ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkload] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkload]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(ctx).OutputState, - } +func (i *getContainerRuntimePolicyAuditingPtrType) ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyAuditingPtrOutput) } -type GetApplicationScopeCategoryWorkloadOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyAuditingOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryWorkloadOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkload)(nil)).Elem() +func (GetContainerRuntimePolicyAuditingOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyAuditing)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadOutput) ToGetApplicationScopeCategoryWorkloadOutput() GetApplicationScopeCategoryWorkloadOutput { +func (o GetContainerRuntimePolicyAuditingOutput) ToGetContainerRuntimePolicyAuditingOutput() GetContainerRuntimePolicyAuditingOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOutput) ToGetApplicationScopeCategoryWorkloadOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOutput { +func (o GetContainerRuntimePolicyAuditingOutput) ToGetContainerRuntimePolicyAuditingOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAuditingOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkload] { - return pulumix.Output[GetApplicationScopeCategoryWorkload]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyAuditingOutput) ToGetContainerRuntimePolicyAuditingPtrOutput() GetContainerRuntimePolicyAuditingPtrOutput { + return o.ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(context.Background()) } -func (o GetApplicationScopeCategoryWorkloadOutput) Cfs() GetApplicationScopeCategoryWorkloadCfArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkload) []GetApplicationScopeCategoryWorkloadCf { return v.Cfs }).(GetApplicationScopeCategoryWorkloadCfArrayOutput) +func (o GetContainerRuntimePolicyAuditingOutput) ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAuditingPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GetContainerRuntimePolicyAuditing) *GetContainerRuntimePolicyAuditing { + return &v + }).(GetContainerRuntimePolicyAuditingPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOutput) Kubernetes() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkload) []GetApplicationScopeCategoryWorkloadKubernete { - return v.Kubernetes - }).(GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) +func (o GetContainerRuntimePolicyAuditingOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditAllNetwork }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOutput) Os() GetApplicationScopeCategoryWorkloadOArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkload) []GetApplicationScopeCategoryWorkloadO { return v.Os }).(GetApplicationScopeCategoryWorkloadOArrayOutput) +func (o GetContainerRuntimePolicyAuditingOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditAllProcesses }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryWorkloadArrayOutput struct{ *pulumi.OutputState } +func (o GetContainerRuntimePolicyAuditingOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditFailedLogin }).(pulumi.BoolPtrOutput) +} -func (GetApplicationScopeCategoryWorkloadArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkload)(nil)).Elem() +func (o GetContainerRuntimePolicyAuditingOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditOsUserActivity }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadArrayOutput) ToGetApplicationScopeCategoryWorkloadArrayOutput() GetApplicationScopeCategoryWorkloadArrayOutput { +func (o GetContainerRuntimePolicyAuditingOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditProcessCmdline }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditSuccessLogin }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.AuditUserAccountManagement }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyAuditing) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +type GetContainerRuntimePolicyAuditingPtrOutput struct{ *pulumi.OutputState } + +func (GetContainerRuntimePolicyAuditingPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyAuditing)(nil)).Elem() +} + +func (o GetContainerRuntimePolicyAuditingPtrOutput) ToGetContainerRuntimePolicyAuditingPtrOutput() GetContainerRuntimePolicyAuditingPtrOutput { return o } -func (o GetApplicationScopeCategoryWorkloadArrayOutput) ToGetApplicationScopeCategoryWorkloadArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadArrayOutput { +func (o GetContainerRuntimePolicyAuditingPtrOutput) ToGetContainerRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyAuditingPtrOutput { return o } -func (o GetApplicationScopeCategoryWorkloadArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkload] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkload]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyAuditingPtrOutput) Elem() GetContainerRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) GetContainerRuntimePolicyAuditing { + if v != nil { + return *v + } + var ret GetContainerRuntimePolicyAuditing + return ret + }).(GetContainerRuntimePolicyAuditingOutput) } -func (o GetApplicationScopeCategoryWorkloadArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkload { - return vs[0].([]GetApplicationScopeCategoryWorkload)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadOutput) +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllNetwork + }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryWorkloadCf struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryWorkloadCfVariable `pulumi:"variables"` +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllProcesses + }).(pulumi.BoolPtrOutput) } -// GetApplicationScopeCategoryWorkloadCfInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfArgs and GetApplicationScopeCategoryWorkloadCfOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfInput` via: +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditFailedLogin + }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditOsUserActivity + }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditProcessCmdline + }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditSuccessLogin + }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingPtrOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditUserAccountManagement + }).(pulumi.BoolPtrOutput) +} + +func (o GetContainerRuntimePolicyAuditingPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type GetContainerRuntimePolicyContainerExec struct { + BlockContainerExec *bool `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists []string `pulumi:"containerExecProcWhiteLists"` + Enabled *bool `pulumi:"enabled"` + ReverseShellIpWhiteLists []string `pulumi:"reverseShellIpWhiteLists"` +} + +// GetContainerRuntimePolicyContainerExecInput is an input type that accepts GetContainerRuntimePolicyContainerExecArgs and GetContainerRuntimePolicyContainerExecOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyContainerExecInput` via: // -// GetApplicationScopeCategoryWorkloadCfArgs{...} -type GetApplicationScopeCategoryWorkloadCfInput interface { +// GetContainerRuntimePolicyContainerExecArgs{...} +type GetContainerRuntimePolicyContainerExecInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadCfOutput() GetApplicationScopeCategoryWorkloadCfOutput - ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfOutput + ToGetContainerRuntimePolicyContainerExecOutput() GetContainerRuntimePolicyContainerExecOutput + ToGetContainerRuntimePolicyContainerExecOutputWithContext(context.Context) GetContainerRuntimePolicyContainerExecOutput } -type GetApplicationScopeCategoryWorkloadCfArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryWorkloadCfVariableArrayInput `pulumi:"variables"` +type GetContainerRuntimePolicyContainerExecArgs struct { + BlockContainerExec pulumi.BoolPtrInput `pulumi:"blockContainerExec"` + ContainerExecProcWhiteLists pulumi.StringArrayInput `pulumi:"containerExecProcWhiteLists"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ReverseShellIpWhiteLists pulumi.StringArrayInput `pulumi:"reverseShellIpWhiteLists"` } -func (GetApplicationScopeCategoryWorkloadCfArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() +func (GetContainerRuntimePolicyContainerExecArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadCfArgs) ToGetApplicationScopeCategoryWorkloadCfOutput() GetApplicationScopeCategoryWorkloadCfOutput { - return i.ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyContainerExecArgs) ToGetContainerRuntimePolicyContainerExecOutput() GetContainerRuntimePolicyContainerExecOutput { + return i.ToGetContainerRuntimePolicyContainerExecOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadCfArgs) ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfOutput) +func (i GetContainerRuntimePolicyContainerExecArgs) ToGetContainerRuntimePolicyContainerExecOutputWithContext(ctx context.Context) GetContainerRuntimePolicyContainerExecOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyContainerExecOutput) } -func (i GetApplicationScopeCategoryWorkloadCfArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadCf]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyContainerExecArgs) ToGetContainerRuntimePolicyContainerExecPtrOutput() GetContainerRuntimePolicyContainerExecPtrOutput { + return i.ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) } -// GetApplicationScopeCategoryWorkloadCfArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfArray and GetApplicationScopeCategoryWorkloadCfArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfArrayInput` via: +func (i GetContainerRuntimePolicyContainerExecArgs) ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyContainerExecOutput).ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx) +} + +// GetContainerRuntimePolicyContainerExecPtrInput is an input type that accepts GetContainerRuntimePolicyContainerExecArgs, GetContainerRuntimePolicyContainerExecPtr and GetContainerRuntimePolicyContainerExecPtrOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyContainerExecPtrInput` via: // -// GetApplicationScopeCategoryWorkloadCfArray{ GetApplicationScopeCategoryWorkloadCfArgs{...} } -type GetApplicationScopeCategoryWorkloadCfArrayInput interface { +// GetContainerRuntimePolicyContainerExecArgs{...} +// +// or: +// +// nil +type GetContainerRuntimePolicyContainerExecPtrInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadCfArrayOutput() GetApplicationScopeCategoryWorkloadCfArrayOutput - ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfArrayOutput + ToGetContainerRuntimePolicyContainerExecPtrOutput() GetContainerRuntimePolicyContainerExecPtrOutput + ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Context) GetContainerRuntimePolicyContainerExecPtrOutput } -type GetApplicationScopeCategoryWorkloadCfArray []GetApplicationScopeCategoryWorkloadCfInput +type getContainerRuntimePolicyContainerExecPtrType GetContainerRuntimePolicyContainerExecArgs -func (GetApplicationScopeCategoryWorkloadCfArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() +func GetContainerRuntimePolicyContainerExecPtr(v *GetContainerRuntimePolicyContainerExecArgs) GetContainerRuntimePolicyContainerExecPtrInput { + return (*getContainerRuntimePolicyContainerExecPtrType)(v) } -func (i GetApplicationScopeCategoryWorkloadCfArray) ToGetApplicationScopeCategoryWorkloadCfArrayOutput() GetApplicationScopeCategoryWorkloadCfArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(context.Background()) +func (*getContainerRuntimePolicyContainerExecPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadCfArray) ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfArrayOutput) +func (i *getContainerRuntimePolicyContainerExecPtrType) ToGetContainerRuntimePolicyContainerExecPtrOutput() GetContainerRuntimePolicyContainerExecPtrOutput { + return i.ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadCfArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadCf]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(ctx).OutputState, - } +func (i *getContainerRuntimePolicyContainerExecPtrType) ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyContainerExecPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyContainerExecPtrOutput) } -type GetApplicationScopeCategoryWorkloadCfOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyContainerExecOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryWorkloadCfOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() +func (GetContainerRuntimePolicyContainerExecOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyContainerExec)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadCfOutput) ToGetApplicationScopeCategoryWorkloadCfOutput() GetApplicationScopeCategoryWorkloadCfOutput { +func (o GetContainerRuntimePolicyContainerExecOutput) ToGetContainerRuntimePolicyContainerExecOutput() GetContainerRuntimePolicyContainerExecOutput { return o } -func (o GetApplicationScopeCategoryWorkloadCfOutput) ToGetApplicationScopeCategoryWorkloadCfOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfOutput { +func (o GetContainerRuntimePolicyContainerExecOutput) ToGetContainerRuntimePolicyContainerExecOutputWithContext(ctx context.Context) GetContainerRuntimePolicyContainerExecOutput { return o } -func (o GetApplicationScopeCategoryWorkloadCfOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadCf]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyContainerExecOutput) ToGetContainerRuntimePolicyContainerExecPtrOutput() GetContainerRuntimePolicyContainerExecPtrOutput { + return o.ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(context.Background()) } -func (o GetApplicationScopeCategoryWorkloadCfOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCf) string { return v.Expression }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyContainerExecOutput) ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyContainerExecPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GetContainerRuntimePolicyContainerExec) *GetContainerRuntimePolicyContainerExec { + return &v + }).(GetContainerRuntimePolicyContainerExecPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadCfOutput) Variables() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCf) []GetApplicationScopeCategoryWorkloadCfVariable { - return v.Variables - }).(GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) +func (o GetContainerRuntimePolicyContainerExecOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyContainerExec) *bool { return v.BlockContainerExec }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryWorkloadCfArrayOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryWorkloadCfArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCf)(nil)).Elem() +func (o GetContainerRuntimePolicyContainerExecOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyContainerExec) []string { return v.ContainerExecProcWhiteLists }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) ToGetApplicationScopeCategoryWorkloadCfArrayOutput() GetApplicationScopeCategoryWorkloadCfArrayOutput { - return o +func (o GetContainerRuntimePolicyContainerExecOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyContainerExec) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) ToGetApplicationScopeCategoryWorkloadCfArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfArrayOutput { - return o +func (o GetContainerRuntimePolicyContainerExecOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyContainerExec) []string { return v.ReverseShellIpWhiteLists }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadCf] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadCf]{ - OutputState: o.OutputState, - } -} +type GetContainerRuntimePolicyContainerExecPtrOutput struct{ *pulumi.OutputState } -func (o GetApplicationScopeCategoryWorkloadCfArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadCfOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadCf { - return vs[0].([]GetApplicationScopeCategoryWorkloadCf)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadCfOutput) +func (GetContainerRuntimePolicyContainerExecPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyContainerExec)(nil)).Elem() } -type GetApplicationScopeCategoryWorkloadCfVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +func (o GetContainerRuntimePolicyContainerExecPtrOutput) ToGetContainerRuntimePolicyContainerExecPtrOutput() GetContainerRuntimePolicyContainerExecPtrOutput { + return o } -// GetApplicationScopeCategoryWorkloadCfVariableInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfVariableArgs and GetApplicationScopeCategoryWorkloadCfVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfVariableInput` via: -// -// GetApplicationScopeCategoryWorkloadCfVariableArgs{...} -type GetApplicationScopeCategoryWorkloadCfVariableInput interface { - pulumi.Input +func (o GetContainerRuntimePolicyContainerExecPtrOutput) ToGetContainerRuntimePolicyContainerExecPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyContainerExecPtrOutput { + return o +} - ToGetApplicationScopeCategoryWorkloadCfVariableOutput() GetApplicationScopeCategoryWorkloadCfVariableOutput - ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfVariableOutput +func (o GetContainerRuntimePolicyContainerExecPtrOutput) Elem() GetContainerRuntimePolicyContainerExecOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyContainerExec) GetContainerRuntimePolicyContainerExec { + if v != nil { + return *v + } + var ret GetContainerRuntimePolicyContainerExec + return ret + }).(GetContainerRuntimePolicyContainerExecOutput) } -type GetApplicationScopeCategoryWorkloadCfVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` +func (o GetContainerRuntimePolicyContainerExecPtrOutput) BlockContainerExec() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.BlockContainerExec + }).(pulumi.BoolPtrOutput) } -func (GetApplicationScopeCategoryWorkloadCfVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() +func (o GetContainerRuntimePolicyContainerExecPtrOutput) ContainerExecProcWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ContainerExecProcWhiteLists + }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadCfVariableArgs) ToGetApplicationScopeCategoryWorkloadCfVariableOutput() GetApplicationScopeCategoryWorkloadCfVariableOutput { - return i.ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(context.Background()) +func (o GetContainerRuntimePolicyContainerExecPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyContainerExec) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -func (i GetApplicationScopeCategoryWorkloadCfVariableArgs) ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfVariableOutput) +func (o GetContainerRuntimePolicyContainerExecPtrOutput) ReverseShellIpWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyContainerExec) []string { + if v == nil { + return nil + } + return v.ReverseShellIpWhiteLists + }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadCfVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(ctx).OutputState, - } +type GetContainerRuntimePolicyFileBlock struct { + BlockFilesProcesses []string `pulumi:"blockFilesProcesses"` + BlockFilesUsers []string `pulumi:"blockFilesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockFiles []string `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses []string `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers []string `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists []string `pulumi:"filenameBlockLists"` } -// GetApplicationScopeCategoryWorkloadCfVariableArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadCfVariableArray and GetApplicationScopeCategoryWorkloadCfVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadCfVariableArrayInput` via: +// GetContainerRuntimePolicyFileBlockInput is an input type that accepts GetContainerRuntimePolicyFileBlockArgs and GetContainerRuntimePolicyFileBlockOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyFileBlockInput` via: // -// GetApplicationScopeCategoryWorkloadCfVariableArray{ GetApplicationScopeCategoryWorkloadCfVariableArgs{...} } -type GetApplicationScopeCategoryWorkloadCfVariableArrayInput interface { +// GetContainerRuntimePolicyFileBlockArgs{...} +type GetContainerRuntimePolicyFileBlockInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutput() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput - ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadCfVariableArrayOutput + ToGetContainerRuntimePolicyFileBlockOutput() GetContainerRuntimePolicyFileBlockOutput + ToGetContainerRuntimePolicyFileBlockOutputWithContext(context.Context) GetContainerRuntimePolicyFileBlockOutput } -type GetApplicationScopeCategoryWorkloadCfVariableArray []GetApplicationScopeCategoryWorkloadCfVariableInput - -func (GetApplicationScopeCategoryWorkloadCfVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() +type GetContainerRuntimePolicyFileBlockArgs struct { + BlockFilesProcesses pulumi.StringArrayInput `pulumi:"blockFilesProcesses"` + BlockFilesUsers pulumi.StringArrayInput `pulumi:"blockFilesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockFiles"` + ExceptionalBlockFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesProcesses"` + ExceptionalBlockFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockFilesUsers"` + FilenameBlockLists pulumi.StringArrayInput `pulumi:"filenameBlockLists"` } -func (i GetApplicationScopeCategoryWorkloadCfVariableArray) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutput() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(context.Background()) +func (GetContainerRuntimePolicyFileBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadCfVariableArray) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) +func (i GetContainerRuntimePolicyFileBlockArgs) ToGetContainerRuntimePolicyFileBlockOutput() GetContainerRuntimePolicyFileBlockOutput { + return i.ToGetContainerRuntimePolicyFileBlockOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadCfVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyFileBlockArgs) ToGetContainerRuntimePolicyFileBlockOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileBlockOutput) } -type GetApplicationScopeCategoryWorkloadCfVariableOutput struct{ *pulumi.OutputState } +func (i GetContainerRuntimePolicyFileBlockArgs) ToGetContainerRuntimePolicyFileBlockPtrOutput() GetContainerRuntimePolicyFileBlockPtrOutput { + return i.ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) +} -func (GetApplicationScopeCategoryWorkloadCfVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() +func (i GetContainerRuntimePolicyFileBlockArgs) ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileBlockOutput).ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx) } -func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) ToGetApplicationScopeCategoryWorkloadCfVariableOutput() GetApplicationScopeCategoryWorkloadCfVariableOutput { - return o +// GetContainerRuntimePolicyFileBlockPtrInput is an input type that accepts GetContainerRuntimePolicyFileBlockArgs, GetContainerRuntimePolicyFileBlockPtr and GetContainerRuntimePolicyFileBlockPtrOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyFileBlockPtrInput` via: +// +// GetContainerRuntimePolicyFileBlockArgs{...} +// +// or: +// +// nil +type GetContainerRuntimePolicyFileBlockPtrInput interface { + pulumi.Input + + ToGetContainerRuntimePolicyFileBlockPtrOutput() GetContainerRuntimePolicyFileBlockPtrOutput + ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Context) GetContainerRuntimePolicyFileBlockPtrOutput } -func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) ToGetApplicationScopeCategoryWorkloadCfVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableOutput { - return o +type getContainerRuntimePolicyFileBlockPtrType GetContainerRuntimePolicyFileBlockArgs + +func GetContainerRuntimePolicyFileBlockPtr(v *GetContainerRuntimePolicyFileBlockArgs) GetContainerRuntimePolicyFileBlockPtrInput { + return (*getContainerRuntimePolicyFileBlockPtrType)(v) } -func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: o.OutputState, - } +func (*getContainerRuntimePolicyFileBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCfVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (i *getContainerRuntimePolicyFileBlockPtrType) ToGetContainerRuntimePolicyFileBlockPtrOutput() GetContainerRuntimePolicyFileBlockPtrOutput { + return i.ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) } -func (o GetApplicationScopeCategoryWorkloadCfVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadCfVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +func (i *getContainerRuntimePolicyFileBlockPtrType) ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileBlockPtrOutput) } -type GetApplicationScopeCategoryWorkloadCfVariableArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyFileBlockOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadCfVariable)(nil)).Elem() +func (GetContainerRuntimePolicyFileBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyFileBlock)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutput() GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { +func (o GetContainerRuntimePolicyFileBlockOutput) ToGetContainerRuntimePolicyFileBlockOutput() GetContainerRuntimePolicyFileBlockOutput { return o } -func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadCfVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadCfVariableArrayOutput { +func (o GetContainerRuntimePolicyFileBlockOutput) ToGetContainerRuntimePolicyFileBlockOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileBlockOutput { return o } -func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadCfVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadCfVariable]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyFileBlockOutput) ToGetContainerRuntimePolicyFileBlockPtrOutput() GetContainerRuntimePolicyFileBlockPtrOutput { + return o.ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(context.Background()) } -func (o GetApplicationScopeCategoryWorkloadCfVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadCfVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadCfVariable { - return vs[0].([]GetApplicationScopeCategoryWorkloadCfVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadCfVariableOutput) +func (o GetContainerRuntimePolicyFileBlockOutput) ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GetContainerRuntimePolicyFileBlock) *GetContainerRuntimePolicyFileBlock { + return &v + }).(GetContainerRuntimePolicyFileBlockPtrOutput) } -type GetApplicationScopeCategoryWorkloadKubernete struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryWorkloadKuberneteVariable `pulumi:"variables"` +func (o GetContainerRuntimePolicyFileBlockOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) []string { return v.BlockFilesProcesses }).(pulumi.StringArrayOutput) } -// GetApplicationScopeCategoryWorkloadKuberneteInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteArgs and GetApplicationScopeCategoryWorkloadKuberneteOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteInput` via: -// -// GetApplicationScopeCategoryWorkloadKuberneteArgs{...} -type GetApplicationScopeCategoryWorkloadKuberneteInput interface { - pulumi.Input - - ToGetApplicationScopeCategoryWorkloadKuberneteOutput() GetApplicationScopeCategoryWorkloadKuberneteOutput - ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteOutput +func (o GetContainerRuntimePolicyFileBlockOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) []string { return v.BlockFilesUsers }).(pulumi.StringArrayOutput) } -type GetApplicationScopeCategoryWorkloadKuberneteArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput `pulumi:"variables"` +func (o GetContainerRuntimePolicyFileBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (GetApplicationScopeCategoryWorkloadKuberneteArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() +func (o GetContainerRuntimePolicyFileBlockOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFiles }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteArgs) ToGetApplicationScopeCategoryWorkloadKuberneteOutput() GetApplicationScopeCategoryWorkloadKuberneteOutput { - return i.ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(context.Background()) +func (o GetContainerRuntimePolicyFileBlockOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesProcesses }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteArgs) ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteOutput) +func (o GetContainerRuntimePolicyFileBlockOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) []string { return v.ExceptionalBlockFilesUsers }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadKubernete]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(ctx).OutputState, - } +func (o GetContainerRuntimePolicyFileBlockOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileBlock) []string { return v.FilenameBlockLists }).(pulumi.StringArrayOutput) } -// GetApplicationScopeCategoryWorkloadKuberneteArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteArray and GetApplicationScopeCategoryWorkloadKuberneteArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteArrayInput` via: -// -// GetApplicationScopeCategoryWorkloadKuberneteArray{ GetApplicationScopeCategoryWorkloadKuberneteArgs{...} } -type GetApplicationScopeCategoryWorkloadKuberneteArrayInput interface { - pulumi.Input +type GetContainerRuntimePolicyFileBlockPtrOutput struct{ *pulumi.OutputState } - ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput - ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteArrayOutput +func (GetContainerRuntimePolicyFileBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyFileBlock)(nil)).Elem() } -type GetApplicationScopeCategoryWorkloadKuberneteArray []GetApplicationScopeCategoryWorkloadKuberneteInput - -func (GetApplicationScopeCategoryWorkloadKuberneteArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() +func (o GetContainerRuntimePolicyFileBlockPtrOutput) ToGetContainerRuntimePolicyFileBlockPtrOutput() GetContainerRuntimePolicyFileBlockPtrOutput { + return o } -func (i GetApplicationScopeCategoryWorkloadKuberneteArray) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(context.Background()) +func (o GetContainerRuntimePolicyFileBlockPtrOutput) ToGetContainerRuntimePolicyFileBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileBlockPtrOutput { + return o } -func (i GetApplicationScopeCategoryWorkloadKuberneteArray) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) +func (o GetContainerRuntimePolicyFileBlockPtrOutput) Elem() GetContainerRuntimePolicyFileBlockOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) GetContainerRuntimePolicyFileBlock { + if v != nil { + return *v + } + var ret GetContainerRuntimePolicyFileBlock + return ret + }).(GetContainerRuntimePolicyFileBlockOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadKubernete]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(ctx).OutputState, - } +func (o GetContainerRuntimePolicyFileBlockPtrOutput) BlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesProcesses + }).(pulumi.StringArrayOutput) } -type GetApplicationScopeCategoryWorkloadKuberneteOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryWorkloadKuberneteOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() +func (o GetContainerRuntimePolicyFileBlockPtrOutput) BlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.BlockFilesUsers + }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) ToGetApplicationScopeCategoryWorkloadKuberneteOutput() GetApplicationScopeCategoryWorkloadKuberneteOutput { - return o +func (o GetContainerRuntimePolicyFileBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) ToGetApplicationScopeCategoryWorkloadKuberneteOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteOutput { - return o +func (o GetContainerRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFiles + }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadKubernete]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesProcesses + }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKubernete) string { return v.Expression }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyFileBlockPtrOutput) ExceptionalBlockFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.ExceptionalBlockFilesUsers + }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteOutput) Variables() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKubernete) []GetApplicationScopeCategoryWorkloadKuberneteVariable { - return v.Variables - }).(GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) +func (o GetContainerRuntimePolicyFileBlockPtrOutput) FilenameBlockLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyFileBlock) []string { + if v == nil { + return nil + } + return v.FilenameBlockLists + }).(pulumi.StringArrayOutput) } -type GetApplicationScopeCategoryWorkloadKuberneteArrayOutput struct{ *pulumi.OutputState } - -func (GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKubernete)(nil)).Elem() +type GetContainerRuntimePolicyFileIntegrityMonitoring struct { + // If true, file integrity monitoring is enabled. + Enabled *bool `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles []string `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses []string `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers []string `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles []string `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes *bool `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate *bool `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete *bool `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify *bool `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses []string `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead *bool `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers []string `pulumi:"monitoredFilesUsers"` } -func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { - return o +// GetContainerRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts GetContainerRuntimePolicyFileIntegrityMonitoringArgs and GetContainerRuntimePolicyFileIntegrityMonitoringOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyFileIntegrityMonitoringInput` via: +// +// GetContainerRuntimePolicyFileIntegrityMonitoringArgs{...} +type GetContainerRuntimePolicyFileIntegrityMonitoringInput interface { + pulumi.Input + + ToGetContainerRuntimePolicyFileIntegrityMonitoringOutput() GetContainerRuntimePolicyFileIntegrityMonitoringOutput + ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringOutput } -func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteArrayOutput { - return o +type GetContainerRuntimePolicyFileIntegrityMonitoringArgs struct { + // If true, file integrity monitoring is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles pulumi.StringArrayInput `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes pulumi.BoolPtrInput `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate pulumi.BoolPtrInput `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete pulumi.BoolPtrInput `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify pulumi.BoolPtrInput `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead pulumi.BoolPtrInput `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers pulumi.StringArrayInput `pulumi:"monitoredFilesUsers"` } -func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadKubernete] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadKubernete]{ - OutputState: o.OutputState, - } +func (GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadKuberneteArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadKuberneteOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadKubernete { - return vs[0].([]GetApplicationScopeCategoryWorkloadKubernete)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadKuberneteOutput) +func (i GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutput() GetContainerRuntimePolicyFileIntegrityMonitoringOutput { + return i.ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) } -type GetApplicationScopeCategoryWorkloadKuberneteVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +func (i GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileIntegrityMonitoringOutput) } -// GetApplicationScopeCategoryWorkloadKuberneteVariableInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteVariableArgs and GetApplicationScopeCategoryWorkloadKuberneteVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteVariableInput` via: +// GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput is an input type that accepts GetContainerRuntimePolicyFileIntegrityMonitoringArray and GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput` via: // -// GetApplicationScopeCategoryWorkloadKuberneteVariableArgs{...} -type GetApplicationScopeCategoryWorkloadKuberneteVariableInput interface { +// GetContainerRuntimePolicyFileIntegrityMonitoringArray{ GetContainerRuntimePolicyFileIntegrityMonitoringArgs{...} } +type GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableOutput - ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput + ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput + ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput } -type GetApplicationScopeCategoryWorkloadKuberneteVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` -} +type GetContainerRuntimePolicyFileIntegrityMonitoringArray []GetContainerRuntimePolicyFileIntegrityMonitoringInput -func (GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() +func (GetContainerRuntimePolicyFileIntegrityMonitoringArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { - return i.ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyFileIntegrityMonitoringArray) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { + return i.ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) +func (i GetContainerRuntimePolicyFileIntegrityMonitoringArray) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(ctx).OutputState, - } +type GetContainerRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } + +func (GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -// GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadKuberneteVariableArray and GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput` via: -// -// GetApplicationScopeCategoryWorkloadKuberneteVariableArray{ GetApplicationScopeCategoryWorkloadKuberneteVariableArgs{...} } -type GetApplicationScopeCategoryWorkloadKuberneteVariableArrayInput interface { - pulumi.Input +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutput() GetContainerRuntimePolicyFileIntegrityMonitoringOutput { + return o +} - ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput - ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringOutput { + return o } -type GetApplicationScopeCategoryWorkloadKuberneteVariableArray []GetApplicationScopeCategoryWorkloadKuberneteVariableInput +// If true, file integrity monitoring is enabled. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} -func (GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() +// List of paths to be excluded from monitoring. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFiles }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(context.Background()) +// List of processes to be excluded from monitoring. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { + return v.ExceptionalMonitoredFilesProcesses + }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) +// List of users to be excluded from monitoring. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { + return v.ExceptionalMonitoredFilesUsers + }).(pulumi.StringArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadKuberneteVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(ctx).OutputState, - } +// List of paths to be monitored. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFiles }).(pulumi.StringArrayOutput) } -type GetApplicationScopeCategoryWorkloadKuberneteVariableOutput struct{ *pulumi.OutputState } +// Whether to monitor file attribute operations. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesAttributes }).(pulumi.BoolPtrOutput) +} -func (GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() +// Whether to monitor file create operations. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesCreate }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { - return o +// Whether to monitor file delete operations. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesDelete }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { - return o +// Whether to monitor file modify operations. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesModify }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: o.OutputState, - } +// List of processes associated with monitored files. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesProcesses }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKuberneteVariable) string { return v.Attribute }).(pulumi.StringOutput) +// Whether to monitor file read operations. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesRead }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadKuberneteVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +// List of users associated with monitored files. +func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesUsers }).(pulumi.StringArrayOutput) } -type GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadKuberneteVariable)(nil)).Elem() +func (GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput() GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { +func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { return o } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput { +func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { return o } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadKuberneteVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadKuberneteVariable]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyFileIntegrityMonitoringOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyFileIntegrityMonitoring { + return vs[0].([]GetContainerRuntimePolicyFileIntegrityMonitoring)[vs[1].(int)] + }).(GetContainerRuntimePolicyFileIntegrityMonitoringOutput) } -func (o GetApplicationScopeCategoryWorkloadKuberneteVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadKuberneteVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadKuberneteVariable { - return vs[0].([]GetApplicationScopeCategoryWorkloadKuberneteVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadKuberneteVariableOutput) +type GetContainerRuntimePolicyLimitContainerPrivilege struct { + // Whether to block adding capabilities. + BlockAddCapabilities *bool `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode *bool `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode *bool `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode *bool `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding *bool `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser *bool `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged *bool `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser *bool `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode *bool `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode *bool `pulumi:"utsmode"` +} + +// GetContainerRuntimePolicyLimitContainerPrivilegeInput is an input type that accepts GetContainerRuntimePolicyLimitContainerPrivilegeArgs and GetContainerRuntimePolicyLimitContainerPrivilegeOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyLimitContainerPrivilegeInput` via: +// +// GetContainerRuntimePolicyLimitContainerPrivilegeArgs{...} +type GetContainerRuntimePolicyLimitContainerPrivilegeInput interface { + pulumi.Input + + ToGetContainerRuntimePolicyLimitContainerPrivilegeOutput() GetContainerRuntimePolicyLimitContainerPrivilegeOutput + ToGetContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Context) GetContainerRuntimePolicyLimitContainerPrivilegeOutput +} + +type GetContainerRuntimePolicyLimitContainerPrivilegeArgs struct { + // Whether to block adding capabilities. + BlockAddCapabilities pulumi.BoolPtrInput `pulumi:"blockAddCapabilities"` + // Whether container privilege limitations are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to limit IPC-related capabilities. + Ipcmode pulumi.BoolPtrInput `pulumi:"ipcmode"` + // Whether to limit network-related capabilities. + Netmode pulumi.BoolPtrInput `pulumi:"netmode"` + // Whether to limit process-related capabilities. + Pidmode pulumi.BoolPtrInput `pulumi:"pidmode"` + // Whether to prevent low port binding. + PreventLowPortBinding pulumi.BoolPtrInput `pulumi:"preventLowPortBinding"` + // Whether to prevent the use of the root user. + PreventRootUser pulumi.BoolPtrInput `pulumi:"preventRootUser"` + // Whether the container is run in privileged mode. + Privileged pulumi.BoolPtrInput `pulumi:"privileged"` + // Whether to use the host user. + UseHostUser pulumi.BoolPtrInput `pulumi:"useHostUser"` + // Whether to limit user-related capabilities. + Usermode pulumi.BoolPtrInput `pulumi:"usermode"` + // Whether to limit UTS-related capabilities. + Utsmode pulumi.BoolPtrInput `pulumi:"utsmode"` } -type GetApplicationScopeCategoryWorkloadO struct { - Expression string `pulumi:"expression"` - Variables []GetApplicationScopeCategoryWorkloadOVariable `pulumi:"variables"` +func (GetContainerRuntimePolicyLimitContainerPrivilegeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -// GetApplicationScopeCategoryWorkloadOInput is an input type that accepts GetApplicationScopeCategoryWorkloadOArgs and GetApplicationScopeCategoryWorkloadOOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOInput` via: +func (i GetContainerRuntimePolicyLimitContainerPrivilegeArgs) ToGetContainerRuntimePolicyLimitContainerPrivilegeOutput() GetContainerRuntimePolicyLimitContainerPrivilegeOutput { + return i.ToGetContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(context.Background()) +} + +func (i GetContainerRuntimePolicyLimitContainerPrivilegeArgs) ToGetContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) GetContainerRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyLimitContainerPrivilegeOutput) +} + +// GetContainerRuntimePolicyLimitContainerPrivilegeArrayInput is an input type that accepts GetContainerRuntimePolicyLimitContainerPrivilegeArray and GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyLimitContainerPrivilegeArrayInput` via: // -// GetApplicationScopeCategoryWorkloadOArgs{...} -type GetApplicationScopeCategoryWorkloadOInput interface { +// GetContainerRuntimePolicyLimitContainerPrivilegeArray{ GetContainerRuntimePolicyLimitContainerPrivilegeArgs{...} } +type GetContainerRuntimePolicyLimitContainerPrivilegeArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadOOutput() GetApplicationScopeCategoryWorkloadOOutput - ToGetApplicationScopeCategoryWorkloadOOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOOutput + ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput() GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput + ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Context) GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput } -type GetApplicationScopeCategoryWorkloadOArgs struct { - Expression pulumi.StringInput `pulumi:"expression"` - Variables GetApplicationScopeCategoryWorkloadOVariableArrayInput `pulumi:"variables"` -} +type GetContainerRuntimePolicyLimitContainerPrivilegeArray []GetContainerRuntimePolicyLimitContainerPrivilegeInput -func (GetApplicationScopeCategoryWorkloadOArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadO)(nil)).Elem() +func (GetContainerRuntimePolicyLimitContainerPrivilegeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadOArgs) ToGetApplicationScopeCategoryWorkloadOOutput() GetApplicationScopeCategoryWorkloadOOutput { - return i.ToGetApplicationScopeCategoryWorkloadOOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyLimitContainerPrivilegeArray) ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput() GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return i.ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadOArgs) ToGetApplicationScopeCategoryWorkloadOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOOutput) +func (i GetContainerRuntimePolicyLimitContainerPrivilegeArray) ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) } -func (i GetApplicationScopeCategoryWorkloadOArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadO] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadO]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadOOutputWithContext(ctx).OutputState, - } -} +type GetContainerRuntimePolicyLimitContainerPrivilegeOutput struct{ *pulumi.OutputState } -// GetApplicationScopeCategoryWorkloadOArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadOArray and GetApplicationScopeCategoryWorkloadOArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOArrayInput` via: -// -// GetApplicationScopeCategoryWorkloadOArray{ GetApplicationScopeCategoryWorkloadOArgs{...} } -type GetApplicationScopeCategoryWorkloadOArrayInput interface { - pulumi.Input +func (GetContainerRuntimePolicyLimitContainerPrivilegeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() +} - ToGetApplicationScopeCategoryWorkloadOArrayOutput() GetApplicationScopeCategoryWorkloadOArrayOutput - ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOArrayOutput +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) ToGetContainerRuntimePolicyLimitContainerPrivilegeOutput() GetContainerRuntimePolicyLimitContainerPrivilegeOutput { + return o } -type GetApplicationScopeCategoryWorkloadOArray []GetApplicationScopeCategoryWorkloadOInput +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) ToGetContainerRuntimePolicyLimitContainerPrivilegeOutputWithContext(ctx context.Context) GetContainerRuntimePolicyLimitContainerPrivilegeOutput { + return o +} -func (GetApplicationScopeCategoryWorkloadOArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadO)(nil)).Elem() +// Whether to block adding capabilities. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) BlockAddCapabilities() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.BlockAddCapabilities }).(pulumi.BoolPtrOutput) } -func (i GetApplicationScopeCategoryWorkloadOArray) ToGetApplicationScopeCategoryWorkloadOArrayOutput() GetApplicationScopeCategoryWorkloadOArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(context.Background()) +// Whether container privilege limitations are enabled. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (i GetApplicationScopeCategoryWorkloadOArray) ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOArrayOutput) +// Whether to limit IPC-related capabilities. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Ipcmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Ipcmode }).(pulumi.BoolPtrOutput) } -func (i GetApplicationScopeCategoryWorkloadOArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadO] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadO]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(ctx).OutputState, - } +// Whether to limit network-related capabilities. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Netmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Netmode }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryWorkloadOOutput struct{ *pulumi.OutputState } +// Whether to limit process-related capabilities. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Pidmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Pidmode }).(pulumi.BoolPtrOutput) +} -func (GetApplicationScopeCategoryWorkloadOOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadO)(nil)).Elem() +// Whether to prevent low port binding. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) PreventLowPortBinding() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventLowPortBinding }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOOutput) ToGetApplicationScopeCategoryWorkloadOOutput() GetApplicationScopeCategoryWorkloadOOutput { - return o +// Whether to prevent the use of the root user. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) PreventRootUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.PreventRootUser }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOOutput) ToGetApplicationScopeCategoryWorkloadOOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOOutput { - return o +// Whether the container is run in privileged mode. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Privileged() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Privileged }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadO] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadO]{ - OutputState: o.OutputState, - } +// Whether to use the host user. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) UseHostUser() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.UseHostUser }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOOutput) Expression() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadO) string { return v.Expression }).(pulumi.StringOutput) +// Whether to limit user-related capabilities. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Usermode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Usermode }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOOutput) Variables() GetApplicationScopeCategoryWorkloadOVariableArrayOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadO) []GetApplicationScopeCategoryWorkloadOVariable { - return v.Variables - }).(GetApplicationScopeCategoryWorkloadOVariableArrayOutput) +// Whether to limit UTS-related capabilities. +func (o GetContainerRuntimePolicyLimitContainerPrivilegeOutput) Utsmode() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyLimitContainerPrivilege) *bool { return v.Utsmode }).(pulumi.BoolPtrOutput) } -type GetApplicationScopeCategoryWorkloadOArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryWorkloadOArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadO)(nil)).Elem() +func (GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyLimitContainerPrivilege)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadOArrayOutput) ToGetApplicationScopeCategoryWorkloadOArrayOutput() GetApplicationScopeCategoryWorkloadOArrayOutput { +func (o GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput() GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOArrayOutput) ToGetApplicationScopeCategoryWorkloadOArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOArrayOutput { +func (o GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) ToGetContainerRuntimePolicyLimitContainerPrivilegeArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadO] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadO]{ - OutputState: o.OutputState, - } -} - -func (o GetApplicationScopeCategoryWorkloadOArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadOOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadO { - return vs[0].([]GetApplicationScopeCategoryWorkloadO)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadOOutput) +func (o GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyLimitContainerPrivilegeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyLimitContainerPrivilege { + return vs[0].([]GetContainerRuntimePolicyLimitContainerPrivilege)[vs[1].(int)] + }).(GetContainerRuntimePolicyLimitContainerPrivilegeOutput) } -type GetApplicationScopeCategoryWorkloadOVariable struct { - Attribute string `pulumi:"attribute"` - Value *string `pulumi:"value"` +type GetContainerRuntimePolicyMalwareScanOption struct { + // Set Action, Defaults to 'Alert' when empty + Action *string `pulumi:"action"` + // Defines if enabled or not + Enabled *bool `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories []string `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses []string `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories []string `pulumi:"includeDirectories"` } -// GetApplicationScopeCategoryWorkloadOVariableInput is an input type that accepts GetApplicationScopeCategoryWorkloadOVariableArgs and GetApplicationScopeCategoryWorkloadOVariableOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOVariableInput` via: +// GetContainerRuntimePolicyMalwareScanOptionInput is an input type that accepts GetContainerRuntimePolicyMalwareScanOptionArgs and GetContainerRuntimePolicyMalwareScanOptionOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyMalwareScanOptionInput` via: // -// GetApplicationScopeCategoryWorkloadOVariableArgs{...} -type GetApplicationScopeCategoryWorkloadOVariableInput interface { +// GetContainerRuntimePolicyMalwareScanOptionArgs{...} +type GetContainerRuntimePolicyMalwareScanOptionInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadOVariableOutput() GetApplicationScopeCategoryWorkloadOVariableOutput - ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOVariableOutput -} - -type GetApplicationScopeCategoryWorkloadOVariableArgs struct { - Attribute pulumi.StringInput `pulumi:"attribute"` - Value pulumi.StringPtrInput `pulumi:"value"` + ToGetContainerRuntimePolicyMalwareScanOptionOutput() GetContainerRuntimePolicyMalwareScanOptionOutput + ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(context.Context) GetContainerRuntimePolicyMalwareScanOptionOutput } -func (GetApplicationScopeCategoryWorkloadOVariableArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() +type GetContainerRuntimePolicyMalwareScanOptionArgs struct { + // Set Action, Defaults to 'Alert' when empty + Action pulumi.StringPtrInput `pulumi:"action"` + // Defines if enabled or not + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. + IncludeDirectories pulumi.StringArrayInput `pulumi:"includeDirectories"` } -func (i GetApplicationScopeCategoryWorkloadOVariableArgs) ToGetApplicationScopeCategoryWorkloadOVariableOutput() GetApplicationScopeCategoryWorkloadOVariableOutput { - return i.ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(context.Background()) +func (GetContainerRuntimePolicyMalwareScanOptionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadOVariableArgs) ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOVariableOutput) +func (i GetContainerRuntimePolicyMalwareScanOptionArgs) ToGetContainerRuntimePolicyMalwareScanOptionOutput() GetContainerRuntimePolicyMalwareScanOptionOutput { + return i.ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadOVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadOVariable]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyMalwareScanOptionArgs) ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyMalwareScanOptionOutput) } -// GetApplicationScopeCategoryWorkloadOVariableArrayInput is an input type that accepts GetApplicationScopeCategoryWorkloadOVariableArray and GetApplicationScopeCategoryWorkloadOVariableArrayOutput values. -// You can construct a concrete instance of `GetApplicationScopeCategoryWorkloadOVariableArrayInput` via: +// GetContainerRuntimePolicyMalwareScanOptionArrayInput is an input type that accepts GetContainerRuntimePolicyMalwareScanOptionArray and GetContainerRuntimePolicyMalwareScanOptionArrayOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyMalwareScanOptionArrayInput` via: // -// GetApplicationScopeCategoryWorkloadOVariableArray{ GetApplicationScopeCategoryWorkloadOVariableArgs{...} } -type GetApplicationScopeCategoryWorkloadOVariableArrayInput interface { +// GetContainerRuntimePolicyMalwareScanOptionArray{ GetContainerRuntimePolicyMalwareScanOptionArgs{...} } +type GetContainerRuntimePolicyMalwareScanOptionArrayInput interface { pulumi.Input - ToGetApplicationScopeCategoryWorkloadOVariableArrayOutput() GetApplicationScopeCategoryWorkloadOVariableArrayOutput - ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(context.Context) GetApplicationScopeCategoryWorkloadOVariableArrayOutput + ToGetContainerRuntimePolicyMalwareScanOptionArrayOutput() GetContainerRuntimePolicyMalwareScanOptionArrayOutput + ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(context.Context) GetContainerRuntimePolicyMalwareScanOptionArrayOutput } -type GetApplicationScopeCategoryWorkloadOVariableArray []GetApplicationScopeCategoryWorkloadOVariableInput - -func (GetApplicationScopeCategoryWorkloadOVariableArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() -} +type GetContainerRuntimePolicyMalwareScanOptionArray []GetContainerRuntimePolicyMalwareScanOptionInput -func (i GetApplicationScopeCategoryWorkloadOVariableArray) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutput() GetApplicationScopeCategoryWorkloadOVariableArrayOutput { - return i.ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(context.Background()) +func (GetContainerRuntimePolicyMalwareScanOptionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() } -func (i GetApplicationScopeCategoryWorkloadOVariableArray) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetApplicationScopeCategoryWorkloadOVariableArrayOutput) +func (i GetContainerRuntimePolicyMalwareScanOptionArray) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutput() GetContainerRuntimePolicyMalwareScanOptionArrayOutput { + return i.ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(context.Background()) } -func (i GetApplicationScopeCategoryWorkloadOVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadOVariable]{ - OutputState: i.ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyMalwareScanOptionArray) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyMalwareScanOptionArrayOutput) } -type GetApplicationScopeCategoryWorkloadOVariableOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyMalwareScanOptionOutput struct{ *pulumi.OutputState } -func (GetApplicationScopeCategoryWorkloadOVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() +func (GetContainerRuntimePolicyMalwareScanOptionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadOVariableOutput) ToGetApplicationScopeCategoryWorkloadOVariableOutput() GetApplicationScopeCategoryWorkloadOVariableOutput { +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ToGetContainerRuntimePolicyMalwareScanOptionOutput() GetContainerRuntimePolicyMalwareScanOptionOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOVariableOutput) ToGetApplicationScopeCategoryWorkloadOVariableOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableOutput { +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[GetApplicationScopeCategoryWorkloadOVariable]{ - OutputState: o.OutputState, - } +// Set Action, Defaults to 'Alert' when empty +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) *string { return v.Action }).(pulumi.StringPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadOVariable) string { return v.Attribute }).(pulumi.StringOutput) +// Defines if enabled or not +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o GetApplicationScopeCategoryWorkloadOVariableOutput) Value() pulumi.StringPtrOutput { - return o.ApplyT(func(v GetApplicationScopeCategoryWorkloadOVariable) *string { return v.Value }).(pulumi.StringPtrOutput) +// List of registry paths to be excluded from being protected. +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) } -type GetApplicationScopeCategoryWorkloadOVariableArrayOutput struct{ *pulumi.OutputState } +// List of registry processes to be excluded from being protected. +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ExcludeProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +} -func (GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetApplicationScopeCategoryWorkloadOVariable)(nil)).Elem() +// List of registry paths to be excluded from being protected. +func (o GetContainerRuntimePolicyMalwareScanOptionOutput) IncludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) []string { return v.IncludeDirectories }).(pulumi.StringArrayOutput) } -func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutput() GetApplicationScopeCategoryWorkloadOVariableArrayOutput { - return o +type GetContainerRuntimePolicyMalwareScanOptionArrayOutput struct{ *pulumi.OutputState } + +func (GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() } -func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ToGetApplicationScopeCategoryWorkloadOVariableArrayOutputWithContext(ctx context.Context) GetApplicationScopeCategoryWorkloadOVariableArrayOutput { +func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutput() GetContainerRuntimePolicyMalwareScanOptionArrayOutput { return o } -func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetApplicationScopeCategoryWorkloadOVariable] { - return pulumix.Output[[]GetApplicationScopeCategoryWorkloadOVariable]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionArrayOutput { + return o } -func (o GetApplicationScopeCategoryWorkloadOVariableArrayOutput) Index(i pulumi.IntInput) GetApplicationScopeCategoryWorkloadOVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetApplicationScopeCategoryWorkloadOVariable { - return vs[0].([]GetApplicationScopeCategoryWorkloadOVariable)[vs[1].(int)] - }).(GetApplicationScopeCategoryWorkloadOVariableOutput) +func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyMalwareScanOptionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyMalwareScanOption { + return vs[0].([]GetContainerRuntimePolicyMalwareScanOption)[vs[1].(int)] + }).(GetContainerRuntimePolicyMalwareScanOptionOutput) } -type GetAquaLabelsAquaLabel struct { - Author string `pulumi:"author"` - Created string `pulumi:"created"` - Description string `pulumi:"description"` - Name string `pulumi:"name"` +type GetContainerRuntimePolicyPortBlock struct { + BlockInboundPorts []string `pulumi:"blockInboundPorts"` + BlockOutboundPorts []string `pulumi:"blockOutboundPorts"` + Enabled *bool `pulumi:"enabled"` } -// GetAquaLabelsAquaLabelInput is an input type that accepts GetAquaLabelsAquaLabelArgs and GetAquaLabelsAquaLabelOutput values. -// You can construct a concrete instance of `GetAquaLabelsAquaLabelInput` via: +// GetContainerRuntimePolicyPortBlockInput is an input type that accepts GetContainerRuntimePolicyPortBlockArgs and GetContainerRuntimePolicyPortBlockOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyPortBlockInput` via: // -// GetAquaLabelsAquaLabelArgs{...} -type GetAquaLabelsAquaLabelInput interface { +// GetContainerRuntimePolicyPortBlockArgs{...} +type GetContainerRuntimePolicyPortBlockInput interface { pulumi.Input - ToGetAquaLabelsAquaLabelOutput() GetAquaLabelsAquaLabelOutput - ToGetAquaLabelsAquaLabelOutputWithContext(context.Context) GetAquaLabelsAquaLabelOutput + ToGetContainerRuntimePolicyPortBlockOutput() GetContainerRuntimePolicyPortBlockOutput + ToGetContainerRuntimePolicyPortBlockOutputWithContext(context.Context) GetContainerRuntimePolicyPortBlockOutput } -type GetAquaLabelsAquaLabelArgs struct { - Author pulumi.StringInput `pulumi:"author"` - Created pulumi.StringInput `pulumi:"created"` - Description pulumi.StringInput `pulumi:"description"` - Name pulumi.StringInput `pulumi:"name"` +type GetContainerRuntimePolicyPortBlockArgs struct { + BlockInboundPorts pulumi.StringArrayInput `pulumi:"blockInboundPorts"` + BlockOutboundPorts pulumi.StringArrayInput `pulumi:"blockOutboundPorts"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` } -func (GetAquaLabelsAquaLabelArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetAquaLabelsAquaLabel)(nil)).Elem() +func (GetContainerRuntimePolicyPortBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyPortBlock)(nil)).Elem() } -func (i GetAquaLabelsAquaLabelArgs) ToGetAquaLabelsAquaLabelOutput() GetAquaLabelsAquaLabelOutput { - return i.ToGetAquaLabelsAquaLabelOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyPortBlockArgs) ToGetContainerRuntimePolicyPortBlockOutput() GetContainerRuntimePolicyPortBlockOutput { + return i.ToGetContainerRuntimePolicyPortBlockOutputWithContext(context.Background()) } -func (i GetAquaLabelsAquaLabelArgs) ToGetAquaLabelsAquaLabelOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetAquaLabelsAquaLabelOutput) +func (i GetContainerRuntimePolicyPortBlockArgs) ToGetContainerRuntimePolicyPortBlockOutputWithContext(ctx context.Context) GetContainerRuntimePolicyPortBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyPortBlockOutput) } -func (i GetAquaLabelsAquaLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetAquaLabelsAquaLabel] { - return pulumix.Output[GetAquaLabelsAquaLabel]{ - OutputState: i.ToGetAquaLabelsAquaLabelOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyPortBlockArgs) ToGetContainerRuntimePolicyPortBlockPtrOutput() GetContainerRuntimePolicyPortBlockPtrOutput { + return i.ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) } -// GetAquaLabelsAquaLabelArrayInput is an input type that accepts GetAquaLabelsAquaLabelArray and GetAquaLabelsAquaLabelArrayOutput values. -// You can construct a concrete instance of `GetAquaLabelsAquaLabelArrayInput` via: +func (i GetContainerRuntimePolicyPortBlockArgs) ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyPortBlockOutput).ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx) +} + +// GetContainerRuntimePolicyPortBlockPtrInput is an input type that accepts GetContainerRuntimePolicyPortBlockArgs, GetContainerRuntimePolicyPortBlockPtr and GetContainerRuntimePolicyPortBlockPtrOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyPortBlockPtrInput` via: // -// GetAquaLabelsAquaLabelArray{ GetAquaLabelsAquaLabelArgs{...} } -type GetAquaLabelsAquaLabelArrayInput interface { +// GetContainerRuntimePolicyPortBlockArgs{...} +// +// or: +// +// nil +type GetContainerRuntimePolicyPortBlockPtrInput interface { pulumi.Input - ToGetAquaLabelsAquaLabelArrayOutput() GetAquaLabelsAquaLabelArrayOutput - ToGetAquaLabelsAquaLabelArrayOutputWithContext(context.Context) GetAquaLabelsAquaLabelArrayOutput + ToGetContainerRuntimePolicyPortBlockPtrOutput() GetContainerRuntimePolicyPortBlockPtrOutput + ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Context) GetContainerRuntimePolicyPortBlockPtrOutput } -type GetAquaLabelsAquaLabelArray []GetAquaLabelsAquaLabelInput +type getContainerRuntimePolicyPortBlockPtrType GetContainerRuntimePolicyPortBlockArgs -func (GetAquaLabelsAquaLabelArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetAquaLabelsAquaLabel)(nil)).Elem() +func GetContainerRuntimePolicyPortBlockPtr(v *GetContainerRuntimePolicyPortBlockArgs) GetContainerRuntimePolicyPortBlockPtrInput { + return (*getContainerRuntimePolicyPortBlockPtrType)(v) } -func (i GetAquaLabelsAquaLabelArray) ToGetAquaLabelsAquaLabelArrayOutput() GetAquaLabelsAquaLabelArrayOutput { - return i.ToGetAquaLabelsAquaLabelArrayOutputWithContext(context.Background()) +func (*getContainerRuntimePolicyPortBlockPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyPortBlock)(nil)).Elem() } -func (i GetAquaLabelsAquaLabelArray) ToGetAquaLabelsAquaLabelArrayOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetAquaLabelsAquaLabelArrayOutput) +func (i *getContainerRuntimePolicyPortBlockPtrType) ToGetContainerRuntimePolicyPortBlockPtrOutput() GetContainerRuntimePolicyPortBlockPtrOutput { + return i.ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) } -func (i GetAquaLabelsAquaLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetAquaLabelsAquaLabel] { - return pulumix.Output[[]GetAquaLabelsAquaLabel]{ - OutputState: i.ToGetAquaLabelsAquaLabelArrayOutputWithContext(ctx).OutputState, - } +func (i *getContainerRuntimePolicyPortBlockPtrType) ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyPortBlockPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyPortBlockPtrOutput) } -type GetAquaLabelsAquaLabelOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyPortBlockOutput struct{ *pulumi.OutputState } -func (GetAquaLabelsAquaLabelOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetAquaLabelsAquaLabel)(nil)).Elem() +func (GetContainerRuntimePolicyPortBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyPortBlock)(nil)).Elem() } -func (o GetAquaLabelsAquaLabelOutput) ToGetAquaLabelsAquaLabelOutput() GetAquaLabelsAquaLabelOutput { +func (o GetContainerRuntimePolicyPortBlockOutput) ToGetContainerRuntimePolicyPortBlockOutput() GetContainerRuntimePolicyPortBlockOutput { return o } -func (o GetAquaLabelsAquaLabelOutput) ToGetAquaLabelsAquaLabelOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelOutput { +func (o GetContainerRuntimePolicyPortBlockOutput) ToGetContainerRuntimePolicyPortBlockOutputWithContext(ctx context.Context) GetContainerRuntimePolicyPortBlockOutput { return o } -func (o GetAquaLabelsAquaLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetAquaLabelsAquaLabel] { - return pulumix.Output[GetAquaLabelsAquaLabel]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyPortBlockOutput) ToGetContainerRuntimePolicyPortBlockPtrOutput() GetContainerRuntimePolicyPortBlockPtrOutput { + return o.ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(context.Background()) } -func (o GetAquaLabelsAquaLabelOutput) Author() pulumi.StringOutput { - return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Author }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyPortBlockOutput) ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyPortBlockPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GetContainerRuntimePolicyPortBlock) *GetContainerRuntimePolicyPortBlock { + return &v + }).(GetContainerRuntimePolicyPortBlockPtrOutput) } -func (o GetAquaLabelsAquaLabelOutput) Created() pulumi.StringOutput { - return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Created }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyPortBlockOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyPortBlock) []string { return v.BlockInboundPorts }).(pulumi.StringArrayOutput) } -func (o GetAquaLabelsAquaLabelOutput) Description() pulumi.StringOutput { - return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Description }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyPortBlockOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyPortBlock) []string { return v.BlockOutboundPorts }).(pulumi.StringArrayOutput) } -func (o GetAquaLabelsAquaLabelOutput) Name() pulumi.StringOutput { - return o.ApplyT(func(v GetAquaLabelsAquaLabel) string { return v.Name }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyPortBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyPortBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type GetAquaLabelsAquaLabelArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyPortBlockPtrOutput struct{ *pulumi.OutputState } -func (GetAquaLabelsAquaLabelArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetAquaLabelsAquaLabel)(nil)).Elem() +func (GetContainerRuntimePolicyPortBlockPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyPortBlock)(nil)).Elem() } -func (o GetAquaLabelsAquaLabelArrayOutput) ToGetAquaLabelsAquaLabelArrayOutput() GetAquaLabelsAquaLabelArrayOutput { +func (o GetContainerRuntimePolicyPortBlockPtrOutput) ToGetContainerRuntimePolicyPortBlockPtrOutput() GetContainerRuntimePolicyPortBlockPtrOutput { return o } -func (o GetAquaLabelsAquaLabelArrayOutput) ToGetAquaLabelsAquaLabelArrayOutputWithContext(ctx context.Context) GetAquaLabelsAquaLabelArrayOutput { +func (o GetContainerRuntimePolicyPortBlockPtrOutput) ToGetContainerRuntimePolicyPortBlockPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyPortBlockPtrOutput { return o } -func (o GetAquaLabelsAquaLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetAquaLabelsAquaLabel] { - return pulumix.Output[[]GetAquaLabelsAquaLabel]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyPortBlockPtrOutput) Elem() GetContainerRuntimePolicyPortBlockOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyPortBlock) GetContainerRuntimePolicyPortBlock { + if v != nil { + return *v + } + var ret GetContainerRuntimePolicyPortBlock + return ret + }).(GetContainerRuntimePolicyPortBlockOutput) } -func (o GetAquaLabelsAquaLabelArrayOutput) Index(i pulumi.IntInput) GetAquaLabelsAquaLabelOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetAquaLabelsAquaLabel { - return vs[0].([]GetAquaLabelsAquaLabel)[vs[1].(int)] - }).(GetAquaLabelsAquaLabelOutput) +func (o GetContainerRuntimePolicyPortBlockPtrOutput) BlockInboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockInboundPorts + }).(pulumi.StringArrayOutput) } -type GetContainerRuntimePolicyFileIntegrityMonitoring struct { - ExcludedPaths []string `pulumi:"excludedPaths"` - ExcludedProcesses []string `pulumi:"excludedProcesses"` - ExcludedUsers []string `pulumi:"excludedUsers"` - MonitorAttributes bool `pulumi:"monitorAttributes"` - MonitorCreate bool `pulumi:"monitorCreate"` - MonitorDelete bool `pulumi:"monitorDelete"` - MonitorModify bool `pulumi:"monitorModify"` - MonitorRead bool `pulumi:"monitorRead"` - MonitoredPaths []string `pulumi:"monitoredPaths"` - MonitoredProcesses []string `pulumi:"monitoredProcesses"` - MonitoredUsers []string `pulumi:"monitoredUsers"` +func (o GetContainerRuntimePolicyPortBlockPtrOutput) BlockOutboundPorts() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyPortBlock) []string { + if v == nil { + return nil + } + return v.BlockOutboundPorts + }).(pulumi.StringArrayOutput) } -// GetContainerRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts GetContainerRuntimePolicyFileIntegrityMonitoringArgs and GetContainerRuntimePolicyFileIntegrityMonitoringOutput values. -// You can construct a concrete instance of `GetContainerRuntimePolicyFileIntegrityMonitoringInput` via: +func (o GetContainerRuntimePolicyPortBlockPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyPortBlock) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type GetContainerRuntimePolicyReadonlyFiles struct { + Enabled *bool `pulumi:"enabled"` + ExceptionalReadonlyFiles []string `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses []string `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers []string `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles []string `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses []string `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers []string `pulumi:"readonlyFilesUsers"` +} + +// GetContainerRuntimePolicyReadonlyFilesInput is an input type that accepts GetContainerRuntimePolicyReadonlyFilesArgs and GetContainerRuntimePolicyReadonlyFilesOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyReadonlyFilesInput` via: // -// GetContainerRuntimePolicyFileIntegrityMonitoringArgs{...} -type GetContainerRuntimePolicyFileIntegrityMonitoringInput interface { +// GetContainerRuntimePolicyReadonlyFilesArgs{...} +type GetContainerRuntimePolicyReadonlyFilesInput interface { pulumi.Input - ToGetContainerRuntimePolicyFileIntegrityMonitoringOutput() GetContainerRuntimePolicyFileIntegrityMonitoringOutput - ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringOutput + ToGetContainerRuntimePolicyReadonlyFilesOutput() GetContainerRuntimePolicyReadonlyFilesOutput + ToGetContainerRuntimePolicyReadonlyFilesOutputWithContext(context.Context) GetContainerRuntimePolicyReadonlyFilesOutput } -type GetContainerRuntimePolicyFileIntegrityMonitoringArgs struct { - ExcludedPaths pulumi.StringArrayInput `pulumi:"excludedPaths"` - ExcludedProcesses pulumi.StringArrayInput `pulumi:"excludedProcesses"` - ExcludedUsers pulumi.StringArrayInput `pulumi:"excludedUsers"` - MonitorAttributes pulumi.BoolInput `pulumi:"monitorAttributes"` - MonitorCreate pulumi.BoolInput `pulumi:"monitorCreate"` - MonitorDelete pulumi.BoolInput `pulumi:"monitorDelete"` - MonitorModify pulumi.BoolInput `pulumi:"monitorModify"` - MonitorRead pulumi.BoolInput `pulumi:"monitorRead"` - MonitoredPaths pulumi.StringArrayInput `pulumi:"monitoredPaths"` - MonitoredProcesses pulumi.StringArrayInput `pulumi:"monitoredProcesses"` - MonitoredUsers pulumi.StringArrayInput `pulumi:"monitoredUsers"` +type GetContainerRuntimePolicyReadonlyFilesArgs struct { + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalReadonlyFiles pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFiles"` + ExceptionalReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesProcesses"` + ExceptionalReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalReadonlyFilesUsers"` + ReadonlyFiles pulumi.StringArrayInput `pulumi:"readonlyFiles"` + ReadonlyFilesProcesses pulumi.StringArrayInput `pulumi:"readonlyFilesProcesses"` + ReadonlyFilesUsers pulumi.StringArrayInput `pulumi:"readonlyFilesUsers"` } -func (GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (GetContainerRuntimePolicyReadonlyFilesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyReadonlyFiles)(nil)).Elem() } -func (i GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutput() GetContainerRuntimePolicyFileIntegrityMonitoringOutput { - return i.ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyReadonlyFilesArgs) ToGetContainerRuntimePolicyReadonlyFilesOutput() GetContainerRuntimePolicyReadonlyFilesOutput { + return i.ToGetContainerRuntimePolicyReadonlyFilesOutputWithContext(context.Background()) } -func (i GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileIntegrityMonitoringOutput) +func (i GetContainerRuntimePolicyReadonlyFilesArgs) ToGetContainerRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) GetContainerRuntimePolicyReadonlyFilesOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyReadonlyFilesOutput) } -func (i GetContainerRuntimePolicyFileIntegrityMonitoringArgs) ToOutput(ctx context.Context) pulumix.Output[GetContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[GetContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx).OutputState, - } +func (i GetContainerRuntimePolicyReadonlyFilesArgs) ToGetContainerRuntimePolicyReadonlyFilesPtrOutput() GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return i.ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) } -// GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput is an input type that accepts GetContainerRuntimePolicyFileIntegrityMonitoringArray and GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput values. -// You can construct a concrete instance of `GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput` via: +func (i GetContainerRuntimePolicyReadonlyFilesArgs) ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyReadonlyFilesOutput).ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx) +} + +// GetContainerRuntimePolicyReadonlyFilesPtrInput is an input type that accepts GetContainerRuntimePolicyReadonlyFilesArgs, GetContainerRuntimePolicyReadonlyFilesPtr and GetContainerRuntimePolicyReadonlyFilesPtrOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyReadonlyFilesPtrInput` via: // -// GetContainerRuntimePolicyFileIntegrityMonitoringArray{ GetContainerRuntimePolicyFileIntegrityMonitoringArgs{...} } -type GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput interface { +// GetContainerRuntimePolicyReadonlyFilesArgs{...} +// +// or: +// +// nil +type GetContainerRuntimePolicyReadonlyFilesPtrInput interface { pulumi.Input - ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput - ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput + ToGetContainerRuntimePolicyReadonlyFilesPtrOutput() GetContainerRuntimePolicyReadonlyFilesPtrOutput + ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Context) GetContainerRuntimePolicyReadonlyFilesPtrOutput } -type GetContainerRuntimePolicyFileIntegrityMonitoringArray []GetContainerRuntimePolicyFileIntegrityMonitoringInput +type getContainerRuntimePolicyReadonlyFilesPtrType GetContainerRuntimePolicyReadonlyFilesArgs -func (GetContainerRuntimePolicyFileIntegrityMonitoringArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func GetContainerRuntimePolicyReadonlyFilesPtr(v *GetContainerRuntimePolicyReadonlyFilesArgs) GetContainerRuntimePolicyReadonlyFilesPtrInput { + return (*getContainerRuntimePolicyReadonlyFilesPtrType)(v) } -func (i GetContainerRuntimePolicyFileIntegrityMonitoringArray) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { - return i.ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(context.Background()) +func (*getContainerRuntimePolicyReadonlyFilesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyReadonlyFiles)(nil)).Elem() } -func (i GetContainerRuntimePolicyFileIntegrityMonitoringArray) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) +func (i *getContainerRuntimePolicyReadonlyFilesPtrType) ToGetContainerRuntimePolicyReadonlyFilesPtrOutput() GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return i.ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) } -func (i GetContainerRuntimePolicyFileIntegrityMonitoringArray) ToOutput(ctx context.Context) pulumix.Output[[]GetContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[[]GetContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx).OutputState, - } +func (i *getContainerRuntimePolicyReadonlyFilesPtrType) ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyReadonlyFilesPtrOutput) } -type GetContainerRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyReadonlyFilesOutput struct{ *pulumi.OutputState } -func (GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (GetContainerRuntimePolicyReadonlyFilesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyReadonlyFiles)(nil)).Elem() } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutput() GetContainerRuntimePolicyFileIntegrityMonitoringOutput { +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ToGetContainerRuntimePolicyReadonlyFilesOutput() GetContainerRuntimePolicyReadonlyFilesOutput { return o } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringOutput { +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ToGetContainerRuntimePolicyReadonlyFilesOutputWithContext(ctx context.Context) GetContainerRuntimePolicyReadonlyFilesOutput { return o } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ToOutput(ctx context.Context) pulumix.Output[GetContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[GetContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } -} - -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) -} - -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedProcesses }).(pulumi.StringArrayOutput) -} - -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedUsers }).(pulumi.StringArrayOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ToGetContainerRuntimePolicyReadonlyFilesPtrOutput() GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return o.ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(context.Background()) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorAttributes() pulumi.BoolOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorAttributes }).(pulumi.BoolOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyReadonlyFilesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GetContainerRuntimePolicyReadonlyFiles) *GetContainerRuntimePolicyReadonlyFiles { + return &v + }).(GetContainerRuntimePolicyReadonlyFilesPtrOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorCreate() pulumi.BoolOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorCreate }).(pulumi.BoolOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorDelete() pulumi.BoolOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorDelete }).(pulumi.BoolOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFiles }).(pulumi.StringArrayOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorModify() pulumi.BoolOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorModify }).(pulumi.BoolOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesProcesses }).(pulumi.StringArrayOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitorRead() pulumi.BoolOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorRead }).(pulumi.BoolOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) []string { return v.ExceptionalReadonlyFilesUsers }).(pulumi.StringArrayOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredPaths }).(pulumi.StringArrayOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFiles }).(pulumi.StringArrayOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredProcesses }).(pulumi.StringArrayOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesProcesses }).(pulumi.StringArrayOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredUsers }).(pulumi.StringArrayOutput) +func (o GetContainerRuntimePolicyReadonlyFilesOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyReadonlyFiles) []string { return v.ReadonlyFilesUsers }).(pulumi.StringArrayOutput) } -type GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyReadonlyFilesPtrOutput struct{ *pulumi.OutputState } -func (GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetContainerRuntimePolicyFileIntegrityMonitoring)(nil)).Elem() +func (GetContainerRuntimePolicyReadonlyFilesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GetContainerRuntimePolicyReadonlyFiles)(nil)).Elem() } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput() GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ToGetContainerRuntimePolicyReadonlyFilesPtrOutput() GetContainerRuntimePolicyReadonlyFilesPtrOutput { return o } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ToGetContainerRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput { +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ToGetContainerRuntimePolicyReadonlyFilesPtrOutputWithContext(ctx context.Context) GetContainerRuntimePolicyReadonlyFilesPtrOutput { return o } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetContainerRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[[]GetContainerRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) Elem() GetContainerRuntimePolicyReadonlyFilesOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) GetContainerRuntimePolicyReadonlyFiles { + if v != nil { + return *v + } + var ret GetContainerRuntimePolicyReadonlyFiles + return ret + }).(GetContainerRuntimePolicyReadonlyFilesOutput) } -func (o GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyFileIntegrityMonitoringOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyFileIntegrityMonitoring { - return vs[0].([]GetContainerRuntimePolicyFileIntegrityMonitoring)[vs[1].(int)] - }).(GetContainerRuntimePolicyFileIntegrityMonitoringOutput) +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } -type GetContainerRuntimePolicyMalwareScanOption struct { - // Set Action, Defaults to 'Alert' when empty - Action string `pulumi:"action"` - // Defines if enabled or not - Enabled bool `pulumi:"enabled"` - // List of registry paths to be excluded from being protected. - ExcludeDirectories []string `pulumi:"excludeDirectories"` - // List of registry processes to be excluded from being protected. - ExcludeProcesses []string `pulumi:"excludeProcesses"` +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFiles + }).(pulumi.StringArrayOutput) } -// GetContainerRuntimePolicyMalwareScanOptionInput is an input type that accepts GetContainerRuntimePolicyMalwareScanOptionArgs and GetContainerRuntimePolicyMalwareScanOptionOutput values. -// You can construct a concrete instance of `GetContainerRuntimePolicyMalwareScanOptionInput` via: -// -// GetContainerRuntimePolicyMalwareScanOptionArgs{...} -type GetContainerRuntimePolicyMalwareScanOptionInput interface { - pulumi.Input - - ToGetContainerRuntimePolicyMalwareScanOptionOutput() GetContainerRuntimePolicyMalwareScanOptionOutput - ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(context.Context) GetContainerRuntimePolicyMalwareScanOptionOutput +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) } -type GetContainerRuntimePolicyMalwareScanOptionArgs struct { - // Set Action, Defaults to 'Alert' when empty - Action pulumi.StringInput `pulumi:"action"` - // Defines if enabled or not - Enabled pulumi.BoolInput `pulumi:"enabled"` - // List of registry paths to be excluded from being protected. - ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` - // List of registry processes to be excluded from being protected. - ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ExceptionalReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ExceptionalReadonlyFilesUsers + }).(pulumi.StringArrayOutput) } -func (GetContainerRuntimePolicyMalwareScanOptionArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFiles + }).(pulumi.StringArrayOutput) } -func (i GetContainerRuntimePolicyMalwareScanOptionArgs) ToGetContainerRuntimePolicyMalwareScanOptionOutput() GetContainerRuntimePolicyMalwareScanOptionOutput { - return i.ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(context.Background()) +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesProcesses + }).(pulumi.StringArrayOutput) } -func (i GetContainerRuntimePolicyMalwareScanOptionArgs) ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyMalwareScanOptionOutput) +func (o GetContainerRuntimePolicyReadonlyFilesPtrOutput) ReadonlyFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GetContainerRuntimePolicyReadonlyFiles) []string { + if v == nil { + return nil + } + return v.ReadonlyFilesUsers + }).(pulumi.StringArrayOutput) } -func (i GetContainerRuntimePolicyMalwareScanOptionArgs) ToOutput(ctx context.Context) pulumix.Output[GetContainerRuntimePolicyMalwareScanOption] { - return pulumix.Output[GetContainerRuntimePolicyMalwareScanOption]{ - OutputState: i.ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(ctx).OutputState, - } +type GetContainerRuntimePolicyRestrictedVolume struct { + // Whether restricted volumes are enabled. + Enabled *bool `pulumi:"enabled"` + // List of restricted volumes. + Volumes []string `pulumi:"volumes"` } -// GetContainerRuntimePolicyMalwareScanOptionArrayInput is an input type that accepts GetContainerRuntimePolicyMalwareScanOptionArray and GetContainerRuntimePolicyMalwareScanOptionArrayOutput values. -// You can construct a concrete instance of `GetContainerRuntimePolicyMalwareScanOptionArrayInput` via: +// GetContainerRuntimePolicyRestrictedVolumeInput is an input type that accepts GetContainerRuntimePolicyRestrictedVolumeArgs and GetContainerRuntimePolicyRestrictedVolumeOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyRestrictedVolumeInput` via: // -// GetContainerRuntimePolicyMalwareScanOptionArray{ GetContainerRuntimePolicyMalwareScanOptionArgs{...} } -type GetContainerRuntimePolicyMalwareScanOptionArrayInput interface { +// GetContainerRuntimePolicyRestrictedVolumeArgs{...} +type GetContainerRuntimePolicyRestrictedVolumeInput interface { pulumi.Input - ToGetContainerRuntimePolicyMalwareScanOptionArrayOutput() GetContainerRuntimePolicyMalwareScanOptionArrayOutput - ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(context.Context) GetContainerRuntimePolicyMalwareScanOptionArrayOutput + ToGetContainerRuntimePolicyRestrictedVolumeOutput() GetContainerRuntimePolicyRestrictedVolumeOutput + ToGetContainerRuntimePolicyRestrictedVolumeOutputWithContext(context.Context) GetContainerRuntimePolicyRestrictedVolumeOutput } -type GetContainerRuntimePolicyMalwareScanOptionArray []GetContainerRuntimePolicyMalwareScanOptionInput +type GetContainerRuntimePolicyRestrictedVolumeArgs struct { + // Whether restricted volumes are enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of restricted volumes. + Volumes pulumi.StringArrayInput `pulumi:"volumes"` +} -func (GetContainerRuntimePolicyMalwareScanOptionArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() +func (GetContainerRuntimePolicyRestrictedVolumeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyRestrictedVolume)(nil)).Elem() } -func (i GetContainerRuntimePolicyMalwareScanOptionArray) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutput() GetContainerRuntimePolicyMalwareScanOptionArrayOutput { - return i.ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(context.Background()) +func (i GetContainerRuntimePolicyRestrictedVolumeArgs) ToGetContainerRuntimePolicyRestrictedVolumeOutput() GetContainerRuntimePolicyRestrictedVolumeOutput { + return i.ToGetContainerRuntimePolicyRestrictedVolumeOutputWithContext(context.Background()) } -func (i GetContainerRuntimePolicyMalwareScanOptionArray) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyMalwareScanOptionArrayOutput) +func (i GetContainerRuntimePolicyRestrictedVolumeArgs) ToGetContainerRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) GetContainerRuntimePolicyRestrictedVolumeOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyRestrictedVolumeOutput) } -func (i GetContainerRuntimePolicyMalwareScanOptionArray) ToOutput(ctx context.Context) pulumix.Output[[]GetContainerRuntimePolicyMalwareScanOption] { - return pulumix.Output[[]GetContainerRuntimePolicyMalwareScanOption]{ - OutputState: i.ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx).OutputState, - } +// GetContainerRuntimePolicyRestrictedVolumeArrayInput is an input type that accepts GetContainerRuntimePolicyRestrictedVolumeArray and GetContainerRuntimePolicyRestrictedVolumeArrayOutput values. +// You can construct a concrete instance of `GetContainerRuntimePolicyRestrictedVolumeArrayInput` via: +// +// GetContainerRuntimePolicyRestrictedVolumeArray{ GetContainerRuntimePolicyRestrictedVolumeArgs{...} } +type GetContainerRuntimePolicyRestrictedVolumeArrayInput interface { + pulumi.Input + + ToGetContainerRuntimePolicyRestrictedVolumeArrayOutput() GetContainerRuntimePolicyRestrictedVolumeArrayOutput + ToGetContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Context) GetContainerRuntimePolicyRestrictedVolumeArrayOutput } -type GetContainerRuntimePolicyMalwareScanOptionOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyRestrictedVolumeArray []GetContainerRuntimePolicyRestrictedVolumeInput -func (GetContainerRuntimePolicyMalwareScanOptionOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() +func (GetContainerRuntimePolicyRestrictedVolumeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyRestrictedVolume)(nil)).Elem() } -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ToGetContainerRuntimePolicyMalwareScanOptionOutput() GetContainerRuntimePolicyMalwareScanOptionOutput { - return o +func (i GetContainerRuntimePolicyRestrictedVolumeArray) ToGetContainerRuntimePolicyRestrictedVolumeArrayOutput() GetContainerRuntimePolicyRestrictedVolumeArrayOutput { + return i.ToGetContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(context.Background()) } -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ToGetContainerRuntimePolicyMalwareScanOptionOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionOutput { - return o +func (i GetContainerRuntimePolicyRestrictedVolumeArray) ToGetContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyRestrictedVolumeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyRestrictedVolumeArrayOutput) } -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ToOutput(ctx context.Context) pulumix.Output[GetContainerRuntimePolicyMalwareScanOption] { - return pulumix.Output[GetContainerRuntimePolicyMalwareScanOption]{ - OutputState: o.OutputState, - } +type GetContainerRuntimePolicyRestrictedVolumeOutput struct{ *pulumi.OutputState } + +func (GetContainerRuntimePolicyRestrictedVolumeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetContainerRuntimePolicyRestrictedVolume)(nil)).Elem() } -// Set Action, Defaults to 'Alert' when empty -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) Action() pulumi.StringOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) string { return v.Action }).(pulumi.StringOutput) +func (o GetContainerRuntimePolicyRestrictedVolumeOutput) ToGetContainerRuntimePolicyRestrictedVolumeOutput() GetContainerRuntimePolicyRestrictedVolumeOutput { + return o } -// Defines if enabled or not -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) Enabled() pulumi.BoolOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) bool { return v.Enabled }).(pulumi.BoolOutput) +func (o GetContainerRuntimePolicyRestrictedVolumeOutput) ToGetContainerRuntimePolicyRestrictedVolumeOutputWithContext(ctx context.Context) GetContainerRuntimePolicyRestrictedVolumeOutput { + return o } -// List of registry paths to be excluded from being protected. -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ExcludeDirectories() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) +// Whether restricted volumes are enabled. +func (o GetContainerRuntimePolicyRestrictedVolumeOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyRestrictedVolume) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// List of registry processes to be excluded from being protected. -func (o GetContainerRuntimePolicyMalwareScanOptionOutput) ExcludeProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetContainerRuntimePolicyMalwareScanOption) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) +// List of restricted volumes. +func (o GetContainerRuntimePolicyRestrictedVolumeOutput) Volumes() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetContainerRuntimePolicyRestrictedVolume) []string { return v.Volumes }).(pulumi.StringArrayOutput) } -type GetContainerRuntimePolicyMalwareScanOptionArrayOutput struct{ *pulumi.OutputState } +type GetContainerRuntimePolicyRestrictedVolumeArrayOutput struct{ *pulumi.OutputState } -func (GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetContainerRuntimePolicyMalwareScanOption)(nil)).Elem() +func (GetContainerRuntimePolicyRestrictedVolumeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetContainerRuntimePolicyRestrictedVolume)(nil)).Elem() } -func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutput() GetContainerRuntimePolicyMalwareScanOptionArrayOutput { +func (o GetContainerRuntimePolicyRestrictedVolumeArrayOutput) ToGetContainerRuntimePolicyRestrictedVolumeArrayOutput() GetContainerRuntimePolicyRestrictedVolumeArrayOutput { return o } -func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ToGetContainerRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyMalwareScanOptionArrayOutput { +func (o GetContainerRuntimePolicyRestrictedVolumeArrayOutput) ToGetContainerRuntimePolicyRestrictedVolumeArrayOutputWithContext(ctx context.Context) GetContainerRuntimePolicyRestrictedVolumeArrayOutput { return o } -func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetContainerRuntimePolicyMalwareScanOption] { - return pulumix.Output[[]GetContainerRuntimePolicyMalwareScanOption]{ - OutputState: o.OutputState, - } -} - -func (o GetContainerRuntimePolicyMalwareScanOptionArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyMalwareScanOptionOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyMalwareScanOption { - return vs[0].([]GetContainerRuntimePolicyMalwareScanOption)[vs[1].(int)] - }).(GetContainerRuntimePolicyMalwareScanOptionOutput) +func (o GetContainerRuntimePolicyRestrictedVolumeArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyRestrictedVolumeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyRestrictedVolume { + return vs[0].([]GetContainerRuntimePolicyRestrictedVolume)[vs[1].(int)] + }).(GetContainerRuntimePolicyRestrictedVolumeOutput) } type GetContainerRuntimePolicyScopeVariable struct { Attribute string `pulumi:"attribute"` - // Name of the container runtime policy - Name string `pulumi:"name"` - Value string `pulumi:"value"` + Name string `pulumi:"name"` + Value string `pulumi:"value"` } // GetContainerRuntimePolicyScopeVariableInput is an input type that accepts GetContainerRuntimePolicyScopeVariableArgs and GetContainerRuntimePolicyScopeVariableOutput values. @@ -16569,9 +30314,8 @@ type GetContainerRuntimePolicyScopeVariableInput interface { type GetContainerRuntimePolicyScopeVariableArgs struct { Attribute pulumi.StringInput `pulumi:"attribute"` - // Name of the container runtime policy - Name pulumi.StringInput `pulumi:"name"` - Value pulumi.StringInput `pulumi:"value"` + Name pulumi.StringInput `pulumi:"name"` + Value pulumi.StringInput `pulumi:"value"` } func (GetContainerRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { @@ -16586,12 +30330,6 @@ func (i GetContainerRuntimePolicyScopeVariableArgs) ToGetContainerRuntimePolicyS return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyScopeVariableOutput) } -func (i GetContainerRuntimePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetContainerRuntimePolicyScopeVariable] { - return pulumix.Output[GetContainerRuntimePolicyScopeVariable]{ - OutputState: i.ToGetContainerRuntimePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetContainerRuntimePolicyScopeVariableArrayInput is an input type that accepts GetContainerRuntimePolicyScopeVariableArray and GetContainerRuntimePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetContainerRuntimePolicyScopeVariableArrayInput` via: // @@ -16617,12 +30355,6 @@ func (i GetContainerRuntimePolicyScopeVariableArray) ToGetContainerRuntimePolicy return pulumi.ToOutputWithContext(ctx, i).(GetContainerRuntimePolicyScopeVariableArrayOutput) } -func (i GetContainerRuntimePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetContainerRuntimePolicyScopeVariable] { - return pulumix.Output[[]GetContainerRuntimePolicyScopeVariable]{ - OutputState: i.ToGetContainerRuntimePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetContainerRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } func (GetContainerRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { @@ -16637,17 +30369,10 @@ func (o GetContainerRuntimePolicyScopeVariableOutput) ToGetContainerRuntimePolic return o } -func (o GetContainerRuntimePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetContainerRuntimePolicyScopeVariable] { - return pulumix.Output[GetContainerRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetContainerRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetContainerRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } -// Name of the container runtime policy func (o GetContainerRuntimePolicyScopeVariableOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v GetContainerRuntimePolicyScopeVariable) string { return v.Name }).(pulumi.StringOutput) } @@ -16670,12 +30395,6 @@ func (o GetContainerRuntimePolicyScopeVariableArrayOutput) ToGetContainerRuntime return o } -func (o GetContainerRuntimePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetContainerRuntimePolicyScopeVariable] { - return pulumix.Output[[]GetContainerRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetContainerRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetContainerRuntimePolicyScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetContainerRuntimePolicyScopeVariable { return vs[0].([]GetContainerRuntimePolicyScopeVariable)[vs[1].(int)] @@ -16719,12 +30438,6 @@ func (i GetEnforcerGroupsCommandArgs) ToGetEnforcerGroupsCommandOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetEnforcerGroupsCommandOutput) } -func (i GetEnforcerGroupsCommandArgs) ToOutput(ctx context.Context) pulumix.Output[GetEnforcerGroupsCommand] { - return pulumix.Output[GetEnforcerGroupsCommand]{ - OutputState: i.ToGetEnforcerGroupsCommandOutputWithContext(ctx).OutputState, - } -} - // GetEnforcerGroupsCommandArrayInput is an input type that accepts GetEnforcerGroupsCommandArray and GetEnforcerGroupsCommandArrayOutput values. // You can construct a concrete instance of `GetEnforcerGroupsCommandArrayInput` via: // @@ -16750,12 +30463,6 @@ func (i GetEnforcerGroupsCommandArray) ToGetEnforcerGroupsCommandArrayOutputWith return pulumi.ToOutputWithContext(ctx, i).(GetEnforcerGroupsCommandArrayOutput) } -func (i GetEnforcerGroupsCommandArray) ToOutput(ctx context.Context) pulumix.Output[[]GetEnforcerGroupsCommand] { - return pulumix.Output[[]GetEnforcerGroupsCommand]{ - OutputState: i.ToGetEnforcerGroupsCommandArrayOutputWithContext(ctx).OutputState, - } -} - type GetEnforcerGroupsCommandOutput struct{ *pulumi.OutputState } func (GetEnforcerGroupsCommandOutput) ElementType() reflect.Type { @@ -16770,12 +30477,6 @@ func (o GetEnforcerGroupsCommandOutput) ToGetEnforcerGroupsCommandOutputWithCont return o } -func (o GetEnforcerGroupsCommandOutput) ToOutput(ctx context.Context) pulumix.Output[GetEnforcerGroupsCommand] { - return pulumix.Output[GetEnforcerGroupsCommand]{ - OutputState: o.OutputState, - } -} - func (o GetEnforcerGroupsCommandOutput) Default() pulumi.StringOutput { return o.ApplyT(func(v GetEnforcerGroupsCommand) string { return v.Default }).(pulumi.StringOutput) } @@ -16806,12 +30507,6 @@ func (o GetEnforcerGroupsCommandArrayOutput) ToGetEnforcerGroupsCommandArrayOutp return o } -func (o GetEnforcerGroupsCommandArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetEnforcerGroupsCommand] { - return pulumix.Output[[]GetEnforcerGroupsCommand]{ - OutputState: o.OutputState, - } -} - func (o GetEnforcerGroupsCommandArrayOutput) Index(i pulumi.IntInput) GetEnforcerGroupsCommandOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetEnforcerGroupsCommand { return vs[0].([]GetEnforcerGroupsCommand)[vs[1].(int)] @@ -16822,8 +30517,7 @@ type GetEnforcerGroupsOrchestrator struct { Master bool `pulumi:"master"` Namespace string `pulumi:"namespace"` ServiceAccount string `pulumi:"serviceAccount"` - // Enforcer Type. - Type string `pulumi:"type"` + Type string `pulumi:"type"` } // GetEnforcerGroupsOrchestratorInput is an input type that accepts GetEnforcerGroupsOrchestratorArgs and GetEnforcerGroupsOrchestratorOutput values. @@ -16841,8 +30535,7 @@ type GetEnforcerGroupsOrchestratorArgs struct { Master pulumi.BoolInput `pulumi:"master"` Namespace pulumi.StringInput `pulumi:"namespace"` ServiceAccount pulumi.StringInput `pulumi:"serviceAccount"` - // Enforcer Type. - Type pulumi.StringInput `pulumi:"type"` + Type pulumi.StringInput `pulumi:"type"` } func (GetEnforcerGroupsOrchestratorArgs) ElementType() reflect.Type { @@ -16857,12 +30550,6 @@ func (i GetEnforcerGroupsOrchestratorArgs) ToGetEnforcerGroupsOrchestratorOutput return pulumi.ToOutputWithContext(ctx, i).(GetEnforcerGroupsOrchestratorOutput) } -func (i GetEnforcerGroupsOrchestratorArgs) ToOutput(ctx context.Context) pulumix.Output[GetEnforcerGroupsOrchestrator] { - return pulumix.Output[GetEnforcerGroupsOrchestrator]{ - OutputState: i.ToGetEnforcerGroupsOrchestratorOutputWithContext(ctx).OutputState, - } -} - // GetEnforcerGroupsOrchestratorArrayInput is an input type that accepts GetEnforcerGroupsOrchestratorArray and GetEnforcerGroupsOrchestratorArrayOutput values. // You can construct a concrete instance of `GetEnforcerGroupsOrchestratorArrayInput` via: // @@ -16888,12 +30575,6 @@ func (i GetEnforcerGroupsOrchestratorArray) ToGetEnforcerGroupsOrchestratorArray return pulumi.ToOutputWithContext(ctx, i).(GetEnforcerGroupsOrchestratorArrayOutput) } -func (i GetEnforcerGroupsOrchestratorArray) ToOutput(ctx context.Context) pulumix.Output[[]GetEnforcerGroupsOrchestrator] { - return pulumix.Output[[]GetEnforcerGroupsOrchestrator]{ - OutputState: i.ToGetEnforcerGroupsOrchestratorArrayOutputWithContext(ctx).OutputState, - } -} - type GetEnforcerGroupsOrchestratorOutput struct{ *pulumi.OutputState } func (GetEnforcerGroupsOrchestratorOutput) ElementType() reflect.Type { @@ -16908,12 +30589,6 @@ func (o GetEnforcerGroupsOrchestratorOutput) ToGetEnforcerGroupsOrchestratorOutp return o } -func (o GetEnforcerGroupsOrchestratorOutput) ToOutput(ctx context.Context) pulumix.Output[GetEnforcerGroupsOrchestrator] { - return pulumix.Output[GetEnforcerGroupsOrchestrator]{ - OutputState: o.OutputState, - } -} - func (o GetEnforcerGroupsOrchestratorOutput) Master() pulumi.BoolOutput { return o.ApplyT(func(v GetEnforcerGroupsOrchestrator) bool { return v.Master }).(pulumi.BoolOutput) } @@ -16926,7 +30601,6 @@ func (o GetEnforcerGroupsOrchestratorOutput) ServiceAccount() pulumi.StringOutpu return o.ApplyT(func(v GetEnforcerGroupsOrchestrator) string { return v.ServiceAccount }).(pulumi.StringOutput) } -// Enforcer Type. func (o GetEnforcerGroupsOrchestratorOutput) Type() pulumi.StringOutput { return o.ApplyT(func(v GetEnforcerGroupsOrchestrator) string { return v.Type }).(pulumi.StringOutput) } @@ -16945,12 +30619,6 @@ func (o GetEnforcerGroupsOrchestratorArrayOutput) ToGetEnforcerGroupsOrchestrato return o } -func (o GetEnforcerGroupsOrchestratorArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetEnforcerGroupsOrchestrator] { - return pulumix.Output[[]GetEnforcerGroupsOrchestrator]{ - OutputState: o.OutputState, - } -} - func (o GetEnforcerGroupsOrchestratorArrayOutput) Index(i pulumi.IntInput) GetEnforcerGroupsOrchestratorOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetEnforcerGroupsOrchestrator { return vs[0].([]GetEnforcerGroupsOrchestrator)[vs[1].(int)] @@ -16994,12 +30662,6 @@ func (i GetFirewallPolicyInboundNetworkArgs) ToGetFirewallPolicyInboundNetworkOu return pulumi.ToOutputWithContext(ctx, i).(GetFirewallPolicyInboundNetworkOutput) } -func (i GetFirewallPolicyInboundNetworkArgs) ToOutput(ctx context.Context) pulumix.Output[GetFirewallPolicyInboundNetwork] { - return pulumix.Output[GetFirewallPolicyInboundNetwork]{ - OutputState: i.ToGetFirewallPolicyInboundNetworkOutputWithContext(ctx).OutputState, - } -} - // GetFirewallPolicyInboundNetworkArrayInput is an input type that accepts GetFirewallPolicyInboundNetworkArray and GetFirewallPolicyInboundNetworkArrayOutput values. // You can construct a concrete instance of `GetFirewallPolicyInboundNetworkArrayInput` via: // @@ -17025,12 +30687,6 @@ func (i GetFirewallPolicyInboundNetworkArray) ToGetFirewallPolicyInboundNetworkA return pulumi.ToOutputWithContext(ctx, i).(GetFirewallPolicyInboundNetworkArrayOutput) } -func (i GetFirewallPolicyInboundNetworkArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFirewallPolicyInboundNetwork] { - return pulumix.Output[[]GetFirewallPolicyInboundNetwork]{ - OutputState: i.ToGetFirewallPolicyInboundNetworkArrayOutputWithContext(ctx).OutputState, - } -} - type GetFirewallPolicyInboundNetworkOutput struct{ *pulumi.OutputState } func (GetFirewallPolicyInboundNetworkOutput) ElementType() reflect.Type { @@ -17045,12 +30701,6 @@ func (o GetFirewallPolicyInboundNetworkOutput) ToGetFirewallPolicyInboundNetwork return o } -func (o GetFirewallPolicyInboundNetworkOutput) ToOutput(ctx context.Context) pulumix.Output[GetFirewallPolicyInboundNetwork] { - return pulumix.Output[GetFirewallPolicyInboundNetwork]{ - OutputState: o.OutputState, - } -} - func (o GetFirewallPolicyInboundNetworkOutput) Allow() pulumi.BoolOutput { return o.ApplyT(func(v GetFirewallPolicyInboundNetwork) bool { return v.Allow }).(pulumi.BoolOutput) } @@ -17081,12 +30731,6 @@ func (o GetFirewallPolicyInboundNetworkArrayOutput) ToGetFirewallPolicyInboundNe return o } -func (o GetFirewallPolicyInboundNetworkArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFirewallPolicyInboundNetwork] { - return pulumix.Output[[]GetFirewallPolicyInboundNetwork]{ - OutputState: o.OutputState, - } -} - func (o GetFirewallPolicyInboundNetworkArrayOutput) Index(i pulumi.IntInput) GetFirewallPolicyInboundNetworkOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFirewallPolicyInboundNetwork { return vs[0].([]GetFirewallPolicyInboundNetwork)[vs[1].(int)] @@ -17138,12 +30782,6 @@ func (i GetFirewallPolicyOutboundNetworkArgs) ToGetFirewallPolicyOutboundNetwork return pulumi.ToOutputWithContext(ctx, i).(GetFirewallPolicyOutboundNetworkOutput) } -func (i GetFirewallPolicyOutboundNetworkArgs) ToOutput(ctx context.Context) pulumix.Output[GetFirewallPolicyOutboundNetwork] { - return pulumix.Output[GetFirewallPolicyOutboundNetwork]{ - OutputState: i.ToGetFirewallPolicyOutboundNetworkOutputWithContext(ctx).OutputState, - } -} - // GetFirewallPolicyOutboundNetworkArrayInput is an input type that accepts GetFirewallPolicyOutboundNetworkArray and GetFirewallPolicyOutboundNetworkArrayOutput values. // You can construct a concrete instance of `GetFirewallPolicyOutboundNetworkArrayInput` via: // @@ -17169,12 +30807,6 @@ func (i GetFirewallPolicyOutboundNetworkArray) ToGetFirewallPolicyOutboundNetwor return pulumi.ToOutputWithContext(ctx, i).(GetFirewallPolicyOutboundNetworkArrayOutput) } -func (i GetFirewallPolicyOutboundNetworkArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFirewallPolicyOutboundNetwork] { - return pulumix.Output[[]GetFirewallPolicyOutboundNetwork]{ - OutputState: i.ToGetFirewallPolicyOutboundNetworkArrayOutputWithContext(ctx).OutputState, - } -} - type GetFirewallPolicyOutboundNetworkOutput struct{ *pulumi.OutputState } func (GetFirewallPolicyOutboundNetworkOutput) ElementType() reflect.Type { @@ -17189,12 +30821,6 @@ func (o GetFirewallPolicyOutboundNetworkOutput) ToGetFirewallPolicyOutboundNetwo return o } -func (o GetFirewallPolicyOutboundNetworkOutput) ToOutput(ctx context.Context) pulumix.Output[GetFirewallPolicyOutboundNetwork] { - return pulumix.Output[GetFirewallPolicyOutboundNetwork]{ - OutputState: o.OutputState, - } -} - // Indicates whether the specified resources are allowed to receive data or requests. func (o GetFirewallPolicyOutboundNetworkOutput) Allow() pulumi.BoolOutput { return o.ApplyT(func(v GetFirewallPolicyOutboundNetwork) bool { return v.Allow }).(pulumi.BoolOutput) @@ -17229,12 +30855,6 @@ func (o GetFirewallPolicyOutboundNetworkArrayOutput) ToGetFirewallPolicyOutbound return o } -func (o GetFirewallPolicyOutboundNetworkArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFirewallPolicyOutboundNetwork] { - return pulumix.Output[[]GetFirewallPolicyOutboundNetwork]{ - OutputState: o.OutputState, - } -} - func (o GetFirewallPolicyOutboundNetworkArrayOutput) Index(i pulumi.IntInput) GetFirewallPolicyOutboundNetworkOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFirewallPolicyOutboundNetwork { return vs[0].([]GetFirewallPolicyOutboundNetwork)[vs[1].(int)] @@ -17278,12 +30898,6 @@ func (i GetFunctionAssurancePolicyAutoScanTimeArgs) ToGetFunctionAssurancePolicy return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyAutoScanTimeOutput) } -func (i GetFunctionAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[GetFunctionAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetFunctionAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyAutoScanTimeArrayInput is an input type that accepts GetFunctionAssurancePolicyAutoScanTimeArray and GetFunctionAssurancePolicyAutoScanTimeArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyAutoScanTimeArrayInput` via: // @@ -17309,12 +30923,6 @@ func (i GetFunctionAssurancePolicyAutoScanTimeArray) ToGetFunctionAssurancePolic return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyAutoScanTimeArrayOutput) } -func (i GetFunctionAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetFunctionAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetFunctionAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { @@ -17329,12 +30937,6 @@ func (o GetFunctionAssurancePolicyAutoScanTimeOutput) ToGetFunctionAssurancePoli return o } -func (o GetFunctionAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[GetFunctionAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyAutoScanTime) int { return v.Iteration }).(pulumi.IntOutput) } @@ -17365,12 +30967,6 @@ func (o GetFunctionAssurancePolicyAutoScanTimeArrayOutput) ToGetFunctionAssuranc return o } -func (o GetFunctionAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetFunctionAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyAutoScanTimeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyAutoScanTime { return vs[0].([]GetFunctionAssurancePolicyAutoScanTime)[vs[1].(int)] @@ -17378,7 +30974,6 @@ func (o GetFunctionAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInp } type GetFunctionAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. Author string `pulumi:"author"` Description string `pulumi:"description"` Engine string `pulumi:"engine"` @@ -17403,7 +30998,6 @@ type GetFunctionAssurancePolicyCustomCheckInput interface { } type GetFunctionAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. Author pulumi.StringInput `pulumi:"author"` Description pulumi.StringInput `pulumi:"description"` Engine pulumi.StringInput `pulumi:"engine"` @@ -17428,12 +31022,6 @@ func (i GetFunctionAssurancePolicyCustomCheckArgs) ToGetFunctionAssurancePolicyC return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyCustomCheckOutput) } -func (i GetFunctionAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyCustomCheck] { - return pulumix.Output[GetFunctionAssurancePolicyCustomCheck]{ - OutputState: i.ToGetFunctionAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyCustomCheckArrayInput is an input type that accepts GetFunctionAssurancePolicyCustomCheckArray and GetFunctionAssurancePolicyCustomCheckArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyCustomCheckArrayInput` via: // @@ -17459,12 +31047,6 @@ func (i GetFunctionAssurancePolicyCustomCheckArray) ToGetFunctionAssurancePolicy return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyCustomCheckArrayOutput) } -func (i GetFunctionAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetFunctionAssurancePolicyCustomCheck]{ - OutputState: i.ToGetFunctionAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { @@ -17479,13 +31061,6 @@ func (o GetFunctionAssurancePolicyCustomCheckOutput) ToGetFunctionAssurancePolic return o } -func (o GetFunctionAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyCustomCheck] { - return pulumix.Output[GetFunctionAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - -// Name of user account that created the policy. func (o GetFunctionAssurancePolicyCustomCheckOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyCustomCheck) string { return v.Author }).(pulumi.StringOutput) } @@ -17540,12 +31115,6 @@ func (o GetFunctionAssurancePolicyCustomCheckArrayOutput) ToGetFunctionAssurance return o } -func (o GetFunctionAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetFunctionAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyCustomCheckOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyCustomCheck { return vs[0].([]GetFunctionAssurancePolicyCustomCheck)[vs[1].(int)] @@ -17585,12 +31154,6 @@ func (i GetFunctionAssurancePolicyForbiddenLabelArgs) ToGetFunctionAssurancePoli return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyForbiddenLabelOutput) } -func (i GetFunctionAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetFunctionAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetFunctionAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyForbiddenLabelArrayInput is an input type that accepts GetFunctionAssurancePolicyForbiddenLabelArray and GetFunctionAssurancePolicyForbiddenLabelArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyForbiddenLabelArrayInput` via: // @@ -17616,12 +31179,6 @@ func (i GetFunctionAssurancePolicyForbiddenLabelArray) ToGetFunctionAssurancePol return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyForbiddenLabelArrayOutput) } -func (i GetFunctionAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetFunctionAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetFunctionAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { @@ -17636,12 +31193,6 @@ func (o GetFunctionAssurancePolicyForbiddenLabelOutput) ToGetFunctionAssurancePo return o } -func (o GetFunctionAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetFunctionAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyForbiddenLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -17664,12 +31215,6 @@ func (o GetFunctionAssurancePolicyForbiddenLabelArrayOutput) ToGetFunctionAssura return o } -func (o GetFunctionAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetFunctionAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyForbiddenLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyForbiddenLabel { return vs[0].([]GetFunctionAssurancePolicyForbiddenLabel)[vs[1].(int)] @@ -17723,12 +31268,6 @@ func (i GetFunctionAssurancePolicyPackagesBlackListArgs) ToGetFunctionAssuranceP return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyPackagesBlackListOutput) } -func (i GetFunctionAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetFunctionAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetFunctionAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyPackagesBlackListArrayInput is an input type that accepts GetFunctionAssurancePolicyPackagesBlackListArray and GetFunctionAssurancePolicyPackagesBlackListArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyPackagesBlackListArrayInput` via: // @@ -17754,12 +31293,6 @@ func (i GetFunctionAssurancePolicyPackagesBlackListArray) ToGetFunctionAssurance return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyPackagesBlackListArrayOutput) } -func (i GetFunctionAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetFunctionAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetFunctionAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { @@ -17774,12 +31307,6 @@ func (o GetFunctionAssurancePolicyPackagesBlackListOutput) ToGetFunctionAssuranc return o } -func (o GetFunctionAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetFunctionAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyPackagesBlackList) string { return v.Arch }).(pulumi.StringOutput) } @@ -17830,12 +31357,6 @@ func (o GetFunctionAssurancePolicyPackagesBlackListArrayOutput) ToGetFunctionAss return o } -func (o GetFunctionAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetFunctionAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyPackagesBlackListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyPackagesBlackList { return vs[0].([]GetFunctionAssurancePolicyPackagesBlackList)[vs[1].(int)] @@ -17889,12 +31410,6 @@ func (i GetFunctionAssurancePolicyPackagesWhiteListArgs) ToGetFunctionAssuranceP return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyPackagesWhiteListOutput) } -func (i GetFunctionAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetFunctionAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetFunctionAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts GetFunctionAssurancePolicyPackagesWhiteListArray and GetFunctionAssurancePolicyPackagesWhiteListArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyPackagesWhiteListArrayInput` via: // @@ -17920,12 +31435,6 @@ func (i GetFunctionAssurancePolicyPackagesWhiteListArray) ToGetFunctionAssurance return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyPackagesWhiteListArrayOutput) } -func (i GetFunctionAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetFunctionAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetFunctionAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { @@ -17940,12 +31449,6 @@ func (o GetFunctionAssurancePolicyPackagesWhiteListOutput) ToGetFunctionAssuranc return o } -func (o GetFunctionAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetFunctionAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyPackagesWhiteList) string { return v.Arch }).(pulumi.StringOutput) } @@ -17996,12 +31499,6 @@ func (o GetFunctionAssurancePolicyPackagesWhiteListArrayOutput) ToGetFunctionAss return o } -func (o GetFunctionAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetFunctionAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyPackagesWhiteListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyPackagesWhiteList { return vs[0].([]GetFunctionAssurancePolicyPackagesWhiteList)[vs[1].(int)] @@ -18041,12 +31538,6 @@ func (i GetFunctionAssurancePolicyRequiredLabelArgs) ToGetFunctionAssurancePolic return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyRequiredLabelOutput) } -func (i GetFunctionAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[GetFunctionAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetFunctionAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyRequiredLabelArrayInput is an input type that accepts GetFunctionAssurancePolicyRequiredLabelArray and GetFunctionAssurancePolicyRequiredLabelArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyRequiredLabelArrayInput` via: // @@ -18072,12 +31563,6 @@ func (i GetFunctionAssurancePolicyRequiredLabelArray) ToGetFunctionAssurancePoli return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyRequiredLabelArrayOutput) } -func (i GetFunctionAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetFunctionAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetFunctionAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { @@ -18092,12 +31577,6 @@ func (o GetFunctionAssurancePolicyRequiredLabelOutput) ToGetFunctionAssurancePol return o } -func (o GetFunctionAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[GetFunctionAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyRequiredLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyRequiredLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -18120,12 +31599,6 @@ func (o GetFunctionAssurancePolicyRequiredLabelArrayOutput) ToGetFunctionAssuran return o } -func (o GetFunctionAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetFunctionAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyRequiredLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyRequiredLabel { return vs[0].([]GetFunctionAssurancePolicyRequiredLabel)[vs[1].(int)] @@ -18165,12 +31638,6 @@ func (i GetFunctionAssurancePolicyScopeArgs) ToGetFunctionAssurancePolicyScopeOu return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyScopeOutput) } -func (i GetFunctionAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyScope] { - return pulumix.Output[GetFunctionAssurancePolicyScope]{ - OutputState: i.ToGetFunctionAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyScopeArrayInput is an input type that accepts GetFunctionAssurancePolicyScopeArray and GetFunctionAssurancePolicyScopeArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyScopeArrayInput` via: // @@ -18196,12 +31663,6 @@ func (i GetFunctionAssurancePolicyScopeArray) ToGetFunctionAssurancePolicyScopeA return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyScopeArrayOutput) } -func (i GetFunctionAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyScope] { - return pulumix.Output[[]GetFunctionAssurancePolicyScope]{ - OutputState: i.ToGetFunctionAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyScopeOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyScopeOutput) ElementType() reflect.Type { @@ -18216,12 +31677,6 @@ func (o GetFunctionAssurancePolicyScopeOutput) ToGetFunctionAssurancePolicyScope return o } -func (o GetFunctionAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyScope] { - return pulumix.Output[GetFunctionAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyScopeOutput) Expression() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyScope) string { return v.Expression }).(pulumi.StringOutput) } @@ -18244,12 +31699,6 @@ func (o GetFunctionAssurancePolicyScopeArrayOutput) ToGetFunctionAssurancePolicy return o } -func (o GetFunctionAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyScope] { - return pulumix.Output[[]GetFunctionAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyScopeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyScope { return vs[0].([]GetFunctionAssurancePolicyScope)[vs[1].(int)] @@ -18291,12 +31740,6 @@ func (i GetFunctionAssurancePolicyScopeVariableArgs) ToGetFunctionAssurancePolic return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyScopeVariableOutput) } -func (i GetFunctionAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyScopeVariable] { - return pulumix.Output[GetFunctionAssurancePolicyScopeVariable]{ - OutputState: i.ToGetFunctionAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyScopeVariableArrayInput is an input type that accepts GetFunctionAssurancePolicyScopeVariableArray and GetFunctionAssurancePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyScopeVariableArrayInput` via: // @@ -18322,12 +31765,6 @@ func (i GetFunctionAssurancePolicyScopeVariableArray) ToGetFunctionAssurancePoli return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyScopeVariableArrayOutput) } -func (i GetFunctionAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetFunctionAssurancePolicyScopeVariable]{ - OutputState: i.ToGetFunctionAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { @@ -18342,12 +31779,6 @@ func (o GetFunctionAssurancePolicyScopeVariableOutput) ToGetFunctionAssurancePol return o } -func (o GetFunctionAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyScopeVariable] { - return pulumix.Output[GetFunctionAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionAssurancePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } @@ -18374,12 +31805,6 @@ func (o GetFunctionAssurancePolicyScopeVariableArrayOutput) ToGetFunctionAssuran return o } -func (o GetFunctionAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetFunctionAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyScopeVariable { return vs[0].([]GetFunctionAssurancePolicyScopeVariable)[vs[1].(int)] @@ -18419,12 +31844,6 @@ func (i GetFunctionAssurancePolicyTrustedBaseImageArgs) ToGetFunctionAssurancePo return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyTrustedBaseImageOutput) } -func (i GetFunctionAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetFunctionAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetFunctionAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } -} - // GetFunctionAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts GetFunctionAssurancePolicyTrustedBaseImageArray and GetFunctionAssurancePolicyTrustedBaseImageArrayOutput values. // You can construct a concrete instance of `GetFunctionAssurancePolicyTrustedBaseImageArrayInput` via: // @@ -18450,12 +31869,6 @@ func (i GetFunctionAssurancePolicyTrustedBaseImageArray) ToGetFunctionAssuranceP return pulumi.ToOutputWithContext(ctx, i).(GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) } -func (i GetFunctionAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetFunctionAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } func (GetFunctionAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { @@ -18470,51 +31883,268 @@ func (o GetFunctionAssurancePolicyTrustedBaseImageOutput) ToGetFunctionAssurance return o } -func (o GetFunctionAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetFunctionAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o GetFunctionAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringOutput { + return o.ApplyT(func(v GetFunctionAssurancePolicyTrustedBaseImage) string { return v.Imagename }).(pulumi.StringOutput) +} + +func (o GetFunctionAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringOutput { + return o.ApplyT(func(v GetFunctionAssurancePolicyTrustedBaseImage) string { return v.Registry }).(pulumi.StringOutput) +} + +type GetFunctionAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } + +func (GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetFunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ToGetFunctionAssurancePolicyTrustedBaseImageArrayOutput() GetFunctionAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ToGetFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) GetFunctionAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyTrustedBaseImage { + return vs[0].([]GetFunctionAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(GetFunctionAssurancePolicyTrustedBaseImageOutput) +} + +type GetFunctionRuntimePolicyDriftPrevention struct { + // Whether drift prevention is enabled. + Enabled *bool `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown *bool `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists []string `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown *bool `pulumi:"imageLockdown"` +} + +// GetFunctionRuntimePolicyDriftPreventionInput is an input type that accepts GetFunctionRuntimePolicyDriftPreventionArgs and GetFunctionRuntimePolicyDriftPreventionOutput values. +// You can construct a concrete instance of `GetFunctionRuntimePolicyDriftPreventionInput` via: +// +// GetFunctionRuntimePolicyDriftPreventionArgs{...} +type GetFunctionRuntimePolicyDriftPreventionInput interface { + pulumi.Input + + ToGetFunctionRuntimePolicyDriftPreventionOutput() GetFunctionRuntimePolicyDriftPreventionOutput + ToGetFunctionRuntimePolicyDriftPreventionOutputWithContext(context.Context) GetFunctionRuntimePolicyDriftPreventionOutput +} + +type GetFunctionRuntimePolicyDriftPreventionArgs struct { + // Whether drift prevention is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Whether to lockdown execution drift. + ExecLockdown pulumi.BoolPtrInput `pulumi:"execLockdown"` + // List of items in the execution lockdown white list. + ExecLockdownWhiteLists pulumi.StringArrayInput `pulumi:"execLockdownWhiteLists"` + // Whether to lockdown image drift. + ImageLockdown pulumi.BoolPtrInput `pulumi:"imageLockdown"` +} + +func (GetFunctionRuntimePolicyDriftPreventionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetFunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (i GetFunctionRuntimePolicyDriftPreventionArgs) ToGetFunctionRuntimePolicyDriftPreventionOutput() GetFunctionRuntimePolicyDriftPreventionOutput { + return i.ToGetFunctionRuntimePolicyDriftPreventionOutputWithContext(context.Background()) +} + +func (i GetFunctionRuntimePolicyDriftPreventionArgs) ToGetFunctionRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyDriftPreventionOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetFunctionRuntimePolicyDriftPreventionOutput) +} + +// GetFunctionRuntimePolicyDriftPreventionArrayInput is an input type that accepts GetFunctionRuntimePolicyDriftPreventionArray and GetFunctionRuntimePolicyDriftPreventionArrayOutput values. +// You can construct a concrete instance of `GetFunctionRuntimePolicyDriftPreventionArrayInput` via: +// +// GetFunctionRuntimePolicyDriftPreventionArray{ GetFunctionRuntimePolicyDriftPreventionArgs{...} } +type GetFunctionRuntimePolicyDriftPreventionArrayInput interface { + pulumi.Input + + ToGetFunctionRuntimePolicyDriftPreventionArrayOutput() GetFunctionRuntimePolicyDriftPreventionArrayOutput + ToGetFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(context.Context) GetFunctionRuntimePolicyDriftPreventionArrayOutput +} + +type GetFunctionRuntimePolicyDriftPreventionArray []GetFunctionRuntimePolicyDriftPreventionInput + +func (GetFunctionRuntimePolicyDriftPreventionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetFunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (i GetFunctionRuntimePolicyDriftPreventionArray) ToGetFunctionRuntimePolicyDriftPreventionArrayOutput() GetFunctionRuntimePolicyDriftPreventionArrayOutput { + return i.ToGetFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(context.Background()) +} + +func (i GetFunctionRuntimePolicyDriftPreventionArray) ToGetFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyDriftPreventionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetFunctionRuntimePolicyDriftPreventionArrayOutput) +} + +type GetFunctionRuntimePolicyDriftPreventionOutput struct{ *pulumi.OutputState } + +func (GetFunctionRuntimePolicyDriftPreventionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetFunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (o GetFunctionRuntimePolicyDriftPreventionOutput) ToGetFunctionRuntimePolicyDriftPreventionOutput() GetFunctionRuntimePolicyDriftPreventionOutput { + return o +} + +func (o GetFunctionRuntimePolicyDriftPreventionOutput) ToGetFunctionRuntimePolicyDriftPreventionOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyDriftPreventionOutput { + return o +} + +// Whether drift prevention is enabled. +func (o GetFunctionRuntimePolicyDriftPreventionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetFunctionRuntimePolicyDriftPrevention) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Whether to lockdown execution drift. +func (o GetFunctionRuntimePolicyDriftPreventionOutput) ExecLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetFunctionRuntimePolicyDriftPrevention) *bool { return v.ExecLockdown }).(pulumi.BoolPtrOutput) +} + +// List of items in the execution lockdown white list. +func (o GetFunctionRuntimePolicyDriftPreventionOutput) ExecLockdownWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetFunctionRuntimePolicyDriftPrevention) []string { return v.ExecLockdownWhiteLists }).(pulumi.StringArrayOutput) +} + +// Whether to lockdown image drift. +func (o GetFunctionRuntimePolicyDriftPreventionOutput) ImageLockdown() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetFunctionRuntimePolicyDriftPrevention) *bool { return v.ImageLockdown }).(pulumi.BoolPtrOutput) +} + +type GetFunctionRuntimePolicyDriftPreventionArrayOutput struct{ *pulumi.OutputState } + +func (GetFunctionRuntimePolicyDriftPreventionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetFunctionRuntimePolicyDriftPrevention)(nil)).Elem() +} + +func (o GetFunctionRuntimePolicyDriftPreventionArrayOutput) ToGetFunctionRuntimePolicyDriftPreventionArrayOutput() GetFunctionRuntimePolicyDriftPreventionArrayOutput { + return o +} + +func (o GetFunctionRuntimePolicyDriftPreventionArrayOutput) ToGetFunctionRuntimePolicyDriftPreventionArrayOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyDriftPreventionArrayOutput { + return o +} + +func (o GetFunctionRuntimePolicyDriftPreventionArrayOutput) Index(i pulumi.IntInput) GetFunctionRuntimePolicyDriftPreventionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionRuntimePolicyDriftPrevention { + return vs[0].([]GetFunctionRuntimePolicyDriftPrevention)[vs[1].(int)] + }).(GetFunctionRuntimePolicyDriftPreventionOutput) +} + +type GetFunctionRuntimePolicyExecutableBlacklist struct { + // Whether the executable blacklist is enabled. + Enabled *bool `pulumi:"enabled"` + // List of blacklisted executables. + Executables []string `pulumi:"executables"` +} + +// GetFunctionRuntimePolicyExecutableBlacklistInput is an input type that accepts GetFunctionRuntimePolicyExecutableBlacklistArgs and GetFunctionRuntimePolicyExecutableBlacklistOutput values. +// You can construct a concrete instance of `GetFunctionRuntimePolicyExecutableBlacklistInput` via: +// +// GetFunctionRuntimePolicyExecutableBlacklistArgs{...} +type GetFunctionRuntimePolicyExecutableBlacklistInput interface { + pulumi.Input + + ToGetFunctionRuntimePolicyExecutableBlacklistOutput() GetFunctionRuntimePolicyExecutableBlacklistOutput + ToGetFunctionRuntimePolicyExecutableBlacklistOutputWithContext(context.Context) GetFunctionRuntimePolicyExecutableBlacklistOutput +} + +type GetFunctionRuntimePolicyExecutableBlacklistArgs struct { + // Whether the executable blacklist is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of blacklisted executables. + Executables pulumi.StringArrayInput `pulumi:"executables"` +} + +func (GetFunctionRuntimePolicyExecutableBlacklistArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetFunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (i GetFunctionRuntimePolicyExecutableBlacklistArgs) ToGetFunctionRuntimePolicyExecutableBlacklistOutput() GetFunctionRuntimePolicyExecutableBlacklistOutput { + return i.ToGetFunctionRuntimePolicyExecutableBlacklistOutputWithContext(context.Background()) +} + +func (i GetFunctionRuntimePolicyExecutableBlacklistArgs) ToGetFunctionRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyExecutableBlacklistOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetFunctionRuntimePolicyExecutableBlacklistOutput) +} + +// GetFunctionRuntimePolicyExecutableBlacklistArrayInput is an input type that accepts GetFunctionRuntimePolicyExecutableBlacklistArray and GetFunctionRuntimePolicyExecutableBlacklistArrayOutput values. +// You can construct a concrete instance of `GetFunctionRuntimePolicyExecutableBlacklistArrayInput` via: +// +// GetFunctionRuntimePolicyExecutableBlacklistArray{ GetFunctionRuntimePolicyExecutableBlacklistArgs{...} } +type GetFunctionRuntimePolicyExecutableBlacklistArrayInput interface { + pulumi.Input + + ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutput() GetFunctionRuntimePolicyExecutableBlacklistArrayOutput + ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Context) GetFunctionRuntimePolicyExecutableBlacklistArrayOutput +} + +type GetFunctionRuntimePolicyExecutableBlacklistArray []GetFunctionRuntimePolicyExecutableBlacklistInput + +func (GetFunctionRuntimePolicyExecutableBlacklistArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetFunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (i GetFunctionRuntimePolicyExecutableBlacklistArray) ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutput() GetFunctionRuntimePolicyExecutableBlacklistArrayOutput { + return i.ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(context.Background()) +} + +func (i GetFunctionRuntimePolicyExecutableBlacklistArray) ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyExecutableBlacklistArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetFunctionRuntimePolicyExecutableBlacklistArrayOutput) +} + +type GetFunctionRuntimePolicyExecutableBlacklistOutput struct{ *pulumi.OutputState } + +func (GetFunctionRuntimePolicyExecutableBlacklistOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetFunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() +} + +func (o GetFunctionRuntimePolicyExecutableBlacklistOutput) ToGetFunctionRuntimePolicyExecutableBlacklistOutput() GetFunctionRuntimePolicyExecutableBlacklistOutput { + return o +} + +func (o GetFunctionRuntimePolicyExecutableBlacklistOutput) ToGetFunctionRuntimePolicyExecutableBlacklistOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyExecutableBlacklistOutput { + return o } -func (o GetFunctionAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringOutput { - return o.ApplyT(func(v GetFunctionAssurancePolicyTrustedBaseImage) string { return v.Imagename }).(pulumi.StringOutput) +// Whether the executable blacklist is enabled. +func (o GetFunctionRuntimePolicyExecutableBlacklistOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetFunctionRuntimePolicyExecutableBlacklist) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o GetFunctionAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringOutput { - return o.ApplyT(func(v GetFunctionAssurancePolicyTrustedBaseImage) string { return v.Registry }).(pulumi.StringOutput) +// List of blacklisted executables. +func (o GetFunctionRuntimePolicyExecutableBlacklistOutput) Executables() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetFunctionRuntimePolicyExecutableBlacklist) []string { return v.Executables }).(pulumi.StringArrayOutput) } -type GetFunctionAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } +type GetFunctionRuntimePolicyExecutableBlacklistArrayOutput struct{ *pulumi.OutputState } -func (GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetFunctionAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (GetFunctionRuntimePolicyExecutableBlacklistArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetFunctionRuntimePolicyExecutableBlacklist)(nil)).Elem() } -func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ToGetFunctionAssurancePolicyTrustedBaseImageArrayOutput() GetFunctionAssurancePolicyTrustedBaseImageArrayOutput { +func (o GetFunctionRuntimePolicyExecutableBlacklistArrayOutput) ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutput() GetFunctionRuntimePolicyExecutableBlacklistArrayOutput { return o } -func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ToGetFunctionAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) GetFunctionAssurancePolicyTrustedBaseImageArrayOutput { +func (o GetFunctionRuntimePolicyExecutableBlacklistArrayOutput) ToGetFunctionRuntimePolicyExecutableBlacklistArrayOutputWithContext(ctx context.Context) GetFunctionRuntimePolicyExecutableBlacklistArrayOutput { return o } -func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetFunctionAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - -func (o GetFunctionAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) GetFunctionAssurancePolicyTrustedBaseImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionAssurancePolicyTrustedBaseImage { - return vs[0].([]GetFunctionAssurancePolicyTrustedBaseImage)[vs[1].(int)] - }).(GetFunctionAssurancePolicyTrustedBaseImageOutput) +func (o GetFunctionRuntimePolicyExecutableBlacklistArrayOutput) Index(i pulumi.IntInput) GetFunctionRuntimePolicyExecutableBlacklistOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionRuntimePolicyExecutableBlacklist { + return vs[0].([]GetFunctionRuntimePolicyExecutableBlacklist)[vs[1].(int)] + }).(GetFunctionRuntimePolicyExecutableBlacklistOutput) } type GetFunctionRuntimePolicyScopeVariable struct { Attribute string `pulumi:"attribute"` - // Name of the function runtime policy - Name string `pulumi:"name"` - Value string `pulumi:"value"` + Name string `pulumi:"name"` + Value string `pulumi:"value"` } // GetFunctionRuntimePolicyScopeVariableInput is an input type that accepts GetFunctionRuntimePolicyScopeVariableArgs and GetFunctionRuntimePolicyScopeVariableOutput values. @@ -18530,9 +32160,8 @@ type GetFunctionRuntimePolicyScopeVariableInput interface { type GetFunctionRuntimePolicyScopeVariableArgs struct { Attribute pulumi.StringInput `pulumi:"attribute"` - // Name of the function runtime policy - Name pulumi.StringInput `pulumi:"name"` - Value pulumi.StringInput `pulumi:"value"` + Name pulumi.StringInput `pulumi:"name"` + Value pulumi.StringInput `pulumi:"value"` } func (GetFunctionRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { @@ -18547,12 +32176,6 @@ func (i GetFunctionRuntimePolicyScopeVariableArgs) ToGetFunctionRuntimePolicySco return pulumi.ToOutputWithContext(ctx, i).(GetFunctionRuntimePolicyScopeVariableOutput) } -func (i GetFunctionRuntimePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetFunctionRuntimePolicyScopeVariable] { - return pulumix.Output[GetFunctionRuntimePolicyScopeVariable]{ - OutputState: i.ToGetFunctionRuntimePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetFunctionRuntimePolicyScopeVariableArrayInput is an input type that accepts GetFunctionRuntimePolicyScopeVariableArray and GetFunctionRuntimePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetFunctionRuntimePolicyScopeVariableArrayInput` via: // @@ -18578,12 +32201,6 @@ func (i GetFunctionRuntimePolicyScopeVariableArray) ToGetFunctionRuntimePolicySc return pulumi.ToOutputWithContext(ctx, i).(GetFunctionRuntimePolicyScopeVariableArrayOutput) } -func (i GetFunctionRuntimePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionRuntimePolicyScopeVariable] { - return pulumix.Output[[]GetFunctionRuntimePolicyScopeVariable]{ - OutputState: i.ToGetFunctionRuntimePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetFunctionRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } func (GetFunctionRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { @@ -18598,17 +32215,10 @@ func (o GetFunctionRuntimePolicyScopeVariableOutput) ToGetFunctionRuntimePolicyS return o } -func (o GetFunctionRuntimePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetFunctionRuntimePolicyScopeVariable] { - return pulumix.Output[GetFunctionRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } -// Name of the function runtime policy func (o GetFunctionRuntimePolicyScopeVariableOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v GetFunctionRuntimePolicyScopeVariable) string { return v.Name }).(pulumi.StringOutput) } @@ -18631,12 +32241,6 @@ func (o GetFunctionRuntimePolicyScopeVariableArrayOutput) ToGetFunctionRuntimePo return o } -func (o GetFunctionRuntimePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetFunctionRuntimePolicyScopeVariable] { - return pulumix.Output[[]GetFunctionRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetFunctionRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetFunctionRuntimePolicyScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetFunctionRuntimePolicyScopeVariable { return vs[0].([]GetFunctionRuntimePolicyScopeVariable)[vs[1].(int)] @@ -18644,10 +32248,9 @@ func (o GetFunctionRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInpu } type GetGatewaysGateway struct { - Description string `pulumi:"description"` - GrpcAddress string `pulumi:"grpcAddress"` - Hostname string `pulumi:"hostname"` - // The ID of this resource. + Description string `pulumi:"description"` + GrpcAddress string `pulumi:"grpcAddress"` + Hostname string `pulumi:"hostname"` Id string `pulumi:"id"` Logicalname string `pulumi:"logicalname"` PublicAddress string `pulumi:"publicAddress"` @@ -18667,10 +32270,9 @@ type GetGatewaysGatewayInput interface { } type GetGatewaysGatewayArgs struct { - Description pulumi.StringInput `pulumi:"description"` - GrpcAddress pulumi.StringInput `pulumi:"grpcAddress"` - Hostname pulumi.StringInput `pulumi:"hostname"` - // The ID of this resource. + Description pulumi.StringInput `pulumi:"description"` + GrpcAddress pulumi.StringInput `pulumi:"grpcAddress"` + Hostname pulumi.StringInput `pulumi:"hostname"` Id pulumi.StringInput `pulumi:"id"` Logicalname pulumi.StringInput `pulumi:"logicalname"` PublicAddress pulumi.StringInput `pulumi:"publicAddress"` @@ -18690,12 +32292,6 @@ func (i GetGatewaysGatewayArgs) ToGetGatewaysGatewayOutputWithContext(ctx contex return pulumi.ToOutputWithContext(ctx, i).(GetGatewaysGatewayOutput) } -func (i GetGatewaysGatewayArgs) ToOutput(ctx context.Context) pulumix.Output[GetGatewaysGateway] { - return pulumix.Output[GetGatewaysGateway]{ - OutputState: i.ToGetGatewaysGatewayOutputWithContext(ctx).OutputState, - } -} - // GetGatewaysGatewayArrayInput is an input type that accepts GetGatewaysGatewayArray and GetGatewaysGatewayArrayOutput values. // You can construct a concrete instance of `GetGatewaysGatewayArrayInput` via: // @@ -18721,12 +32317,6 @@ func (i GetGatewaysGatewayArray) ToGetGatewaysGatewayArrayOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetGatewaysGatewayArrayOutput) } -func (i GetGatewaysGatewayArray) ToOutput(ctx context.Context) pulumix.Output[[]GetGatewaysGateway] { - return pulumix.Output[[]GetGatewaysGateway]{ - OutputState: i.ToGetGatewaysGatewayArrayOutputWithContext(ctx).OutputState, - } -} - type GetGatewaysGatewayOutput struct{ *pulumi.OutputState } func (GetGatewaysGatewayOutput) ElementType() reflect.Type { @@ -18741,12 +32331,6 @@ func (o GetGatewaysGatewayOutput) ToGetGatewaysGatewayOutputWithContext(ctx cont return o } -func (o GetGatewaysGatewayOutput) ToOutput(ctx context.Context) pulumix.Output[GetGatewaysGateway] { - return pulumix.Output[GetGatewaysGateway]{ - OutputState: o.OutputState, - } -} - func (o GetGatewaysGatewayOutput) Description() pulumi.StringOutput { return o.ApplyT(func(v GetGatewaysGateway) string { return v.Description }).(pulumi.StringOutput) } @@ -18759,7 +32343,6 @@ func (o GetGatewaysGatewayOutput) Hostname() pulumi.StringOutput { return o.ApplyT(func(v GetGatewaysGateway) string { return v.Hostname }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetGatewaysGatewayOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v GetGatewaysGateway) string { return v.Id }).(pulumi.StringOutput) } @@ -18794,12 +32377,6 @@ func (o GetGatewaysGatewayArrayOutput) ToGetGatewaysGatewayArrayOutputWithContex return o } -func (o GetGatewaysGatewayArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetGatewaysGateway] { - return pulumix.Output[[]GetGatewaysGateway]{ - OutputState: o.OutputState, - } -} - func (o GetGatewaysGatewayArrayOutput) Index(i pulumi.IntInput) GetGatewaysGatewayOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetGatewaysGateway { return vs[0].([]GetGatewaysGateway)[vs[1].(int)] @@ -18841,12 +32418,6 @@ func (i GetGroupsGroupArgs) ToGetGroupsGroupOutputWithContext(ctx context.Contex return pulumi.ToOutputWithContext(ctx, i).(GetGroupsGroupOutput) } -func (i GetGroupsGroupArgs) ToOutput(ctx context.Context) pulumix.Output[GetGroupsGroup] { - return pulumix.Output[GetGroupsGroup]{ - OutputState: i.ToGetGroupsGroupOutputWithContext(ctx).OutputState, - } -} - // GetGroupsGroupArrayInput is an input type that accepts GetGroupsGroupArray and GetGroupsGroupArrayOutput values. // You can construct a concrete instance of `GetGroupsGroupArrayInput` via: // @@ -18872,12 +32443,6 @@ func (i GetGroupsGroupArray) ToGetGroupsGroupArrayOutputWithContext(ctx context. return pulumi.ToOutputWithContext(ctx, i).(GetGroupsGroupArrayOutput) } -func (i GetGroupsGroupArray) ToOutput(ctx context.Context) pulumix.Output[[]GetGroupsGroup] { - return pulumix.Output[[]GetGroupsGroup]{ - OutputState: i.ToGetGroupsGroupArrayOutputWithContext(ctx).OutputState, - } -} - type GetGroupsGroupOutput struct{ *pulumi.OutputState } func (GetGroupsGroupOutput) ElementType() reflect.Type { @@ -18892,12 +32457,6 @@ func (o GetGroupsGroupOutput) ToGetGroupsGroupOutputWithContext(ctx context.Cont return o } -func (o GetGroupsGroupOutput) ToOutput(ctx context.Context) pulumix.Output[GetGroupsGroup] { - return pulumix.Output[GetGroupsGroup]{ - OutputState: o.OutputState, - } -} - func (o GetGroupsGroupOutput) Created() pulumi.StringOutput { return o.ApplyT(func(v GetGroupsGroup) string { return v.Created }).(pulumi.StringOutput) } @@ -18924,12 +32483,6 @@ func (o GetGroupsGroupArrayOutput) ToGetGroupsGroupArrayOutputWithContext(ctx co return o } -func (o GetGroupsGroupArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetGroupsGroup] { - return pulumix.Output[[]GetGroupsGroup]{ - OutputState: o.OutputState, - } -} - func (o GetGroupsGroupArrayOutput) Index(i pulumi.IntInput) GetGroupsGroupOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetGroupsGroup { return vs[0].([]GetGroupsGroup)[vs[1].(int)] @@ -18973,12 +32526,6 @@ func (i GetHostAssurancePolicyAutoScanTimeArgs) ToGetHostAssurancePolicyAutoScan return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyAutoScanTimeOutput) } -func (i GetHostAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyAutoScanTime] { - return pulumix.Output[GetHostAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetHostAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyAutoScanTimeArrayInput is an input type that accepts GetHostAssurancePolicyAutoScanTimeArray and GetHostAssurancePolicyAutoScanTimeArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyAutoScanTimeArrayInput` via: // @@ -19004,12 +32551,6 @@ func (i GetHostAssurancePolicyAutoScanTimeArray) ToGetHostAssurancePolicyAutoSca return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyAutoScanTimeArrayOutput) } -func (i GetHostAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetHostAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetHostAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { @@ -19024,12 +32565,6 @@ func (o GetHostAssurancePolicyAutoScanTimeOutput) ToGetHostAssurancePolicyAutoSc return o } -func (o GetHostAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyAutoScanTime] { - return pulumix.Output[GetHostAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntOutput { return o.ApplyT(func(v GetHostAssurancePolicyAutoScanTime) int { return v.Iteration }).(pulumi.IntOutput) } @@ -19060,12 +32595,6 @@ func (o GetHostAssurancePolicyAutoScanTimeArrayOutput) ToGetHostAssurancePolicyA return o } -func (o GetHostAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetHostAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyAutoScanTimeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyAutoScanTime { return vs[0].([]GetHostAssurancePolicyAutoScanTime)[vs[1].(int)] @@ -19073,7 +32602,6 @@ func (o GetHostAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) } type GetHostAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. Author string `pulumi:"author"` Description string `pulumi:"description"` Engine string `pulumi:"engine"` @@ -19098,7 +32626,6 @@ type GetHostAssurancePolicyCustomCheckInput interface { } type GetHostAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. Author pulumi.StringInput `pulumi:"author"` Description pulumi.StringInput `pulumi:"description"` Engine pulumi.StringInput `pulumi:"engine"` @@ -19123,12 +32650,6 @@ func (i GetHostAssurancePolicyCustomCheckArgs) ToGetHostAssurancePolicyCustomChe return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyCustomCheckOutput) } -func (i GetHostAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyCustomCheck] { - return pulumix.Output[GetHostAssurancePolicyCustomCheck]{ - OutputState: i.ToGetHostAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyCustomCheckArrayInput is an input type that accepts GetHostAssurancePolicyCustomCheckArray and GetHostAssurancePolicyCustomCheckArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyCustomCheckArrayInput` via: // @@ -19154,12 +32675,6 @@ func (i GetHostAssurancePolicyCustomCheckArray) ToGetHostAssurancePolicyCustomCh return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyCustomCheckArrayOutput) } -func (i GetHostAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetHostAssurancePolicyCustomCheck]{ - OutputState: i.ToGetHostAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { @@ -19174,13 +32689,6 @@ func (o GetHostAssurancePolicyCustomCheckOutput) ToGetHostAssurancePolicyCustomC return o } -func (o GetHostAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyCustomCheck] { - return pulumix.Output[GetHostAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - -// Name of user account that created the policy. func (o GetHostAssurancePolicyCustomCheckOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetHostAssurancePolicyCustomCheck) string { return v.Author }).(pulumi.StringOutput) } @@ -19235,12 +32743,6 @@ func (o GetHostAssurancePolicyCustomCheckArrayOutput) ToGetHostAssurancePolicyCu return o } -func (o GetHostAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetHostAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyCustomCheckOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyCustomCheck { return vs[0].([]GetHostAssurancePolicyCustomCheck)[vs[1].(int)] @@ -19280,12 +32782,6 @@ func (i GetHostAssurancePolicyForbiddenLabelArgs) ToGetHostAssurancePolicyForbid return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyForbiddenLabelOutput) } -func (i GetHostAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetHostAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetHostAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyForbiddenLabelArrayInput is an input type that accepts GetHostAssurancePolicyForbiddenLabelArray and GetHostAssurancePolicyForbiddenLabelArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyForbiddenLabelArrayInput` via: // @@ -19311,12 +32807,6 @@ func (i GetHostAssurancePolicyForbiddenLabelArray) ToGetHostAssurancePolicyForbi return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyForbiddenLabelArrayOutput) } -func (i GetHostAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetHostAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetHostAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { @@ -19331,12 +32821,6 @@ func (o GetHostAssurancePolicyForbiddenLabelOutput) ToGetHostAssurancePolicyForb return o } -func (o GetHostAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetHostAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetHostAssurancePolicyForbiddenLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -19359,12 +32843,6 @@ func (o GetHostAssurancePolicyForbiddenLabelArrayOutput) ToGetHostAssurancePolic return o } -func (o GetHostAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetHostAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyForbiddenLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyForbiddenLabel { return vs[0].([]GetHostAssurancePolicyForbiddenLabel)[vs[1].(int)] @@ -19418,12 +32896,6 @@ func (i GetHostAssurancePolicyPackagesBlackListArgs) ToGetHostAssurancePolicyPac return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyPackagesBlackListOutput) } -func (i GetHostAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetHostAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetHostAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyPackagesBlackListArrayInput is an input type that accepts GetHostAssurancePolicyPackagesBlackListArray and GetHostAssurancePolicyPackagesBlackListArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyPackagesBlackListArrayInput` via: // @@ -19449,12 +32921,6 @@ func (i GetHostAssurancePolicyPackagesBlackListArray) ToGetHostAssurancePolicyPa return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyPackagesBlackListArrayOutput) } -func (i GetHostAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetHostAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetHostAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { @@ -19469,12 +32935,6 @@ func (o GetHostAssurancePolicyPackagesBlackListOutput) ToGetHostAssurancePolicyP return o } -func (o GetHostAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetHostAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetHostAssurancePolicyPackagesBlackList) string { return v.Arch }).(pulumi.StringOutput) } @@ -19525,12 +32985,6 @@ func (o GetHostAssurancePolicyPackagesBlackListArrayOutput) ToGetHostAssurancePo return o } -func (o GetHostAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetHostAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyPackagesBlackListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyPackagesBlackList { return vs[0].([]GetHostAssurancePolicyPackagesBlackList)[vs[1].(int)] @@ -19584,12 +33038,6 @@ func (i GetHostAssurancePolicyPackagesWhiteListArgs) ToGetHostAssurancePolicyPac return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyPackagesWhiteListOutput) } -func (i GetHostAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetHostAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetHostAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts GetHostAssurancePolicyPackagesWhiteListArray and GetHostAssurancePolicyPackagesWhiteListArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyPackagesWhiteListArrayInput` via: // @@ -19615,12 +33063,6 @@ func (i GetHostAssurancePolicyPackagesWhiteListArray) ToGetHostAssurancePolicyPa return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyPackagesWhiteListArrayOutput) } -func (i GetHostAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetHostAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetHostAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { @@ -19635,12 +33077,6 @@ func (o GetHostAssurancePolicyPackagesWhiteListOutput) ToGetHostAssurancePolicyP return o } -func (o GetHostAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetHostAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetHostAssurancePolicyPackagesWhiteList) string { return v.Arch }).(pulumi.StringOutput) } @@ -19691,12 +33127,6 @@ func (o GetHostAssurancePolicyPackagesWhiteListArrayOutput) ToGetHostAssurancePo return o } -func (o GetHostAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetHostAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyPackagesWhiteListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyPackagesWhiteList { return vs[0].([]GetHostAssurancePolicyPackagesWhiteList)[vs[1].(int)] @@ -19736,12 +33166,6 @@ func (i GetHostAssurancePolicyRequiredLabelArgs) ToGetHostAssurancePolicyRequire return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyRequiredLabelOutput) } -func (i GetHostAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyRequiredLabel] { - return pulumix.Output[GetHostAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetHostAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyRequiredLabelArrayInput is an input type that accepts GetHostAssurancePolicyRequiredLabelArray and GetHostAssurancePolicyRequiredLabelArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyRequiredLabelArrayInput` via: // @@ -19767,12 +33191,6 @@ func (i GetHostAssurancePolicyRequiredLabelArray) ToGetHostAssurancePolicyRequir return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyRequiredLabelArrayOutput) } -func (i GetHostAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetHostAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetHostAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { @@ -19787,12 +33205,6 @@ func (o GetHostAssurancePolicyRequiredLabelOutput) ToGetHostAssurancePolicyRequi return o } -func (o GetHostAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyRequiredLabel] { - return pulumix.Output[GetHostAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyRequiredLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetHostAssurancePolicyRequiredLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -19815,12 +33227,6 @@ func (o GetHostAssurancePolicyRequiredLabelArrayOutput) ToGetHostAssurancePolicy return o } -func (o GetHostAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetHostAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyRequiredLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyRequiredLabel { return vs[0].([]GetHostAssurancePolicyRequiredLabel)[vs[1].(int)] @@ -19860,12 +33266,6 @@ func (i GetHostAssurancePolicyScopeArgs) ToGetHostAssurancePolicyScopeOutputWith return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyScopeOutput) } -func (i GetHostAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyScope] { - return pulumix.Output[GetHostAssurancePolicyScope]{ - OutputState: i.ToGetHostAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyScopeArrayInput is an input type that accepts GetHostAssurancePolicyScopeArray and GetHostAssurancePolicyScopeArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyScopeArrayInput` via: // @@ -19891,12 +33291,6 @@ func (i GetHostAssurancePolicyScopeArray) ToGetHostAssurancePolicyScopeArrayOutp return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyScopeArrayOutput) } -func (i GetHostAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyScope] { - return pulumix.Output[[]GetHostAssurancePolicyScope]{ - OutputState: i.ToGetHostAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostAssurancePolicyScopeOutput struct{ *pulumi.OutputState } func (GetHostAssurancePolicyScopeOutput) ElementType() reflect.Type { @@ -19911,12 +33305,6 @@ func (o GetHostAssurancePolicyScopeOutput) ToGetHostAssurancePolicyScopeOutputWi return o } -func (o GetHostAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyScope] { - return pulumix.Output[GetHostAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyScopeOutput) Expression() pulumi.StringOutput { return o.ApplyT(func(v GetHostAssurancePolicyScope) string { return v.Expression }).(pulumi.StringOutput) } @@ -19939,12 +33327,6 @@ func (o GetHostAssurancePolicyScopeArrayOutput) ToGetHostAssurancePolicyScopeArr return o } -func (o GetHostAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyScope] { - return pulumix.Output[[]GetHostAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetHostAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyScopeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyScope { return vs[0].([]GetHostAssurancePolicyScope)[vs[1].(int)] @@ -19986,12 +33368,6 @@ func (i GetHostAssurancePolicyScopeVariableArgs) ToGetHostAssurancePolicyScopeVa return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyScopeVariableOutput) } -func (i GetHostAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyScopeVariable] { - return pulumix.Output[GetHostAssurancePolicyScopeVariable]{ - OutputState: i.ToGetHostAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetHostAssurancePolicyScopeVariableArrayInput is an input type that accepts GetHostAssurancePolicyScopeVariableArray and GetHostAssurancePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetHostAssurancePolicyScopeVariableArrayInput` via: // @@ -20017,206 +33393,415 @@ func (i GetHostAssurancePolicyScopeVariableArray) ToGetHostAssurancePolicyScopeV return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyScopeVariableArrayOutput) } -func (i GetHostAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetHostAssurancePolicyScopeVariable]{ - OutputState: i.ToGetHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } +type GetHostAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } + +func (GetHostAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (o GetHostAssurancePolicyScopeVariableOutput) ToGetHostAssurancePolicyScopeVariableOutput() GetHostAssurancePolicyScopeVariableOutput { + return o } -type GetHostAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } +func (o GetHostAssurancePolicyScopeVariableOutput) ToGetHostAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) GetHostAssurancePolicyScopeVariableOutput { + return o +} + +func (o GetHostAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { + return o.ApplyT(func(v GetHostAssurancePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +} + +func (o GetHostAssurancePolicyScopeVariableOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v GetHostAssurancePolicyScopeVariable) string { return v.Name }).(pulumi.StringOutput) +} + +func (o GetHostAssurancePolicyScopeVariableOutput) Value() pulumi.StringOutput { + return o.ApplyT(func(v GetHostAssurancePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +} + +type GetHostAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } + +func (GetHostAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetHostAssurancePolicyScopeVariable)(nil)).Elem() +} + +func (o GetHostAssurancePolicyScopeVariableArrayOutput) ToGetHostAssurancePolicyScopeVariableArrayOutput() GetHostAssurancePolicyScopeVariableArrayOutput { + return o +} + +func (o GetHostAssurancePolicyScopeVariableArrayOutput) ToGetHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) GetHostAssurancePolicyScopeVariableArrayOutput { + return o +} + +func (o GetHostAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyScopeVariableOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyScopeVariable { + return vs[0].([]GetHostAssurancePolicyScopeVariable)[vs[1].(int)] + }).(GetHostAssurancePolicyScopeVariableOutput) +} + +type GetHostAssurancePolicyTrustedBaseImage struct { + Imagename string `pulumi:"imagename"` + Registry string `pulumi:"registry"` +} + +// GetHostAssurancePolicyTrustedBaseImageInput is an input type that accepts GetHostAssurancePolicyTrustedBaseImageArgs and GetHostAssurancePolicyTrustedBaseImageOutput values. +// You can construct a concrete instance of `GetHostAssurancePolicyTrustedBaseImageInput` via: +// +// GetHostAssurancePolicyTrustedBaseImageArgs{...} +type GetHostAssurancePolicyTrustedBaseImageInput interface { + pulumi.Input + + ToGetHostAssurancePolicyTrustedBaseImageOutput() GetHostAssurancePolicyTrustedBaseImageOutput + ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) GetHostAssurancePolicyTrustedBaseImageOutput +} + +type GetHostAssurancePolicyTrustedBaseImageArgs struct { + Imagename pulumi.StringInput `pulumi:"imagename"` + Registry pulumi.StringInput `pulumi:"registry"` +} + +func (GetHostAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (i GetHostAssurancePolicyTrustedBaseImageArgs) ToGetHostAssurancePolicyTrustedBaseImageOutput() GetHostAssurancePolicyTrustedBaseImageOutput { + return i.ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +} + +func (i GetHostAssurancePolicyTrustedBaseImageArgs) ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyTrustedBaseImageOutput) +} + +// GetHostAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts GetHostAssurancePolicyTrustedBaseImageArray and GetHostAssurancePolicyTrustedBaseImageArrayOutput values. +// You can construct a concrete instance of `GetHostAssurancePolicyTrustedBaseImageArrayInput` via: +// +// GetHostAssurancePolicyTrustedBaseImageArray{ GetHostAssurancePolicyTrustedBaseImageArgs{...} } +type GetHostAssurancePolicyTrustedBaseImageArrayInput interface { + pulumi.Input + + ToGetHostAssurancePolicyTrustedBaseImageArrayOutput() GetHostAssurancePolicyTrustedBaseImageArrayOutput + ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) GetHostAssurancePolicyTrustedBaseImageArrayOutput +} + +type GetHostAssurancePolicyTrustedBaseImageArray []GetHostAssurancePolicyTrustedBaseImageInput + +func (GetHostAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (i GetHostAssurancePolicyTrustedBaseImageArray) ToGetHostAssurancePolicyTrustedBaseImageArrayOutput() GetHostAssurancePolicyTrustedBaseImageArrayOutput { + return i.ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +} + +func (i GetHostAssurancePolicyTrustedBaseImageArray) ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyTrustedBaseImageArrayOutput) +} + +type GetHostAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } + +func (GetHostAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o GetHostAssurancePolicyTrustedBaseImageOutput) ToGetHostAssurancePolicyTrustedBaseImageOutput() GetHostAssurancePolicyTrustedBaseImageOutput { + return o +} + +func (o GetHostAssurancePolicyTrustedBaseImageOutput) ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageOutput { + return o +} + +func (o GetHostAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringOutput { + return o.ApplyT(func(v GetHostAssurancePolicyTrustedBaseImage) string { return v.Imagename }).(pulumi.StringOutput) +} + +func (o GetHostAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringOutput { + return o.ApplyT(func(v GetHostAssurancePolicyTrustedBaseImage) string { return v.Registry }).(pulumi.StringOutput) +} + +type GetHostAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } + +func (GetHostAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +} + +func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) ToGetHostAssurancePolicyTrustedBaseImageArrayOutput() GetHostAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageArrayOutput { + return o +} + +func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyTrustedBaseImageOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyTrustedBaseImage { + return vs[0].([]GetHostAssurancePolicyTrustedBaseImage)[vs[1].(int)] + }).(GetHostAssurancePolicyTrustedBaseImageOutput) +} + +type GetHostRuntimePolicyAuditing struct { + AuditAllNetwork *bool `pulumi:"auditAllNetwork"` + AuditAllProcesses *bool `pulumi:"auditAllProcesses"` + AuditFailedLogin *bool `pulumi:"auditFailedLogin"` + AuditOsUserActivity *bool `pulumi:"auditOsUserActivity"` + AuditProcessCmdline *bool `pulumi:"auditProcessCmdline"` + AuditSuccessLogin *bool `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement *bool `pulumi:"auditUserAccountManagement"` + Enabled *bool `pulumi:"enabled"` +} + +// GetHostRuntimePolicyAuditingInput is an input type that accepts GetHostRuntimePolicyAuditingArgs and GetHostRuntimePolicyAuditingOutput values. +// You can construct a concrete instance of `GetHostRuntimePolicyAuditingInput` via: +// +// GetHostRuntimePolicyAuditingArgs{...} +type GetHostRuntimePolicyAuditingInput interface { + pulumi.Input -func (GetHostAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetHostAssurancePolicyScopeVariable)(nil)).Elem() + ToGetHostRuntimePolicyAuditingOutput() GetHostRuntimePolicyAuditingOutput + ToGetHostRuntimePolicyAuditingOutputWithContext(context.Context) GetHostRuntimePolicyAuditingOutput } -func (o GetHostAssurancePolicyScopeVariableOutput) ToGetHostAssurancePolicyScopeVariableOutput() GetHostAssurancePolicyScopeVariableOutput { - return o +type GetHostRuntimePolicyAuditingArgs struct { + AuditAllNetwork pulumi.BoolPtrInput `pulumi:"auditAllNetwork"` + AuditAllProcesses pulumi.BoolPtrInput `pulumi:"auditAllProcesses"` + AuditFailedLogin pulumi.BoolPtrInput `pulumi:"auditFailedLogin"` + AuditOsUserActivity pulumi.BoolPtrInput `pulumi:"auditOsUserActivity"` + AuditProcessCmdline pulumi.BoolPtrInput `pulumi:"auditProcessCmdline"` + AuditSuccessLogin pulumi.BoolPtrInput `pulumi:"auditSuccessLogin"` + AuditUserAccountManagement pulumi.BoolPtrInput `pulumi:"auditUserAccountManagement"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` } -func (o GetHostAssurancePolicyScopeVariableOutput) ToGetHostAssurancePolicyScopeVariableOutputWithContext(ctx context.Context) GetHostAssurancePolicyScopeVariableOutput { - return o +func (GetHostRuntimePolicyAuditingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostRuntimePolicyAuditing)(nil)).Elem() } -func (o GetHostAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyScopeVariable] { - return pulumix.Output[GetHostAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (i GetHostRuntimePolicyAuditingArgs) ToGetHostRuntimePolicyAuditingOutput() GetHostRuntimePolicyAuditingOutput { + return i.ToGetHostRuntimePolicyAuditingOutputWithContext(context.Background()) } -func (o GetHostAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { - return o.ApplyT(func(v GetHostAssurancePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) +func (i GetHostRuntimePolicyAuditingArgs) ToGetHostRuntimePolicyAuditingOutputWithContext(ctx context.Context) GetHostRuntimePolicyAuditingOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyAuditingOutput) } -func (o GetHostAssurancePolicyScopeVariableOutput) Name() pulumi.StringOutput { - return o.ApplyT(func(v GetHostAssurancePolicyScopeVariable) string { return v.Name }).(pulumi.StringOutput) +func (i GetHostRuntimePolicyAuditingArgs) ToGetHostRuntimePolicyAuditingPtrOutput() GetHostRuntimePolicyAuditingPtrOutput { + return i.ToGetHostRuntimePolicyAuditingPtrOutputWithContext(context.Background()) } -func (o GetHostAssurancePolicyScopeVariableOutput) Value() pulumi.StringOutput { - return o.ApplyT(func(v GetHostAssurancePolicyScopeVariable) string { return v.Value }).(pulumi.StringOutput) +func (i GetHostRuntimePolicyAuditingArgs) ToGetHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetHostRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyAuditingOutput).ToGetHostRuntimePolicyAuditingPtrOutputWithContext(ctx) } -type GetHostAssurancePolicyScopeVariableArrayOutput struct{ *pulumi.OutputState } +// GetHostRuntimePolicyAuditingPtrInput is an input type that accepts GetHostRuntimePolicyAuditingArgs, GetHostRuntimePolicyAuditingPtr and GetHostRuntimePolicyAuditingPtrOutput values. +// You can construct a concrete instance of `GetHostRuntimePolicyAuditingPtrInput` via: +// +// GetHostRuntimePolicyAuditingArgs{...} +// +// or: +// +// nil +type GetHostRuntimePolicyAuditingPtrInput interface { + pulumi.Input -func (GetHostAssurancePolicyScopeVariableArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetHostAssurancePolicyScopeVariable)(nil)).Elem() + ToGetHostRuntimePolicyAuditingPtrOutput() GetHostRuntimePolicyAuditingPtrOutput + ToGetHostRuntimePolicyAuditingPtrOutputWithContext(context.Context) GetHostRuntimePolicyAuditingPtrOutput } -func (o GetHostAssurancePolicyScopeVariableArrayOutput) ToGetHostAssurancePolicyScopeVariableArrayOutput() GetHostAssurancePolicyScopeVariableArrayOutput { - return o -} +type getHostRuntimePolicyAuditingPtrType GetHostRuntimePolicyAuditingArgs -func (o GetHostAssurancePolicyScopeVariableArrayOutput) ToGetHostAssurancePolicyScopeVariableArrayOutputWithContext(ctx context.Context) GetHostAssurancePolicyScopeVariableArrayOutput { - return o +func GetHostRuntimePolicyAuditingPtr(v *GetHostRuntimePolicyAuditingArgs) GetHostRuntimePolicyAuditingPtrInput { + return (*getHostRuntimePolicyAuditingPtrType)(v) } -func (o GetHostAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetHostAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } +func (*getHostRuntimePolicyAuditingPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GetHostRuntimePolicyAuditing)(nil)).Elem() } -func (o GetHostAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyScopeVariableOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyScopeVariable { - return vs[0].([]GetHostAssurancePolicyScopeVariable)[vs[1].(int)] - }).(GetHostAssurancePolicyScopeVariableOutput) +func (i *getHostRuntimePolicyAuditingPtrType) ToGetHostRuntimePolicyAuditingPtrOutput() GetHostRuntimePolicyAuditingPtrOutput { + return i.ToGetHostRuntimePolicyAuditingPtrOutputWithContext(context.Background()) } -type GetHostAssurancePolicyTrustedBaseImage struct { - Imagename string `pulumi:"imagename"` - Registry string `pulumi:"registry"` +func (i *getHostRuntimePolicyAuditingPtrType) ToGetHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetHostRuntimePolicyAuditingPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyAuditingPtrOutput) } -// GetHostAssurancePolicyTrustedBaseImageInput is an input type that accepts GetHostAssurancePolicyTrustedBaseImageArgs and GetHostAssurancePolicyTrustedBaseImageOutput values. -// You can construct a concrete instance of `GetHostAssurancePolicyTrustedBaseImageInput` via: -// -// GetHostAssurancePolicyTrustedBaseImageArgs{...} -type GetHostAssurancePolicyTrustedBaseImageInput interface { - pulumi.Input +type GetHostRuntimePolicyAuditingOutput struct{ *pulumi.OutputState } - ToGetHostAssurancePolicyTrustedBaseImageOutput() GetHostAssurancePolicyTrustedBaseImageOutput - ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Context) GetHostAssurancePolicyTrustedBaseImageOutput +func (GetHostRuntimePolicyAuditingOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostRuntimePolicyAuditing)(nil)).Elem() } -type GetHostAssurancePolicyTrustedBaseImageArgs struct { - Imagename pulumi.StringInput `pulumi:"imagename"` - Registry pulumi.StringInput `pulumi:"registry"` +func (o GetHostRuntimePolicyAuditingOutput) ToGetHostRuntimePolicyAuditingOutput() GetHostRuntimePolicyAuditingOutput { + return o } -func (GetHostAssurancePolicyTrustedBaseImageArgs) ElementType() reflect.Type { - return reflect.TypeOf((*GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (o GetHostRuntimePolicyAuditingOutput) ToGetHostRuntimePolicyAuditingOutputWithContext(ctx context.Context) GetHostRuntimePolicyAuditingOutput { + return o } -func (i GetHostAssurancePolicyTrustedBaseImageArgs) ToGetHostAssurancePolicyTrustedBaseImageOutput() GetHostAssurancePolicyTrustedBaseImageOutput { - return i.ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(context.Background()) +func (o GetHostRuntimePolicyAuditingOutput) ToGetHostRuntimePolicyAuditingPtrOutput() GetHostRuntimePolicyAuditingPtrOutput { + return o.ToGetHostRuntimePolicyAuditingPtrOutputWithContext(context.Background()) } -func (i GetHostAssurancePolicyTrustedBaseImageArgs) ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyTrustedBaseImageOutput) +func (o GetHostRuntimePolicyAuditingOutput) ToGetHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetHostRuntimePolicyAuditingPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GetHostRuntimePolicyAuditing) *GetHostRuntimePolicyAuditing { + return &v + }).(GetHostRuntimePolicyAuditingPtrOutput) } -func (i GetHostAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetHostAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } +func (o GetHostRuntimePolicyAuditingOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditAllNetwork }).(pulumi.BoolPtrOutput) } -// GetHostAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts GetHostAssurancePolicyTrustedBaseImageArray and GetHostAssurancePolicyTrustedBaseImageArrayOutput values. -// You can construct a concrete instance of `GetHostAssurancePolicyTrustedBaseImageArrayInput` via: -// -// GetHostAssurancePolicyTrustedBaseImageArray{ GetHostAssurancePolicyTrustedBaseImageArgs{...} } -type GetHostAssurancePolicyTrustedBaseImageArrayInput interface { - pulumi.Input +func (o GetHostRuntimePolicyAuditingOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditAllProcesses }).(pulumi.BoolPtrOutput) +} - ToGetHostAssurancePolicyTrustedBaseImageArrayOutput() GetHostAssurancePolicyTrustedBaseImageArrayOutput - ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Context) GetHostAssurancePolicyTrustedBaseImageArrayOutput +func (o GetHostRuntimePolicyAuditingOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditFailedLogin }).(pulumi.BoolPtrOutput) } -type GetHostAssurancePolicyTrustedBaseImageArray []GetHostAssurancePolicyTrustedBaseImageInput +func (o GetHostRuntimePolicyAuditingOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditOsUserActivity }).(pulumi.BoolPtrOutput) +} -func (GetHostAssurancePolicyTrustedBaseImageArray) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (o GetHostRuntimePolicyAuditingOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditProcessCmdline }).(pulumi.BoolPtrOutput) } -func (i GetHostAssurancePolicyTrustedBaseImageArray) ToGetHostAssurancePolicyTrustedBaseImageArrayOutput() GetHostAssurancePolicyTrustedBaseImageArrayOutput { - return i.ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(context.Background()) +func (o GetHostRuntimePolicyAuditingOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditSuccessLogin }).(pulumi.BoolPtrOutput) } -func (i GetHostAssurancePolicyTrustedBaseImageArray) ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageArrayOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetHostAssurancePolicyTrustedBaseImageArrayOutput) +func (o GetHostRuntimePolicyAuditingOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.AuditUserAccountManagement }).(pulumi.BoolPtrOutput) } -func (i GetHostAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetHostAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } +func (o GetHostRuntimePolicyAuditingOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyAuditing) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -type GetHostAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } +type GetHostRuntimePolicyAuditingPtrOutput struct{ *pulumi.OutputState } -func (GetHostAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { - return reflect.TypeOf((*GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (GetHostRuntimePolicyAuditingPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GetHostRuntimePolicyAuditing)(nil)).Elem() } -func (o GetHostAssurancePolicyTrustedBaseImageOutput) ToGetHostAssurancePolicyTrustedBaseImageOutput() GetHostAssurancePolicyTrustedBaseImageOutput { +func (o GetHostRuntimePolicyAuditingPtrOutput) ToGetHostRuntimePolicyAuditingPtrOutput() GetHostRuntimePolicyAuditingPtrOutput { return o } -func (o GetHostAssurancePolicyTrustedBaseImageOutput) ToGetHostAssurancePolicyTrustedBaseImageOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageOutput { +func (o GetHostRuntimePolicyAuditingPtrOutput) ToGetHostRuntimePolicyAuditingPtrOutputWithContext(ctx context.Context) GetHostRuntimePolicyAuditingPtrOutput { return o } -func (o GetHostAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetHostAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o GetHostRuntimePolicyAuditingPtrOutput) Elem() GetHostRuntimePolicyAuditingOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) GetHostRuntimePolicyAuditing { + if v != nil { + return *v + } + var ret GetHostRuntimePolicyAuditing + return ret + }).(GetHostRuntimePolicyAuditingOutput) } -func (o GetHostAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringOutput { - return o.ApplyT(func(v GetHostAssurancePolicyTrustedBaseImage) string { return v.Imagename }).(pulumi.StringOutput) +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditAllNetwork() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllNetwork + }).(pulumi.BoolPtrOutput) } -func (o GetHostAssurancePolicyTrustedBaseImageOutput) Registry() pulumi.StringOutput { - return o.ApplyT(func(v GetHostAssurancePolicyTrustedBaseImage) string { return v.Registry }).(pulumi.StringOutput) +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditAllProcesses() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditAllProcesses + }).(pulumi.BoolPtrOutput) } -type GetHostAssurancePolicyTrustedBaseImageArrayOutput struct{ *pulumi.OutputState } +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditFailedLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditFailedLogin + }).(pulumi.BoolPtrOutput) +} -func (GetHostAssurancePolicyTrustedBaseImageArrayOutput) ElementType() reflect.Type { - return reflect.TypeOf((*[]GetHostAssurancePolicyTrustedBaseImage)(nil)).Elem() +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditOsUserActivity() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditOsUserActivity + }).(pulumi.BoolPtrOutput) } -func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) ToGetHostAssurancePolicyTrustedBaseImageArrayOutput() GetHostAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditProcessCmdline() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditProcessCmdline + }).(pulumi.BoolPtrOutput) } -func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) ToGetHostAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx context.Context) GetHostAssurancePolicyTrustedBaseImageArrayOutput { - return o +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditSuccessLogin() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditSuccessLogin + }).(pulumi.BoolPtrOutput) } -func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetHostAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } +func (o GetHostRuntimePolicyAuditingPtrOutput) AuditUserAccountManagement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.AuditUserAccountManagement + }).(pulumi.BoolPtrOutput) } -func (o GetHostAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) GetHostAssurancePolicyTrustedBaseImageOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostAssurancePolicyTrustedBaseImage { - return vs[0].([]GetHostAssurancePolicyTrustedBaseImage)[vs[1].(int)] - }).(GetHostAssurancePolicyTrustedBaseImageOutput) +func (o GetHostRuntimePolicyAuditingPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GetHostRuntimePolicyAuditing) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) } type GetHostRuntimePolicyFileIntegrityMonitoring struct { - ExcludedPaths []string `pulumi:"excludedPaths"` - ExcludedProcesses []string `pulumi:"excludedProcesses"` - ExcludedUsers []string `pulumi:"excludedUsers"` - MonitorAttributes bool `pulumi:"monitorAttributes"` - MonitorCreate bool `pulumi:"monitorCreate"` - MonitorDelete bool `pulumi:"monitorDelete"` - MonitorModify bool `pulumi:"monitorModify"` - MonitorRead bool `pulumi:"monitorRead"` - MonitoredPaths []string `pulumi:"monitoredPaths"` - MonitoredProcesses []string `pulumi:"monitoredProcesses"` - MonitoredUsers []string `pulumi:"monitoredUsers"` + // If true, file integrity monitoring is enabled. + Enabled *bool `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles []string `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses []string `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers []string `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles []string `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes *bool `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate *bool `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete *bool `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify *bool `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses []string `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead *bool `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers []string `pulumi:"monitoredFilesUsers"` } // GetHostRuntimePolicyFileIntegrityMonitoringInput is an input type that accepts GetHostRuntimePolicyFileIntegrityMonitoringArgs and GetHostRuntimePolicyFileIntegrityMonitoringOutput values. @@ -20231,17 +33816,30 @@ type GetHostRuntimePolicyFileIntegrityMonitoringInput interface { } type GetHostRuntimePolicyFileIntegrityMonitoringArgs struct { - ExcludedPaths pulumi.StringArrayInput `pulumi:"excludedPaths"` - ExcludedProcesses pulumi.StringArrayInput `pulumi:"excludedProcesses"` - ExcludedUsers pulumi.StringArrayInput `pulumi:"excludedUsers"` - MonitorAttributes pulumi.BoolInput `pulumi:"monitorAttributes"` - MonitorCreate pulumi.BoolInput `pulumi:"monitorCreate"` - MonitorDelete pulumi.BoolInput `pulumi:"monitorDelete"` - MonitorModify pulumi.BoolInput `pulumi:"monitorModify"` - MonitorRead pulumi.BoolInput `pulumi:"monitorRead"` - MonitoredPaths pulumi.StringArrayInput `pulumi:"monitoredPaths"` - MonitoredProcesses pulumi.StringArrayInput `pulumi:"monitoredProcesses"` - MonitoredUsers pulumi.StringArrayInput `pulumi:"monitoredUsers"` + // If true, file integrity monitoring is enabled. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of paths to be excluded from monitoring. + ExceptionalMonitoredFiles pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFiles"` + // List of processes to be excluded from monitoring. + ExceptionalMonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesProcesses"` + // List of users to be excluded from monitoring. + ExceptionalMonitoredFilesUsers pulumi.StringArrayInput `pulumi:"exceptionalMonitoredFilesUsers"` + // List of paths to be monitored. + MonitoredFiles pulumi.StringArrayInput `pulumi:"monitoredFiles"` + // Whether to monitor file attribute operations. + MonitoredFilesAttributes pulumi.BoolPtrInput `pulumi:"monitoredFilesAttributes"` + // Whether to monitor file create operations. + MonitoredFilesCreate pulumi.BoolPtrInput `pulumi:"monitoredFilesCreate"` + // Whether to monitor file delete operations. + MonitoredFilesDelete pulumi.BoolPtrInput `pulumi:"monitoredFilesDelete"` + // Whether to monitor file modify operations. + MonitoredFilesModify pulumi.BoolPtrInput `pulumi:"monitoredFilesModify"` + // List of processes associated with monitored files. + MonitoredFilesProcesses pulumi.StringArrayInput `pulumi:"monitoredFilesProcesses"` + // Whether to monitor file read operations. + MonitoredFilesRead pulumi.BoolPtrInput `pulumi:"monitoredFilesRead"` + // List of users associated with monitored files. + MonitoredFilesUsers pulumi.StringArrayInput `pulumi:"monitoredFilesUsers"` } func (GetHostRuntimePolicyFileIntegrityMonitoringArgs) ElementType() reflect.Type { @@ -20256,12 +33854,6 @@ func (i GetHostRuntimePolicyFileIntegrityMonitoringArgs) ToGetHostRuntimePolicyF return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyFileIntegrityMonitoringOutput) } -func (i GetHostRuntimePolicyFileIntegrityMonitoringArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[GetHostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToGetHostRuntimePolicyFileIntegrityMonitoringOutputWithContext(ctx).OutputState, - } -} - // GetHostRuntimePolicyFileIntegrityMonitoringArrayInput is an input type that accepts GetHostRuntimePolicyFileIntegrityMonitoringArray and GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput values. // You can construct a concrete instance of `GetHostRuntimePolicyFileIntegrityMonitoringArrayInput` via: // @@ -20287,12 +33879,6 @@ func (i GetHostRuntimePolicyFileIntegrityMonitoringArray) ToGetHostRuntimePolicy return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput) } -func (i GetHostRuntimePolicyFileIntegrityMonitoringArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[[]GetHostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: i.ToGetHostRuntimePolicyFileIntegrityMonitoringArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostRuntimePolicyFileIntegrityMonitoringOutput struct{ *pulumi.OutputState } func (GetHostRuntimePolicyFileIntegrityMonitoringOutput) ElementType() reflect.Type { @@ -20307,54 +33893,66 @@ func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ToGetHostRuntimePolic return o } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[GetHostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } +// If true, file integrity monitoring is enabled. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ExcludedPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) +// List of paths to be excluded from monitoring. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFiles }).(pulumi.StringArrayOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ExcludedProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedProcesses }).(pulumi.StringArrayOutput) +// List of processes to be excluded from monitoring. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { + return v.ExceptionalMonitoredFilesProcesses + }).(pulumi.StringArrayOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ExcludedUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExcludedUsers }).(pulumi.StringArrayOutput) +// List of users to be excluded from monitoring. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) ExceptionalMonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.ExceptionalMonitoredFilesUsers }).(pulumi.StringArrayOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitorAttributes() pulumi.BoolOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorAttributes }).(pulumi.BoolOutput) +// List of paths to be monitored. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFiles }).(pulumi.StringArrayOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitorCreate() pulumi.BoolOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorCreate }).(pulumi.BoolOutput) +// Whether to monitor file attribute operations. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesAttributes() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesAttributes }).(pulumi.BoolPtrOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitorDelete() pulumi.BoolOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorDelete }).(pulumi.BoolOutput) +// Whether to monitor file create operations. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesCreate() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesCreate }).(pulumi.BoolPtrOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitorModify() pulumi.BoolOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorModify }).(pulumi.BoolOutput) +// Whether to monitor file delete operations. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesDelete() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesDelete }).(pulumi.BoolPtrOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitorRead() pulumi.BoolOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) bool { return v.MonitorRead }).(pulumi.BoolOutput) +// Whether to monitor file modify operations. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesModify() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesModify }).(pulumi.BoolPtrOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredPaths() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredPaths }).(pulumi.StringArrayOutput) +// List of processes associated with monitored files. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesProcesses }).(pulumi.StringArrayOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredProcesses() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredProcesses }).(pulumi.StringArrayOutput) +// Whether to monitor file read operations. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesRead() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) *bool { return v.MonitoredFilesRead }).(pulumi.BoolPtrOutput) } -func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredUsers() pulumi.StringArrayOutput { - return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredUsers }).(pulumi.StringArrayOutput) +// List of users associated with monitored files. +func (o GetHostRuntimePolicyFileIntegrityMonitoringOutput) MonitoredFilesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyFileIntegrityMonitoring) []string { return v.MonitoredFilesUsers }).(pulumi.StringArrayOutput) } type GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput struct{ *pulumi.OutputState } @@ -20371,12 +33969,6 @@ func (o GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput) ToGetHostRuntime return o } -func (o GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyFileIntegrityMonitoring] { - return pulumix.Output[[]GetHostRuntimePolicyFileIntegrityMonitoring]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyFileIntegrityMonitoringOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyFileIntegrityMonitoring { return vs[0].([]GetHostRuntimePolicyFileIntegrityMonitoring)[vs[1].(int)] @@ -20384,10 +33976,15 @@ func (o GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput) Index(i pulumi.I } type GetHostRuntimePolicyMalwareScanOption struct { - Action string `pulumi:"action"` - // Indicates if the runtime policy is enabled or not. - Enabled bool `pulumi:"enabled"` - ExcludeProcesses []string `pulumi:"excludeProcesses"` + // Set Action, Defaults to 'Alert' when empty + Action *string `pulumi:"action"` + // Defines if enabled or not + Enabled *bool `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories []string `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses []string `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. IncludeDirectories []string `pulumi:"includeDirectories"` } @@ -20403,10 +34000,15 @@ type GetHostRuntimePolicyMalwareScanOptionInput interface { } type GetHostRuntimePolicyMalwareScanOptionArgs struct { - Action pulumi.StringInput `pulumi:"action"` - // Indicates if the runtime policy is enabled or not. - Enabled pulumi.BoolInput `pulumi:"enabled"` - ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + // Set Action, Defaults to 'Alert' when empty + Action pulumi.StringPtrInput `pulumi:"action"` + // Defines if enabled or not + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // List of registry paths to be excluded from being protected. + ExcludeDirectories pulumi.StringArrayInput `pulumi:"excludeDirectories"` + // List of registry processes to be excluded from being protected. + ExcludeProcesses pulumi.StringArrayInput `pulumi:"excludeProcesses"` + // List of registry paths to be excluded from being protected. IncludeDirectories pulumi.StringArrayInput `pulumi:"includeDirectories"` } @@ -20422,12 +34024,6 @@ func (i GetHostRuntimePolicyMalwareScanOptionArgs) ToGetHostRuntimePolicyMalware return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyMalwareScanOptionOutput) } -func (i GetHostRuntimePolicyMalwareScanOptionArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyMalwareScanOption] { - return pulumix.Output[GetHostRuntimePolicyMalwareScanOption]{ - OutputState: i.ToGetHostRuntimePolicyMalwareScanOptionOutputWithContext(ctx).OutputState, - } -} - // GetHostRuntimePolicyMalwareScanOptionArrayInput is an input type that accepts GetHostRuntimePolicyMalwareScanOptionArray and GetHostRuntimePolicyMalwareScanOptionArrayOutput values. // You can construct a concrete instance of `GetHostRuntimePolicyMalwareScanOptionArrayInput` via: // @@ -20453,12 +34049,6 @@ func (i GetHostRuntimePolicyMalwareScanOptionArray) ToGetHostRuntimePolicyMalwar return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyMalwareScanOptionArrayOutput) } -func (i GetHostRuntimePolicyMalwareScanOptionArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyMalwareScanOption] { - return pulumix.Output[[]GetHostRuntimePolicyMalwareScanOption]{ - OutputState: i.ToGetHostRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostRuntimePolicyMalwareScanOptionOutput struct{ *pulumi.OutputState } func (GetHostRuntimePolicyMalwareScanOptionOutput) ElementType() reflect.Type { @@ -20473,25 +34063,27 @@ func (o GetHostRuntimePolicyMalwareScanOptionOutput) ToGetHostRuntimePolicyMalwa return o } -func (o GetHostRuntimePolicyMalwareScanOptionOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyMalwareScanOption] { - return pulumix.Output[GetHostRuntimePolicyMalwareScanOption]{ - OutputState: o.OutputState, - } +// Set Action, Defaults to 'Alert' when empty +func (o GetHostRuntimePolicyMalwareScanOptionOutput) Action() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) *string { return v.Action }).(pulumi.StringPtrOutput) } -func (o GetHostRuntimePolicyMalwareScanOptionOutput) Action() pulumi.StringOutput { - return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) string { return v.Action }).(pulumi.StringOutput) +// Defines if enabled or not +func (o GetHostRuntimePolicyMalwareScanOptionOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } -// Indicates if the runtime policy is enabled or not. -func (o GetHostRuntimePolicyMalwareScanOptionOutput) Enabled() pulumi.BoolOutput { - return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) bool { return v.Enabled }).(pulumi.BoolOutput) +// List of registry paths to be excluded from being protected. +func (o GetHostRuntimePolicyMalwareScanOptionOutput) ExcludeDirectories() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) []string { return v.ExcludeDirectories }).(pulumi.StringArrayOutput) } +// List of registry processes to be excluded from being protected. func (o GetHostRuntimePolicyMalwareScanOptionOutput) ExcludeProcesses() pulumi.StringArrayOutput { return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) []string { return v.ExcludeProcesses }).(pulumi.StringArrayOutput) } +// List of registry paths to be excluded from being protected. func (o GetHostRuntimePolicyMalwareScanOptionOutput) IncludeDirectories() pulumi.StringArrayOutput { return o.ApplyT(func(v GetHostRuntimePolicyMalwareScanOption) []string { return v.IncludeDirectories }).(pulumi.StringArrayOutput) } @@ -20502,31 +34094,154 @@ func (GetHostRuntimePolicyMalwareScanOptionArrayOutput) ElementType() reflect.Ty return reflect.TypeOf((*[]GetHostRuntimePolicyMalwareScanOption)(nil)).Elem() } -func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) ToGetHostRuntimePolicyMalwareScanOptionArrayOutput() GetHostRuntimePolicyMalwareScanOptionArrayOutput { - return o +func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) ToGetHostRuntimePolicyMalwareScanOptionArrayOutput() GetHostRuntimePolicyMalwareScanOptionArrayOutput { + return o +} + +func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) ToGetHostRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx context.Context) GetHostRuntimePolicyMalwareScanOptionArrayOutput { + return o +} + +func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyMalwareScanOptionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyMalwareScanOption { + return vs[0].([]GetHostRuntimePolicyMalwareScanOption)[vs[1].(int)] + }).(GetHostRuntimePolicyMalwareScanOptionOutput) +} + +type GetHostRuntimePolicyPackageBlock struct { + BlockPackagesProcesses []string `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers []string `pulumi:"blockPackagesUsers"` + Enabled *bool `pulumi:"enabled"` + ExceptionalBlockPackagesFiles []string `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses []string `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers []string `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists []string `pulumi:"packagesBlackLists"` +} + +// GetHostRuntimePolicyPackageBlockInput is an input type that accepts GetHostRuntimePolicyPackageBlockArgs and GetHostRuntimePolicyPackageBlockOutput values. +// You can construct a concrete instance of `GetHostRuntimePolicyPackageBlockInput` via: +// +// GetHostRuntimePolicyPackageBlockArgs{...} +type GetHostRuntimePolicyPackageBlockInput interface { + pulumi.Input + + ToGetHostRuntimePolicyPackageBlockOutput() GetHostRuntimePolicyPackageBlockOutput + ToGetHostRuntimePolicyPackageBlockOutputWithContext(context.Context) GetHostRuntimePolicyPackageBlockOutput +} + +type GetHostRuntimePolicyPackageBlockArgs struct { + BlockPackagesProcesses pulumi.StringArrayInput `pulumi:"blockPackagesProcesses"` + BlockPackagesUsers pulumi.StringArrayInput `pulumi:"blockPackagesUsers"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + ExceptionalBlockPackagesFiles pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesFiles"` + ExceptionalBlockPackagesProcesses pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesProcesses"` + ExceptionalBlockPackagesUsers pulumi.StringArrayInput `pulumi:"exceptionalBlockPackagesUsers"` + PackagesBlackLists pulumi.StringArrayInput `pulumi:"packagesBlackLists"` +} + +func (GetHostRuntimePolicyPackageBlockArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i GetHostRuntimePolicyPackageBlockArgs) ToGetHostRuntimePolicyPackageBlockOutput() GetHostRuntimePolicyPackageBlockOutput { + return i.ToGetHostRuntimePolicyPackageBlockOutputWithContext(context.Background()) +} + +func (i GetHostRuntimePolicyPackageBlockArgs) ToGetHostRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) GetHostRuntimePolicyPackageBlockOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyPackageBlockOutput) +} + +// GetHostRuntimePolicyPackageBlockArrayInput is an input type that accepts GetHostRuntimePolicyPackageBlockArray and GetHostRuntimePolicyPackageBlockArrayOutput values. +// You can construct a concrete instance of `GetHostRuntimePolicyPackageBlockArrayInput` via: +// +// GetHostRuntimePolicyPackageBlockArray{ GetHostRuntimePolicyPackageBlockArgs{...} } +type GetHostRuntimePolicyPackageBlockArrayInput interface { + pulumi.Input + + ToGetHostRuntimePolicyPackageBlockArrayOutput() GetHostRuntimePolicyPackageBlockArrayOutput + ToGetHostRuntimePolicyPackageBlockArrayOutputWithContext(context.Context) GetHostRuntimePolicyPackageBlockArrayOutput +} + +type GetHostRuntimePolicyPackageBlockArray []GetHostRuntimePolicyPackageBlockInput + +func (GetHostRuntimePolicyPackageBlockArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetHostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (i GetHostRuntimePolicyPackageBlockArray) ToGetHostRuntimePolicyPackageBlockArrayOutput() GetHostRuntimePolicyPackageBlockArrayOutput { + return i.ToGetHostRuntimePolicyPackageBlockArrayOutputWithContext(context.Background()) +} + +func (i GetHostRuntimePolicyPackageBlockArray) ToGetHostRuntimePolicyPackageBlockArrayOutputWithContext(ctx context.Context) GetHostRuntimePolicyPackageBlockArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyPackageBlockArrayOutput) +} + +type GetHostRuntimePolicyPackageBlockOutput struct{ *pulumi.OutputState } + +func (GetHostRuntimePolicyPackageBlockOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetHostRuntimePolicyPackageBlock)(nil)).Elem() +} + +func (o GetHostRuntimePolicyPackageBlockOutput) ToGetHostRuntimePolicyPackageBlockOutput() GetHostRuntimePolicyPackageBlockOutput { + return o +} + +func (o GetHostRuntimePolicyPackageBlockOutput) ToGetHostRuntimePolicyPackageBlockOutputWithContext(ctx context.Context) GetHostRuntimePolicyPackageBlockOutput { + return o +} + +func (o GetHostRuntimePolicyPackageBlockOutput) BlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) []string { return v.BlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o GetHostRuntimePolicyPackageBlockOutput) BlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) []string { return v.BlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o GetHostRuntimePolicyPackageBlockOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o GetHostRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesFiles }).(pulumi.StringArrayOutput) +} + +func (o GetHostRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesProcesses() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesProcesses }).(pulumi.StringArrayOutput) +} + +func (o GetHostRuntimePolicyPackageBlockOutput) ExceptionalBlockPackagesUsers() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) []string { return v.ExceptionalBlockPackagesUsers }).(pulumi.StringArrayOutput) +} + +func (o GetHostRuntimePolicyPackageBlockOutput) PackagesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetHostRuntimePolicyPackageBlock) []string { return v.PackagesBlackLists }).(pulumi.StringArrayOutput) +} + +type GetHostRuntimePolicyPackageBlockArrayOutput struct{ *pulumi.OutputState } + +func (GetHostRuntimePolicyPackageBlockArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetHostRuntimePolicyPackageBlock)(nil)).Elem() } -func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) ToGetHostRuntimePolicyMalwareScanOptionArrayOutputWithContext(ctx context.Context) GetHostRuntimePolicyMalwareScanOptionArrayOutput { +func (o GetHostRuntimePolicyPackageBlockArrayOutput) ToGetHostRuntimePolicyPackageBlockArrayOutput() GetHostRuntimePolicyPackageBlockArrayOutput { return o } -func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyMalwareScanOption] { - return pulumix.Output[[]GetHostRuntimePolicyMalwareScanOption]{ - OutputState: o.OutputState, - } +func (o GetHostRuntimePolicyPackageBlockArrayOutput) ToGetHostRuntimePolicyPackageBlockArrayOutputWithContext(ctx context.Context) GetHostRuntimePolicyPackageBlockArrayOutput { + return o } -func (o GetHostRuntimePolicyMalwareScanOptionArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyMalwareScanOptionOutput { - return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyMalwareScanOption { - return vs[0].([]GetHostRuntimePolicyMalwareScanOption)[vs[1].(int)] - }).(GetHostRuntimePolicyMalwareScanOptionOutput) +func (o GetHostRuntimePolicyPackageBlockArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyPackageBlockOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyPackageBlock { + return vs[0].([]GetHostRuntimePolicyPackageBlock)[vs[1].(int)] + }).(GetHostRuntimePolicyPackageBlockOutput) } type GetHostRuntimePolicyScopeVariable struct { Attribute string `pulumi:"attribute"` - // Name of the host runtime policy - Name string `pulumi:"name"` - Value string `pulumi:"value"` + Name string `pulumi:"name"` + Value string `pulumi:"value"` } // GetHostRuntimePolicyScopeVariableInput is an input type that accepts GetHostRuntimePolicyScopeVariableArgs and GetHostRuntimePolicyScopeVariableOutput values. @@ -20542,9 +34257,8 @@ type GetHostRuntimePolicyScopeVariableInput interface { type GetHostRuntimePolicyScopeVariableArgs struct { Attribute pulumi.StringInput `pulumi:"attribute"` - // Name of the host runtime policy - Name pulumi.StringInput `pulumi:"name"` - Value pulumi.StringInput `pulumi:"value"` + Name pulumi.StringInput `pulumi:"name"` + Value pulumi.StringInput `pulumi:"value"` } func (GetHostRuntimePolicyScopeVariableArgs) ElementType() reflect.Type { @@ -20559,12 +34273,6 @@ func (i GetHostRuntimePolicyScopeVariableArgs) ToGetHostRuntimePolicyScopeVariab return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyScopeVariableOutput) } -func (i GetHostRuntimePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyScopeVariable] { - return pulumix.Output[GetHostRuntimePolicyScopeVariable]{ - OutputState: i.ToGetHostRuntimePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetHostRuntimePolicyScopeVariableArrayInput is an input type that accepts GetHostRuntimePolicyScopeVariableArray and GetHostRuntimePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetHostRuntimePolicyScopeVariableArrayInput` via: // @@ -20590,12 +34298,6 @@ func (i GetHostRuntimePolicyScopeVariableArray) ToGetHostRuntimePolicyScopeVaria return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyScopeVariableArrayOutput) } -func (i GetHostRuntimePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyScopeVariable] { - return pulumix.Output[[]GetHostRuntimePolicyScopeVariable]{ - OutputState: i.ToGetHostRuntimePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostRuntimePolicyScopeVariableOutput struct{ *pulumi.OutputState } func (GetHostRuntimePolicyScopeVariableOutput) ElementType() reflect.Type { @@ -20610,17 +34312,10 @@ func (o GetHostRuntimePolicyScopeVariableOutput) ToGetHostRuntimePolicyScopeVari return o } -func (o GetHostRuntimePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyScopeVariable] { - return pulumix.Output[GetHostRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetHostRuntimePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } -// Name of the host runtime policy func (o GetHostRuntimePolicyScopeVariableOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v GetHostRuntimePolicyScopeVariable) string { return v.Name }).(pulumi.StringOutput) } @@ -20643,12 +34338,6 @@ func (o GetHostRuntimePolicyScopeVariableArrayOutput) ToGetHostRuntimePolicyScop return o } -func (o GetHostRuntimePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyScopeVariable] { - return pulumix.Output[[]GetHostRuntimePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyScopeVariable { return vs[0].([]GetHostRuntimePolicyScopeVariable)[vs[1].(int)] @@ -20706,12 +34395,6 @@ func (i GetHostRuntimePolicyWindowsRegistryMonitoringArgs) ToGetHostRuntimePolic return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyWindowsRegistryMonitoringOutput) } -func (i GetHostRuntimePolicyWindowsRegistryMonitoringArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[GetHostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: i.ToGetHostRuntimePolicyWindowsRegistryMonitoringOutputWithContext(ctx).OutputState, - } -} - // GetHostRuntimePolicyWindowsRegistryMonitoringArrayInput is an input type that accepts GetHostRuntimePolicyWindowsRegistryMonitoringArray and GetHostRuntimePolicyWindowsRegistryMonitoringArrayOutput values. // You can construct a concrete instance of `GetHostRuntimePolicyWindowsRegistryMonitoringArrayInput` via: // @@ -20737,12 +34420,6 @@ func (i GetHostRuntimePolicyWindowsRegistryMonitoringArray) ToGetHostRuntimePoli return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyWindowsRegistryMonitoringArrayOutput) } -func (i GetHostRuntimePolicyWindowsRegistryMonitoringArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: i.ToGetHostRuntimePolicyWindowsRegistryMonitoringArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostRuntimePolicyWindowsRegistryMonitoringOutput struct{ *pulumi.OutputState } func (GetHostRuntimePolicyWindowsRegistryMonitoringOutput) ElementType() reflect.Type { @@ -20757,12 +34434,6 @@ func (o GetHostRuntimePolicyWindowsRegistryMonitoringOutput) ToGetHostRuntimePol return o } -func (o GetHostRuntimePolicyWindowsRegistryMonitoringOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[GetHostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyWindowsRegistryMonitoringOutput) ExcludedPaths() pulumi.StringArrayOutput { return o.ApplyT(func(v GetHostRuntimePolicyWindowsRegistryMonitoring) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) } @@ -20821,12 +34492,6 @@ func (o GetHostRuntimePolicyWindowsRegistryMonitoringArrayOutput) ToGetHostRunti return o } -func (o GetHostRuntimePolicyWindowsRegistryMonitoringArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryMonitoring] { - return pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryMonitoring]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyWindowsRegistryMonitoringArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyWindowsRegistryMonitoringOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyWindowsRegistryMonitoring { return vs[0].([]GetHostRuntimePolicyWindowsRegistryMonitoring)[vs[1].(int)] @@ -20874,12 +34539,6 @@ func (i GetHostRuntimePolicyWindowsRegistryProtectionArgs) ToGetHostRuntimePolic return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyWindowsRegistryProtectionOutput) } -func (i GetHostRuntimePolicyWindowsRegistryProtectionArgs) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[GetHostRuntimePolicyWindowsRegistryProtection]{ - OutputState: i.ToGetHostRuntimePolicyWindowsRegistryProtectionOutputWithContext(ctx).OutputState, - } -} - // GetHostRuntimePolicyWindowsRegistryProtectionArrayInput is an input type that accepts GetHostRuntimePolicyWindowsRegistryProtectionArray and GetHostRuntimePolicyWindowsRegistryProtectionArrayOutput values. // You can construct a concrete instance of `GetHostRuntimePolicyWindowsRegistryProtectionArrayInput` via: // @@ -20905,12 +34564,6 @@ func (i GetHostRuntimePolicyWindowsRegistryProtectionArray) ToGetHostRuntimePoli return pulumi.ToOutputWithContext(ctx, i).(GetHostRuntimePolicyWindowsRegistryProtectionArrayOutput) } -func (i GetHostRuntimePolicyWindowsRegistryProtectionArray) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryProtection]{ - OutputState: i.ToGetHostRuntimePolicyWindowsRegistryProtectionArrayOutputWithContext(ctx).OutputState, - } -} - type GetHostRuntimePolicyWindowsRegistryProtectionOutput struct{ *pulumi.OutputState } func (GetHostRuntimePolicyWindowsRegistryProtectionOutput) ElementType() reflect.Type { @@ -20925,12 +34578,6 @@ func (o GetHostRuntimePolicyWindowsRegistryProtectionOutput) ToGetHostRuntimePol return o } -func (o GetHostRuntimePolicyWindowsRegistryProtectionOutput) ToOutput(ctx context.Context) pulumix.Output[GetHostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[GetHostRuntimePolicyWindowsRegistryProtection]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyWindowsRegistryProtectionOutput) ExcludedPaths() pulumi.StringArrayOutput { return o.ApplyT(func(v GetHostRuntimePolicyWindowsRegistryProtection) []string { return v.ExcludedPaths }).(pulumi.StringArrayOutput) } @@ -20969,12 +34616,6 @@ func (o GetHostRuntimePolicyWindowsRegistryProtectionArrayOutput) ToGetHostRunti return o } -func (o GetHostRuntimePolicyWindowsRegistryProtectionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryProtection] { - return pulumix.Output[[]GetHostRuntimePolicyWindowsRegistryProtection]{ - OutputState: o.OutputState, - } -} - func (o GetHostRuntimePolicyWindowsRegistryProtectionArrayOutput) Index(i pulumi.IntInput) GetHostRuntimePolicyWindowsRegistryProtectionOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetHostRuntimePolicyWindowsRegistryProtection { return vs[0].([]GetHostRuntimePolicyWindowsRegistryProtection)[vs[1].(int)] @@ -20982,12 +34623,10 @@ func (o GetHostRuntimePolicyWindowsRegistryProtectionArrayOutput) Index(i pulumi } type GetImageAssuranceChecksPerformed struct { - AssuranceType string `pulumi:"assuranceType"` - Blocking bool `pulumi:"blocking"` - Control string `pulumi:"control"` - // If DTA was skipped. - DtaSkipped bool `pulumi:"dtaSkipped"` - // The reason why DTA was skipped. + AssuranceType string `pulumi:"assuranceType"` + Blocking bool `pulumi:"blocking"` + Control string `pulumi:"control"` + DtaSkipped bool `pulumi:"dtaSkipped"` DtaSkippedReason string `pulumi:"dtaSkippedReason"` Failed bool `pulumi:"failed"` PolicyName string `pulumi:"policyName"` @@ -21005,12 +34644,10 @@ type GetImageAssuranceChecksPerformedInput interface { } type GetImageAssuranceChecksPerformedArgs struct { - AssuranceType pulumi.StringInput `pulumi:"assuranceType"` - Blocking pulumi.BoolInput `pulumi:"blocking"` - Control pulumi.StringInput `pulumi:"control"` - // If DTA was skipped. - DtaSkipped pulumi.BoolInput `pulumi:"dtaSkipped"` - // The reason why DTA was skipped. + AssuranceType pulumi.StringInput `pulumi:"assuranceType"` + Blocking pulumi.BoolInput `pulumi:"blocking"` + Control pulumi.StringInput `pulumi:"control"` + DtaSkipped pulumi.BoolInput `pulumi:"dtaSkipped"` DtaSkippedReason pulumi.StringInput `pulumi:"dtaSkippedReason"` Failed pulumi.BoolInput `pulumi:"failed"` PolicyName pulumi.StringInput `pulumi:"policyName"` @@ -21028,12 +34665,6 @@ func (i GetImageAssuranceChecksPerformedArgs) ToGetImageAssuranceChecksPerformed return pulumi.ToOutputWithContext(ctx, i).(GetImageAssuranceChecksPerformedOutput) } -func (i GetImageAssuranceChecksPerformedArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssuranceChecksPerformed] { - return pulumix.Output[GetImageAssuranceChecksPerformed]{ - OutputState: i.ToGetImageAssuranceChecksPerformedOutputWithContext(ctx).OutputState, - } -} - // GetImageAssuranceChecksPerformedArrayInput is an input type that accepts GetImageAssuranceChecksPerformedArray and GetImageAssuranceChecksPerformedArrayOutput values. // You can construct a concrete instance of `GetImageAssuranceChecksPerformedArrayInput` via: // @@ -21059,12 +34690,6 @@ func (i GetImageAssuranceChecksPerformedArray) ToGetImageAssuranceChecksPerforme return pulumi.ToOutputWithContext(ctx, i).(GetImageAssuranceChecksPerformedArrayOutput) } -func (i GetImageAssuranceChecksPerformedArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssuranceChecksPerformed] { - return pulumix.Output[[]GetImageAssuranceChecksPerformed]{ - OutputState: i.ToGetImageAssuranceChecksPerformedArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssuranceChecksPerformedOutput struct{ *pulumi.OutputState } func (GetImageAssuranceChecksPerformedOutput) ElementType() reflect.Type { @@ -21079,12 +34704,6 @@ func (o GetImageAssuranceChecksPerformedOutput) ToGetImageAssuranceChecksPerform return o } -func (o GetImageAssuranceChecksPerformedOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssuranceChecksPerformed] { - return pulumix.Output[GetImageAssuranceChecksPerformed]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssuranceChecksPerformedOutput) AssuranceType() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssuranceChecksPerformed) string { return v.AssuranceType }).(pulumi.StringOutput) } @@ -21097,12 +34716,10 @@ func (o GetImageAssuranceChecksPerformedOutput) Control() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssuranceChecksPerformed) string { return v.Control }).(pulumi.StringOutput) } -// If DTA was skipped. func (o GetImageAssuranceChecksPerformedOutput) DtaSkipped() pulumi.BoolOutput { return o.ApplyT(func(v GetImageAssuranceChecksPerformed) bool { return v.DtaSkipped }).(pulumi.BoolOutput) } -// The reason why DTA was skipped. func (o GetImageAssuranceChecksPerformedOutput) DtaSkippedReason() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssuranceChecksPerformed) string { return v.DtaSkippedReason }).(pulumi.StringOutput) } @@ -21129,12 +34746,6 @@ func (o GetImageAssuranceChecksPerformedArrayOutput) ToGetImageAssuranceChecksPe return o } -func (o GetImageAssuranceChecksPerformedArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssuranceChecksPerformed] { - return pulumix.Output[[]GetImageAssuranceChecksPerformed]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssuranceChecksPerformedArrayOutput) Index(i pulumi.IntInput) GetImageAssuranceChecksPerformedOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssuranceChecksPerformed { return vs[0].([]GetImageAssuranceChecksPerformed)[vs[1].(int)] @@ -21178,12 +34789,6 @@ func (i GetImageAssurancePolicyAutoScanTimeArgs) ToGetImageAssurancePolicyAutoSc return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyAutoScanTimeOutput) } -func (i GetImageAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyAutoScanTime] { - return pulumix.Output[GetImageAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetImageAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyAutoScanTimeArrayInput is an input type that accepts GetImageAssurancePolicyAutoScanTimeArray and GetImageAssurancePolicyAutoScanTimeArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyAutoScanTimeArrayInput` via: // @@ -21209,12 +34814,6 @@ func (i GetImageAssurancePolicyAutoScanTimeArray) ToGetImageAssurancePolicyAutoS return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyAutoScanTimeArrayOutput) } -func (i GetImageAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetImageAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetImageAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { @@ -21229,12 +34828,6 @@ func (o GetImageAssurancePolicyAutoScanTimeOutput) ToGetImageAssurancePolicyAuto return o } -func (o GetImageAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyAutoScanTime] { - return pulumix.Output[GetImageAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntOutput { return o.ApplyT(func(v GetImageAssurancePolicyAutoScanTime) int { return v.Iteration }).(pulumi.IntOutput) } @@ -21265,12 +34858,6 @@ func (o GetImageAssurancePolicyAutoScanTimeArrayOutput) ToGetImageAssurancePolic return o } -func (o GetImageAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetImageAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyAutoScanTimeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyAutoScanTime { return vs[0].([]GetImageAssurancePolicyAutoScanTime)[vs[1].(int)] @@ -21278,7 +34865,6 @@ func (o GetImageAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) } type GetImageAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. Author string `pulumi:"author"` Description string `pulumi:"description"` Engine string `pulumi:"engine"` @@ -21303,7 +34889,6 @@ type GetImageAssurancePolicyCustomCheckInput interface { } type GetImageAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. Author pulumi.StringInput `pulumi:"author"` Description pulumi.StringInput `pulumi:"description"` Engine pulumi.StringInput `pulumi:"engine"` @@ -21328,12 +34913,6 @@ func (i GetImageAssurancePolicyCustomCheckArgs) ToGetImageAssurancePolicyCustomC return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyCustomCheckOutput) } -func (i GetImageAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyCustomCheck] { - return pulumix.Output[GetImageAssurancePolicyCustomCheck]{ - OutputState: i.ToGetImageAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyCustomCheckArrayInput is an input type that accepts GetImageAssurancePolicyCustomCheckArray and GetImageAssurancePolicyCustomCheckArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyCustomCheckArrayInput` via: // @@ -21359,12 +34938,6 @@ func (i GetImageAssurancePolicyCustomCheckArray) ToGetImageAssurancePolicyCustom return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyCustomCheckArrayOutput) } -func (i GetImageAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetImageAssurancePolicyCustomCheck]{ - OutputState: i.ToGetImageAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { @@ -21379,13 +34952,6 @@ func (o GetImageAssurancePolicyCustomCheckOutput) ToGetImageAssurancePolicyCusto return o } -func (o GetImageAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyCustomCheck] { - return pulumix.Output[GetImageAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - -// Name of user account that created the policy. func (o GetImageAssurancePolicyCustomCheckOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyCustomCheck) string { return v.Author }).(pulumi.StringOutput) } @@ -21440,12 +35006,6 @@ func (o GetImageAssurancePolicyCustomCheckArrayOutput) ToGetImageAssurancePolicy return o } -func (o GetImageAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetImageAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyCustomCheckOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyCustomCheck { return vs[0].([]GetImageAssurancePolicyCustomCheck)[vs[1].(int)] @@ -21485,12 +35045,6 @@ func (i GetImageAssurancePolicyForbiddenLabelArgs) ToGetImageAssurancePolicyForb return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyForbiddenLabelOutput) } -func (i GetImageAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetImageAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetImageAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyForbiddenLabelArrayInput is an input type that accepts GetImageAssurancePolicyForbiddenLabelArray and GetImageAssurancePolicyForbiddenLabelArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyForbiddenLabelArrayInput` via: // @@ -21516,12 +35070,6 @@ func (i GetImageAssurancePolicyForbiddenLabelArray) ToGetImageAssurancePolicyFor return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyForbiddenLabelArrayOutput) } -func (i GetImageAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetImageAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetImageAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { @@ -21536,12 +35084,6 @@ func (o GetImageAssurancePolicyForbiddenLabelOutput) ToGetImageAssurancePolicyFo return o } -func (o GetImageAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetImageAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyForbiddenLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -21564,12 +35106,6 @@ func (o GetImageAssurancePolicyForbiddenLabelArrayOutput) ToGetImageAssurancePol return o } -func (o GetImageAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetImageAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyForbiddenLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyForbiddenLabel { return vs[0].([]GetImageAssurancePolicyForbiddenLabel)[vs[1].(int)] @@ -21623,12 +35159,6 @@ func (i GetImageAssurancePolicyPackagesBlackListArgs) ToGetImageAssurancePolicyP return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyPackagesBlackListOutput) } -func (i GetImageAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetImageAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetImageAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyPackagesBlackListArrayInput is an input type that accepts GetImageAssurancePolicyPackagesBlackListArray and GetImageAssurancePolicyPackagesBlackListArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyPackagesBlackListArrayInput` via: // @@ -21654,12 +35184,6 @@ func (i GetImageAssurancePolicyPackagesBlackListArray) ToGetImageAssurancePolicy return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyPackagesBlackListArrayOutput) } -func (i GetImageAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetImageAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetImageAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { @@ -21674,12 +35198,6 @@ func (o GetImageAssurancePolicyPackagesBlackListOutput) ToGetImageAssurancePolic return o } -func (o GetImageAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetImageAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyPackagesBlackList) string { return v.Arch }).(pulumi.StringOutput) } @@ -21730,12 +35248,6 @@ func (o GetImageAssurancePolicyPackagesBlackListArrayOutput) ToGetImageAssurance return o } -func (o GetImageAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetImageAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyPackagesBlackListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyPackagesBlackList { return vs[0].([]GetImageAssurancePolicyPackagesBlackList)[vs[1].(int)] @@ -21789,12 +35301,6 @@ func (i GetImageAssurancePolicyPackagesWhiteListArgs) ToGetImageAssurancePolicyP return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyPackagesWhiteListOutput) } -func (i GetImageAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetImageAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetImageAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts GetImageAssurancePolicyPackagesWhiteListArray and GetImageAssurancePolicyPackagesWhiteListArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyPackagesWhiteListArrayInput` via: // @@ -21820,12 +35326,6 @@ func (i GetImageAssurancePolicyPackagesWhiteListArray) ToGetImageAssurancePolicy return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyPackagesWhiteListArrayOutput) } -func (i GetImageAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetImageAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetImageAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { @@ -21840,12 +35340,6 @@ func (o GetImageAssurancePolicyPackagesWhiteListOutput) ToGetImageAssurancePolic return o } -func (o GetImageAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetImageAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyPackagesWhiteList) string { return v.Arch }).(pulumi.StringOutput) } @@ -21896,12 +35390,6 @@ func (o GetImageAssurancePolicyPackagesWhiteListArrayOutput) ToGetImageAssurance return o } -func (o GetImageAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetImageAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyPackagesWhiteListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyPackagesWhiteList { return vs[0].([]GetImageAssurancePolicyPackagesWhiteList)[vs[1].(int)] @@ -21941,12 +35429,6 @@ func (i GetImageAssurancePolicyRequiredLabelArgs) ToGetImageAssurancePolicyRequi return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyRequiredLabelOutput) } -func (i GetImageAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyRequiredLabel] { - return pulumix.Output[GetImageAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetImageAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyRequiredLabelArrayInput is an input type that accepts GetImageAssurancePolicyRequiredLabelArray and GetImageAssurancePolicyRequiredLabelArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyRequiredLabelArrayInput` via: // @@ -21972,12 +35454,6 @@ func (i GetImageAssurancePolicyRequiredLabelArray) ToGetImageAssurancePolicyRequ return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyRequiredLabelArrayOutput) } -func (i GetImageAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetImageAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetImageAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { @@ -21992,12 +35468,6 @@ func (o GetImageAssurancePolicyRequiredLabelOutput) ToGetImageAssurancePolicyReq return o } -func (o GetImageAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyRequiredLabel] { - return pulumix.Output[GetImageAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyRequiredLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyRequiredLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -22020,12 +35490,6 @@ func (o GetImageAssurancePolicyRequiredLabelArrayOutput) ToGetImageAssurancePoli return o } -func (o GetImageAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetImageAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyRequiredLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyRequiredLabel { return vs[0].([]GetImageAssurancePolicyRequiredLabel)[vs[1].(int)] @@ -22065,12 +35529,6 @@ func (i GetImageAssurancePolicyScopeArgs) ToGetImageAssurancePolicyScopeOutputWi return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyScopeOutput) } -func (i GetImageAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyScope] { - return pulumix.Output[GetImageAssurancePolicyScope]{ - OutputState: i.ToGetImageAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyScopeArrayInput is an input type that accepts GetImageAssurancePolicyScopeArray and GetImageAssurancePolicyScopeArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyScopeArrayInput` via: // @@ -22096,12 +35554,6 @@ func (i GetImageAssurancePolicyScopeArray) ToGetImageAssurancePolicyScopeArrayOu return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyScopeArrayOutput) } -func (i GetImageAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyScope] { - return pulumix.Output[[]GetImageAssurancePolicyScope]{ - OutputState: i.ToGetImageAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyScopeOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyScopeOutput) ElementType() reflect.Type { @@ -22116,12 +35568,6 @@ func (o GetImageAssurancePolicyScopeOutput) ToGetImageAssurancePolicyScopeOutput return o } -func (o GetImageAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyScope] { - return pulumix.Output[GetImageAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyScopeOutput) Expression() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyScope) string { return v.Expression }).(pulumi.StringOutput) } @@ -22144,12 +35590,6 @@ func (o GetImageAssurancePolicyScopeArrayOutput) ToGetImageAssurancePolicyScopeA return o } -func (o GetImageAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyScope] { - return pulumix.Output[[]GetImageAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyScopeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyScope { return vs[0].([]GetImageAssurancePolicyScope)[vs[1].(int)] @@ -22191,12 +35631,6 @@ func (i GetImageAssurancePolicyScopeVariableArgs) ToGetImageAssurancePolicyScope return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyScopeVariableOutput) } -func (i GetImageAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyScopeVariable] { - return pulumix.Output[GetImageAssurancePolicyScopeVariable]{ - OutputState: i.ToGetImageAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyScopeVariableArrayInput is an input type that accepts GetImageAssurancePolicyScopeVariableArray and GetImageAssurancePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyScopeVariableArrayInput` via: // @@ -22222,12 +35656,6 @@ func (i GetImageAssurancePolicyScopeVariableArray) ToGetImageAssurancePolicyScop return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyScopeVariableArrayOutput) } -func (i GetImageAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetImageAssurancePolicyScopeVariable]{ - OutputState: i.ToGetImageAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { @@ -22242,12 +35670,6 @@ func (o GetImageAssurancePolicyScopeVariableOutput) ToGetImageAssurancePolicySco return o } -func (o GetImageAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyScopeVariable] { - return pulumix.Output[GetImageAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } @@ -22274,12 +35696,6 @@ func (o GetImageAssurancePolicyScopeVariableArrayOutput) ToGetImageAssurancePoli return o } -func (o GetImageAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetImageAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyScopeVariable { return vs[0].([]GetImageAssurancePolicyScopeVariable)[vs[1].(int)] @@ -22319,12 +35735,6 @@ func (i GetImageAssurancePolicyTrustedBaseImageArgs) ToGetImageAssurancePolicyTr return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyTrustedBaseImageOutput) } -func (i GetImageAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetImageAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetImageAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } -} - // GetImageAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts GetImageAssurancePolicyTrustedBaseImageArray and GetImageAssurancePolicyTrustedBaseImageArrayOutput values. // You can construct a concrete instance of `GetImageAssurancePolicyTrustedBaseImageArrayInput` via: // @@ -22350,12 +35760,6 @@ func (i GetImageAssurancePolicyTrustedBaseImageArray) ToGetImageAssurancePolicyT return pulumi.ToOutputWithContext(ctx, i).(GetImageAssurancePolicyTrustedBaseImageArrayOutput) } -func (i GetImageAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetImageAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetImageAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } func (GetImageAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { @@ -22370,12 +35774,6 @@ func (o GetImageAssurancePolicyTrustedBaseImageOutput) ToGetImageAssurancePolicy return o } -func (o GetImageAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetImageAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringOutput { return o.ApplyT(func(v GetImageAssurancePolicyTrustedBaseImage) string { return v.Imagename }).(pulumi.StringOutput) } @@ -22398,12 +35796,6 @@ func (o GetImageAssurancePolicyTrustedBaseImageArrayOutput) ToGetImageAssuranceP return o } -func (o GetImageAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetImageAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - func (o GetImageAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) GetImageAssurancePolicyTrustedBaseImageOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageAssurancePolicyTrustedBaseImage { return vs[0].([]GetImageAssurancePolicyTrustedBaseImage)[vs[1].(int)] @@ -22411,14 +35803,11 @@ func (o GetImageAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntIn } type GetImageHistory struct { - // The image creation comment. - Comment string `pulumi:"comment"` - // The date and time when the image was registered. + Comment string `pulumi:"comment"` Created string `pulumi:"created"` CreatedBy string `pulumi:"createdBy"` - // The ID of this resource. - Id string `pulumi:"id"` - Size int `pulumi:"size"` + Id string `pulumi:"id"` + Size int `pulumi:"size"` } // GetImageHistoryInput is an input type that accepts GetImageHistoryArgs and GetImageHistoryOutput values. @@ -22433,14 +35822,11 @@ type GetImageHistoryInput interface { } type GetImageHistoryArgs struct { - // The image creation comment. - Comment pulumi.StringInput `pulumi:"comment"` - // The date and time when the image was registered. + Comment pulumi.StringInput `pulumi:"comment"` Created pulumi.StringInput `pulumi:"created"` CreatedBy pulumi.StringInput `pulumi:"createdBy"` - // The ID of this resource. - Id pulumi.StringInput `pulumi:"id"` - Size pulumi.IntInput `pulumi:"size"` + Id pulumi.StringInput `pulumi:"id"` + Size pulumi.IntInput `pulumi:"size"` } func (GetImageHistoryArgs) ElementType() reflect.Type { @@ -22455,12 +35841,6 @@ func (i GetImageHistoryArgs) ToGetImageHistoryOutputWithContext(ctx context.Cont return pulumi.ToOutputWithContext(ctx, i).(GetImageHistoryOutput) } -func (i GetImageHistoryArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageHistory] { - return pulumix.Output[GetImageHistory]{ - OutputState: i.ToGetImageHistoryOutputWithContext(ctx).OutputState, - } -} - // GetImageHistoryArrayInput is an input type that accepts GetImageHistoryArray and GetImageHistoryArrayOutput values. // You can construct a concrete instance of `GetImageHistoryArrayInput` via: // @@ -22486,12 +35866,6 @@ func (i GetImageHistoryArray) ToGetImageHistoryArrayOutputWithContext(ctx contex return pulumi.ToOutputWithContext(ctx, i).(GetImageHistoryArrayOutput) } -func (i GetImageHistoryArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageHistory] { - return pulumix.Output[[]GetImageHistory]{ - OutputState: i.ToGetImageHistoryArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageHistoryOutput struct{ *pulumi.OutputState } func (GetImageHistoryOutput) ElementType() reflect.Type { @@ -22506,18 +35880,10 @@ func (o GetImageHistoryOutput) ToGetImageHistoryOutputWithContext(ctx context.Co return o } -func (o GetImageHistoryOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageHistory] { - return pulumix.Output[GetImageHistory]{ - OutputState: o.OutputState, - } -} - -// The image creation comment. func (o GetImageHistoryOutput) Comment() pulumi.StringOutput { return o.ApplyT(func(v GetImageHistory) string { return v.Comment }).(pulumi.StringOutput) } -// The date and time when the image was registered. func (o GetImageHistoryOutput) Created() pulumi.StringOutput { return o.ApplyT(func(v GetImageHistory) string { return v.Created }).(pulumi.StringOutput) } @@ -22526,7 +35892,6 @@ func (o GetImageHistoryOutput) CreatedBy() pulumi.StringOutput { return o.ApplyT(func(v GetImageHistory) string { return v.CreatedBy }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetImageHistoryOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v GetImageHistory) string { return v.Id }).(pulumi.StringOutput) } @@ -22549,12 +35914,6 @@ func (o GetImageHistoryArrayOutput) ToGetImageHistoryArrayOutputWithContext(ctx return o } -func (o GetImageHistoryArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageHistory] { - return pulumix.Output[[]GetImageHistory]{ - OutputState: o.OutputState, - } -} - func (o GetImageHistoryArrayOutput) Index(i pulumi.IntInput) GetImageHistoryOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageHistory { return vs[0].([]GetImageHistory)[vs[1].(int)] @@ -22562,79 +35921,72 @@ func (o GetImageHistoryArrayOutput) Index(i pulumi.IntInput) GetImageHistoryOutp } type GetImageVulnerability struct { - AckAuthor string `pulumi:"ackAuthor"` - AckComment string `pulumi:"ackComment"` - AckExpirationConfiguredAt string `pulumi:"ackExpirationConfiguredAt"` - AckExpirationConfiguredBy string `pulumi:"ackExpirationConfiguredBy"` - AckExpirationDays int `pulumi:"ackExpirationDays"` - AckScope string `pulumi:"ackScope"` - AcknowledgeDate string `pulumi:"acknowledgeDate"` - AncestorPkg string `pulumi:"ancestorPkg"` - AquaScore float64 `pulumi:"aquaScore"` - AquaScoreClassification string `pulumi:"aquaScoreClassification"` - AquaScoringSystem string `pulumi:"aquaScoringSystem"` - AquaSeverity string `pulumi:"aquaSeverity"` - AquaSeverityClassification string `pulumi:"aquaSeverityClassification"` - AquaVectors string `pulumi:"aquaVectors"` - AuditEventsCount int `pulumi:"auditEventsCount"` - BlockEventsCount int `pulumi:"blockEventsCount"` - Classification string `pulumi:"classification"` - Description string `pulumi:"description"` - // The content digest of the image. - Digest string `pulumi:"digest"` - ExploitReference string `pulumi:"exploitReference"` - ExploitType string `pulumi:"exploitType"` - FirstFoundDate string `pulumi:"firstFoundDate"` - FixVersion string `pulumi:"fixVersion"` - ImageName string `pulumi:"imageName"` - LastFoundDate string `pulumi:"lastFoundDate"` - ModificationDate string `pulumi:"modificationDate"` - // The name of the image. - Name string `pulumi:"name"` - NvdCvss2Score float64 `pulumi:"nvdCvss2Score"` - NvdCvss2Vectors string `pulumi:"nvdCvss2Vectors"` - NvdCvss3Score float64 `pulumi:"nvdCvss3Score"` - NvdCvss3Severity string `pulumi:"nvdCvss3Severity"` - NvdCvss3Vectors string `pulumi:"nvdCvss3Vectors"` - NvdSeverity string `pulumi:"nvdSeverity"` - NvdUrl string `pulumi:"nvdUrl"` - // The operating system detected in the image - Os string `pulumi:"os"` - // The version of the OS detected in the image. - OsVersion string `pulumi:"osVersion"` - // Permission of the image. - Permission string `pulumi:"permission"` - PublishDate string `pulumi:"publishDate"` - // The name of the registry where the image is stored. - Registry string `pulumi:"registry"` - // The name of the image's repository. - Repository string `pulumi:"repository"` - ResourceArchitecture string `pulumi:"resourceArchitecture"` - ResourceCpe string `pulumi:"resourceCpe"` - ResourceFormat string `pulumi:"resourceFormat"` - ResourceHash string `pulumi:"resourceHash"` - ResourceLicenses []string `pulumi:"resourceLicenses"` - ResourceName string `pulumi:"resourceName"` - ResourcePath string `pulumi:"resourcePath"` - ResourceType string `pulumi:"resourceType"` - ResourceVersion string `pulumi:"resourceVersion"` - SeverityClassification string `pulumi:"severityClassification"` - Solution string `pulumi:"solution"` - TemporalVector string `pulumi:"temporalVector"` - VPatchAppliedBy string `pulumi:"vPatchAppliedBy"` - VPatchAppliedOn string `pulumi:"vPatchAppliedOn"` - VPatchEnforcedBy string `pulumi:"vPatchEnforcedBy"` - VPatchEnforcedOn string `pulumi:"vPatchEnforcedOn"` - VPatchPolicyEnforce bool `pulumi:"vPatchPolicyEnforce"` - VPatchPolicyName string `pulumi:"vPatchPolicyName"` - VPatchRevertedBy string `pulumi:"vPatchRevertedBy"` - VPatchRevertedOn string `pulumi:"vPatchRevertedOn"` - VPatchStatus string `pulumi:"vPatchStatus"` - VendorCvss2Score float64 `pulumi:"vendorCvss2Score"` - VendorCvss2Vectors string `pulumi:"vendorCvss2Vectors"` - VendorSeverity string `pulumi:"vendorSeverity"` - VendorStatement string `pulumi:"vendorStatement"` - VendorUrl string `pulumi:"vendorUrl"` + AckAuthor string `pulumi:"ackAuthor"` + AckComment string `pulumi:"ackComment"` + AckExpirationConfiguredAt string `pulumi:"ackExpirationConfiguredAt"` + AckExpirationConfiguredBy string `pulumi:"ackExpirationConfiguredBy"` + AckExpirationDays int `pulumi:"ackExpirationDays"` + AckScope string `pulumi:"ackScope"` + AcknowledgeDate string `pulumi:"acknowledgeDate"` + AncestorPkg string `pulumi:"ancestorPkg"` + AquaScore float64 `pulumi:"aquaScore"` + AquaScoreClassification string `pulumi:"aquaScoreClassification"` + AquaScoringSystem string `pulumi:"aquaScoringSystem"` + AquaSeverity string `pulumi:"aquaSeverity"` + AquaSeverityClassification string `pulumi:"aquaSeverityClassification"` + AquaVectors string `pulumi:"aquaVectors"` + AuditEventsCount int `pulumi:"auditEventsCount"` + BlockEventsCount int `pulumi:"blockEventsCount"` + Classification string `pulumi:"classification"` + Description string `pulumi:"description"` + Digest string `pulumi:"digest"` + ExploitReference string `pulumi:"exploitReference"` + ExploitType string `pulumi:"exploitType"` + FirstFoundDate string `pulumi:"firstFoundDate"` + FixVersion string `pulumi:"fixVersion"` + ImageName string `pulumi:"imageName"` + LastFoundDate string `pulumi:"lastFoundDate"` + ModificationDate string `pulumi:"modificationDate"` + Name string `pulumi:"name"` + NvdCvss2Score float64 `pulumi:"nvdCvss2Score"` + NvdCvss2Vectors string `pulumi:"nvdCvss2Vectors"` + NvdCvss3Score float64 `pulumi:"nvdCvss3Score"` + NvdCvss3Severity string `pulumi:"nvdCvss3Severity"` + NvdCvss3Vectors string `pulumi:"nvdCvss3Vectors"` + NvdSeverity string `pulumi:"nvdSeverity"` + NvdUrl string `pulumi:"nvdUrl"` + Os string `pulumi:"os"` + OsVersion string `pulumi:"osVersion"` + Permission string `pulumi:"permission"` + PublishDate string `pulumi:"publishDate"` + Registry string `pulumi:"registry"` + Repository string `pulumi:"repository"` + ResourceArchitecture string `pulumi:"resourceArchitecture"` + ResourceCpe string `pulumi:"resourceCpe"` + ResourceFormat string `pulumi:"resourceFormat"` + ResourceHash string `pulumi:"resourceHash"` + ResourceLicenses []string `pulumi:"resourceLicenses"` + ResourceName string `pulumi:"resourceName"` + ResourcePath string `pulumi:"resourcePath"` + ResourceType string `pulumi:"resourceType"` + ResourceVersion string `pulumi:"resourceVersion"` + SeverityClassification string `pulumi:"severityClassification"` + Solution string `pulumi:"solution"` + TemporalVector string `pulumi:"temporalVector"` + VPatchAppliedBy string `pulumi:"vPatchAppliedBy"` + VPatchAppliedOn string `pulumi:"vPatchAppliedOn"` + VPatchEnforcedBy string `pulumi:"vPatchEnforcedBy"` + VPatchEnforcedOn string `pulumi:"vPatchEnforcedOn"` + VPatchPolicyEnforce bool `pulumi:"vPatchPolicyEnforce"` + VPatchPolicyName string `pulumi:"vPatchPolicyName"` + VPatchRevertedBy string `pulumi:"vPatchRevertedBy"` + VPatchRevertedOn string `pulumi:"vPatchRevertedOn"` + VPatchStatus string `pulumi:"vPatchStatus"` + VendorCvss2Score float64 `pulumi:"vendorCvss2Score"` + VendorCvss2Vectors string `pulumi:"vendorCvss2Vectors"` + VendorSeverity string `pulumi:"vendorSeverity"` + VendorStatement string `pulumi:"vendorStatement"` + VendorUrl string `pulumi:"vendorUrl"` } // GetImageVulnerabilityInput is an input type that accepts GetImageVulnerabilityArgs and GetImageVulnerabilityOutput values. @@ -22649,79 +36001,72 @@ type GetImageVulnerabilityInput interface { } type GetImageVulnerabilityArgs struct { - AckAuthor pulumi.StringInput `pulumi:"ackAuthor"` - AckComment pulumi.StringInput `pulumi:"ackComment"` - AckExpirationConfiguredAt pulumi.StringInput `pulumi:"ackExpirationConfiguredAt"` - AckExpirationConfiguredBy pulumi.StringInput `pulumi:"ackExpirationConfiguredBy"` - AckExpirationDays pulumi.IntInput `pulumi:"ackExpirationDays"` - AckScope pulumi.StringInput `pulumi:"ackScope"` - AcknowledgeDate pulumi.StringInput `pulumi:"acknowledgeDate"` - AncestorPkg pulumi.StringInput `pulumi:"ancestorPkg"` - AquaScore pulumi.Float64Input `pulumi:"aquaScore"` - AquaScoreClassification pulumi.StringInput `pulumi:"aquaScoreClassification"` - AquaScoringSystem pulumi.StringInput `pulumi:"aquaScoringSystem"` - AquaSeverity pulumi.StringInput `pulumi:"aquaSeverity"` - AquaSeverityClassification pulumi.StringInput `pulumi:"aquaSeverityClassification"` - AquaVectors pulumi.StringInput `pulumi:"aquaVectors"` - AuditEventsCount pulumi.IntInput `pulumi:"auditEventsCount"` - BlockEventsCount pulumi.IntInput `pulumi:"blockEventsCount"` - Classification pulumi.StringInput `pulumi:"classification"` - Description pulumi.StringInput `pulumi:"description"` - // The content digest of the image. - Digest pulumi.StringInput `pulumi:"digest"` - ExploitReference pulumi.StringInput `pulumi:"exploitReference"` - ExploitType pulumi.StringInput `pulumi:"exploitType"` - FirstFoundDate pulumi.StringInput `pulumi:"firstFoundDate"` - FixVersion pulumi.StringInput `pulumi:"fixVersion"` - ImageName pulumi.StringInput `pulumi:"imageName"` - LastFoundDate pulumi.StringInput `pulumi:"lastFoundDate"` - ModificationDate pulumi.StringInput `pulumi:"modificationDate"` - // The name of the image. - Name pulumi.StringInput `pulumi:"name"` - NvdCvss2Score pulumi.Float64Input `pulumi:"nvdCvss2Score"` - NvdCvss2Vectors pulumi.StringInput `pulumi:"nvdCvss2Vectors"` - NvdCvss3Score pulumi.Float64Input `pulumi:"nvdCvss3Score"` - NvdCvss3Severity pulumi.StringInput `pulumi:"nvdCvss3Severity"` - NvdCvss3Vectors pulumi.StringInput `pulumi:"nvdCvss3Vectors"` - NvdSeverity pulumi.StringInput `pulumi:"nvdSeverity"` - NvdUrl pulumi.StringInput `pulumi:"nvdUrl"` - // The operating system detected in the image - Os pulumi.StringInput `pulumi:"os"` - // The version of the OS detected in the image. - OsVersion pulumi.StringInput `pulumi:"osVersion"` - // Permission of the image. - Permission pulumi.StringInput `pulumi:"permission"` - PublishDate pulumi.StringInput `pulumi:"publishDate"` - // The name of the registry where the image is stored. - Registry pulumi.StringInput `pulumi:"registry"` - // The name of the image's repository. - Repository pulumi.StringInput `pulumi:"repository"` - ResourceArchitecture pulumi.StringInput `pulumi:"resourceArchitecture"` - ResourceCpe pulumi.StringInput `pulumi:"resourceCpe"` - ResourceFormat pulumi.StringInput `pulumi:"resourceFormat"` - ResourceHash pulumi.StringInput `pulumi:"resourceHash"` - ResourceLicenses pulumi.StringArrayInput `pulumi:"resourceLicenses"` - ResourceName pulumi.StringInput `pulumi:"resourceName"` - ResourcePath pulumi.StringInput `pulumi:"resourcePath"` - ResourceType pulumi.StringInput `pulumi:"resourceType"` - ResourceVersion pulumi.StringInput `pulumi:"resourceVersion"` - SeverityClassification pulumi.StringInput `pulumi:"severityClassification"` - Solution pulumi.StringInput `pulumi:"solution"` - TemporalVector pulumi.StringInput `pulumi:"temporalVector"` - VPatchAppliedBy pulumi.StringInput `pulumi:"vPatchAppliedBy"` - VPatchAppliedOn pulumi.StringInput `pulumi:"vPatchAppliedOn"` - VPatchEnforcedBy pulumi.StringInput `pulumi:"vPatchEnforcedBy"` - VPatchEnforcedOn pulumi.StringInput `pulumi:"vPatchEnforcedOn"` - VPatchPolicyEnforce pulumi.BoolInput `pulumi:"vPatchPolicyEnforce"` - VPatchPolicyName pulumi.StringInput `pulumi:"vPatchPolicyName"` - VPatchRevertedBy pulumi.StringInput `pulumi:"vPatchRevertedBy"` - VPatchRevertedOn pulumi.StringInput `pulumi:"vPatchRevertedOn"` - VPatchStatus pulumi.StringInput `pulumi:"vPatchStatus"` - VendorCvss2Score pulumi.Float64Input `pulumi:"vendorCvss2Score"` - VendorCvss2Vectors pulumi.StringInput `pulumi:"vendorCvss2Vectors"` - VendorSeverity pulumi.StringInput `pulumi:"vendorSeverity"` - VendorStatement pulumi.StringInput `pulumi:"vendorStatement"` - VendorUrl pulumi.StringInput `pulumi:"vendorUrl"` + AckAuthor pulumi.StringInput `pulumi:"ackAuthor"` + AckComment pulumi.StringInput `pulumi:"ackComment"` + AckExpirationConfiguredAt pulumi.StringInput `pulumi:"ackExpirationConfiguredAt"` + AckExpirationConfiguredBy pulumi.StringInput `pulumi:"ackExpirationConfiguredBy"` + AckExpirationDays pulumi.IntInput `pulumi:"ackExpirationDays"` + AckScope pulumi.StringInput `pulumi:"ackScope"` + AcknowledgeDate pulumi.StringInput `pulumi:"acknowledgeDate"` + AncestorPkg pulumi.StringInput `pulumi:"ancestorPkg"` + AquaScore pulumi.Float64Input `pulumi:"aquaScore"` + AquaScoreClassification pulumi.StringInput `pulumi:"aquaScoreClassification"` + AquaScoringSystem pulumi.StringInput `pulumi:"aquaScoringSystem"` + AquaSeverity pulumi.StringInput `pulumi:"aquaSeverity"` + AquaSeverityClassification pulumi.StringInput `pulumi:"aquaSeverityClassification"` + AquaVectors pulumi.StringInput `pulumi:"aquaVectors"` + AuditEventsCount pulumi.IntInput `pulumi:"auditEventsCount"` + BlockEventsCount pulumi.IntInput `pulumi:"blockEventsCount"` + Classification pulumi.StringInput `pulumi:"classification"` + Description pulumi.StringInput `pulumi:"description"` + Digest pulumi.StringInput `pulumi:"digest"` + ExploitReference pulumi.StringInput `pulumi:"exploitReference"` + ExploitType pulumi.StringInput `pulumi:"exploitType"` + FirstFoundDate pulumi.StringInput `pulumi:"firstFoundDate"` + FixVersion pulumi.StringInput `pulumi:"fixVersion"` + ImageName pulumi.StringInput `pulumi:"imageName"` + LastFoundDate pulumi.StringInput `pulumi:"lastFoundDate"` + ModificationDate pulumi.StringInput `pulumi:"modificationDate"` + Name pulumi.StringInput `pulumi:"name"` + NvdCvss2Score pulumi.Float64Input `pulumi:"nvdCvss2Score"` + NvdCvss2Vectors pulumi.StringInput `pulumi:"nvdCvss2Vectors"` + NvdCvss3Score pulumi.Float64Input `pulumi:"nvdCvss3Score"` + NvdCvss3Severity pulumi.StringInput `pulumi:"nvdCvss3Severity"` + NvdCvss3Vectors pulumi.StringInput `pulumi:"nvdCvss3Vectors"` + NvdSeverity pulumi.StringInput `pulumi:"nvdSeverity"` + NvdUrl pulumi.StringInput `pulumi:"nvdUrl"` + Os pulumi.StringInput `pulumi:"os"` + OsVersion pulumi.StringInput `pulumi:"osVersion"` + Permission pulumi.StringInput `pulumi:"permission"` + PublishDate pulumi.StringInput `pulumi:"publishDate"` + Registry pulumi.StringInput `pulumi:"registry"` + Repository pulumi.StringInput `pulumi:"repository"` + ResourceArchitecture pulumi.StringInput `pulumi:"resourceArchitecture"` + ResourceCpe pulumi.StringInput `pulumi:"resourceCpe"` + ResourceFormat pulumi.StringInput `pulumi:"resourceFormat"` + ResourceHash pulumi.StringInput `pulumi:"resourceHash"` + ResourceLicenses pulumi.StringArrayInput `pulumi:"resourceLicenses"` + ResourceName pulumi.StringInput `pulumi:"resourceName"` + ResourcePath pulumi.StringInput `pulumi:"resourcePath"` + ResourceType pulumi.StringInput `pulumi:"resourceType"` + ResourceVersion pulumi.StringInput `pulumi:"resourceVersion"` + SeverityClassification pulumi.StringInput `pulumi:"severityClassification"` + Solution pulumi.StringInput `pulumi:"solution"` + TemporalVector pulumi.StringInput `pulumi:"temporalVector"` + VPatchAppliedBy pulumi.StringInput `pulumi:"vPatchAppliedBy"` + VPatchAppliedOn pulumi.StringInput `pulumi:"vPatchAppliedOn"` + VPatchEnforcedBy pulumi.StringInput `pulumi:"vPatchEnforcedBy"` + VPatchEnforcedOn pulumi.StringInput `pulumi:"vPatchEnforcedOn"` + VPatchPolicyEnforce pulumi.BoolInput `pulumi:"vPatchPolicyEnforce"` + VPatchPolicyName pulumi.StringInput `pulumi:"vPatchPolicyName"` + VPatchRevertedBy pulumi.StringInput `pulumi:"vPatchRevertedBy"` + VPatchRevertedOn pulumi.StringInput `pulumi:"vPatchRevertedOn"` + VPatchStatus pulumi.StringInput `pulumi:"vPatchStatus"` + VendorCvss2Score pulumi.Float64Input `pulumi:"vendorCvss2Score"` + VendorCvss2Vectors pulumi.StringInput `pulumi:"vendorCvss2Vectors"` + VendorSeverity pulumi.StringInput `pulumi:"vendorSeverity"` + VendorStatement pulumi.StringInput `pulumi:"vendorStatement"` + VendorUrl pulumi.StringInput `pulumi:"vendorUrl"` } func (GetImageVulnerabilityArgs) ElementType() reflect.Type { @@ -22736,12 +36081,6 @@ func (i GetImageVulnerabilityArgs) ToGetImageVulnerabilityOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetImageVulnerabilityOutput) } -func (i GetImageVulnerabilityArgs) ToOutput(ctx context.Context) pulumix.Output[GetImageVulnerability] { - return pulumix.Output[GetImageVulnerability]{ - OutputState: i.ToGetImageVulnerabilityOutputWithContext(ctx).OutputState, - } -} - // GetImageVulnerabilityArrayInput is an input type that accepts GetImageVulnerabilityArray and GetImageVulnerabilityArrayOutput values. // You can construct a concrete instance of `GetImageVulnerabilityArrayInput` via: // @@ -22767,12 +36106,6 @@ func (i GetImageVulnerabilityArray) ToGetImageVulnerabilityArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetImageVulnerabilityArrayOutput) } -func (i GetImageVulnerabilityArray) ToOutput(ctx context.Context) pulumix.Output[[]GetImageVulnerability] { - return pulumix.Output[[]GetImageVulnerability]{ - OutputState: i.ToGetImageVulnerabilityArrayOutputWithContext(ctx).OutputState, - } -} - type GetImageVulnerabilityOutput struct{ *pulumi.OutputState } func (GetImageVulnerabilityOutput) ElementType() reflect.Type { @@ -22787,12 +36120,6 @@ func (o GetImageVulnerabilityOutput) ToGetImageVulnerabilityOutputWithContext(ct return o } -func (o GetImageVulnerabilityOutput) ToOutput(ctx context.Context) pulumix.Output[GetImageVulnerability] { - return pulumix.Output[GetImageVulnerability]{ - OutputState: o.OutputState, - } -} - func (o GetImageVulnerabilityOutput) AckAuthor() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.AckAuthor }).(pulumi.StringOutput) } @@ -22865,7 +36192,6 @@ func (o GetImageVulnerabilityOutput) Description() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Description }).(pulumi.StringOutput) } -// The content digest of the image. func (o GetImageVulnerabilityOutput) Digest() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Digest }).(pulumi.StringOutput) } @@ -22898,7 +36224,6 @@ func (o GetImageVulnerabilityOutput) ModificationDate() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.ModificationDate }).(pulumi.StringOutput) } -// The name of the image. func (o GetImageVulnerabilityOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Name }).(pulumi.StringOutput) } @@ -22931,17 +36256,14 @@ func (o GetImageVulnerabilityOutput) NvdUrl() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.NvdUrl }).(pulumi.StringOutput) } -// The operating system detected in the image func (o GetImageVulnerabilityOutput) Os() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Os }).(pulumi.StringOutput) } -// The version of the OS detected in the image. func (o GetImageVulnerabilityOutput) OsVersion() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.OsVersion }).(pulumi.StringOutput) } -// Permission of the image. func (o GetImageVulnerabilityOutput) Permission() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Permission }).(pulumi.StringOutput) } @@ -22950,12 +36272,10 @@ func (o GetImageVulnerabilityOutput) PublishDate() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.PublishDate }).(pulumi.StringOutput) } -// The name of the registry where the image is stored. func (o GetImageVulnerabilityOutput) Registry() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Registry }).(pulumi.StringOutput) } -// The name of the image's repository. func (o GetImageVulnerabilityOutput) Repository() pulumi.StringOutput { return o.ApplyT(func(v GetImageVulnerability) string { return v.Repository }).(pulumi.StringOutput) } @@ -23078,18 +36398,224 @@ func (o GetImageVulnerabilityArrayOutput) ToGetImageVulnerabilityArrayOutputWith return o } -func (o GetImageVulnerabilityArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetImageVulnerability] { - return pulumix.Output[[]GetImageVulnerability]{ - OutputState: o.OutputState, - } -} - func (o GetImageVulnerabilityArrayOutput) Index(i pulumi.IntInput) GetImageVulnerabilityOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetImageVulnerability { return vs[0].([]GetImageVulnerability)[vs[1].(int)] }).(GetImageVulnerabilityOutput) } +type GetIntegrationRegistriesOption struct { + Option *string `pulumi:"option"` + Value *string `pulumi:"value"` +} + +// GetIntegrationRegistriesOptionInput is an input type that accepts GetIntegrationRegistriesOptionArgs and GetIntegrationRegistriesOptionOutput values. +// You can construct a concrete instance of `GetIntegrationRegistriesOptionInput` via: +// +// GetIntegrationRegistriesOptionArgs{...} +type GetIntegrationRegistriesOptionInput interface { + pulumi.Input + + ToGetIntegrationRegistriesOptionOutput() GetIntegrationRegistriesOptionOutput + ToGetIntegrationRegistriesOptionOutputWithContext(context.Context) GetIntegrationRegistriesOptionOutput +} + +type GetIntegrationRegistriesOptionArgs struct { + Option pulumi.StringPtrInput `pulumi:"option"` + Value pulumi.StringPtrInput `pulumi:"value"` +} + +func (GetIntegrationRegistriesOptionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationRegistriesOption)(nil)).Elem() +} + +func (i GetIntegrationRegistriesOptionArgs) ToGetIntegrationRegistriesOptionOutput() GetIntegrationRegistriesOptionOutput { + return i.ToGetIntegrationRegistriesOptionOutputWithContext(context.Background()) +} + +func (i GetIntegrationRegistriesOptionArgs) ToGetIntegrationRegistriesOptionOutputWithContext(ctx context.Context) GetIntegrationRegistriesOptionOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistriesOptionOutput) +} + +// GetIntegrationRegistriesOptionArrayInput is an input type that accepts GetIntegrationRegistriesOptionArray and GetIntegrationRegistriesOptionArrayOutput values. +// You can construct a concrete instance of `GetIntegrationRegistriesOptionArrayInput` via: +// +// GetIntegrationRegistriesOptionArray{ GetIntegrationRegistriesOptionArgs{...} } +type GetIntegrationRegistriesOptionArrayInput interface { + pulumi.Input + + ToGetIntegrationRegistriesOptionArrayOutput() GetIntegrationRegistriesOptionArrayOutput + ToGetIntegrationRegistriesOptionArrayOutputWithContext(context.Context) GetIntegrationRegistriesOptionArrayOutput +} + +type GetIntegrationRegistriesOptionArray []GetIntegrationRegistriesOptionInput + +func (GetIntegrationRegistriesOptionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetIntegrationRegistriesOption)(nil)).Elem() +} + +func (i GetIntegrationRegistriesOptionArray) ToGetIntegrationRegistriesOptionArrayOutput() GetIntegrationRegistriesOptionArrayOutput { + return i.ToGetIntegrationRegistriesOptionArrayOutputWithContext(context.Background()) +} + +func (i GetIntegrationRegistriesOptionArray) ToGetIntegrationRegistriesOptionArrayOutputWithContext(ctx context.Context) GetIntegrationRegistriesOptionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistriesOptionArrayOutput) +} + +type GetIntegrationRegistriesOptionOutput struct{ *pulumi.OutputState } + +func (GetIntegrationRegistriesOptionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationRegistriesOption)(nil)).Elem() +} + +func (o GetIntegrationRegistriesOptionOutput) ToGetIntegrationRegistriesOptionOutput() GetIntegrationRegistriesOptionOutput { + return o +} + +func (o GetIntegrationRegistriesOptionOutput) ToGetIntegrationRegistriesOptionOutputWithContext(ctx context.Context) GetIntegrationRegistriesOptionOutput { + return o +} + +func (o GetIntegrationRegistriesOptionOutput) Option() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesOption) *string { return v.Option }).(pulumi.StringPtrOutput) +} + +func (o GetIntegrationRegistriesOptionOutput) Value() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesOption) *string { return v.Value }).(pulumi.StringPtrOutput) +} + +type GetIntegrationRegistriesOptionArrayOutput struct{ *pulumi.OutputState } + +func (GetIntegrationRegistriesOptionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetIntegrationRegistriesOption)(nil)).Elem() +} + +func (o GetIntegrationRegistriesOptionArrayOutput) ToGetIntegrationRegistriesOptionArrayOutput() GetIntegrationRegistriesOptionArrayOutput { + return o +} + +func (o GetIntegrationRegistriesOptionArrayOutput) ToGetIntegrationRegistriesOptionArrayOutputWithContext(ctx context.Context) GetIntegrationRegistriesOptionArrayOutput { + return o +} + +func (o GetIntegrationRegistriesOptionArrayOutput) Index(i pulumi.IntInput) GetIntegrationRegistriesOptionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetIntegrationRegistriesOption { + return vs[0].([]GetIntegrationRegistriesOption)[vs[1].(int)] + }).(GetIntegrationRegistriesOptionOutput) +} + +type GetIntegrationRegistriesWebhook struct { + AuthToken *string `pulumi:"authToken"` + Enabled *bool `pulumi:"enabled"` + UnQuarantine *bool `pulumi:"unQuarantine"` + Url *string `pulumi:"url"` +} + +// GetIntegrationRegistriesWebhookInput is an input type that accepts GetIntegrationRegistriesWebhookArgs and GetIntegrationRegistriesWebhookOutput values. +// You can construct a concrete instance of `GetIntegrationRegistriesWebhookInput` via: +// +// GetIntegrationRegistriesWebhookArgs{...} +type GetIntegrationRegistriesWebhookInput interface { + pulumi.Input + + ToGetIntegrationRegistriesWebhookOutput() GetIntegrationRegistriesWebhookOutput + ToGetIntegrationRegistriesWebhookOutputWithContext(context.Context) GetIntegrationRegistriesWebhookOutput +} + +type GetIntegrationRegistriesWebhookArgs struct { + AuthToken pulumi.StringPtrInput `pulumi:"authToken"` + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + UnQuarantine pulumi.BoolPtrInput `pulumi:"unQuarantine"` + Url pulumi.StringPtrInput `pulumi:"url"` +} + +func (GetIntegrationRegistriesWebhookArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationRegistriesWebhook)(nil)).Elem() +} + +func (i GetIntegrationRegistriesWebhookArgs) ToGetIntegrationRegistriesWebhookOutput() GetIntegrationRegistriesWebhookOutput { + return i.ToGetIntegrationRegistriesWebhookOutputWithContext(context.Background()) +} + +func (i GetIntegrationRegistriesWebhookArgs) ToGetIntegrationRegistriesWebhookOutputWithContext(ctx context.Context) GetIntegrationRegistriesWebhookOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistriesWebhookOutput) +} + +// GetIntegrationRegistriesWebhookArrayInput is an input type that accepts GetIntegrationRegistriesWebhookArray and GetIntegrationRegistriesWebhookArrayOutput values. +// You can construct a concrete instance of `GetIntegrationRegistriesWebhookArrayInput` via: +// +// GetIntegrationRegistriesWebhookArray{ GetIntegrationRegistriesWebhookArgs{...} } +type GetIntegrationRegistriesWebhookArrayInput interface { + pulumi.Input + + ToGetIntegrationRegistriesWebhookArrayOutput() GetIntegrationRegistriesWebhookArrayOutput + ToGetIntegrationRegistriesWebhookArrayOutputWithContext(context.Context) GetIntegrationRegistriesWebhookArrayOutput +} + +type GetIntegrationRegistriesWebhookArray []GetIntegrationRegistriesWebhookInput + +func (GetIntegrationRegistriesWebhookArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetIntegrationRegistriesWebhook)(nil)).Elem() +} + +func (i GetIntegrationRegistriesWebhookArray) ToGetIntegrationRegistriesWebhookArrayOutput() GetIntegrationRegistriesWebhookArrayOutput { + return i.ToGetIntegrationRegistriesWebhookArrayOutputWithContext(context.Background()) +} + +func (i GetIntegrationRegistriesWebhookArray) ToGetIntegrationRegistriesWebhookArrayOutputWithContext(ctx context.Context) GetIntegrationRegistriesWebhookArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistriesWebhookArrayOutput) +} + +type GetIntegrationRegistriesWebhookOutput struct{ *pulumi.OutputState } + +func (GetIntegrationRegistriesWebhookOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GetIntegrationRegistriesWebhook)(nil)).Elem() +} + +func (o GetIntegrationRegistriesWebhookOutput) ToGetIntegrationRegistriesWebhookOutput() GetIntegrationRegistriesWebhookOutput { + return o +} + +func (o GetIntegrationRegistriesWebhookOutput) ToGetIntegrationRegistriesWebhookOutputWithContext(ctx context.Context) GetIntegrationRegistriesWebhookOutput { + return o +} + +func (o GetIntegrationRegistriesWebhookOutput) AuthToken() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesWebhook) *string { return v.AuthToken }).(pulumi.StringPtrOutput) +} + +func (o GetIntegrationRegistriesWebhookOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesWebhook) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o GetIntegrationRegistriesWebhookOutput) UnQuarantine() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesWebhook) *bool { return v.UnQuarantine }).(pulumi.BoolPtrOutput) +} + +func (o GetIntegrationRegistriesWebhookOutput) Url() pulumi.StringPtrOutput { + return o.ApplyT(func(v GetIntegrationRegistriesWebhook) *string { return v.Url }).(pulumi.StringPtrOutput) +} + +type GetIntegrationRegistriesWebhookArrayOutput struct{ *pulumi.OutputState } + +func (GetIntegrationRegistriesWebhookArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GetIntegrationRegistriesWebhook)(nil)).Elem() +} + +func (o GetIntegrationRegistriesWebhookArrayOutput) ToGetIntegrationRegistriesWebhookArrayOutput() GetIntegrationRegistriesWebhookArrayOutput { + return o +} + +func (o GetIntegrationRegistriesWebhookArrayOutput) ToGetIntegrationRegistriesWebhookArrayOutputWithContext(ctx context.Context) GetIntegrationRegistriesWebhookArrayOutput { + return o +} + +func (o GetIntegrationRegistriesWebhookArrayOutput) Index(i pulumi.IntInput) GetIntegrationRegistriesWebhookOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetIntegrationRegistriesWebhook { + return vs[0].([]GetIntegrationRegistriesWebhook)[vs[1].(int)] + }).(GetIntegrationRegistriesWebhookOutput) +} + type GetIntegrationRegistryOption struct { Option *string `pulumi:"option"` Value *string `pulumi:"value"` @@ -23120,13 +36646,7 @@ func (i GetIntegrationRegistryOptionArgs) ToGetIntegrationRegistryOptionOutput() } func (i GetIntegrationRegistryOptionArgs) ToGetIntegrationRegistryOptionOutputWithContext(ctx context.Context) GetIntegrationRegistryOptionOutput { - return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistryOptionOutput) -} - -func (i GetIntegrationRegistryOptionArgs) ToOutput(ctx context.Context) pulumix.Output[GetIntegrationRegistryOption] { - return pulumix.Output[GetIntegrationRegistryOption]{ - OutputState: i.ToGetIntegrationRegistryOptionOutputWithContext(ctx).OutputState, - } + return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistryOptionOutput) } // GetIntegrationRegistryOptionArrayInput is an input type that accepts GetIntegrationRegistryOptionArray and GetIntegrationRegistryOptionArrayOutput values. @@ -23154,12 +36674,6 @@ func (i GetIntegrationRegistryOptionArray) ToGetIntegrationRegistryOptionArrayOu return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistryOptionArrayOutput) } -func (i GetIntegrationRegistryOptionArray) ToOutput(ctx context.Context) pulumix.Output[[]GetIntegrationRegistryOption] { - return pulumix.Output[[]GetIntegrationRegistryOption]{ - OutputState: i.ToGetIntegrationRegistryOptionArrayOutputWithContext(ctx).OutputState, - } -} - type GetIntegrationRegistryOptionOutput struct{ *pulumi.OutputState } func (GetIntegrationRegistryOptionOutput) ElementType() reflect.Type { @@ -23174,12 +36688,6 @@ func (o GetIntegrationRegistryOptionOutput) ToGetIntegrationRegistryOptionOutput return o } -func (o GetIntegrationRegistryOptionOutput) ToOutput(ctx context.Context) pulumix.Output[GetIntegrationRegistryOption] { - return pulumix.Output[GetIntegrationRegistryOption]{ - OutputState: o.OutputState, - } -} - func (o GetIntegrationRegistryOptionOutput) Option() pulumi.StringPtrOutput { return o.ApplyT(func(v GetIntegrationRegistryOption) *string { return v.Option }).(pulumi.StringPtrOutput) } @@ -23202,12 +36710,6 @@ func (o GetIntegrationRegistryOptionArrayOutput) ToGetIntegrationRegistryOptionA return o } -func (o GetIntegrationRegistryOptionArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetIntegrationRegistryOption] { - return pulumix.Output[[]GetIntegrationRegistryOption]{ - OutputState: o.OutputState, - } -} - func (o GetIntegrationRegistryOptionArrayOutput) Index(i pulumi.IntInput) GetIntegrationRegistryOptionOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetIntegrationRegistryOption { return vs[0].([]GetIntegrationRegistryOption)[vs[1].(int)] @@ -23218,8 +36720,7 @@ type GetIntegrationRegistryWebhook struct { AuthToken *string `pulumi:"authToken"` Enabled *bool `pulumi:"enabled"` UnQuarantine *bool `pulumi:"unQuarantine"` - // The URL, address or region of the registry - Url *string `pulumi:"url"` + Url *string `pulumi:"url"` } // GetIntegrationRegistryWebhookInput is an input type that accepts GetIntegrationRegistryWebhookArgs and GetIntegrationRegistryWebhookOutput values. @@ -23237,8 +36738,7 @@ type GetIntegrationRegistryWebhookArgs struct { AuthToken pulumi.StringPtrInput `pulumi:"authToken"` Enabled pulumi.BoolPtrInput `pulumi:"enabled"` UnQuarantine pulumi.BoolPtrInput `pulumi:"unQuarantine"` - // The URL, address or region of the registry - Url pulumi.StringPtrInput `pulumi:"url"` + Url pulumi.StringPtrInput `pulumi:"url"` } func (GetIntegrationRegistryWebhookArgs) ElementType() reflect.Type { @@ -23253,12 +36753,6 @@ func (i GetIntegrationRegistryWebhookArgs) ToGetIntegrationRegistryWebhookOutput return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistryWebhookOutput) } -func (i GetIntegrationRegistryWebhookArgs) ToOutput(ctx context.Context) pulumix.Output[GetIntegrationRegistryWebhook] { - return pulumix.Output[GetIntegrationRegistryWebhook]{ - OutputState: i.ToGetIntegrationRegistryWebhookOutputWithContext(ctx).OutputState, - } -} - // GetIntegrationRegistryWebhookArrayInput is an input type that accepts GetIntegrationRegistryWebhookArray and GetIntegrationRegistryWebhookArrayOutput values. // You can construct a concrete instance of `GetIntegrationRegistryWebhookArrayInput` via: // @@ -23284,12 +36778,6 @@ func (i GetIntegrationRegistryWebhookArray) ToGetIntegrationRegistryWebhookArray return pulumi.ToOutputWithContext(ctx, i).(GetIntegrationRegistryWebhookArrayOutput) } -func (i GetIntegrationRegistryWebhookArray) ToOutput(ctx context.Context) pulumix.Output[[]GetIntegrationRegistryWebhook] { - return pulumix.Output[[]GetIntegrationRegistryWebhook]{ - OutputState: i.ToGetIntegrationRegistryWebhookArrayOutputWithContext(ctx).OutputState, - } -} - type GetIntegrationRegistryWebhookOutput struct{ *pulumi.OutputState } func (GetIntegrationRegistryWebhookOutput) ElementType() reflect.Type { @@ -23304,12 +36792,6 @@ func (o GetIntegrationRegistryWebhookOutput) ToGetIntegrationRegistryWebhookOutp return o } -func (o GetIntegrationRegistryWebhookOutput) ToOutput(ctx context.Context) pulumix.Output[GetIntegrationRegistryWebhook] { - return pulumix.Output[GetIntegrationRegistryWebhook]{ - OutputState: o.OutputState, - } -} - func (o GetIntegrationRegistryWebhookOutput) AuthToken() pulumi.StringPtrOutput { return o.ApplyT(func(v GetIntegrationRegistryWebhook) *string { return v.AuthToken }).(pulumi.StringPtrOutput) } @@ -23322,7 +36804,6 @@ func (o GetIntegrationRegistryWebhookOutput) UnQuarantine() pulumi.BoolPtrOutput return o.ApplyT(func(v GetIntegrationRegistryWebhook) *bool { return v.UnQuarantine }).(pulumi.BoolPtrOutput) } -// The URL, address or region of the registry func (o GetIntegrationRegistryWebhookOutput) Url() pulumi.StringPtrOutput { return o.ApplyT(func(v GetIntegrationRegistryWebhook) *string { return v.Url }).(pulumi.StringPtrOutput) } @@ -23341,12 +36822,6 @@ func (o GetIntegrationRegistryWebhookArrayOutput) ToGetIntegrationRegistryWebhoo return o } -func (o GetIntegrationRegistryWebhookArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetIntegrationRegistryWebhook] { - return pulumix.Output[[]GetIntegrationRegistryWebhook]{ - OutputState: o.OutputState, - } -} - func (o GetIntegrationRegistryWebhookArrayOutput) Index(i pulumi.IntInput) GetIntegrationRegistryWebhookOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetIntegrationRegistryWebhook { return vs[0].([]GetIntegrationRegistryWebhook)[vs[1].(int)] @@ -23390,12 +36865,6 @@ func (i GetKubernetesAssurancePolicyAutoScanTimeArgs) ToGetKubernetesAssurancePo return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyAutoScanTimeOutput) } -func (i GetKubernetesAssurancePolicyAutoScanTimeArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[GetKubernetesAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetKubernetesAssurancePolicyAutoScanTimeOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyAutoScanTimeArrayInput is an input type that accepts GetKubernetesAssurancePolicyAutoScanTimeArray and GetKubernetesAssurancePolicyAutoScanTimeArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyAutoScanTimeArrayInput` via: // @@ -23421,12 +36890,6 @@ func (i GetKubernetesAssurancePolicyAutoScanTimeArray) ToGetKubernetesAssuranceP return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyAutoScanTimeArrayOutput) } -func (i GetKubernetesAssurancePolicyAutoScanTimeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetKubernetesAssurancePolicyAutoScanTime]{ - OutputState: i.ToGetKubernetesAssurancePolicyAutoScanTimeArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyAutoScanTimeOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyAutoScanTimeOutput) ElementType() reflect.Type { @@ -23441,12 +36904,6 @@ func (o GetKubernetesAssurancePolicyAutoScanTimeOutput) ToGetKubernetesAssurance return o } -func (o GetKubernetesAssurancePolicyAutoScanTimeOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[GetKubernetesAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyAutoScanTimeOutput) Iteration() pulumi.IntOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyAutoScanTime) int { return v.Iteration }).(pulumi.IntOutput) } @@ -23477,12 +36934,6 @@ func (o GetKubernetesAssurancePolicyAutoScanTimeArrayOutput) ToGetKubernetesAssu return o } -func (o GetKubernetesAssurancePolicyAutoScanTimeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyAutoScanTime] { - return pulumix.Output[[]GetKubernetesAssurancePolicyAutoScanTime]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyAutoScanTimeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyAutoScanTime { return vs[0].([]GetKubernetesAssurancePolicyAutoScanTime)[vs[1].(int)] @@ -23490,7 +36941,6 @@ func (o GetKubernetesAssurancePolicyAutoScanTimeArrayOutput) Index(i pulumi.IntI } type GetKubernetesAssurancePolicyCustomCheck struct { - // Name of user account that created the policy. Author string `pulumi:"author"` Description string `pulumi:"description"` Engine string `pulumi:"engine"` @@ -23515,7 +36965,6 @@ type GetKubernetesAssurancePolicyCustomCheckInput interface { } type GetKubernetesAssurancePolicyCustomCheckArgs struct { - // Name of user account that created the policy. Author pulumi.StringInput `pulumi:"author"` Description pulumi.StringInput `pulumi:"description"` Engine pulumi.StringInput `pulumi:"engine"` @@ -23540,12 +36989,6 @@ func (i GetKubernetesAssurancePolicyCustomCheckArgs) ToGetKubernetesAssurancePol return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyCustomCheckOutput) } -func (i GetKubernetesAssurancePolicyCustomCheckArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[GetKubernetesAssurancePolicyCustomCheck]{ - OutputState: i.ToGetKubernetesAssurancePolicyCustomCheckOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyCustomCheckArrayInput is an input type that accepts GetKubernetesAssurancePolicyCustomCheckArray and GetKubernetesAssurancePolicyCustomCheckArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyCustomCheckArrayInput` via: // @@ -23571,12 +37014,6 @@ func (i GetKubernetesAssurancePolicyCustomCheckArray) ToGetKubernetesAssurancePo return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyCustomCheckArrayOutput) } -func (i GetKubernetesAssurancePolicyCustomCheckArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetKubernetesAssurancePolicyCustomCheck]{ - OutputState: i.ToGetKubernetesAssurancePolicyCustomCheckArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyCustomCheckOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyCustomCheckOutput) ElementType() reflect.Type { @@ -23591,13 +37028,6 @@ func (o GetKubernetesAssurancePolicyCustomCheckOutput) ToGetKubernetesAssuranceP return o } -func (o GetKubernetesAssurancePolicyCustomCheckOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[GetKubernetesAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - -// Name of user account that created the policy. func (o GetKubernetesAssurancePolicyCustomCheckOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyCustomCheck) string { return v.Author }).(pulumi.StringOutput) } @@ -23652,12 +37082,6 @@ func (o GetKubernetesAssurancePolicyCustomCheckArrayOutput) ToGetKubernetesAssur return o } -func (o GetKubernetesAssurancePolicyCustomCheckArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyCustomCheck] { - return pulumix.Output[[]GetKubernetesAssurancePolicyCustomCheck]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyCustomCheckArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyCustomCheckOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyCustomCheck { return vs[0].([]GetKubernetesAssurancePolicyCustomCheck)[vs[1].(int)] @@ -23697,12 +37121,6 @@ func (i GetKubernetesAssurancePolicyForbiddenLabelArgs) ToGetKubernetesAssurance return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyForbiddenLabelOutput) } -func (i GetKubernetesAssurancePolicyForbiddenLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetKubernetesAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetKubernetesAssurancePolicyForbiddenLabelOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyForbiddenLabelArrayInput is an input type that accepts GetKubernetesAssurancePolicyForbiddenLabelArray and GetKubernetesAssurancePolicyForbiddenLabelArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyForbiddenLabelArrayInput` via: // @@ -23728,12 +37146,6 @@ func (i GetKubernetesAssurancePolicyForbiddenLabelArray) ToGetKubernetesAssuranc return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyForbiddenLabelArrayOutput) } -func (i GetKubernetesAssurancePolicyForbiddenLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetKubernetesAssurancePolicyForbiddenLabel]{ - OutputState: i.ToGetKubernetesAssurancePolicyForbiddenLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyForbiddenLabelOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyForbiddenLabelOutput) ElementType() reflect.Type { @@ -23748,12 +37160,6 @@ func (o GetKubernetesAssurancePolicyForbiddenLabelOutput) ToGetKubernetesAssuran return o } -func (o GetKubernetesAssurancePolicyForbiddenLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[GetKubernetesAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyForbiddenLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyForbiddenLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -23776,12 +37182,6 @@ func (o GetKubernetesAssurancePolicyForbiddenLabelArrayOutput) ToGetKubernetesAs return o } -func (o GetKubernetesAssurancePolicyForbiddenLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyForbiddenLabel] { - return pulumix.Output[[]GetKubernetesAssurancePolicyForbiddenLabel]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyForbiddenLabelArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyForbiddenLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyForbiddenLabel { return vs[0].([]GetKubernetesAssurancePolicyForbiddenLabel)[vs[1].(int)] @@ -23835,12 +37235,6 @@ func (i GetKubernetesAssurancePolicyPackagesBlackListArgs) ToGetKubernetesAssura return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyPackagesBlackListOutput) } -func (i GetKubernetesAssurancePolicyPackagesBlackListArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetKubernetesAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetKubernetesAssurancePolicyPackagesBlackListOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyPackagesBlackListArrayInput is an input type that accepts GetKubernetesAssurancePolicyPackagesBlackListArray and GetKubernetesAssurancePolicyPackagesBlackListArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyPackagesBlackListArrayInput` via: // @@ -23866,12 +37260,6 @@ func (i GetKubernetesAssurancePolicyPackagesBlackListArray) ToGetKubernetesAssur return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyPackagesBlackListArrayOutput) } -func (i GetKubernetesAssurancePolicyPackagesBlackListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetKubernetesAssurancePolicyPackagesBlackList]{ - OutputState: i.ToGetKubernetesAssurancePolicyPackagesBlackListArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyPackagesBlackListOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyPackagesBlackListOutput) ElementType() reflect.Type { @@ -23886,12 +37274,6 @@ func (o GetKubernetesAssurancePolicyPackagesBlackListOutput) ToGetKubernetesAssu return o } -func (o GetKubernetesAssurancePolicyPackagesBlackListOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[GetKubernetesAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyPackagesBlackListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyPackagesBlackList) string { return v.Arch }).(pulumi.StringOutput) } @@ -23942,12 +37324,6 @@ func (o GetKubernetesAssurancePolicyPackagesBlackListArrayOutput) ToGetKubernete return o } -func (o GetKubernetesAssurancePolicyPackagesBlackListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyPackagesBlackList] { - return pulumix.Output[[]GetKubernetesAssurancePolicyPackagesBlackList]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyPackagesBlackListArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyPackagesBlackListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyPackagesBlackList { return vs[0].([]GetKubernetesAssurancePolicyPackagesBlackList)[vs[1].(int)] @@ -24001,12 +37377,6 @@ func (i GetKubernetesAssurancePolicyPackagesWhiteListArgs) ToGetKubernetesAssura return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyPackagesWhiteListOutput) } -func (i GetKubernetesAssurancePolicyPackagesWhiteListArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetKubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetKubernetesAssurancePolicyPackagesWhiteListOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyPackagesWhiteListArrayInput is an input type that accepts GetKubernetesAssurancePolicyPackagesWhiteListArray and GetKubernetesAssurancePolicyPackagesWhiteListArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyPackagesWhiteListArrayInput` via: // @@ -24032,12 +37402,6 @@ func (i GetKubernetesAssurancePolicyPackagesWhiteListArray) ToGetKubernetesAssur return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyPackagesWhiteListArrayOutput) } -func (i GetKubernetesAssurancePolicyPackagesWhiteListArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetKubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: i.ToGetKubernetesAssurancePolicyPackagesWhiteListArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyPackagesWhiteListOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyPackagesWhiteListOutput) ElementType() reflect.Type { @@ -24052,12 +37416,6 @@ func (o GetKubernetesAssurancePolicyPackagesWhiteListOutput) ToGetKubernetesAssu return o } -func (o GetKubernetesAssurancePolicyPackagesWhiteListOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[GetKubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyPackagesWhiteListOutput) Arch() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyPackagesWhiteList) string { return v.Arch }).(pulumi.StringOutput) } @@ -24108,12 +37466,6 @@ func (o GetKubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToGetKubernete return o } -func (o GetKubernetesAssurancePolicyPackagesWhiteListArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyPackagesWhiteList] { - return pulumix.Output[[]GetKubernetesAssurancePolicyPackagesWhiteList]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyPackagesWhiteListArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyPackagesWhiteListOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyPackagesWhiteList { return vs[0].([]GetKubernetesAssurancePolicyPackagesWhiteList)[vs[1].(int)] @@ -24153,12 +37505,6 @@ func (i GetKubernetesAssurancePolicyRequiredLabelArgs) ToGetKubernetesAssuranceP return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyRequiredLabelOutput) } -func (i GetKubernetesAssurancePolicyRequiredLabelArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[GetKubernetesAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetKubernetesAssurancePolicyRequiredLabelOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyRequiredLabelArrayInput is an input type that accepts GetKubernetesAssurancePolicyRequiredLabelArray and GetKubernetesAssurancePolicyRequiredLabelArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyRequiredLabelArrayInput` via: // @@ -24184,12 +37530,6 @@ func (i GetKubernetesAssurancePolicyRequiredLabelArray) ToGetKubernetesAssurance return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyRequiredLabelArrayOutput) } -func (i GetKubernetesAssurancePolicyRequiredLabelArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetKubernetesAssurancePolicyRequiredLabel]{ - OutputState: i.ToGetKubernetesAssurancePolicyRequiredLabelArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyRequiredLabelOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyRequiredLabelOutput) ElementType() reflect.Type { @@ -24204,12 +37544,6 @@ func (o GetKubernetesAssurancePolicyRequiredLabelOutput) ToGetKubernetesAssuranc return o } -func (o GetKubernetesAssurancePolicyRequiredLabelOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[GetKubernetesAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyRequiredLabelOutput) Key() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyRequiredLabel) string { return v.Key }).(pulumi.StringOutput) } @@ -24232,12 +37566,6 @@ func (o GetKubernetesAssurancePolicyRequiredLabelArrayOutput) ToGetKubernetesAss return o } -func (o GetKubernetesAssurancePolicyRequiredLabelArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyRequiredLabel] { - return pulumix.Output[[]GetKubernetesAssurancePolicyRequiredLabel]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyRequiredLabelArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyRequiredLabelOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyRequiredLabel { return vs[0].([]GetKubernetesAssurancePolicyRequiredLabel)[vs[1].(int)] @@ -24277,12 +37605,6 @@ func (i GetKubernetesAssurancePolicyScopeArgs) ToGetKubernetesAssurancePolicySco return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyScopeOutput) } -func (i GetKubernetesAssurancePolicyScopeArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyScope] { - return pulumix.Output[GetKubernetesAssurancePolicyScope]{ - OutputState: i.ToGetKubernetesAssurancePolicyScopeOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyScopeArrayInput is an input type that accepts GetKubernetesAssurancePolicyScopeArray and GetKubernetesAssurancePolicyScopeArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyScopeArrayInput` via: // @@ -24308,12 +37630,6 @@ func (i GetKubernetesAssurancePolicyScopeArray) ToGetKubernetesAssurancePolicySc return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyScopeArrayOutput) } -func (i GetKubernetesAssurancePolicyScopeArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyScope] { - return pulumix.Output[[]GetKubernetesAssurancePolicyScope]{ - OutputState: i.ToGetKubernetesAssurancePolicyScopeArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyScopeOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyScopeOutput) ElementType() reflect.Type { @@ -24328,12 +37644,6 @@ func (o GetKubernetesAssurancePolicyScopeOutput) ToGetKubernetesAssurancePolicyS return o } -func (o GetKubernetesAssurancePolicyScopeOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyScope] { - return pulumix.Output[GetKubernetesAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyScopeOutput) Expression() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyScope) string { return v.Expression }).(pulumi.StringOutput) } @@ -24358,12 +37668,6 @@ func (o GetKubernetesAssurancePolicyScopeArrayOutput) ToGetKubernetesAssurancePo return o } -func (o GetKubernetesAssurancePolicyScopeArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyScope] { - return pulumix.Output[[]GetKubernetesAssurancePolicyScope]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyScopeArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyScopeOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyScope { return vs[0].([]GetKubernetesAssurancePolicyScope)[vs[1].(int)] @@ -24405,12 +37709,6 @@ func (i GetKubernetesAssurancePolicyScopeVariableArgs) ToGetKubernetesAssuranceP return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyScopeVariableOutput) } -func (i GetKubernetesAssurancePolicyScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[GetKubernetesAssurancePolicyScopeVariable]{ - OutputState: i.ToGetKubernetesAssurancePolicyScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyScopeVariableArrayInput is an input type that accepts GetKubernetesAssurancePolicyScopeVariableArray and GetKubernetesAssurancePolicyScopeVariableArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyScopeVariableArrayInput` via: // @@ -24436,12 +37734,6 @@ func (i GetKubernetesAssurancePolicyScopeVariableArray) ToGetKubernetesAssurance return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyScopeVariableArrayOutput) } -func (i GetKubernetesAssurancePolicyScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetKubernetesAssurancePolicyScopeVariable]{ - OutputState: i.ToGetKubernetesAssurancePolicyScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyScopeVariableOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyScopeVariableOutput) ElementType() reflect.Type { @@ -24456,12 +37748,6 @@ func (o GetKubernetesAssurancePolicyScopeVariableOutput) ToGetKubernetesAssuranc return o } -func (o GetKubernetesAssurancePolicyScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[GetKubernetesAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } @@ -24488,12 +37774,6 @@ func (o GetKubernetesAssurancePolicyScopeVariableArrayOutput) ToGetKubernetesAss return o } -func (o GetKubernetesAssurancePolicyScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyScopeVariable] { - return pulumix.Output[[]GetKubernetesAssurancePolicyScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyScopeVariableArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyScopeVariable { return vs[0].([]GetKubernetesAssurancePolicyScopeVariable)[vs[1].(int)] @@ -24533,12 +37813,6 @@ func (i GetKubernetesAssurancePolicyTrustedBaseImageArgs) ToGetKubernetesAssuran return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyTrustedBaseImageOutput) } -func (i GetKubernetesAssurancePolicyTrustedBaseImageArgs) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetKubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetKubernetesAssurancePolicyTrustedBaseImageOutputWithContext(ctx).OutputState, - } -} - // GetKubernetesAssurancePolicyTrustedBaseImageArrayInput is an input type that accepts GetKubernetesAssurancePolicyTrustedBaseImageArray and GetKubernetesAssurancePolicyTrustedBaseImageArrayOutput values. // You can construct a concrete instance of `GetKubernetesAssurancePolicyTrustedBaseImageArrayInput` via: // @@ -24564,12 +37838,6 @@ func (i GetKubernetesAssurancePolicyTrustedBaseImageArray) ToGetKubernetesAssura return pulumi.ToOutputWithContext(ctx, i).(GetKubernetesAssurancePolicyTrustedBaseImageArrayOutput) } -func (i GetKubernetesAssurancePolicyTrustedBaseImageArray) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetKubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: i.ToGetKubernetesAssurancePolicyTrustedBaseImageArrayOutputWithContext(ctx).OutputState, - } -} - type GetKubernetesAssurancePolicyTrustedBaseImageOutput struct{ *pulumi.OutputState } func (GetKubernetesAssurancePolicyTrustedBaseImageOutput) ElementType() reflect.Type { @@ -24584,12 +37852,6 @@ func (o GetKubernetesAssurancePolicyTrustedBaseImageOutput) ToGetKubernetesAssur return o } -func (o GetKubernetesAssurancePolicyTrustedBaseImageOutput) ToOutput(ctx context.Context) pulumix.Output[GetKubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[GetKubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyTrustedBaseImageOutput) Imagename() pulumi.StringOutput { return o.ApplyT(func(v GetKubernetesAssurancePolicyTrustedBaseImage) string { return v.Imagename }).(pulumi.StringOutput) } @@ -24612,12 +37874,6 @@ func (o GetKubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToGetKubernetes return o } -func (o GetKubernetesAssurancePolicyTrustedBaseImageArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetKubernetesAssurancePolicyTrustedBaseImage] { - return pulumix.Output[[]GetKubernetesAssurancePolicyTrustedBaseImage]{ - OutputState: o.OutputState, - } -} - func (o GetKubernetesAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi.IntInput) GetKubernetesAssurancePolicyTrustedBaseImageOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetKubernetesAssurancePolicyTrustedBaseImage { return vs[0].([]GetKubernetesAssurancePolicyTrustedBaseImage)[vs[1].(int)] @@ -24625,8 +37881,7 @@ func (o GetKubernetesAssurancePolicyTrustedBaseImageArrayOutput) Index(i pulumi. } type GetNotificationsEmail struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -24647,8 +37902,7 @@ type GetNotificationsEmailInput interface { } type GetNotificationsEmailArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -24669,12 +37923,6 @@ func (i GetNotificationsEmailArgs) ToGetNotificationsEmailOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsEmailOutput) } -func (i GetNotificationsEmailArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsEmail] { - return pulumix.Output[GetNotificationsEmail]{ - OutputState: i.ToGetNotificationsEmailOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsEmailArrayInput is an input type that accepts GetNotificationsEmailArray and GetNotificationsEmailArrayOutput values. // You can construct a concrete instance of `GetNotificationsEmailArrayInput` via: // @@ -24700,12 +37948,6 @@ func (i GetNotificationsEmailArray) ToGetNotificationsEmailArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsEmailArrayOutput) } -func (i GetNotificationsEmailArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsEmail] { - return pulumix.Output[[]GetNotificationsEmail]{ - OutputState: i.ToGetNotificationsEmailArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsEmailOutput struct{ *pulumi.OutputState } func (GetNotificationsEmailOutput) ElementType() reflect.Type { @@ -24720,17 +37962,10 @@ func (o GetNotificationsEmailOutput) ToGetNotificationsEmailOutputWithContext(ct return o } -func (o GetNotificationsEmailOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsEmail] { - return pulumix.Output[GetNotificationsEmail]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsEmailOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsEmail) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsEmailOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsEmail) int { return v.Id }).(pulumi.IntOutput) } @@ -24769,12 +38004,6 @@ func (o GetNotificationsEmailArrayOutput) ToGetNotificationsEmailArrayOutputWith return o } -func (o GetNotificationsEmailArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsEmail] { - return pulumix.Output[[]GetNotificationsEmail]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsEmailArrayOutput) Index(i pulumi.IntInput) GetNotificationsEmailOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsEmail { return vs[0].([]GetNotificationsEmail)[vs[1].(int)] @@ -24782,8 +38011,7 @@ func (o GetNotificationsEmailArrayOutput) Index(i pulumi.IntInput) GetNotificati } type GetNotificationsJira struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -24804,8 +38032,7 @@ type GetNotificationsJiraInput interface { } type GetNotificationsJiraArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -24826,12 +38053,6 @@ func (i GetNotificationsJiraArgs) ToGetNotificationsJiraOutputWithContext(ctx co return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsJiraOutput) } -func (i GetNotificationsJiraArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsJira] { - return pulumix.Output[GetNotificationsJira]{ - OutputState: i.ToGetNotificationsJiraOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsJiraArrayInput is an input type that accepts GetNotificationsJiraArray and GetNotificationsJiraArrayOutput values. // You can construct a concrete instance of `GetNotificationsJiraArrayInput` via: // @@ -24857,12 +38078,6 @@ func (i GetNotificationsJiraArray) ToGetNotificationsJiraArrayOutputWithContext( return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsJiraArrayOutput) } -func (i GetNotificationsJiraArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsJira] { - return pulumix.Output[[]GetNotificationsJira]{ - OutputState: i.ToGetNotificationsJiraArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsJiraOutput struct{ *pulumi.OutputState } func (GetNotificationsJiraOutput) ElementType() reflect.Type { @@ -24877,17 +38092,10 @@ func (o GetNotificationsJiraOutput) ToGetNotificationsJiraOutputWithContext(ctx return o } -func (o GetNotificationsJiraOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsJira] { - return pulumix.Output[GetNotificationsJira]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsJiraOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsJira) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsJiraOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsJira) int { return v.Id }).(pulumi.IntOutput) } @@ -24926,12 +38134,6 @@ func (o GetNotificationsJiraArrayOutput) ToGetNotificationsJiraArrayOutputWithCo return o } -func (o GetNotificationsJiraArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsJira] { - return pulumix.Output[[]GetNotificationsJira]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsJiraArrayOutput) Index(i pulumi.IntInput) GetNotificationsJiraOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsJira { return vs[0].([]GetNotificationsJira)[vs[1].(int)] @@ -24939,8 +38141,7 @@ func (o GetNotificationsJiraArrayOutput) Index(i pulumi.IntInput) GetNotificatio } type GetNotificationsServicenow struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -24961,8 +38162,7 @@ type GetNotificationsServicenowInput interface { } type GetNotificationsServicenowArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -24983,12 +38183,6 @@ func (i GetNotificationsServicenowArgs) ToGetNotificationsServicenowOutputWithCo return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsServicenowOutput) } -func (i GetNotificationsServicenowArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsServicenow] { - return pulumix.Output[GetNotificationsServicenow]{ - OutputState: i.ToGetNotificationsServicenowOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsServicenowArrayInput is an input type that accepts GetNotificationsServicenowArray and GetNotificationsServicenowArrayOutput values. // You can construct a concrete instance of `GetNotificationsServicenowArrayInput` via: // @@ -25014,12 +38208,6 @@ func (i GetNotificationsServicenowArray) ToGetNotificationsServicenowArrayOutput return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsServicenowArrayOutput) } -func (i GetNotificationsServicenowArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsServicenow] { - return pulumix.Output[[]GetNotificationsServicenow]{ - OutputState: i.ToGetNotificationsServicenowArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsServicenowOutput struct{ *pulumi.OutputState } func (GetNotificationsServicenowOutput) ElementType() reflect.Type { @@ -25034,17 +38222,10 @@ func (o GetNotificationsServicenowOutput) ToGetNotificationsServicenowOutputWith return o } -func (o GetNotificationsServicenowOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsServicenow] { - return pulumix.Output[GetNotificationsServicenow]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsServicenowOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsServicenow) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsServicenowOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsServicenow) int { return v.Id }).(pulumi.IntOutput) } @@ -25083,12 +38264,6 @@ func (o GetNotificationsServicenowArrayOutput) ToGetNotificationsServicenowArray return o } -func (o GetNotificationsServicenowArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsServicenow] { - return pulumix.Output[[]GetNotificationsServicenow]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsServicenowArrayOutput) Index(i pulumi.IntInput) GetNotificationsServicenowOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsServicenow { return vs[0].([]GetNotificationsServicenow)[vs[1].(int)] @@ -25096,8 +38271,7 @@ func (o GetNotificationsServicenowArrayOutput) Index(i pulumi.IntInput) GetNotif } type GetNotificationsSlack struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -25118,8 +38292,7 @@ type GetNotificationsSlackInput interface { } type GetNotificationsSlackArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -25140,12 +38313,6 @@ func (i GetNotificationsSlackArgs) ToGetNotificationsSlackOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsSlackOutput) } -func (i GetNotificationsSlackArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsSlack] { - return pulumix.Output[GetNotificationsSlack]{ - OutputState: i.ToGetNotificationsSlackOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsSlackArrayInput is an input type that accepts GetNotificationsSlackArray and GetNotificationsSlackArrayOutput values. // You can construct a concrete instance of `GetNotificationsSlackArrayInput` via: // @@ -25171,12 +38338,6 @@ func (i GetNotificationsSlackArray) ToGetNotificationsSlackArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsSlackArrayOutput) } -func (i GetNotificationsSlackArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsSlack] { - return pulumix.Output[[]GetNotificationsSlack]{ - OutputState: i.ToGetNotificationsSlackArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsSlackOutput struct{ *pulumi.OutputState } func (GetNotificationsSlackOutput) ElementType() reflect.Type { @@ -25191,17 +38352,10 @@ func (o GetNotificationsSlackOutput) ToGetNotificationsSlackOutputWithContext(ct return o } -func (o GetNotificationsSlackOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsSlack] { - return pulumix.Output[GetNotificationsSlack]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsSlackOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsSlack) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsSlackOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsSlack) int { return v.Id }).(pulumi.IntOutput) } @@ -25240,12 +38394,6 @@ func (o GetNotificationsSlackArrayOutput) ToGetNotificationsSlackArrayOutputWith return o } -func (o GetNotificationsSlackArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsSlack] { - return pulumix.Output[[]GetNotificationsSlack]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsSlackArrayOutput) Index(i pulumi.IntInput) GetNotificationsSlackOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsSlack { return vs[0].([]GetNotificationsSlack)[vs[1].(int)] @@ -25253,8 +38401,7 @@ func (o GetNotificationsSlackArrayOutput) Index(i pulumi.IntInput) GetNotificati } type GetNotificationsSplunk struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -25275,8 +38422,7 @@ type GetNotificationsSplunkInput interface { } type GetNotificationsSplunkArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -25297,12 +38443,6 @@ func (i GetNotificationsSplunkArgs) ToGetNotificationsSplunkOutputWithContext(ct return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsSplunkOutput) } -func (i GetNotificationsSplunkArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsSplunk] { - return pulumix.Output[GetNotificationsSplunk]{ - OutputState: i.ToGetNotificationsSplunkOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsSplunkArrayInput is an input type that accepts GetNotificationsSplunkArray and GetNotificationsSplunkArrayOutput values. // You can construct a concrete instance of `GetNotificationsSplunkArrayInput` via: // @@ -25328,12 +38468,6 @@ func (i GetNotificationsSplunkArray) ToGetNotificationsSplunkArrayOutputWithCont return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsSplunkArrayOutput) } -func (i GetNotificationsSplunkArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsSplunk] { - return pulumix.Output[[]GetNotificationsSplunk]{ - OutputState: i.ToGetNotificationsSplunkArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsSplunkOutput struct{ *pulumi.OutputState } func (GetNotificationsSplunkOutput) ElementType() reflect.Type { @@ -25348,17 +38482,10 @@ func (o GetNotificationsSplunkOutput) ToGetNotificationsSplunkOutputWithContext( return o } -func (o GetNotificationsSplunkOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsSplunk] { - return pulumix.Output[GetNotificationsSplunk]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsSplunkOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsSplunk) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsSplunkOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsSplunk) int { return v.Id }).(pulumi.IntOutput) } @@ -25397,12 +38524,6 @@ func (o GetNotificationsSplunkArrayOutput) ToGetNotificationsSplunkArrayOutputWi return o } -func (o GetNotificationsSplunkArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsSplunk] { - return pulumix.Output[[]GetNotificationsSplunk]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsSplunkArrayOutput) Index(i pulumi.IntInput) GetNotificationsSplunkOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsSplunk { return vs[0].([]GetNotificationsSplunk)[vs[1].(int)] @@ -25410,8 +38531,7 @@ func (o GetNotificationsSplunkArrayOutput) Index(i pulumi.IntInput) GetNotificat } type GetNotificationsTeam struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -25432,8 +38552,7 @@ type GetNotificationsTeamInput interface { } type GetNotificationsTeamArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -25454,12 +38573,6 @@ func (i GetNotificationsTeamArgs) ToGetNotificationsTeamOutputWithContext(ctx co return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsTeamOutput) } -func (i GetNotificationsTeamArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsTeam] { - return pulumix.Output[GetNotificationsTeam]{ - OutputState: i.ToGetNotificationsTeamOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsTeamArrayInput is an input type that accepts GetNotificationsTeamArray and GetNotificationsTeamArrayOutput values. // You can construct a concrete instance of `GetNotificationsTeamArrayInput` via: // @@ -25485,12 +38598,6 @@ func (i GetNotificationsTeamArray) ToGetNotificationsTeamArrayOutputWithContext( return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsTeamArrayOutput) } -func (i GetNotificationsTeamArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsTeam] { - return pulumix.Output[[]GetNotificationsTeam]{ - OutputState: i.ToGetNotificationsTeamArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsTeamOutput struct{ *pulumi.OutputState } func (GetNotificationsTeamOutput) ElementType() reflect.Type { @@ -25505,17 +38612,10 @@ func (o GetNotificationsTeamOutput) ToGetNotificationsTeamOutputWithContext(ctx return o } -func (o GetNotificationsTeamOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsTeam] { - return pulumix.Output[GetNotificationsTeam]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsTeamOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsTeam) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsTeamOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsTeam) int { return v.Id }).(pulumi.IntOutput) } @@ -25554,12 +38654,6 @@ func (o GetNotificationsTeamArrayOutput) ToGetNotificationsTeamArrayOutputWithCo return o } -func (o GetNotificationsTeamArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsTeam] { - return pulumix.Output[[]GetNotificationsTeam]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsTeamArrayOutput) Index(i pulumi.IntInput) GetNotificationsTeamOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsTeam { return vs[0].([]GetNotificationsTeam)[vs[1].(int)] @@ -25567,8 +38661,7 @@ func (o GetNotificationsTeamArrayOutput) Index(i pulumi.IntInput) GetNotificatio } type GetNotificationsWebhook struct { - Author string `pulumi:"author"` - // The ID of this resource. + Author string `pulumi:"author"` Id int `pulumi:"id"` LastUpdated string `pulumi:"lastUpdated"` Name string `pulumi:"name"` @@ -25589,8 +38682,7 @@ type GetNotificationsWebhookInput interface { } type GetNotificationsWebhookArgs struct { - Author pulumi.StringInput `pulumi:"author"` - // The ID of this resource. + Author pulumi.StringInput `pulumi:"author"` Id pulumi.IntInput `pulumi:"id"` LastUpdated pulumi.StringInput `pulumi:"lastUpdated"` Name pulumi.StringInput `pulumi:"name"` @@ -25611,12 +38703,6 @@ func (i GetNotificationsWebhookArgs) ToGetNotificationsWebhookOutputWithContext( return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsWebhookOutput) } -func (i GetNotificationsWebhookArgs) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsWebhook] { - return pulumix.Output[GetNotificationsWebhook]{ - OutputState: i.ToGetNotificationsWebhookOutputWithContext(ctx).OutputState, - } -} - // GetNotificationsWebhookArrayInput is an input type that accepts GetNotificationsWebhookArray and GetNotificationsWebhookArrayOutput values. // You can construct a concrete instance of `GetNotificationsWebhookArrayInput` via: // @@ -25642,12 +38728,6 @@ func (i GetNotificationsWebhookArray) ToGetNotificationsWebhookArrayOutputWithCo return pulumi.ToOutputWithContext(ctx, i).(GetNotificationsWebhookArrayOutput) } -func (i GetNotificationsWebhookArray) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsWebhook] { - return pulumix.Output[[]GetNotificationsWebhook]{ - OutputState: i.ToGetNotificationsWebhookArrayOutputWithContext(ctx).OutputState, - } -} - type GetNotificationsWebhookOutput struct{ *pulumi.OutputState } func (GetNotificationsWebhookOutput) ElementType() reflect.Type { @@ -25662,17 +38742,10 @@ func (o GetNotificationsWebhookOutput) ToGetNotificationsWebhookOutputWithContex return o } -func (o GetNotificationsWebhookOutput) ToOutput(ctx context.Context) pulumix.Output[GetNotificationsWebhook] { - return pulumix.Output[GetNotificationsWebhook]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsWebhookOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v GetNotificationsWebhook) string { return v.Author }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetNotificationsWebhookOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetNotificationsWebhook) int { return v.Id }).(pulumi.IntOutput) } @@ -25711,12 +38784,6 @@ func (o GetNotificationsWebhookArrayOutput) ToGetNotificationsWebhookArrayOutput return o } -func (o GetNotificationsWebhookArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetNotificationsWebhook] { - return pulumix.Output[[]GetNotificationsWebhook]{ - OutputState: o.OutputState, - } -} - func (o GetNotificationsWebhookArrayOutput) Index(i pulumi.IntInput) GetNotificationsWebhookOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetNotificationsWebhook { return vs[0].([]GetNotificationsWebhook)[vs[1].(int)] @@ -25766,12 +38833,6 @@ func (i GetPermissionsSetsPermissionsSetArgs) ToGetPermissionsSetsPermissionsSet return pulumi.ToOutputWithContext(ctx, i).(GetPermissionsSetsPermissionsSetOutput) } -func (i GetPermissionsSetsPermissionsSetArgs) ToOutput(ctx context.Context) pulumix.Output[GetPermissionsSetsPermissionsSet] { - return pulumix.Output[GetPermissionsSetsPermissionsSet]{ - OutputState: i.ToGetPermissionsSetsPermissionsSetOutputWithContext(ctx).OutputState, - } -} - // GetPermissionsSetsPermissionsSetArrayInput is an input type that accepts GetPermissionsSetsPermissionsSetArray and GetPermissionsSetsPermissionsSetArrayOutput values. // You can construct a concrete instance of `GetPermissionsSetsPermissionsSetArrayInput` via: // @@ -25797,12 +38858,6 @@ func (i GetPermissionsSetsPermissionsSetArray) ToGetPermissionsSetsPermissionsSe return pulumi.ToOutputWithContext(ctx, i).(GetPermissionsSetsPermissionsSetArrayOutput) } -func (i GetPermissionsSetsPermissionsSetArray) ToOutput(ctx context.Context) pulumix.Output[[]GetPermissionsSetsPermissionsSet] { - return pulumix.Output[[]GetPermissionsSetsPermissionsSet]{ - OutputState: i.ToGetPermissionsSetsPermissionsSetArrayOutputWithContext(ctx).OutputState, - } -} - type GetPermissionsSetsPermissionsSetOutput struct{ *pulumi.OutputState } func (GetPermissionsSetsPermissionsSetOutput) ElementType() reflect.Type { @@ -25817,12 +38872,6 @@ func (o GetPermissionsSetsPermissionsSetOutput) ToGetPermissionsSetsPermissionsS return o } -func (o GetPermissionsSetsPermissionsSetOutput) ToOutput(ctx context.Context) pulumix.Output[GetPermissionsSetsPermissionsSet] { - return pulumix.Output[GetPermissionsSetsPermissionsSet]{ - OutputState: o.OutputState, - } -} - func (o GetPermissionsSetsPermissionsSetOutput) Actions() pulumi.StringArrayOutput { return o.ApplyT(func(v GetPermissionsSetsPermissionsSet) []string { return v.Actions }).(pulumi.StringArrayOutput) } @@ -25865,12 +38914,6 @@ func (o GetPermissionsSetsPermissionsSetArrayOutput) ToGetPermissionsSetsPermiss return o } -func (o GetPermissionsSetsPermissionsSetArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetPermissionsSetsPermissionsSet] { - return pulumix.Output[[]GetPermissionsSetsPermissionsSet]{ - OutputState: o.OutputState, - } -} - func (o GetPermissionsSetsPermissionsSetArrayOutput) Index(i pulumi.IntInput) GetPermissionsSetsPermissionsSetOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetPermissionsSetsPermissionsSet { return vs[0].([]GetPermissionsSetsPermissionsSet)[vs[1].(int)] @@ -25908,12 +38951,6 @@ func (i GetRolesMappingLdapArgs) ToGetRolesMappingLdapOutputWithContext(ctx cont return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingLdapOutput) } -func (i GetRolesMappingLdapArgs) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingLdap] { - return pulumix.Output[GetRolesMappingLdap]{ - OutputState: i.ToGetRolesMappingLdapOutputWithContext(ctx).OutputState, - } -} - // GetRolesMappingLdapArrayInput is an input type that accepts GetRolesMappingLdapArray and GetRolesMappingLdapArrayOutput values. // You can construct a concrete instance of `GetRolesMappingLdapArrayInput` via: // @@ -25939,12 +38976,6 @@ func (i GetRolesMappingLdapArray) ToGetRolesMappingLdapArrayOutputWithContext(ct return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingLdapArrayOutput) } -func (i GetRolesMappingLdapArray) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingLdap] { - return pulumix.Output[[]GetRolesMappingLdap]{ - OutputState: i.ToGetRolesMappingLdapArrayOutputWithContext(ctx).OutputState, - } -} - type GetRolesMappingLdapOutput struct{ *pulumi.OutputState } func (GetRolesMappingLdapOutput) ElementType() reflect.Type { @@ -25959,12 +38990,6 @@ func (o GetRolesMappingLdapOutput) ToGetRolesMappingLdapOutputWithContext(ctx co return o } -func (o GetRolesMappingLdapOutput) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingLdap] { - return pulumix.Output[GetRolesMappingLdap]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingLdapOutput) RoleMapping() pulumi.StringMapOutput { return o.ApplyT(func(v GetRolesMappingLdap) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } @@ -25983,12 +39008,6 @@ func (o GetRolesMappingLdapArrayOutput) ToGetRolesMappingLdapArrayOutputWithCont return o } -func (o GetRolesMappingLdapArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingLdap] { - return pulumix.Output[[]GetRolesMappingLdap]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingLdapArrayOutput) Index(i pulumi.IntInput) GetRolesMappingLdapOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetRolesMappingLdap { return vs[0].([]GetRolesMappingLdap)[vs[1].(int)] @@ -26026,12 +39045,6 @@ func (i GetRolesMappingOauth2Args) ToGetRolesMappingOauth2OutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingOauth2Output) } -func (i GetRolesMappingOauth2Args) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingOauth2] { - return pulumix.Output[GetRolesMappingOauth2]{ - OutputState: i.ToGetRolesMappingOauth2OutputWithContext(ctx).OutputState, - } -} - // GetRolesMappingOauth2ArrayInput is an input type that accepts GetRolesMappingOauth2Array and GetRolesMappingOauth2ArrayOutput values. // You can construct a concrete instance of `GetRolesMappingOauth2ArrayInput` via: // @@ -26057,12 +39070,6 @@ func (i GetRolesMappingOauth2Array) ToGetRolesMappingOauth2ArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingOauth2ArrayOutput) } -func (i GetRolesMappingOauth2Array) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingOauth2] { - return pulumix.Output[[]GetRolesMappingOauth2]{ - OutputState: i.ToGetRolesMappingOauth2ArrayOutputWithContext(ctx).OutputState, - } -} - type GetRolesMappingOauth2Output struct{ *pulumi.OutputState } func (GetRolesMappingOauth2Output) ElementType() reflect.Type { @@ -26077,12 +39084,6 @@ func (o GetRolesMappingOauth2Output) ToGetRolesMappingOauth2OutputWithContext(ct return o } -func (o GetRolesMappingOauth2Output) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingOauth2] { - return pulumix.Output[GetRolesMappingOauth2]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingOauth2Output) RoleMapping() pulumi.StringMapOutput { return o.ApplyT(func(v GetRolesMappingOauth2) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } @@ -26101,12 +39102,6 @@ func (o GetRolesMappingOauth2ArrayOutput) ToGetRolesMappingOauth2ArrayOutputWith return o } -func (o GetRolesMappingOauth2ArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingOauth2] { - return pulumix.Output[[]GetRolesMappingOauth2]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingOauth2ArrayOutput) Index(i pulumi.IntInput) GetRolesMappingOauth2Output { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetRolesMappingOauth2 { return vs[0].([]GetRolesMappingOauth2)[vs[1].(int)] @@ -26144,12 +39139,6 @@ func (i GetRolesMappingOpenidArgs) ToGetRolesMappingOpenidOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingOpenidOutput) } -func (i GetRolesMappingOpenidArgs) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingOpenid] { - return pulumix.Output[GetRolesMappingOpenid]{ - OutputState: i.ToGetRolesMappingOpenidOutputWithContext(ctx).OutputState, - } -} - // GetRolesMappingOpenidArrayInput is an input type that accepts GetRolesMappingOpenidArray and GetRolesMappingOpenidArrayOutput values. // You can construct a concrete instance of `GetRolesMappingOpenidArrayInput` via: // @@ -26175,12 +39164,6 @@ func (i GetRolesMappingOpenidArray) ToGetRolesMappingOpenidArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingOpenidArrayOutput) } -func (i GetRolesMappingOpenidArray) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingOpenid] { - return pulumix.Output[[]GetRolesMappingOpenid]{ - OutputState: i.ToGetRolesMappingOpenidArrayOutputWithContext(ctx).OutputState, - } -} - type GetRolesMappingOpenidOutput struct{ *pulumi.OutputState } func (GetRolesMappingOpenidOutput) ElementType() reflect.Type { @@ -26195,12 +39178,6 @@ func (o GetRolesMappingOpenidOutput) ToGetRolesMappingOpenidOutputWithContext(ct return o } -func (o GetRolesMappingOpenidOutput) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingOpenid] { - return pulumix.Output[GetRolesMappingOpenid]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingOpenidOutput) RoleMapping() pulumi.StringMapOutput { return o.ApplyT(func(v GetRolesMappingOpenid) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } @@ -26219,12 +39196,6 @@ func (o GetRolesMappingOpenidArrayOutput) ToGetRolesMappingOpenidArrayOutputWith return o } -func (o GetRolesMappingOpenidArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingOpenid] { - return pulumix.Output[[]GetRolesMappingOpenid]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingOpenidArrayOutput) Index(i pulumi.IntInput) GetRolesMappingOpenidOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetRolesMappingOpenid { return vs[0].([]GetRolesMappingOpenid)[vs[1].(int)] @@ -26232,10 +39203,9 @@ func (o GetRolesMappingOpenidArrayOutput) Index(i pulumi.IntInput) GetRolesMappi } type GetRolesMappingSaasRolesMapping struct { - AccountId int `pulumi:"accountId"` - Created string `pulumi:"created"` - CspRole string `pulumi:"cspRole"` - // The ID of this resource. + AccountId int `pulumi:"accountId"` + Created string `pulumi:"created"` + CspRole string `pulumi:"cspRole"` Id int `pulumi:"id"` SamlGroups []string `pulumi:"samlGroups"` } @@ -26252,10 +39222,9 @@ type GetRolesMappingSaasRolesMappingInput interface { } type GetRolesMappingSaasRolesMappingArgs struct { - AccountId pulumi.IntInput `pulumi:"accountId"` - Created pulumi.StringInput `pulumi:"created"` - CspRole pulumi.StringInput `pulumi:"cspRole"` - // The ID of this resource. + AccountId pulumi.IntInput `pulumi:"accountId"` + Created pulumi.StringInput `pulumi:"created"` + CspRole pulumi.StringInput `pulumi:"cspRole"` Id pulumi.IntInput `pulumi:"id"` SamlGroups pulumi.StringArrayInput `pulumi:"samlGroups"` } @@ -26272,12 +39241,6 @@ func (i GetRolesMappingSaasRolesMappingArgs) ToGetRolesMappingSaasRolesMappingOu return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingSaasRolesMappingOutput) } -func (i GetRolesMappingSaasRolesMappingArgs) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingSaasRolesMapping] { - return pulumix.Output[GetRolesMappingSaasRolesMapping]{ - OutputState: i.ToGetRolesMappingSaasRolesMappingOutputWithContext(ctx).OutputState, - } -} - // GetRolesMappingSaasRolesMappingArrayInput is an input type that accepts GetRolesMappingSaasRolesMappingArray and GetRolesMappingSaasRolesMappingArrayOutput values. // You can construct a concrete instance of `GetRolesMappingSaasRolesMappingArrayInput` via: // @@ -26303,12 +39266,6 @@ func (i GetRolesMappingSaasRolesMappingArray) ToGetRolesMappingSaasRolesMappingA return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingSaasRolesMappingArrayOutput) } -func (i GetRolesMappingSaasRolesMappingArray) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingSaasRolesMapping] { - return pulumix.Output[[]GetRolesMappingSaasRolesMapping]{ - OutputState: i.ToGetRolesMappingSaasRolesMappingArrayOutputWithContext(ctx).OutputState, - } -} - type GetRolesMappingSaasRolesMappingOutput struct{ *pulumi.OutputState } func (GetRolesMappingSaasRolesMappingOutput) ElementType() reflect.Type { @@ -26323,12 +39280,6 @@ func (o GetRolesMappingSaasRolesMappingOutput) ToGetRolesMappingSaasRolesMapping return o } -func (o GetRolesMappingSaasRolesMappingOutput) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingSaasRolesMapping] { - return pulumix.Output[GetRolesMappingSaasRolesMapping]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingSaasRolesMappingOutput) AccountId() pulumi.IntOutput { return o.ApplyT(func(v GetRolesMappingSaasRolesMapping) int { return v.AccountId }).(pulumi.IntOutput) } @@ -26341,7 +39292,6 @@ func (o GetRolesMappingSaasRolesMappingOutput) CspRole() pulumi.StringOutput { return o.ApplyT(func(v GetRolesMappingSaasRolesMapping) string { return v.CspRole }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetRolesMappingSaasRolesMappingOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetRolesMappingSaasRolesMapping) int { return v.Id }).(pulumi.IntOutput) } @@ -26364,12 +39314,6 @@ func (o GetRolesMappingSaasRolesMappingArrayOutput) ToGetRolesMappingSaasRolesMa return o } -func (o GetRolesMappingSaasRolesMappingArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingSaasRolesMapping] { - return pulumix.Output[[]GetRolesMappingSaasRolesMapping]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingSaasRolesMappingArrayOutput) Index(i pulumi.IntInput) GetRolesMappingSaasRolesMappingOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetRolesMappingSaasRolesMapping { return vs[0].([]GetRolesMappingSaasRolesMapping)[vs[1].(int)] @@ -26407,12 +39351,6 @@ func (i GetRolesMappingSamlArgs) ToGetRolesMappingSamlOutputWithContext(ctx cont return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingSamlOutput) } -func (i GetRolesMappingSamlArgs) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingSaml] { - return pulumix.Output[GetRolesMappingSaml]{ - OutputState: i.ToGetRolesMappingSamlOutputWithContext(ctx).OutputState, - } -} - // GetRolesMappingSamlArrayInput is an input type that accepts GetRolesMappingSamlArray and GetRolesMappingSamlArrayOutput values. // You can construct a concrete instance of `GetRolesMappingSamlArrayInput` via: // @@ -26438,12 +39376,6 @@ func (i GetRolesMappingSamlArray) ToGetRolesMappingSamlArrayOutputWithContext(ct return pulumi.ToOutputWithContext(ctx, i).(GetRolesMappingSamlArrayOutput) } -func (i GetRolesMappingSamlArray) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingSaml] { - return pulumix.Output[[]GetRolesMappingSaml]{ - OutputState: i.ToGetRolesMappingSamlArrayOutputWithContext(ctx).OutputState, - } -} - type GetRolesMappingSamlOutput struct{ *pulumi.OutputState } func (GetRolesMappingSamlOutput) ElementType() reflect.Type { @@ -26458,12 +39390,6 @@ func (o GetRolesMappingSamlOutput) ToGetRolesMappingSamlOutputWithContext(ctx co return o } -func (o GetRolesMappingSamlOutput) ToOutput(ctx context.Context) pulumix.Output[GetRolesMappingSaml] { - return pulumix.Output[GetRolesMappingSaml]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingSamlOutput) RoleMapping() pulumi.StringMapOutput { return o.ApplyT(func(v GetRolesMappingSaml) map[string]string { return v.RoleMapping }).(pulumi.StringMapOutput) } @@ -26482,12 +39408,6 @@ func (o GetRolesMappingSamlArrayOutput) ToGetRolesMappingSamlArrayOutputWithCont return o } -func (o GetRolesMappingSamlArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesMappingSaml] { - return pulumix.Output[[]GetRolesMappingSaml]{ - OutputState: o.OutputState, - } -} - func (o GetRolesMappingSamlArrayOutput) Index(i pulumi.IntInput) GetRolesMappingSamlOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetRolesMappingSaml { return vs[0].([]GetRolesMappingSaml)[vs[1].(int)] @@ -26533,12 +39453,6 @@ func (i GetRolesRoleArgs) ToGetRolesRoleOutputWithContext(ctx context.Context) G return pulumi.ToOutputWithContext(ctx, i).(GetRolesRoleOutput) } -func (i GetRolesRoleArgs) ToOutput(ctx context.Context) pulumix.Output[GetRolesRole] { - return pulumix.Output[GetRolesRole]{ - OutputState: i.ToGetRolesRoleOutputWithContext(ctx).OutputState, - } -} - // GetRolesRoleArrayInput is an input type that accepts GetRolesRoleArray and GetRolesRoleArrayOutput values. // You can construct a concrete instance of `GetRolesRoleArrayInput` via: // @@ -26564,12 +39478,6 @@ func (i GetRolesRoleArray) ToGetRolesRoleArrayOutputWithContext(ctx context.Cont return pulumi.ToOutputWithContext(ctx, i).(GetRolesRoleArrayOutput) } -func (i GetRolesRoleArray) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesRole] { - return pulumix.Output[[]GetRolesRole]{ - OutputState: i.ToGetRolesRoleArrayOutputWithContext(ctx).OutputState, - } -} - type GetRolesRoleOutput struct{ *pulumi.OutputState } func (GetRolesRoleOutput) ElementType() reflect.Type { @@ -26584,12 +39492,6 @@ func (o GetRolesRoleOutput) ToGetRolesRoleOutputWithContext(ctx context.Context) return o } -func (o GetRolesRoleOutput) ToOutput(ctx context.Context) pulumix.Output[GetRolesRole] { - return pulumix.Output[GetRolesRole]{ - OutputState: o.OutputState, - } -} - func (o GetRolesRoleOutput) Description() pulumi.StringOutput { return o.ApplyT(func(v GetRolesRole) string { return v.Description }).(pulumi.StringOutput) } @@ -26624,12 +39526,6 @@ func (o GetRolesRoleArrayOutput) ToGetRolesRoleArrayOutputWithContext(ctx contex return o } -func (o GetRolesRoleArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetRolesRole] { - return pulumix.Output[[]GetRolesRole]{ - OutputState: o.OutputState, - } -} - func (o GetRolesRoleArrayOutput) Index(i pulumi.IntInput) GetRolesRoleOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetRolesRole { return vs[0].([]GetRolesRole)[vs[1].(int)] @@ -26638,9 +39534,8 @@ func (o GetRolesRoleArrayOutput) Index(i pulumi.IntInput) GetRolesRoleOutput { type GetServiceScopeVariable struct { Attribute string `pulumi:"attribute"` - // The name of the service. It is recommended not to use whitespace characters in the name. - Name string `pulumi:"name"` - Value string `pulumi:"value"` + Name string `pulumi:"name"` + Value string `pulumi:"value"` } // GetServiceScopeVariableInput is an input type that accepts GetServiceScopeVariableArgs and GetServiceScopeVariableOutput values. @@ -26656,9 +39551,8 @@ type GetServiceScopeVariableInput interface { type GetServiceScopeVariableArgs struct { Attribute pulumi.StringInput `pulumi:"attribute"` - // The name of the service. It is recommended not to use whitespace characters in the name. - Name pulumi.StringInput `pulumi:"name"` - Value pulumi.StringInput `pulumi:"value"` + Name pulumi.StringInput `pulumi:"name"` + Value pulumi.StringInput `pulumi:"value"` } func (GetServiceScopeVariableArgs) ElementType() reflect.Type { @@ -26673,12 +39567,6 @@ func (i GetServiceScopeVariableArgs) ToGetServiceScopeVariableOutputWithContext( return pulumi.ToOutputWithContext(ctx, i).(GetServiceScopeVariableOutput) } -func (i GetServiceScopeVariableArgs) ToOutput(ctx context.Context) pulumix.Output[GetServiceScopeVariable] { - return pulumix.Output[GetServiceScopeVariable]{ - OutputState: i.ToGetServiceScopeVariableOutputWithContext(ctx).OutputState, - } -} - // GetServiceScopeVariableArrayInput is an input type that accepts GetServiceScopeVariableArray and GetServiceScopeVariableArrayOutput values. // You can construct a concrete instance of `GetServiceScopeVariableArrayInput` via: // @@ -26704,12 +39592,6 @@ func (i GetServiceScopeVariableArray) ToGetServiceScopeVariableArrayOutputWithCo return pulumi.ToOutputWithContext(ctx, i).(GetServiceScopeVariableArrayOutput) } -func (i GetServiceScopeVariableArray) ToOutput(ctx context.Context) pulumix.Output[[]GetServiceScopeVariable] { - return pulumix.Output[[]GetServiceScopeVariable]{ - OutputState: i.ToGetServiceScopeVariableArrayOutputWithContext(ctx).OutputState, - } -} - type GetServiceScopeVariableOutput struct{ *pulumi.OutputState } func (GetServiceScopeVariableOutput) ElementType() reflect.Type { @@ -26724,17 +39606,10 @@ func (o GetServiceScopeVariableOutput) ToGetServiceScopeVariableOutputWithContex return o } -func (o GetServiceScopeVariableOutput) ToOutput(ctx context.Context) pulumix.Output[GetServiceScopeVariable] { - return pulumix.Output[GetServiceScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetServiceScopeVariableOutput) Attribute() pulumi.StringOutput { return o.ApplyT(func(v GetServiceScopeVariable) string { return v.Attribute }).(pulumi.StringOutput) } -// The name of the service. It is recommended not to use whitespace characters in the name. func (o GetServiceScopeVariableOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v GetServiceScopeVariable) string { return v.Name }).(pulumi.StringOutput) } @@ -26757,12 +39632,6 @@ func (o GetServiceScopeVariableArrayOutput) ToGetServiceScopeVariableArrayOutput return o } -func (o GetServiceScopeVariableArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetServiceScopeVariable] { - return pulumix.Output[[]GetServiceScopeVariable]{ - OutputState: o.OutputState, - } -} - func (o GetServiceScopeVariableArrayOutput) Index(i pulumi.IntInput) GetServiceScopeVariableOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetServiceScopeVariable { return vs[0].([]GetServiceScopeVariable)[vs[1].(int)] @@ -26830,12 +39699,6 @@ func (i GetUsersSaasUserArgs) ToGetUsersSaasUserOutputWithContext(ctx context.Co return pulumi.ToOutputWithContext(ctx, i).(GetUsersSaasUserOutput) } -func (i GetUsersSaasUserArgs) ToOutput(ctx context.Context) pulumix.Output[GetUsersSaasUser] { - return pulumix.Output[GetUsersSaasUser]{ - OutputState: i.ToGetUsersSaasUserOutputWithContext(ctx).OutputState, - } -} - // GetUsersSaasUserArrayInput is an input type that accepts GetUsersSaasUserArray and GetUsersSaasUserArrayOutput values. // You can construct a concrete instance of `GetUsersSaasUserArrayInput` via: // @@ -26861,12 +39724,6 @@ func (i GetUsersSaasUserArray) ToGetUsersSaasUserArrayOutputWithContext(ctx cont return pulumi.ToOutputWithContext(ctx, i).(GetUsersSaasUserArrayOutput) } -func (i GetUsersSaasUserArray) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersSaasUser] { - return pulumix.Output[[]GetUsersSaasUser]{ - OutputState: i.ToGetUsersSaasUserArrayOutputWithContext(ctx).OutputState, - } -} - type GetUsersSaasUserOutput struct{ *pulumi.OutputState } func (GetUsersSaasUserOutput) ElementType() reflect.Type { @@ -26881,12 +39738,6 @@ func (o GetUsersSaasUserOutput) ToGetUsersSaasUserOutputWithContext(ctx context. return o } -func (o GetUsersSaasUserOutput) ToOutput(ctx context.Context) pulumix.Output[GetUsersSaasUser] { - return pulumix.Output[GetUsersSaasUser]{ - OutputState: o.OutputState, - } -} - func (o GetUsersSaasUserOutput) AccountAdmin() pulumi.BoolOutput { return o.ApplyT(func(v GetUsersSaasUser) bool { return v.AccountAdmin }).(pulumi.BoolOutput) } @@ -26965,12 +39816,6 @@ func (o GetUsersSaasUserArrayOutput) ToGetUsersSaasUserArrayOutputWithContext(ct return o } -func (o GetUsersSaasUserArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersSaasUser] { - return pulumix.Output[[]GetUsersSaasUser]{ - OutputState: o.OutputState, - } -} - func (o GetUsersSaasUserArrayOutput) Index(i pulumi.IntInput) GetUsersSaasUserOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetUsersSaasUser { return vs[0].([]GetUsersSaasUser)[vs[1].(int)] @@ -26979,9 +39824,8 @@ func (o GetUsersSaasUserArrayOutput) Index(i pulumi.IntInput) GetUsersSaasUserOu type GetUsersSaasUserGroup struct { Created string `pulumi:"created"` - // The ID of this resource. - Id int `pulumi:"id"` - Name string `pulumi:"name"` + Id int `pulumi:"id"` + Name string `pulumi:"name"` } // GetUsersSaasUserGroupInput is an input type that accepts GetUsersSaasUserGroupArgs and GetUsersSaasUserGroupOutput values. @@ -26997,9 +39841,8 @@ type GetUsersSaasUserGroupInput interface { type GetUsersSaasUserGroupArgs struct { Created pulumi.StringInput `pulumi:"created"` - // The ID of this resource. - Id pulumi.IntInput `pulumi:"id"` - Name pulumi.StringInput `pulumi:"name"` + Id pulumi.IntInput `pulumi:"id"` + Name pulumi.StringInput `pulumi:"name"` } func (GetUsersSaasUserGroupArgs) ElementType() reflect.Type { @@ -27014,12 +39857,6 @@ func (i GetUsersSaasUserGroupArgs) ToGetUsersSaasUserGroupOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetUsersSaasUserGroupOutput) } -func (i GetUsersSaasUserGroupArgs) ToOutput(ctx context.Context) pulumix.Output[GetUsersSaasUserGroup] { - return pulumix.Output[GetUsersSaasUserGroup]{ - OutputState: i.ToGetUsersSaasUserGroupOutputWithContext(ctx).OutputState, - } -} - // GetUsersSaasUserGroupArrayInput is an input type that accepts GetUsersSaasUserGroupArray and GetUsersSaasUserGroupArrayOutput values. // You can construct a concrete instance of `GetUsersSaasUserGroupArrayInput` via: // @@ -27045,12 +39882,6 @@ func (i GetUsersSaasUserGroupArray) ToGetUsersSaasUserGroupArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetUsersSaasUserGroupArrayOutput) } -func (i GetUsersSaasUserGroupArray) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersSaasUserGroup] { - return pulumix.Output[[]GetUsersSaasUserGroup]{ - OutputState: i.ToGetUsersSaasUserGroupArrayOutputWithContext(ctx).OutputState, - } -} - type GetUsersSaasUserGroupOutput struct{ *pulumi.OutputState } func (GetUsersSaasUserGroupOutput) ElementType() reflect.Type { @@ -27065,17 +39896,10 @@ func (o GetUsersSaasUserGroupOutput) ToGetUsersSaasUserGroupOutputWithContext(ct return o } -func (o GetUsersSaasUserGroupOutput) ToOutput(ctx context.Context) pulumix.Output[GetUsersSaasUserGroup] { - return pulumix.Output[GetUsersSaasUserGroup]{ - OutputState: o.OutputState, - } -} - func (o GetUsersSaasUserGroupOutput) Created() pulumi.StringOutput { return o.ApplyT(func(v GetUsersSaasUserGroup) string { return v.Created }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetUsersSaasUserGroupOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetUsersSaasUserGroup) int { return v.Id }).(pulumi.IntOutput) } @@ -27098,12 +39922,6 @@ func (o GetUsersSaasUserGroupArrayOutput) ToGetUsersSaasUserGroupArrayOutputWith return o } -func (o GetUsersSaasUserGroupArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersSaasUserGroup] { - return pulumix.Output[[]GetUsersSaasUserGroup]{ - OutputState: o.OutputState, - } -} - func (o GetUsersSaasUserGroupArrayOutput) Index(i pulumi.IntInput) GetUsersSaasUserGroupOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetUsersSaasUserGroup { return vs[0].([]GetUsersSaasUserGroup)[vs[1].(int)] @@ -27111,8 +39929,7 @@ func (o GetUsersSaasUserGroupArrayOutput) Index(i pulumi.IntInput) GetUsersSaasU } type GetUsersSaasUserLogin struct { - Created string `pulumi:"created"` - // The ID of this resource. + Created string `pulumi:"created"` Id int `pulumi:"id"` IpAddress string `pulumi:"ipAddress"` UserId int `pulumi:"userId"` @@ -27130,8 +39947,7 @@ type GetUsersSaasUserLoginInput interface { } type GetUsersSaasUserLoginArgs struct { - Created pulumi.StringInput `pulumi:"created"` - // The ID of this resource. + Created pulumi.StringInput `pulumi:"created"` Id pulumi.IntInput `pulumi:"id"` IpAddress pulumi.StringInput `pulumi:"ipAddress"` UserId pulumi.IntInput `pulumi:"userId"` @@ -27149,12 +39965,6 @@ func (i GetUsersSaasUserLoginArgs) ToGetUsersSaasUserLoginOutputWithContext(ctx return pulumi.ToOutputWithContext(ctx, i).(GetUsersSaasUserLoginOutput) } -func (i GetUsersSaasUserLoginArgs) ToOutput(ctx context.Context) pulumix.Output[GetUsersSaasUserLogin] { - return pulumix.Output[GetUsersSaasUserLogin]{ - OutputState: i.ToGetUsersSaasUserLoginOutputWithContext(ctx).OutputState, - } -} - // GetUsersSaasUserLoginArrayInput is an input type that accepts GetUsersSaasUserLoginArray and GetUsersSaasUserLoginArrayOutput values. // You can construct a concrete instance of `GetUsersSaasUserLoginArrayInput` via: // @@ -27180,12 +39990,6 @@ func (i GetUsersSaasUserLoginArray) ToGetUsersSaasUserLoginArrayOutputWithContex return pulumi.ToOutputWithContext(ctx, i).(GetUsersSaasUserLoginArrayOutput) } -func (i GetUsersSaasUserLoginArray) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersSaasUserLogin] { - return pulumix.Output[[]GetUsersSaasUserLogin]{ - OutputState: i.ToGetUsersSaasUserLoginArrayOutputWithContext(ctx).OutputState, - } -} - type GetUsersSaasUserLoginOutput struct{ *pulumi.OutputState } func (GetUsersSaasUserLoginOutput) ElementType() reflect.Type { @@ -27200,17 +40004,10 @@ func (o GetUsersSaasUserLoginOutput) ToGetUsersSaasUserLoginOutputWithContext(ct return o } -func (o GetUsersSaasUserLoginOutput) ToOutput(ctx context.Context) pulumix.Output[GetUsersSaasUserLogin] { - return pulumix.Output[GetUsersSaasUserLogin]{ - OutputState: o.OutputState, - } -} - func (o GetUsersSaasUserLoginOutput) Created() pulumi.StringOutput { return o.ApplyT(func(v GetUsersSaasUserLogin) string { return v.Created }).(pulumi.StringOutput) } -// The ID of this resource. func (o GetUsersSaasUserLoginOutput) Id() pulumi.IntOutput { return o.ApplyT(func(v GetUsersSaasUserLogin) int { return v.Id }).(pulumi.IntOutput) } @@ -27237,12 +40034,6 @@ func (o GetUsersSaasUserLoginArrayOutput) ToGetUsersSaasUserLoginArrayOutputWith return o } -func (o GetUsersSaasUserLoginArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersSaasUserLogin] { - return pulumix.Output[[]GetUsersSaasUserLogin]{ - OutputState: o.OutputState, - } -} - func (o GetUsersSaasUserLoginArrayOutput) Index(i pulumi.IntInput) GetUsersSaasUserLoginOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetUsersSaasUserLogin { return vs[0].([]GetUsersSaasUserLogin)[vs[1].(int)] @@ -27298,12 +40089,6 @@ func (i GetUsersUserArgs) ToGetUsersUserOutputWithContext(ctx context.Context) G return pulumi.ToOutputWithContext(ctx, i).(GetUsersUserOutput) } -func (i GetUsersUserArgs) ToOutput(ctx context.Context) pulumix.Output[GetUsersUser] { - return pulumix.Output[GetUsersUser]{ - OutputState: i.ToGetUsersUserOutputWithContext(ctx).OutputState, - } -} - // GetUsersUserArrayInput is an input type that accepts GetUsersUserArray and GetUsersUserArrayOutput values. // You can construct a concrete instance of `GetUsersUserArrayInput` via: // @@ -27329,12 +40114,6 @@ func (i GetUsersUserArray) ToGetUsersUserArrayOutputWithContext(ctx context.Cont return pulumi.ToOutputWithContext(ctx, i).(GetUsersUserArrayOutput) } -func (i GetUsersUserArray) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersUser] { - return pulumix.Output[[]GetUsersUser]{ - OutputState: i.ToGetUsersUserArrayOutputWithContext(ctx).OutputState, - } -} - type GetUsersUserOutput struct{ *pulumi.OutputState } func (GetUsersUserOutput) ElementType() reflect.Type { @@ -27349,12 +40128,6 @@ func (o GetUsersUserOutput) ToGetUsersUserOutputWithContext(ctx context.Context) return o } -func (o GetUsersUserOutput) ToOutput(ctx context.Context) pulumix.Output[GetUsersUser] { - return pulumix.Output[GetUsersUser]{ - OutputState: o.OutputState, - } -} - func (o GetUsersUserOutput) Email() pulumi.StringOutput { return o.ApplyT(func(v GetUsersUser) string { return v.Email }).(pulumi.StringOutput) } @@ -27409,12 +40182,6 @@ func (o GetUsersUserArrayOutput) ToGetUsersUserArrayOutputWithContext(ctx contex return o } -func (o GetUsersUserArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]GetUsersUser] { - return pulumix.Output[[]GetUsersUser]{ - OutputState: o.OutputState, - } -} - func (o GetUsersUserArrayOutput) Index(i pulumi.IntInput) GetUsersUserOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) GetUsersUser { return vs[0].([]GetUsersUser)[vs[1].(int)] @@ -27468,12 +40235,62 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ApplicationScopeCategoryWorkloadOArrayInput)(nil)).Elem(), ApplicationScopeCategoryWorkloadOArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ApplicationScopeCategoryWorkloadOVariableInput)(nil)).Elem(), ApplicationScopeCategoryWorkloadOVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ApplicationScopeCategoryWorkloadOVariableArrayInput)(nil)).Elem(), ApplicationScopeCategoryWorkloadOVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyAllowedExecutableInput)(nil)).Elem(), ContainerRuntimePolicyAllowedExecutableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyAllowedExecutableArrayInput)(nil)).Elem(), ContainerRuntimePolicyAllowedExecutableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyAllowedRegistryInput)(nil)).Elem(), ContainerRuntimePolicyAllowedRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyAllowedRegistryArrayInput)(nil)).Elem(), ContainerRuntimePolicyAllowedRegistryArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyAuditingInput)(nil)).Elem(), ContainerRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyAuditingPtrInput)(nil)).Elem(), ContainerRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBlacklistedOsUsersInput)(nil)).Elem(), ContainerRuntimePolicyBlacklistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBlacklistedOsUsersPtrInput)(nil)).Elem(), ContainerRuntimePolicyBlacklistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBypassScopeInput)(nil)).Elem(), ContainerRuntimePolicyBypassScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBypassScopeArrayInput)(nil)).Elem(), ContainerRuntimePolicyBypassScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScopeInput)(nil)).Elem(), ContainerRuntimePolicyBypassScopeScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScopeArrayInput)(nil)).Elem(), ContainerRuntimePolicyBypassScopeScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScopeVariableInput)(nil)).Elem(), ContainerRuntimePolicyBypassScopeScopeVariableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyBypassScopeScopeVariableArrayInput)(nil)).Elem(), ContainerRuntimePolicyBypassScopeScopeVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyContainerExecInput)(nil)).Elem(), ContainerRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyContainerExecPtrInput)(nil)).Elem(), ContainerRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyDriftPreventionInput)(nil)).Elem(), ContainerRuntimePolicyDriftPreventionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyDriftPreventionArrayInput)(nil)).Elem(), ContainerRuntimePolicyDriftPreventionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyExecutableBlacklistInput)(nil)).Elem(), ContainerRuntimePolicyExecutableBlacklistArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyExecutableBlacklistArrayInput)(nil)).Elem(), ContainerRuntimePolicyExecutableBlacklistArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyFailedKubernetesChecksInput)(nil)).Elem(), ContainerRuntimePolicyFailedKubernetesChecksArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyFailedKubernetesChecksPtrInput)(nil)).Elem(), ContainerRuntimePolicyFailedKubernetesChecksArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyFileBlockInput)(nil)).Elem(), ContainerRuntimePolicyFileBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyFileBlockPtrInput)(nil)).Elem(), ContainerRuntimePolicyFileBlockArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyFileIntegrityMonitoringInput)(nil)).Elem(), ContainerRuntimePolicyFileIntegrityMonitoringArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyFileIntegrityMonitoringPtrInput)(nil)).Elem(), ContainerRuntimePolicyFileIntegrityMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyLimitContainerPrivilegeInput)(nil)).Elem(), ContainerRuntimePolicyLimitContainerPrivilegeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyLimitContainerPrivilegeArrayInput)(nil)).Elem(), ContainerRuntimePolicyLimitContainerPrivilegeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyLinuxCapabilitiesInput)(nil)).Elem(), ContainerRuntimePolicyLinuxCapabilitiesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyLinuxCapabilitiesPtrInput)(nil)).Elem(), ContainerRuntimePolicyLinuxCapabilitiesArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyMalwareScanOptionsInput)(nil)).Elem(), ContainerRuntimePolicyMalwareScanOptionsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyMalwareScanOptionsPtrInput)(nil)).Elem(), ContainerRuntimePolicyMalwareScanOptionsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyPackageBlockInput)(nil)).Elem(), ContainerRuntimePolicyPackageBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyPackageBlockPtrInput)(nil)).Elem(), ContainerRuntimePolicyPackageBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyPortBlockInput)(nil)).Elem(), ContainerRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyPortBlockPtrInput)(nil)).Elem(), ContainerRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyReadonlyFilesInput)(nil)).Elem(), ContainerRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyReadonlyFilesPtrInput)(nil)).Elem(), ContainerRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyReadonlyRegistryInput)(nil)).Elem(), ContainerRuntimePolicyReadonlyRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyReadonlyRegistryPtrInput)(nil)).Elem(), ContainerRuntimePolicyReadonlyRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyRegistryAccessMonitoringInput)(nil)).Elem(), ContainerRuntimePolicyRegistryAccessMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyRegistryAccessMonitoringPtrInput)(nil)).Elem(), ContainerRuntimePolicyRegistryAccessMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyRestrictedVolumeInput)(nil)).Elem(), ContainerRuntimePolicyRestrictedVolumeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyRestrictedVolumeArrayInput)(nil)).Elem(), ContainerRuntimePolicyRestrictedVolumeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyReverseShellInput)(nil)).Elem(), ContainerRuntimePolicyReverseShellArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyReverseShellPtrInput)(nil)).Elem(), ContainerRuntimePolicyReverseShellArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyScopeInput)(nil)).Elem(), ContainerRuntimePolicyScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyScopeArrayInput)(nil)).Elem(), ContainerRuntimePolicyScopeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyScopeVariableInput)(nil)).Elem(), ContainerRuntimePolicyScopeVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyScopeVariableArrayInput)(nil)).Elem(), ContainerRuntimePolicyScopeVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicySystemIntegrityProtectionInput)(nil)).Elem(), ContainerRuntimePolicySystemIntegrityProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicySystemIntegrityProtectionPtrInput)(nil)).Elem(), ContainerRuntimePolicySystemIntegrityProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyTripwireInput)(nil)).Elem(), ContainerRuntimePolicyTripwireArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyTripwirePtrInput)(nil)).Elem(), ContainerRuntimePolicyTripwireArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyWhitelistedOsUsersInput)(nil)).Elem(), ContainerRuntimePolicyWhitelistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ContainerRuntimePolicyWhitelistedOsUsersPtrInput)(nil)).Elem(), ContainerRuntimePolicyWhitelistedOsUsersArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*EnforcerGroupsCommandInput)(nil)).Elem(), EnforcerGroupsCommandArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*EnforcerGroupsCommandArrayInput)(nil)).Elem(), EnforcerGroupsCommandArray{}) pulumi.RegisterInputType(reflect.TypeOf((*EnforcerGroupsOrchestratorInput)(nil)).Elem(), EnforcerGroupsOrchestratorArgs{}) @@ -27488,10 +40305,14 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyCustomCheckArrayInput)(nil)).Elem(), FunctionAssurancePolicyCustomCheckArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyForbiddenLabelInput)(nil)).Elem(), FunctionAssurancePolicyForbiddenLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyForbiddenLabelArrayInput)(nil)).Elem(), FunctionAssurancePolicyForbiddenLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyKubernetesControlInput)(nil)).Elem(), FunctionAssurancePolicyKubernetesControlArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyKubernetesControlArrayInput)(nil)).Elem(), FunctionAssurancePolicyKubernetesControlArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyPackagesBlackListInput)(nil)).Elem(), FunctionAssurancePolicyPackagesBlackListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyPackagesBlackListArrayInput)(nil)).Elem(), FunctionAssurancePolicyPackagesBlackListArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyPackagesWhiteListInput)(nil)).Elem(), FunctionAssurancePolicyPackagesWhiteListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyPackagesWhiteListArrayInput)(nil)).Elem(), FunctionAssurancePolicyPackagesWhiteListArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyPolicySettingsInput)(nil)).Elem(), FunctionAssurancePolicyPolicySettingsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyPolicySettingsPtrInput)(nil)).Elem(), FunctionAssurancePolicyPolicySettingsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyRequiredLabelInput)(nil)).Elem(), FunctionAssurancePolicyRequiredLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyRequiredLabelArrayInput)(nil)).Elem(), FunctionAssurancePolicyRequiredLabelArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyScopeInput)(nil)).Elem(), FunctionAssurancePolicyScopeArgs{}) @@ -27500,8 +40321,62 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyScopeVariableArrayInput)(nil)).Elem(), FunctionAssurancePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyTrustedBaseImageInput)(nil)).Elem(), FunctionAssurancePolicyTrustedBaseImageArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionAssurancePolicyTrustedBaseImageArrayInput)(nil)).Elem(), FunctionAssurancePolicyTrustedBaseImageArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyAllowedExecutableInput)(nil)).Elem(), FunctionRuntimePolicyAllowedExecutableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyAllowedExecutableArrayInput)(nil)).Elem(), FunctionRuntimePolicyAllowedExecutableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyAllowedRegistryInput)(nil)).Elem(), FunctionRuntimePolicyAllowedRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyAllowedRegistryArrayInput)(nil)).Elem(), FunctionRuntimePolicyAllowedRegistryArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyAuditingInput)(nil)).Elem(), FunctionRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyAuditingPtrInput)(nil)).Elem(), FunctionRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBlacklistedOsUsersInput)(nil)).Elem(), FunctionRuntimePolicyBlacklistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBlacklistedOsUsersPtrInput)(nil)).Elem(), FunctionRuntimePolicyBlacklistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBypassScopeInput)(nil)).Elem(), FunctionRuntimePolicyBypassScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBypassScopeArrayInput)(nil)).Elem(), FunctionRuntimePolicyBypassScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScopeInput)(nil)).Elem(), FunctionRuntimePolicyBypassScopeScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScopeArrayInput)(nil)).Elem(), FunctionRuntimePolicyBypassScopeScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScopeVariableInput)(nil)).Elem(), FunctionRuntimePolicyBypassScopeScopeVariableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyBypassScopeScopeVariableArrayInput)(nil)).Elem(), FunctionRuntimePolicyBypassScopeScopeVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyContainerExecInput)(nil)).Elem(), FunctionRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyContainerExecPtrInput)(nil)).Elem(), FunctionRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyDriftPreventionInput)(nil)).Elem(), FunctionRuntimePolicyDriftPreventionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyDriftPreventionArrayInput)(nil)).Elem(), FunctionRuntimePolicyDriftPreventionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyExecutableBlacklistInput)(nil)).Elem(), FunctionRuntimePolicyExecutableBlacklistArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyExecutableBlacklistArrayInput)(nil)).Elem(), FunctionRuntimePolicyExecutableBlacklistArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyFailedKubernetesChecksInput)(nil)).Elem(), FunctionRuntimePolicyFailedKubernetesChecksArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyFailedKubernetesChecksPtrInput)(nil)).Elem(), FunctionRuntimePolicyFailedKubernetesChecksArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyFileBlockInput)(nil)).Elem(), FunctionRuntimePolicyFileBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyFileBlockPtrInput)(nil)).Elem(), FunctionRuntimePolicyFileBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyFileIntegrityMonitoringInput)(nil)).Elem(), FunctionRuntimePolicyFileIntegrityMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyFileIntegrityMonitoringArrayInput)(nil)).Elem(), FunctionRuntimePolicyFileIntegrityMonitoringArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyLimitContainerPrivilegeInput)(nil)).Elem(), FunctionRuntimePolicyLimitContainerPrivilegeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyLimitContainerPrivilegeArrayInput)(nil)).Elem(), FunctionRuntimePolicyLimitContainerPrivilegeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyLinuxCapabilitiesInput)(nil)).Elem(), FunctionRuntimePolicyLinuxCapabilitiesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyLinuxCapabilitiesPtrInput)(nil)).Elem(), FunctionRuntimePolicyLinuxCapabilitiesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyMalwareScanOptionsInput)(nil)).Elem(), FunctionRuntimePolicyMalwareScanOptionsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyMalwareScanOptionsPtrInput)(nil)).Elem(), FunctionRuntimePolicyMalwareScanOptionsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyPackageBlockInput)(nil)).Elem(), FunctionRuntimePolicyPackageBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyPackageBlockPtrInput)(nil)).Elem(), FunctionRuntimePolicyPackageBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyPortBlockInput)(nil)).Elem(), FunctionRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyPortBlockPtrInput)(nil)).Elem(), FunctionRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyReadonlyFilesInput)(nil)).Elem(), FunctionRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyReadonlyFilesPtrInput)(nil)).Elem(), FunctionRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyReadonlyRegistryInput)(nil)).Elem(), FunctionRuntimePolicyReadonlyRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyReadonlyRegistryPtrInput)(nil)).Elem(), FunctionRuntimePolicyReadonlyRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyRegistryAccessMonitoringInput)(nil)).Elem(), FunctionRuntimePolicyRegistryAccessMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyRegistryAccessMonitoringPtrInput)(nil)).Elem(), FunctionRuntimePolicyRegistryAccessMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyRestrictedVolumeInput)(nil)).Elem(), FunctionRuntimePolicyRestrictedVolumeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyRestrictedVolumeArrayInput)(nil)).Elem(), FunctionRuntimePolicyRestrictedVolumeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyReverseShellInput)(nil)).Elem(), FunctionRuntimePolicyReverseShellArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyReverseShellPtrInput)(nil)).Elem(), FunctionRuntimePolicyReverseShellArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyScopeInput)(nil)).Elem(), FunctionRuntimePolicyScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyScopeArrayInput)(nil)).Elem(), FunctionRuntimePolicyScopeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyScopeVariableInput)(nil)).Elem(), FunctionRuntimePolicyScopeVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyScopeVariableArrayInput)(nil)).Elem(), FunctionRuntimePolicyScopeVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicySystemIntegrityProtectionInput)(nil)).Elem(), FunctionRuntimePolicySystemIntegrityProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicySystemIntegrityProtectionPtrInput)(nil)).Elem(), FunctionRuntimePolicySystemIntegrityProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyTripwireInput)(nil)).Elem(), FunctionRuntimePolicyTripwireArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyTripwirePtrInput)(nil)).Elem(), FunctionRuntimePolicyTripwireArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyWhitelistedOsUsersInput)(nil)).Elem(), FunctionRuntimePolicyWhitelistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*FunctionRuntimePolicyWhitelistedOsUsersPtrInput)(nil)).Elem(), FunctionRuntimePolicyWhitelistedOsUsersArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyAutoScanTimeInput)(nil)).Elem(), HostAssurancePolicyAutoScanTimeArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyAutoScanTimeArrayInput)(nil)).Elem(), HostAssurancePolicyAutoScanTimeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyCustomCheckInput)(nil)).Elem(), HostAssurancePolicyCustomCheckArgs{}) @@ -27512,6 +40387,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyPackagesBlackListArrayInput)(nil)).Elem(), HostAssurancePolicyPackagesBlackListArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyPackagesWhiteListInput)(nil)).Elem(), HostAssurancePolicyPackagesWhiteListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyPackagesWhiteListArrayInput)(nil)).Elem(), HostAssurancePolicyPackagesWhiteListArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyPolicySettingsInput)(nil)).Elem(), HostAssurancePolicyPolicySettingsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyPolicySettingsPtrInput)(nil)).Elem(), HostAssurancePolicyPolicySettingsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyRequiredLabelInput)(nil)).Elem(), HostAssurancePolicyRequiredLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyRequiredLabelArrayInput)(nil)).Elem(), HostAssurancePolicyRequiredLabelArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyScopeInput)(nil)).Elem(), HostAssurancePolicyScopeArgs{}) @@ -27520,16 +40397,62 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyScopeVariableArrayInput)(nil)).Elem(), HostAssurancePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyTrustedBaseImageInput)(nil)).Elem(), HostAssurancePolicyTrustedBaseImageArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostAssurancePolicyTrustedBaseImageArrayInput)(nil)).Elem(), HostAssurancePolicyTrustedBaseImageArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyAllowedExecutableInput)(nil)).Elem(), HostRuntimePolicyAllowedExecutableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyAllowedExecutableArrayInput)(nil)).Elem(), HostRuntimePolicyAllowedExecutableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyAllowedRegistryInput)(nil)).Elem(), HostRuntimePolicyAllowedRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyAllowedRegistryArrayInput)(nil)).Elem(), HostRuntimePolicyAllowedRegistryArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyAuditingInput)(nil)).Elem(), HostRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyAuditingPtrInput)(nil)).Elem(), HostRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBlacklistedOsUsersInput)(nil)).Elem(), HostRuntimePolicyBlacklistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBlacklistedOsUsersPtrInput)(nil)).Elem(), HostRuntimePolicyBlacklistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBypassScopeInput)(nil)).Elem(), HostRuntimePolicyBypassScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBypassScopeArrayInput)(nil)).Elem(), HostRuntimePolicyBypassScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBypassScopeScopeInput)(nil)).Elem(), HostRuntimePolicyBypassScopeScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBypassScopeScopeArrayInput)(nil)).Elem(), HostRuntimePolicyBypassScopeScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBypassScopeScopeVariableInput)(nil)).Elem(), HostRuntimePolicyBypassScopeScopeVariableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyBypassScopeScopeVariableArrayInput)(nil)).Elem(), HostRuntimePolicyBypassScopeScopeVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyContainerExecInput)(nil)).Elem(), HostRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyContainerExecPtrInput)(nil)).Elem(), HostRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyDriftPreventionInput)(nil)).Elem(), HostRuntimePolicyDriftPreventionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyDriftPreventionArrayInput)(nil)).Elem(), HostRuntimePolicyDriftPreventionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyExecutableBlacklistInput)(nil)).Elem(), HostRuntimePolicyExecutableBlacklistArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyExecutableBlacklistArrayInput)(nil)).Elem(), HostRuntimePolicyExecutableBlacklistArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyFailedKubernetesChecksInput)(nil)).Elem(), HostRuntimePolicyFailedKubernetesChecksArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyFailedKubernetesChecksPtrInput)(nil)).Elem(), HostRuntimePolicyFailedKubernetesChecksArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyFileBlockInput)(nil)).Elem(), HostRuntimePolicyFileBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyFileBlockPtrInput)(nil)).Elem(), HostRuntimePolicyFileBlockArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyFileIntegrityMonitoringInput)(nil)).Elem(), HostRuntimePolicyFileIntegrityMonitoringArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyFileIntegrityMonitoringPtrInput)(nil)).Elem(), HostRuntimePolicyFileIntegrityMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyLimitContainerPrivilegeInput)(nil)).Elem(), HostRuntimePolicyLimitContainerPrivilegeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyLimitContainerPrivilegeArrayInput)(nil)).Elem(), HostRuntimePolicyLimitContainerPrivilegeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyLinuxCapabilitiesInput)(nil)).Elem(), HostRuntimePolicyLinuxCapabilitiesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyLinuxCapabilitiesPtrInput)(nil)).Elem(), HostRuntimePolicyLinuxCapabilitiesArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyMalwareScanOptionsInput)(nil)).Elem(), HostRuntimePolicyMalwareScanOptionsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyMalwareScanOptionsPtrInput)(nil)).Elem(), HostRuntimePolicyMalwareScanOptionsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyPackageBlockInput)(nil)).Elem(), HostRuntimePolicyPackageBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyPackageBlockArrayInput)(nil)).Elem(), HostRuntimePolicyPackageBlockArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyPortBlockInput)(nil)).Elem(), HostRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyPortBlockPtrInput)(nil)).Elem(), HostRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyReadonlyFilesInput)(nil)).Elem(), HostRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyReadonlyFilesPtrInput)(nil)).Elem(), HostRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyReadonlyRegistryInput)(nil)).Elem(), HostRuntimePolicyReadonlyRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyReadonlyRegistryPtrInput)(nil)).Elem(), HostRuntimePolicyReadonlyRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyRegistryAccessMonitoringInput)(nil)).Elem(), HostRuntimePolicyRegistryAccessMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyRegistryAccessMonitoringPtrInput)(nil)).Elem(), HostRuntimePolicyRegistryAccessMonitoringArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyRestrictedVolumeInput)(nil)).Elem(), HostRuntimePolicyRestrictedVolumeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyRestrictedVolumeArrayInput)(nil)).Elem(), HostRuntimePolicyRestrictedVolumeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyReverseShellInput)(nil)).Elem(), HostRuntimePolicyReverseShellArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyReverseShellPtrInput)(nil)).Elem(), HostRuntimePolicyReverseShellArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyScopeInput)(nil)).Elem(), HostRuntimePolicyScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyScopeArrayInput)(nil)).Elem(), HostRuntimePolicyScopeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyScopeVariableInput)(nil)).Elem(), HostRuntimePolicyScopeVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyScopeVariableArrayInput)(nil)).Elem(), HostRuntimePolicyScopeVariableArray{}) - pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyWindowsRegistryMonitoringInput)(nil)).Elem(), HostRuntimePolicyWindowsRegistryMonitoringArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyWindowsRegistryMonitoringPtrInput)(nil)).Elem(), HostRuntimePolicyWindowsRegistryMonitoringArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyWindowsRegistryProtectionInput)(nil)).Elem(), HostRuntimePolicyWindowsRegistryProtectionArgs{}) - pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyWindowsRegistryProtectionPtrInput)(nil)).Elem(), HostRuntimePolicyWindowsRegistryProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicySystemIntegrityProtectionInput)(nil)).Elem(), HostRuntimePolicySystemIntegrityProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicySystemIntegrityProtectionPtrInput)(nil)).Elem(), HostRuntimePolicySystemIntegrityProtectionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyTripwireInput)(nil)).Elem(), HostRuntimePolicyTripwireArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyTripwirePtrInput)(nil)).Elem(), HostRuntimePolicyTripwireArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyWhitelistedOsUsersInput)(nil)).Elem(), HostRuntimePolicyWhitelistedOsUsersArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostRuntimePolicyWhitelistedOsUsersPtrInput)(nil)).Elem(), HostRuntimePolicyWhitelistedOsUsersArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssuranceChecksPerformedInput)(nil)).Elem(), ImageAssuranceChecksPerformedArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssuranceChecksPerformedArrayInput)(nil)).Elem(), ImageAssuranceChecksPerformedArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyAutoScanTimeInput)(nil)).Elem(), ImageAssurancePolicyAutoScanTimeArgs{}) @@ -27538,10 +40461,14 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyCustomCheckArrayInput)(nil)).Elem(), ImageAssurancePolicyCustomCheckArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyForbiddenLabelInput)(nil)).Elem(), ImageAssurancePolicyForbiddenLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyForbiddenLabelArrayInput)(nil)).Elem(), ImageAssurancePolicyForbiddenLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyKubernetesControlsInput)(nil)).Elem(), ImageAssurancePolicyKubernetesControlsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyKubernetesControlsPtrInput)(nil)).Elem(), ImageAssurancePolicyKubernetesControlsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyPackagesBlackListInput)(nil)).Elem(), ImageAssurancePolicyPackagesBlackListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyPackagesBlackListArrayInput)(nil)).Elem(), ImageAssurancePolicyPackagesBlackListArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyPackagesWhiteListInput)(nil)).Elem(), ImageAssurancePolicyPackagesWhiteListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyPackagesWhiteListArrayInput)(nil)).Elem(), ImageAssurancePolicyPackagesWhiteListArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyPolicySettingsInput)(nil)).Elem(), ImageAssurancePolicyPolicySettingsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyPolicySettingsPtrInput)(nil)).Elem(), ImageAssurancePolicyPolicySettingsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyRequiredLabelInput)(nil)).Elem(), ImageAssurancePolicyRequiredLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyRequiredLabelArrayInput)(nil)).Elem(), ImageAssurancePolicyRequiredLabelArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ImageAssurancePolicyScopeInput)(nil)).Elem(), ImageAssurancePolicyScopeArgs{}) @@ -27564,10 +40491,14 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyCustomCheckArrayInput)(nil)).Elem(), KubernetesAssurancePolicyCustomCheckArray{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyForbiddenLabelInput)(nil)).Elem(), KubernetesAssurancePolicyForbiddenLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyForbiddenLabelArrayInput)(nil)).Elem(), KubernetesAssurancePolicyForbiddenLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyKubernetesControlInput)(nil)).Elem(), KubernetesAssurancePolicyKubernetesControlArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyKubernetesControlArrayInput)(nil)).Elem(), KubernetesAssurancePolicyKubernetesControlArray{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyPackagesBlackListInput)(nil)).Elem(), KubernetesAssurancePolicyPackagesBlackListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyPackagesBlackListArrayInput)(nil)).Elem(), KubernetesAssurancePolicyPackagesBlackListArray{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyPackagesWhiteListInput)(nil)).Elem(), KubernetesAssurancePolicyPackagesWhiteListArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyPackagesWhiteListArrayInput)(nil)).Elem(), KubernetesAssurancePolicyPackagesWhiteListArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyPolicySettingsInput)(nil)).Elem(), KubernetesAssurancePolicyPolicySettingsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyPolicySettingsPtrInput)(nil)).Elem(), KubernetesAssurancePolicyPolicySettingsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyRequiredLabelInput)(nil)).Elem(), KubernetesAssurancePolicyRequiredLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyRequiredLabelArrayInput)(nil)).Elem(), KubernetesAssurancePolicyRequiredLabelArray{}) pulumi.RegisterInputType(reflect.TypeOf((*KubernetesAssurancePolicyScopeInput)(nil)).Elem(), KubernetesAssurancePolicyScopeArgs{}) @@ -27590,6 +40521,28 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*UserSaasGroupArrayInput)(nil)).Elem(), UserSaasGroupArray{}) pulumi.RegisterInputType(reflect.TypeOf((*UserSaasLoginInput)(nil)).Elem(), UserSaasLoginArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*UserSaasLoginArrayInput)(nil)).Elem(), UserSaasLoginArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyAutoScanTimeInput)(nil)).Elem(), VmwareAssurancePolicyAutoScanTimeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyAutoScanTimeArrayInput)(nil)).Elem(), VmwareAssurancePolicyAutoScanTimeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyCustomCheckInput)(nil)).Elem(), VmwareAssurancePolicyCustomCheckArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyCustomCheckArrayInput)(nil)).Elem(), VmwareAssurancePolicyCustomCheckArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyForbiddenLabelInput)(nil)).Elem(), VmwareAssurancePolicyForbiddenLabelArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyForbiddenLabelArrayInput)(nil)).Elem(), VmwareAssurancePolicyForbiddenLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyKubernetesControlInput)(nil)).Elem(), VmwareAssurancePolicyKubernetesControlArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyKubernetesControlArrayInput)(nil)).Elem(), VmwareAssurancePolicyKubernetesControlArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyPackagesBlackListInput)(nil)).Elem(), VmwareAssurancePolicyPackagesBlackListArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyPackagesBlackListArrayInput)(nil)).Elem(), VmwareAssurancePolicyPackagesBlackListArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyPackagesWhiteListInput)(nil)).Elem(), VmwareAssurancePolicyPackagesWhiteListArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyPackagesWhiteListArrayInput)(nil)).Elem(), VmwareAssurancePolicyPackagesWhiteListArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyPolicySettingsInput)(nil)).Elem(), VmwareAssurancePolicyPolicySettingsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyPolicySettingsPtrInput)(nil)).Elem(), VmwareAssurancePolicyPolicySettingsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyRequiredLabelInput)(nil)).Elem(), VmwareAssurancePolicyRequiredLabelArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyRequiredLabelArrayInput)(nil)).Elem(), VmwareAssurancePolicyRequiredLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyScopeInput)(nil)).Elem(), VmwareAssurancePolicyScopeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyScopeArrayInput)(nil)).Elem(), VmwareAssurancePolicyScopeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyScopeVariableInput)(nil)).Elem(), VmwareAssurancePolicyScopeVariableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyScopeVariableArrayInput)(nil)).Elem(), VmwareAssurancePolicyScopeVariableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyTrustedBaseImageInput)(nil)).Elem(), VmwareAssurancePolicyTrustedBaseImageArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyTrustedBaseImageArrayInput)(nil)).Elem(), VmwareAssurancePolicyTrustedBaseImageArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetAcknowledgesAcknowledgeInput)(nil)).Elem(), GetAcknowledgesAcknowledgeArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetAcknowledgesAcknowledgeArrayInput)(nil)).Elem(), GetAcknowledgesAcknowledgeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetApplicationScopeCategoryInput)(nil)).Elem(), GetApplicationScopeCategoryArgs{}) @@ -27638,10 +40591,28 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetApplicationScopeCategoryWorkloadOVariableArrayInput)(nil)).Elem(), GetApplicationScopeCategoryWorkloadOVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetAquaLabelsAquaLabelInput)(nil)).Elem(), GetAquaLabelsAquaLabelArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetAquaLabelsAquaLabelArrayInput)(nil)).Elem(), GetAquaLabelsAquaLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyAllowedExecutableInput)(nil)).Elem(), GetContainerRuntimePolicyAllowedExecutableArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyAllowedExecutableArrayInput)(nil)).Elem(), GetContainerRuntimePolicyAllowedExecutableArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyAllowedRegistryInput)(nil)).Elem(), GetContainerRuntimePolicyAllowedRegistryArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyAllowedRegistryArrayInput)(nil)).Elem(), GetContainerRuntimePolicyAllowedRegistryArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyAuditingInput)(nil)).Elem(), GetContainerRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyAuditingPtrInput)(nil)).Elem(), GetContainerRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyContainerExecInput)(nil)).Elem(), GetContainerRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyContainerExecPtrInput)(nil)).Elem(), GetContainerRuntimePolicyContainerExecArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyFileBlockInput)(nil)).Elem(), GetContainerRuntimePolicyFileBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyFileBlockPtrInput)(nil)).Elem(), GetContainerRuntimePolicyFileBlockArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyFileIntegrityMonitoringInput)(nil)).Elem(), GetContainerRuntimePolicyFileIntegrityMonitoringArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyFileIntegrityMonitoringArrayInput)(nil)).Elem(), GetContainerRuntimePolicyFileIntegrityMonitoringArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyLimitContainerPrivilegeInput)(nil)).Elem(), GetContainerRuntimePolicyLimitContainerPrivilegeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyLimitContainerPrivilegeArrayInput)(nil)).Elem(), GetContainerRuntimePolicyLimitContainerPrivilegeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyMalwareScanOptionInput)(nil)).Elem(), GetContainerRuntimePolicyMalwareScanOptionArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyMalwareScanOptionArrayInput)(nil)).Elem(), GetContainerRuntimePolicyMalwareScanOptionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyPortBlockInput)(nil)).Elem(), GetContainerRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyPortBlockPtrInput)(nil)).Elem(), GetContainerRuntimePolicyPortBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyReadonlyFilesInput)(nil)).Elem(), GetContainerRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyReadonlyFilesPtrInput)(nil)).Elem(), GetContainerRuntimePolicyReadonlyFilesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyRestrictedVolumeInput)(nil)).Elem(), GetContainerRuntimePolicyRestrictedVolumeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyRestrictedVolumeArrayInput)(nil)).Elem(), GetContainerRuntimePolicyRestrictedVolumeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyScopeVariableInput)(nil)).Elem(), GetContainerRuntimePolicyScopeVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetContainerRuntimePolicyScopeVariableArrayInput)(nil)).Elem(), GetContainerRuntimePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetEnforcerGroupsCommandInput)(nil)).Elem(), GetEnforcerGroupsCommandArgs{}) @@ -27670,6 +40641,10 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionAssurancePolicyScopeVariableArrayInput)(nil)).Elem(), GetFunctionAssurancePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionAssurancePolicyTrustedBaseImageInput)(nil)).Elem(), GetFunctionAssurancePolicyTrustedBaseImageArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionAssurancePolicyTrustedBaseImageArrayInput)(nil)).Elem(), GetFunctionAssurancePolicyTrustedBaseImageArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionRuntimePolicyDriftPreventionInput)(nil)).Elem(), GetFunctionRuntimePolicyDriftPreventionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionRuntimePolicyDriftPreventionArrayInput)(nil)).Elem(), GetFunctionRuntimePolicyDriftPreventionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionRuntimePolicyExecutableBlacklistInput)(nil)).Elem(), GetFunctionRuntimePolicyExecutableBlacklistArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionRuntimePolicyExecutableBlacklistArrayInput)(nil)).Elem(), GetFunctionRuntimePolicyExecutableBlacklistArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionRuntimePolicyScopeVariableInput)(nil)).Elem(), GetFunctionRuntimePolicyScopeVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetFunctionRuntimePolicyScopeVariableArrayInput)(nil)).Elem(), GetFunctionRuntimePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetGatewaysGatewayInput)(nil)).Elem(), GetGatewaysGatewayArgs{}) @@ -27694,10 +40669,14 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetHostAssurancePolicyScopeVariableArrayInput)(nil)).Elem(), GetHostAssurancePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostAssurancePolicyTrustedBaseImageInput)(nil)).Elem(), GetHostAssurancePolicyTrustedBaseImageArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostAssurancePolicyTrustedBaseImageArrayInput)(nil)).Elem(), GetHostAssurancePolicyTrustedBaseImageArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyAuditingInput)(nil)).Elem(), GetHostRuntimePolicyAuditingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyAuditingPtrInput)(nil)).Elem(), GetHostRuntimePolicyAuditingArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyFileIntegrityMonitoringInput)(nil)).Elem(), GetHostRuntimePolicyFileIntegrityMonitoringArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyFileIntegrityMonitoringArrayInput)(nil)).Elem(), GetHostRuntimePolicyFileIntegrityMonitoringArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyMalwareScanOptionInput)(nil)).Elem(), GetHostRuntimePolicyMalwareScanOptionArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyMalwareScanOptionArrayInput)(nil)).Elem(), GetHostRuntimePolicyMalwareScanOptionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyPackageBlockInput)(nil)).Elem(), GetHostRuntimePolicyPackageBlockArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyPackageBlockArrayInput)(nil)).Elem(), GetHostRuntimePolicyPackageBlockArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyScopeVariableInput)(nil)).Elem(), GetHostRuntimePolicyScopeVariableArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyScopeVariableArrayInput)(nil)).Elem(), GetHostRuntimePolicyScopeVariableArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetHostRuntimePolicyWindowsRegistryMonitoringInput)(nil)).Elem(), GetHostRuntimePolicyWindowsRegistryMonitoringArgs{}) @@ -27728,6 +40707,10 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetImageHistoryArrayInput)(nil)).Elem(), GetImageHistoryArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetImageVulnerabilityInput)(nil)).Elem(), GetImageVulnerabilityArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetImageVulnerabilityArrayInput)(nil)).Elem(), GetImageVulnerabilityArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistriesOptionInput)(nil)).Elem(), GetIntegrationRegistriesOptionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistriesOptionArrayInput)(nil)).Elem(), GetIntegrationRegistriesOptionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistriesWebhookInput)(nil)).Elem(), GetIntegrationRegistriesWebhookArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistriesWebhookArrayInput)(nil)).Elem(), GetIntegrationRegistriesWebhookArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistryOptionInput)(nil)).Elem(), GetIntegrationRegistryOptionArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistryOptionArrayInput)(nil)).Elem(), GetIntegrationRegistryOptionArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetIntegrationRegistryWebhookInput)(nil)).Elem(), GetIntegrationRegistryWebhookArgs{}) @@ -27834,12 +40817,62 @@ func init() { pulumi.RegisterOutputType(ApplicationScopeCategoryWorkloadOArrayOutput{}) pulumi.RegisterOutputType(ApplicationScopeCategoryWorkloadOVariableOutput{}) pulumi.RegisterOutputType(ApplicationScopeCategoryWorkloadOVariableArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyAllowedExecutableOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyAllowedExecutableArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyAllowedRegistryOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyAllowedRegistryArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyAuditingOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyAuditingPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBlacklistedOsUsersOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBlacklistedOsUsersPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBypassScopeOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBypassScopeArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBypassScopeScopeOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBypassScopeScopeArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBypassScopeScopeVariableOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyBypassScopeScopeVariableArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyContainerExecOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyContainerExecPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyDriftPreventionOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyDriftPreventionArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyExecutableBlacklistOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyExecutableBlacklistArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyFailedKubernetesChecksOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyFailedKubernetesChecksPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyFileBlockOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyFileBlockPtrOutput{}) pulumi.RegisterOutputType(ContainerRuntimePolicyFileIntegrityMonitoringOutput{}) pulumi.RegisterOutputType(ContainerRuntimePolicyFileIntegrityMonitoringPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyLimitContainerPrivilegeOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyLimitContainerPrivilegeArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyLinuxCapabilitiesOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyLinuxCapabilitiesPtrOutput{}) pulumi.RegisterOutputType(ContainerRuntimePolicyMalwareScanOptionsOutput{}) pulumi.RegisterOutputType(ContainerRuntimePolicyMalwareScanOptionsPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyPackageBlockOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyPackageBlockPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyPortBlockOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyPortBlockPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyReadonlyFilesOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyReadonlyFilesPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyReadonlyRegistryOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyReadonlyRegistryPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyRegistryAccessMonitoringOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyRegistryAccessMonitoringPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyRestrictedVolumeOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyRestrictedVolumeArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyReverseShellOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyReverseShellPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyScopeOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyScopeArrayOutput{}) pulumi.RegisterOutputType(ContainerRuntimePolicyScopeVariableOutput{}) pulumi.RegisterOutputType(ContainerRuntimePolicyScopeVariableArrayOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicySystemIntegrityProtectionOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicySystemIntegrityProtectionPtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyTripwireOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyTripwirePtrOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyWhitelistedOsUsersOutput{}) + pulumi.RegisterOutputType(ContainerRuntimePolicyWhitelistedOsUsersPtrOutput{}) pulumi.RegisterOutputType(EnforcerGroupsCommandOutput{}) pulumi.RegisterOutputType(EnforcerGroupsCommandArrayOutput{}) pulumi.RegisterOutputType(EnforcerGroupsOrchestratorOutput{}) @@ -27854,10 +40887,14 @@ func init() { pulumi.RegisterOutputType(FunctionAssurancePolicyCustomCheckArrayOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyForbiddenLabelOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyForbiddenLabelArrayOutput{}) + pulumi.RegisterOutputType(FunctionAssurancePolicyKubernetesControlOutput{}) + pulumi.RegisterOutputType(FunctionAssurancePolicyKubernetesControlArrayOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyPackagesBlackListOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyPackagesBlackListArrayOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyPackagesWhiteListOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyPackagesWhiteListArrayOutput{}) + pulumi.RegisterOutputType(FunctionAssurancePolicyPolicySettingsOutput{}) + pulumi.RegisterOutputType(FunctionAssurancePolicyPolicySettingsPtrOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyRequiredLabelOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyRequiredLabelArrayOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyScopeOutput{}) @@ -27866,8 +40903,62 @@ func init() { pulumi.RegisterOutputType(FunctionAssurancePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyTrustedBaseImageOutput{}) pulumi.RegisterOutputType(FunctionAssurancePolicyTrustedBaseImageArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyAllowedExecutableOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyAllowedExecutableArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyAllowedRegistryOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyAllowedRegistryArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyAuditingOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyAuditingPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBlacklistedOsUsersOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBlacklistedOsUsersPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBypassScopeOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBypassScopeArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBypassScopeScopeOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBypassScopeScopeArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBypassScopeScopeVariableOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyBypassScopeScopeVariableArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyContainerExecOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyContainerExecPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyDriftPreventionOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyDriftPreventionArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyExecutableBlacklistOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyExecutableBlacklistArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyFailedKubernetesChecksOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyFailedKubernetesChecksPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyFileBlockOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyFileBlockPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyFileIntegrityMonitoringOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyFileIntegrityMonitoringArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyLimitContainerPrivilegeOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyLimitContainerPrivilegeArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyLinuxCapabilitiesOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyLinuxCapabilitiesPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyMalwareScanOptionsOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyMalwareScanOptionsPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyPackageBlockOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyPackageBlockPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyPortBlockOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyPortBlockPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyReadonlyFilesOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyReadonlyFilesPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyReadonlyRegistryOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyReadonlyRegistryPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyRegistryAccessMonitoringOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyRegistryAccessMonitoringPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyRestrictedVolumeOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyRestrictedVolumeArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyReverseShellOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyReverseShellPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyScopeOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyScopeArrayOutput{}) pulumi.RegisterOutputType(FunctionRuntimePolicyScopeVariableOutput{}) pulumi.RegisterOutputType(FunctionRuntimePolicyScopeVariableArrayOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicySystemIntegrityProtectionOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicySystemIntegrityProtectionPtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyTripwireOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyTripwirePtrOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyWhitelistedOsUsersOutput{}) + pulumi.RegisterOutputType(FunctionRuntimePolicyWhitelistedOsUsersPtrOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyAutoScanTimeOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyAutoScanTimeArrayOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyCustomCheckOutput{}) @@ -27878,6 +40969,8 @@ func init() { pulumi.RegisterOutputType(HostAssurancePolicyPackagesBlackListArrayOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyPackagesWhiteListOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyPackagesWhiteListArrayOutput{}) + pulumi.RegisterOutputType(HostAssurancePolicyPolicySettingsOutput{}) + pulumi.RegisterOutputType(HostAssurancePolicyPolicySettingsPtrOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyRequiredLabelOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyRequiredLabelArrayOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyScopeOutput{}) @@ -27886,16 +40979,62 @@ func init() { pulumi.RegisterOutputType(HostAssurancePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyTrustedBaseImageOutput{}) pulumi.RegisterOutputType(HostAssurancePolicyTrustedBaseImageArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyAllowedExecutableOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyAllowedExecutableArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyAllowedRegistryOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyAllowedRegistryArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyAuditingOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyAuditingPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBlacklistedOsUsersOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBlacklistedOsUsersPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBypassScopeOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBypassScopeArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBypassScopeScopeOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBypassScopeScopeArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBypassScopeScopeVariableOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyBypassScopeScopeVariableArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyContainerExecOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyContainerExecPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyDriftPreventionOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyDriftPreventionArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyExecutableBlacklistOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyExecutableBlacklistArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyFailedKubernetesChecksOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyFailedKubernetesChecksPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyFileBlockOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyFileBlockPtrOutput{}) pulumi.RegisterOutputType(HostRuntimePolicyFileIntegrityMonitoringOutput{}) pulumi.RegisterOutputType(HostRuntimePolicyFileIntegrityMonitoringPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyLimitContainerPrivilegeOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyLimitContainerPrivilegeArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyLinuxCapabilitiesOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyLinuxCapabilitiesPtrOutput{}) pulumi.RegisterOutputType(HostRuntimePolicyMalwareScanOptionsOutput{}) pulumi.RegisterOutputType(HostRuntimePolicyMalwareScanOptionsPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyPackageBlockOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyPackageBlockArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyPortBlockOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyPortBlockPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyReadonlyFilesOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyReadonlyFilesPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyReadonlyRegistryOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyReadonlyRegistryPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyRegistryAccessMonitoringOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyRegistryAccessMonitoringPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyRestrictedVolumeOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyRestrictedVolumeArrayOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyReverseShellOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyReverseShellPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyScopeOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyScopeArrayOutput{}) pulumi.RegisterOutputType(HostRuntimePolicyScopeVariableOutput{}) pulumi.RegisterOutputType(HostRuntimePolicyScopeVariableArrayOutput{}) - pulumi.RegisterOutputType(HostRuntimePolicyWindowsRegistryMonitoringOutput{}) - pulumi.RegisterOutputType(HostRuntimePolicyWindowsRegistryMonitoringPtrOutput{}) - pulumi.RegisterOutputType(HostRuntimePolicyWindowsRegistryProtectionOutput{}) - pulumi.RegisterOutputType(HostRuntimePolicyWindowsRegistryProtectionPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicySystemIntegrityProtectionOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicySystemIntegrityProtectionPtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyTripwireOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyTripwirePtrOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyWhitelistedOsUsersOutput{}) + pulumi.RegisterOutputType(HostRuntimePolicyWhitelistedOsUsersPtrOutput{}) pulumi.RegisterOutputType(ImageAssuranceChecksPerformedOutput{}) pulumi.RegisterOutputType(ImageAssuranceChecksPerformedArrayOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyAutoScanTimeOutput{}) @@ -27904,10 +41043,14 @@ func init() { pulumi.RegisterOutputType(ImageAssurancePolicyCustomCheckArrayOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyForbiddenLabelOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyForbiddenLabelArrayOutput{}) + pulumi.RegisterOutputType(ImageAssurancePolicyKubernetesControlsOutput{}) + pulumi.RegisterOutputType(ImageAssurancePolicyKubernetesControlsPtrOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyPackagesBlackListOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyPackagesBlackListArrayOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyPackagesWhiteListOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyPackagesWhiteListArrayOutput{}) + pulumi.RegisterOutputType(ImageAssurancePolicyPolicySettingsOutput{}) + pulumi.RegisterOutputType(ImageAssurancePolicyPolicySettingsPtrOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyRequiredLabelOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyRequiredLabelArrayOutput{}) pulumi.RegisterOutputType(ImageAssurancePolicyScopeOutput{}) @@ -27930,10 +41073,14 @@ func init() { pulumi.RegisterOutputType(KubernetesAssurancePolicyCustomCheckArrayOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyForbiddenLabelOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyForbiddenLabelArrayOutput{}) + pulumi.RegisterOutputType(KubernetesAssurancePolicyKubernetesControlOutput{}) + pulumi.RegisterOutputType(KubernetesAssurancePolicyKubernetesControlArrayOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyPackagesBlackListOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyPackagesBlackListArrayOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyPackagesWhiteListOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyPackagesWhiteListArrayOutput{}) + pulumi.RegisterOutputType(KubernetesAssurancePolicyPolicySettingsOutput{}) + pulumi.RegisterOutputType(KubernetesAssurancePolicyPolicySettingsPtrOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyRequiredLabelOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyRequiredLabelArrayOutput{}) pulumi.RegisterOutputType(KubernetesAssurancePolicyScopeOutput{}) @@ -27956,6 +41103,28 @@ func init() { pulumi.RegisterOutputType(UserSaasGroupArrayOutput{}) pulumi.RegisterOutputType(UserSaasLoginOutput{}) pulumi.RegisterOutputType(UserSaasLoginArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyAutoScanTimeOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyAutoScanTimeArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyCustomCheckOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyCustomCheckArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyForbiddenLabelOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyForbiddenLabelArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyKubernetesControlOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyKubernetesControlArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyPackagesBlackListOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyPackagesBlackListArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyPackagesWhiteListOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyPackagesWhiteListArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyPolicySettingsOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyPolicySettingsPtrOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyRequiredLabelOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyRequiredLabelArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyScopeOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyScopeArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyScopeVariableOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyScopeVariableArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyTrustedBaseImageOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyTrustedBaseImageArrayOutput{}) pulumi.RegisterOutputType(GetAcknowledgesAcknowledgeOutput{}) pulumi.RegisterOutputType(GetAcknowledgesAcknowledgeArrayOutput{}) pulumi.RegisterOutputType(GetApplicationScopeCategoryOutput{}) @@ -28004,10 +41173,28 @@ func init() { pulumi.RegisterOutputType(GetApplicationScopeCategoryWorkloadOVariableArrayOutput{}) pulumi.RegisterOutputType(GetAquaLabelsAquaLabelOutput{}) pulumi.RegisterOutputType(GetAquaLabelsAquaLabelArrayOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyAllowedExecutableOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyAllowedExecutableArrayOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyAllowedRegistryOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyAllowedRegistryArrayOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyAuditingOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyAuditingPtrOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyContainerExecOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyContainerExecPtrOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyFileBlockOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyFileBlockPtrOutput{}) pulumi.RegisterOutputType(GetContainerRuntimePolicyFileIntegrityMonitoringOutput{}) pulumi.RegisterOutputType(GetContainerRuntimePolicyFileIntegrityMonitoringArrayOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyLimitContainerPrivilegeOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyLimitContainerPrivilegeArrayOutput{}) pulumi.RegisterOutputType(GetContainerRuntimePolicyMalwareScanOptionOutput{}) pulumi.RegisterOutputType(GetContainerRuntimePolicyMalwareScanOptionArrayOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyPortBlockOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyPortBlockPtrOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyReadonlyFilesOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyReadonlyFilesPtrOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyRestrictedVolumeOutput{}) + pulumi.RegisterOutputType(GetContainerRuntimePolicyRestrictedVolumeArrayOutput{}) pulumi.RegisterOutputType(GetContainerRuntimePolicyScopeVariableOutput{}) pulumi.RegisterOutputType(GetContainerRuntimePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(GetEnforcerGroupsCommandOutput{}) @@ -28036,6 +41223,10 @@ func init() { pulumi.RegisterOutputType(GetFunctionAssurancePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(GetFunctionAssurancePolicyTrustedBaseImageOutput{}) pulumi.RegisterOutputType(GetFunctionAssurancePolicyTrustedBaseImageArrayOutput{}) + pulumi.RegisterOutputType(GetFunctionRuntimePolicyDriftPreventionOutput{}) + pulumi.RegisterOutputType(GetFunctionRuntimePolicyDriftPreventionArrayOutput{}) + pulumi.RegisterOutputType(GetFunctionRuntimePolicyExecutableBlacklistOutput{}) + pulumi.RegisterOutputType(GetFunctionRuntimePolicyExecutableBlacklistArrayOutput{}) pulumi.RegisterOutputType(GetFunctionRuntimePolicyScopeVariableOutput{}) pulumi.RegisterOutputType(GetFunctionRuntimePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(GetGatewaysGatewayOutput{}) @@ -28060,10 +41251,14 @@ func init() { pulumi.RegisterOutputType(GetHostAssurancePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(GetHostAssurancePolicyTrustedBaseImageOutput{}) pulumi.RegisterOutputType(GetHostAssurancePolicyTrustedBaseImageArrayOutput{}) + pulumi.RegisterOutputType(GetHostRuntimePolicyAuditingOutput{}) + pulumi.RegisterOutputType(GetHostRuntimePolicyAuditingPtrOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyFileIntegrityMonitoringOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyFileIntegrityMonitoringArrayOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyMalwareScanOptionOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyMalwareScanOptionArrayOutput{}) + pulumi.RegisterOutputType(GetHostRuntimePolicyPackageBlockOutput{}) + pulumi.RegisterOutputType(GetHostRuntimePolicyPackageBlockArrayOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyScopeVariableOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyScopeVariableArrayOutput{}) pulumi.RegisterOutputType(GetHostRuntimePolicyWindowsRegistryMonitoringOutput{}) @@ -28094,6 +41289,10 @@ func init() { pulumi.RegisterOutputType(GetImageHistoryArrayOutput{}) pulumi.RegisterOutputType(GetImageVulnerabilityOutput{}) pulumi.RegisterOutputType(GetImageVulnerabilityArrayOutput{}) + pulumi.RegisterOutputType(GetIntegrationRegistriesOptionOutput{}) + pulumi.RegisterOutputType(GetIntegrationRegistriesOptionArrayOutput{}) + pulumi.RegisterOutputType(GetIntegrationRegistriesWebhookOutput{}) + pulumi.RegisterOutputType(GetIntegrationRegistriesWebhookArrayOutput{}) pulumi.RegisterOutputType(GetIntegrationRegistryOptionOutput{}) pulumi.RegisterOutputType(GetIntegrationRegistryOptionArrayOutput{}) pulumi.RegisterOutputType(GetIntegrationRegistryWebhookOutput{}) diff --git a/sdk/go/aquasec/role.go b/sdk/go/aquasec/role.go index 633fa8e0..8a1faefa 100644 --- a/sdk/go/aquasec/role.go +++ b/sdk/go/aquasec/role.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -182,12 +181,6 @@ func (i *Role) ToRoleOutputWithContext(ctx context.Context) RoleOutput { return pulumi.ToOutputWithContext(ctx, i).(RoleOutput) } -func (i *Role) ToOutput(ctx context.Context) pulumix.Output[*Role] { - return pulumix.Output[*Role]{ - OutputState: i.ToRoleOutputWithContext(ctx).OutputState, - } -} - // RoleArrayInput is an input type that accepts RoleArray and RoleArrayOutput values. // You can construct a concrete instance of `RoleArrayInput` via: // @@ -213,12 +206,6 @@ func (i RoleArray) ToRoleArrayOutputWithContext(ctx context.Context) RoleArrayOu return pulumi.ToOutputWithContext(ctx, i).(RoleArrayOutput) } -func (i RoleArray) ToOutput(ctx context.Context) pulumix.Output[[]*Role] { - return pulumix.Output[[]*Role]{ - OutputState: i.ToRoleArrayOutputWithContext(ctx).OutputState, - } -} - // RoleMapInput is an input type that accepts RoleMap and RoleMapOutput values. // You can construct a concrete instance of `RoleMapInput` via: // @@ -244,12 +231,6 @@ func (i RoleMap) ToRoleMapOutputWithContext(ctx context.Context) RoleMapOutput { return pulumi.ToOutputWithContext(ctx, i).(RoleMapOutput) } -func (i RoleMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Role] { - return pulumix.Output[map[string]*Role]{ - OutputState: i.ToRoleMapOutputWithContext(ctx).OutputState, - } -} - type RoleOutput struct{ *pulumi.OutputState } func (RoleOutput) ElementType() reflect.Type { @@ -264,12 +245,6 @@ func (o RoleOutput) ToRoleOutputWithContext(ctx context.Context) RoleOutput { return o } -func (o RoleOutput) ToOutput(ctx context.Context) pulumix.Output[*Role] { - return pulumix.Output[*Role]{ - OutputState: o.OutputState, - } -} - // The name of the user who created the role. Only returned from the API for existing permissions, not part of the permission creation/modification structure. func (o RoleOutput) Author() pulumi.StringOutput { return o.ApplyT(func(v *Role) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) @@ -314,12 +289,6 @@ func (o RoleArrayOutput) ToRoleArrayOutputWithContext(ctx context.Context) RoleA return o } -func (o RoleArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Role] { - return pulumix.Output[[]*Role]{ - OutputState: o.OutputState, - } -} - func (o RoleArrayOutput) Index(i pulumi.IntInput) RoleOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Role { return vs[0].([]*Role)[vs[1].(int)] @@ -340,12 +309,6 @@ func (o RoleMapOutput) ToRoleMapOutputWithContext(ctx context.Context) RoleMapOu return o } -func (o RoleMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Role] { - return pulumix.Output[map[string]*Role]{ - OutputState: o.OutputState, - } -} - func (o RoleMapOutput) MapIndex(k pulumi.StringInput) RoleOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Role { return vs[0].(map[string]*Role)[vs[1].(string)] diff --git a/sdk/go/aquasec/roleMapping.go b/sdk/go/aquasec/roleMapping.go index 54bef347..13468efd 100644 --- a/sdk/go/aquasec/roleMapping.go +++ b/sdk/go/aquasec/roleMapping.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -30,6 +29,7 @@ import ( // Saml: &aquasec.RoleMappingSamlArgs{ // RoleMapping: pulumi.StringMap{ // "Administrator": pulumi.String("group1"), +// "Scanner": pulumi.String("group2|group3"), // }, // }, // }) @@ -156,12 +156,6 @@ func (i *RoleMapping) ToRoleMappingOutputWithContext(ctx context.Context) RoleMa return pulumi.ToOutputWithContext(ctx, i).(RoleMappingOutput) } -func (i *RoleMapping) ToOutput(ctx context.Context) pulumix.Output[*RoleMapping] { - return pulumix.Output[*RoleMapping]{ - OutputState: i.ToRoleMappingOutputWithContext(ctx).OutputState, - } -} - // RoleMappingArrayInput is an input type that accepts RoleMappingArray and RoleMappingArrayOutput values. // You can construct a concrete instance of `RoleMappingArrayInput` via: // @@ -187,12 +181,6 @@ func (i RoleMappingArray) ToRoleMappingArrayOutputWithContext(ctx context.Contex return pulumi.ToOutputWithContext(ctx, i).(RoleMappingArrayOutput) } -func (i RoleMappingArray) ToOutput(ctx context.Context) pulumix.Output[[]*RoleMapping] { - return pulumix.Output[[]*RoleMapping]{ - OutputState: i.ToRoleMappingArrayOutputWithContext(ctx).OutputState, - } -} - // RoleMappingMapInput is an input type that accepts RoleMappingMap and RoleMappingMapOutput values. // You can construct a concrete instance of `RoleMappingMapInput` via: // @@ -218,12 +206,6 @@ func (i RoleMappingMap) ToRoleMappingMapOutputWithContext(ctx context.Context) R return pulumi.ToOutputWithContext(ctx, i).(RoleMappingMapOutput) } -func (i RoleMappingMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*RoleMapping] { - return pulumix.Output[map[string]*RoleMapping]{ - OutputState: i.ToRoleMappingMapOutputWithContext(ctx).OutputState, - } -} - type RoleMappingOutput struct{ *pulumi.OutputState } func (RoleMappingOutput) ElementType() reflect.Type { @@ -238,12 +220,6 @@ func (o RoleMappingOutput) ToRoleMappingOutputWithContext(ctx context.Context) R return o } -func (o RoleMappingOutput) ToOutput(ctx context.Context) pulumix.Output[*RoleMapping] { - return pulumix.Output[*RoleMapping]{ - OutputState: o.OutputState, - } -} - // LDAP Authentication func (o RoleMappingOutput) Ldap() RoleMappingLdapPtrOutput { return o.ApplyT(func(v *RoleMapping) RoleMappingLdapPtrOutput { return v.Ldap }).(RoleMappingLdapPtrOutput) @@ -278,12 +254,6 @@ func (o RoleMappingArrayOutput) ToRoleMappingArrayOutputWithContext(ctx context. return o } -func (o RoleMappingArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*RoleMapping] { - return pulumix.Output[[]*RoleMapping]{ - OutputState: o.OutputState, - } -} - func (o RoleMappingArrayOutput) Index(i pulumi.IntInput) RoleMappingOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *RoleMapping { return vs[0].([]*RoleMapping)[vs[1].(int)] @@ -304,12 +274,6 @@ func (o RoleMappingMapOutput) ToRoleMappingMapOutputWithContext(ctx context.Cont return o } -func (o RoleMappingMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*RoleMapping] { - return pulumix.Output[map[string]*RoleMapping]{ - OutputState: o.OutputState, - } -} - func (o RoleMappingMapOutput) MapIndex(k pulumi.StringInput) RoleMappingOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *RoleMapping { return vs[0].(map[string]*RoleMapping)[vs[1].(string)] diff --git a/sdk/go/aquasec/roleMappingSaas.go b/sdk/go/aquasec/roleMappingSaas.go index acaa86f1..84afadb2 100644 --- a/sdk/go/aquasec/roleMappingSaas.go +++ b/sdk/go/aquasec/roleMappingSaas.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -142,12 +141,6 @@ func (i *RoleMappingSaas) ToRoleMappingSaasOutputWithContext(ctx context.Context return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSaasOutput) } -func (i *RoleMappingSaas) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingSaas] { - return pulumix.Output[*RoleMappingSaas]{ - OutputState: i.ToRoleMappingSaasOutputWithContext(ctx).OutputState, - } -} - // RoleMappingSaasArrayInput is an input type that accepts RoleMappingSaasArray and RoleMappingSaasArrayOutput values. // You can construct a concrete instance of `RoleMappingSaasArrayInput` via: // @@ -173,12 +166,6 @@ func (i RoleMappingSaasArray) ToRoleMappingSaasArrayOutputWithContext(ctx contex return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSaasArrayOutput) } -func (i RoleMappingSaasArray) ToOutput(ctx context.Context) pulumix.Output[[]*RoleMappingSaas] { - return pulumix.Output[[]*RoleMappingSaas]{ - OutputState: i.ToRoleMappingSaasArrayOutputWithContext(ctx).OutputState, - } -} - // RoleMappingSaasMapInput is an input type that accepts RoleMappingSaasMap and RoleMappingSaasMapOutput values. // You can construct a concrete instance of `RoleMappingSaasMapInput` via: // @@ -204,12 +191,6 @@ func (i RoleMappingSaasMap) ToRoleMappingSaasMapOutputWithContext(ctx context.Co return pulumi.ToOutputWithContext(ctx, i).(RoleMappingSaasMapOutput) } -func (i RoleMappingSaasMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*RoleMappingSaas] { - return pulumix.Output[map[string]*RoleMappingSaas]{ - OutputState: i.ToRoleMappingSaasMapOutputWithContext(ctx).OutputState, - } -} - type RoleMappingSaasOutput struct{ *pulumi.OutputState } func (RoleMappingSaasOutput) ElementType() reflect.Type { @@ -224,12 +205,6 @@ func (o RoleMappingSaasOutput) ToRoleMappingSaasOutputWithContext(ctx context.Co return o } -func (o RoleMappingSaasOutput) ToOutput(ctx context.Context) pulumix.Output[*RoleMappingSaas] { - return pulumix.Output[*RoleMappingSaas]{ - OutputState: o.OutputState, - } -} - func (o RoleMappingSaasOutput) AccountId() pulumi.IntOutput { return o.ApplyT(func(v *RoleMappingSaas) pulumi.IntOutput { return v.AccountId }).(pulumi.IntOutput) } @@ -264,12 +239,6 @@ func (o RoleMappingSaasArrayOutput) ToRoleMappingSaasArrayOutputWithContext(ctx return o } -func (o RoleMappingSaasArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*RoleMappingSaas] { - return pulumix.Output[[]*RoleMappingSaas]{ - OutputState: o.OutputState, - } -} - func (o RoleMappingSaasArrayOutput) Index(i pulumi.IntInput) RoleMappingSaasOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *RoleMappingSaas { return vs[0].([]*RoleMappingSaas)[vs[1].(int)] @@ -290,12 +259,6 @@ func (o RoleMappingSaasMapOutput) ToRoleMappingSaasMapOutputWithContext(ctx cont return o } -func (o RoleMappingSaasMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*RoleMappingSaas] { - return pulumix.Output[map[string]*RoleMappingSaas]{ - OutputState: o.OutputState, - } -} - func (o RoleMappingSaasMapOutput) MapIndex(k pulumi.StringInput) RoleMappingSaasOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *RoleMappingSaas { return vs[0].(map[string]*RoleMappingSaas)[vs[1].(string)] diff --git a/sdk/go/aquasec/service.go b/sdk/go/aquasec/service.go index cc71f500..16911166 100644 --- a/sdk/go/aquasec/service.go +++ b/sdk/go/aquasec/service.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -34,7 +33,7 @@ type Service struct { Lastupdate pulumi.IntOutput `pulumi:"lastupdate"` // Indicates if monitoring is enabled or not Monitoring pulumi.BoolPtrOutput `pulumi:"monitoring"` - // The name of the service. It is recommended not to use whitespace characters in the name. + // Name assigned to the attribute. Name pulumi.StringOutput `pulumi:"name"` // The number of container that are not evaluated. NotEvaluatedCount pulumi.IntOutput `pulumi:"notEvaluatedCount"` @@ -125,7 +124,7 @@ type serviceState struct { Lastupdate *int `pulumi:"lastupdate"` // Indicates if monitoring is enabled or not Monitoring *bool `pulumi:"monitoring"` - // The name of the service. It is recommended not to use whitespace characters in the name. + // Name assigned to the attribute. Name *string `pulumi:"name"` // The number of container that are not evaluated. NotEvaluatedCount *int `pulumi:"notEvaluatedCount"` @@ -178,7 +177,7 @@ type ServiceState struct { Lastupdate pulumi.IntPtrInput // Indicates if monitoring is enabled or not Monitoring pulumi.BoolPtrInput - // The name of the service. It is recommended not to use whitespace characters in the name. + // Name assigned to the attribute. Name pulumi.StringPtrInput // The number of container that are not evaluated. NotEvaluatedCount pulumi.IntPtrInput @@ -225,7 +224,7 @@ type serviceArgs struct { Enforce *bool `pulumi:"enforce"` // Indicates if monitoring is enabled or not Monitoring *bool `pulumi:"monitoring"` - // The name of the service. It is recommended not to use whitespace characters in the name. + // Name assigned to the attribute. Name *string `pulumi:"name"` // The service's policies; an array of container firewall policy names. Policies []string `pulumi:"policies"` @@ -249,7 +248,7 @@ type ServiceArgs struct { Enforce pulumi.BoolPtrInput // Indicates if monitoring is enabled or not Monitoring pulumi.BoolPtrInput - // The name of the service. It is recommended not to use whitespace characters in the name. + // Name assigned to the attribute. Name pulumi.StringPtrInput // The service's policies; an array of container firewall policy names. Policies pulumi.StringArrayInput @@ -286,12 +285,6 @@ func (i *Service) ToServiceOutputWithContext(ctx context.Context) ServiceOutput return pulumi.ToOutputWithContext(ctx, i).(ServiceOutput) } -func (i *Service) ToOutput(ctx context.Context) pulumix.Output[*Service] { - return pulumix.Output[*Service]{ - OutputState: i.ToServiceOutputWithContext(ctx).OutputState, - } -} - // ServiceArrayInput is an input type that accepts ServiceArray and ServiceArrayOutput values. // You can construct a concrete instance of `ServiceArrayInput` via: // @@ -317,12 +310,6 @@ func (i ServiceArray) ToServiceArrayOutputWithContext(ctx context.Context) Servi return pulumi.ToOutputWithContext(ctx, i).(ServiceArrayOutput) } -func (i ServiceArray) ToOutput(ctx context.Context) pulumix.Output[[]*Service] { - return pulumix.Output[[]*Service]{ - OutputState: i.ToServiceArrayOutputWithContext(ctx).OutputState, - } -} - // ServiceMapInput is an input type that accepts ServiceMap and ServiceMapOutput values. // You can construct a concrete instance of `ServiceMapInput` via: // @@ -348,12 +335,6 @@ func (i ServiceMap) ToServiceMapOutputWithContext(ctx context.Context) ServiceMa return pulumi.ToOutputWithContext(ctx, i).(ServiceMapOutput) } -func (i ServiceMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*Service] { - return pulumix.Output[map[string]*Service]{ - OutputState: i.ToServiceMapOutputWithContext(ctx).OutputState, - } -} - type ServiceOutput struct{ *pulumi.OutputState } func (ServiceOutput) ElementType() reflect.Type { @@ -368,12 +349,6 @@ func (o ServiceOutput) ToServiceOutputWithContext(ctx context.Context) ServiceOu return o } -func (o ServiceOutput) ToOutput(ctx context.Context) pulumix.Output[*Service] { - return pulumix.Output[*Service]{ - OutputState: o.OutputState, - } -} - // Indicates the application scope of the service. func (o ServiceOutput) ApplicationScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v *Service) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) @@ -419,7 +394,7 @@ func (o ServiceOutput) Monitoring() pulumi.BoolPtrOutput { return o.ApplyT(func(v *Service) pulumi.BoolPtrOutput { return v.Monitoring }).(pulumi.BoolPtrOutput) } -// The name of the service. It is recommended not to use whitespace characters in the name. +// Name assigned to the attribute. func (o ServiceOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Service) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } @@ -513,12 +488,6 @@ func (o ServiceArrayOutput) ToServiceArrayOutputWithContext(ctx context.Context) return o } -func (o ServiceArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*Service] { - return pulumix.Output[[]*Service]{ - OutputState: o.OutputState, - } -} - func (o ServiceArrayOutput) Index(i pulumi.IntInput) ServiceOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Service { return vs[0].([]*Service)[vs[1].(int)] @@ -539,12 +508,6 @@ func (o ServiceMapOutput) ToServiceMapOutputWithContext(ctx context.Context) Ser return o } -func (o ServiceMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*Service] { - return pulumix.Output[map[string]*Service]{ - OutputState: o.OutputState, - } -} - func (o ServiceMapOutput) MapIndex(k pulumi.StringInput) ServiceOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Service { return vs[0].(map[string]*Service)[vs[1].(string)] diff --git a/sdk/go/aquasec/user.go b/sdk/go/aquasec/user.go index 7b037746..77f8584f 100644 --- a/sdk/go/aquasec/user.go +++ b/sdk/go/aquasec/user.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -231,12 +230,6 @@ func (i *User) ToUserOutputWithContext(ctx context.Context) UserOutput { return pulumi.ToOutputWithContext(ctx, i).(UserOutput) } -func (i *User) ToOutput(ctx context.Context) pulumix.Output[*User] { - return pulumix.Output[*User]{ - OutputState: i.ToUserOutputWithContext(ctx).OutputState, - } -} - // UserArrayInput is an input type that accepts UserArray and UserArrayOutput values. // You can construct a concrete instance of `UserArrayInput` via: // @@ -262,12 +255,6 @@ func (i UserArray) ToUserArrayOutputWithContext(ctx context.Context) UserArrayOu return pulumi.ToOutputWithContext(ctx, i).(UserArrayOutput) } -func (i UserArray) ToOutput(ctx context.Context) pulumix.Output[[]*User] { - return pulumix.Output[[]*User]{ - OutputState: i.ToUserArrayOutputWithContext(ctx).OutputState, - } -} - // UserMapInput is an input type that accepts UserMap and UserMapOutput values. // You can construct a concrete instance of `UserMapInput` via: // @@ -293,12 +280,6 @@ func (i UserMap) ToUserMapOutputWithContext(ctx context.Context) UserMapOutput { return pulumi.ToOutputWithContext(ctx, i).(UserMapOutput) } -func (i UserMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*User] { - return pulumix.Output[map[string]*User]{ - OutputState: i.ToUserMapOutputWithContext(ctx).OutputState, - } -} - type UserOutput struct{ *pulumi.OutputState } func (UserOutput) ElementType() reflect.Type { @@ -313,12 +294,6 @@ func (o UserOutput) ToUserOutputWithContext(ctx context.Context) UserOutput { return o } -func (o UserOutput) ToOutput(ctx context.Context) pulumix.Output[*User] { - return pulumix.Output[*User]{ - OutputState: o.OutputState, - } -} - // The user Email. func (o UserOutput) Email() pulumi.StringPtrOutput { return o.ApplyT(func(v *User) pulumi.StringPtrOutput { return v.Email }).(pulumi.StringPtrOutput) @@ -393,12 +368,6 @@ func (o UserArrayOutput) ToUserArrayOutputWithContext(ctx context.Context) UserA return o } -func (o UserArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*User] { - return pulumix.Output[[]*User]{ - OutputState: o.OutputState, - } -} - func (o UserArrayOutput) Index(i pulumi.IntInput) UserOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *User { return vs[0].([]*User)[vs[1].(int)] @@ -419,12 +388,6 @@ func (o UserMapOutput) ToUserMapOutputWithContext(ctx context.Context) UserMapOu return o } -func (o UserMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*User] { - return pulumix.Output[map[string]*User]{ - OutputState: o.OutputState, - } -} - func (o UserMapOutput) MapIndex(k pulumi.StringInput) UserOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *User { return vs[0].(map[string]*User)[vs[1].(string)] diff --git a/sdk/go/aquasec/userSaas.go b/sdk/go/aquasec/userSaas.go index fcd02e5a..27ee5f15 100644 --- a/sdk/go/aquasec/userSaas.go +++ b/sdk/go/aquasec/userSaas.go @@ -9,7 +9,6 @@ import ( "errors" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" - "github.com/pulumi/pulumi/sdk/v3/go/pulumix" "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" ) @@ -193,12 +192,6 @@ func (i *UserSaas) ToUserSaasOutputWithContext(ctx context.Context) UserSaasOutp return pulumi.ToOutputWithContext(ctx, i).(UserSaasOutput) } -func (i *UserSaas) ToOutput(ctx context.Context) pulumix.Output[*UserSaas] { - return pulumix.Output[*UserSaas]{ - OutputState: i.ToUserSaasOutputWithContext(ctx).OutputState, - } -} - // UserSaasArrayInput is an input type that accepts UserSaasArray and UserSaasArrayOutput values. // You can construct a concrete instance of `UserSaasArrayInput` via: // @@ -224,12 +217,6 @@ func (i UserSaasArray) ToUserSaasArrayOutputWithContext(ctx context.Context) Use return pulumi.ToOutputWithContext(ctx, i).(UserSaasArrayOutput) } -func (i UserSaasArray) ToOutput(ctx context.Context) pulumix.Output[[]*UserSaas] { - return pulumix.Output[[]*UserSaas]{ - OutputState: i.ToUserSaasArrayOutputWithContext(ctx).OutputState, - } -} - // UserSaasMapInput is an input type that accepts UserSaasMap and UserSaasMapOutput values. // You can construct a concrete instance of `UserSaasMapInput` via: // @@ -255,12 +242,6 @@ func (i UserSaasMap) ToUserSaasMapOutputWithContext(ctx context.Context) UserSaa return pulumi.ToOutputWithContext(ctx, i).(UserSaasMapOutput) } -func (i UserSaasMap) ToOutput(ctx context.Context) pulumix.Output[map[string]*UserSaas] { - return pulumix.Output[map[string]*UserSaas]{ - OutputState: i.ToUserSaasMapOutputWithContext(ctx).OutputState, - } -} - type UserSaasOutput struct{ *pulumi.OutputState } func (UserSaasOutput) ElementType() reflect.Type { @@ -275,12 +256,6 @@ func (o UserSaasOutput) ToUserSaasOutputWithContext(ctx context.Context) UserSaa return o } -func (o UserSaasOutput) ToOutput(ctx context.Context) pulumix.Output[*UserSaas] { - return pulumix.Output[*UserSaas]{ - OutputState: o.OutputState, - } -} - func (o UserSaasOutput) AccountAdmin() pulumi.BoolOutput { return o.ApplyT(func(v *UserSaas) pulumi.BoolOutput { return v.AccountAdmin }).(pulumi.BoolOutput) } @@ -351,12 +326,6 @@ func (o UserSaasArrayOutput) ToUserSaasArrayOutputWithContext(ctx context.Contex return o } -func (o UserSaasArrayOutput) ToOutput(ctx context.Context) pulumix.Output[[]*UserSaas] { - return pulumix.Output[[]*UserSaas]{ - OutputState: o.OutputState, - } -} - func (o UserSaasArrayOutput) Index(i pulumi.IntInput) UserSaasOutput { return pulumi.All(o, i).ApplyT(func(vs []interface{}) *UserSaas { return vs[0].([]*UserSaas)[vs[1].(int)] @@ -377,12 +346,6 @@ func (o UserSaasMapOutput) ToUserSaasMapOutputWithContext(ctx context.Context) U return o } -func (o UserSaasMapOutput) ToOutput(ctx context.Context) pulumix.Output[map[string]*UserSaas] { - return pulumix.Output[map[string]*UserSaas]{ - OutputState: o.OutputState, - } -} - func (o UserSaasMapOutput) MapIndex(k pulumi.StringInput) UserSaasOutput { return pulumi.All(o, k).ApplyT(func(vs []interface{}) *UserSaas { return vs[0].(map[string]*UserSaas)[vs[1].(string)] diff --git a/sdk/go/aquasec/vmwareAssurancePolicy.go b/sdk/go/aquasec/vmwareAssurancePolicy.go new file mode 100644 index 00000000..646943df --- /dev/null +++ b/sdk/go/aquasec/vmwareAssurancePolicy.go @@ -0,0 +1,1314 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package aquasec + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + "github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec/internal" +) + +type VmwareAssurancePolicy struct { + pulumi.CustomResourceState + + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapOutput `pulumi:"aggregatedVulnerability"` + // List of explicitly allowed images. + AllowedImages pulumi.StringArrayOutput `pulumi:"allowedImages"` + ApplicationScopes pulumi.StringArrayOutput `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType pulumi.StringOutput `pulumi:"assuranceType"` + // Indicates if auditing for failures. + AuditOnFailure pulumi.BoolPtrOutput `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author pulumi.StringOutput `pulumi:"author"` + AutoScanConfigured pulumi.BoolPtrOutput `pulumi:"autoScanConfigured"` + AutoScanEnabled pulumi.BoolPtrOutput `pulumi:"autoScanEnabled"` + AutoScanTimes VmwareAssurancePolicyAutoScanTimeArrayOutput `pulumi:"autoScanTimes"` + // List of function's forbidden permissions. + BlacklistPermissions pulumi.StringArrayOutput `pulumi:"blacklistPermissions"` + // Indicates if blacklist permissions is relevant. + BlacklistPermissionsEnabled pulumi.BoolPtrOutput `pulumi:"blacklistPermissionsEnabled"` + // List of blacklisted licenses. + BlacklistedLicenses pulumi.StringArrayOutput `pulumi:"blacklistedLicenses"` + // Indicates if license blacklist is relevant. + BlacklistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"blacklistedLicensesEnabled"` + // Indicates if failed images are blocked. + BlockFailed pulumi.BoolPtrOutput `pulumi:"blockFailed"` + ControlExcludeNoFix pulumi.BoolPtrOutput `pulumi:"controlExcludeNoFix"` + // List of Custom user scripts for checks. + CustomChecks VmwareAssurancePolicyCustomCheckArrayOutput `pulumi:"customChecks"` + // Indicates if scanning should include custom checks. + CustomChecksEnabled pulumi.BoolPtrOutput `pulumi:"customChecksEnabled"` + CustomSeverity pulumi.StringOutput `pulumi:"customSeverity"` + CustomSeverityEnabled pulumi.BoolPtrOutput `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. + CvesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"cvesBlackListEnabled"` + // List of cves blacklisted items. + CvesBlackLists pulumi.StringArrayOutput `pulumi:"cvesBlackLists"` + // Indicates if cves whitelist is relevant. + CvesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"cvesWhiteListEnabled"` + // List of cves whitelisted licenses + CvesWhiteLists pulumi.StringArrayOutput `pulumi:"cvesWhiteLists"` + // Identifier of the cvss severity. + CvssSeverity pulumi.StringPtrOutput `pulumi:"cvssSeverity"` + // Indicates if the cvss severity is scanned. + CvssSeverityEnabled pulumi.BoolPtrOutput `pulumi:"cvssSeverityEnabled"` + // Indicates that policy should ignore cvss cases that do not have a known fix. + CvssSeverityExcludeNoFix pulumi.BoolPtrOutput `pulumi:"cvssSeverityExcludeNoFix"` + Description pulumi.StringPtrOutput `pulumi:"description"` + DisallowExploitTypes pulumi.StringArrayOutput `pulumi:"disallowExploitTypes"` + // Indicates if malware should block the image. + DisallowMalware pulumi.BoolPtrOutput `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + DockerCisEnabled pulumi.BoolPtrOutput `pulumi:"dockerCisEnabled"` + // Name of the container image. + Domain pulumi.StringPtrOutput `pulumi:"domain"` + DomainName pulumi.StringPtrOutput `pulumi:"domainName"` + DtaEnabled pulumi.BoolPtrOutput `pulumi:"dtaEnabled"` + DtaSeverity pulumi.StringPtrOutput `pulumi:"dtaSeverity"` + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + Enforce pulumi.BoolPtrOutput `pulumi:"enforce"` + EnforceAfterDays pulumi.IntPtrOutput `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions pulumi.BoolPtrOutput `pulumi:"enforceExcessivePermissions"` + ExceptionalMonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes pulumi.StringArrayOutput `pulumi:"excludeApplicationScopes"` + // Indicates if cicd failures will fail the image. + FailCicd pulumi.BoolPtrOutput `pulumi:"failCicd"` + ForbiddenLabels VmwareAssurancePolicyForbiddenLabelArrayOutput `pulumi:"forbiddenLabels"` + ForbiddenLabelsEnabled pulumi.BoolPtrOutput `pulumi:"forbiddenLabelsEnabled"` + ForceMicroenforcer pulumi.BoolPtrOutput `pulumi:"forceMicroenforcer"` + FunctionIntegrityEnabled pulumi.BoolPtrOutput `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln pulumi.BoolPtrOutput `pulumi:"ignoreBaseImageVln"` + IgnoreRecentlyPublishedVln pulumi.BoolPtrOutput `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod pulumi.IntOutput `pulumi:"ignoreRecentlyPublishedVlnPeriod"` + // Indicates if risk resources are ignored. + IgnoreRiskResourcesEnabled pulumi.BoolPtrOutput `pulumi:"ignoreRiskResourcesEnabled"` + // List of ignored risk resources. + IgnoredRiskResources pulumi.StringArrayOutput `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources pulumi.StringArrayOutput `pulumi:"ignoredSensitiveResources"` + // List of images. + Images pulumi.StringArrayOutput `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrOutput `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls VmwareAssurancePolicyKubernetesControlArrayOutput `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds pulumi.StringArrayOutput `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames pulumi.StringArrayOutput `pulumi:"kubernetesControlsNames"` + // List of labels. + Labels pulumi.StringArrayOutput `pulumi:"labels"` + Lastupdate pulumi.StringOutput `pulumi:"lastupdate"` + LinuxCisEnabled pulumi.BoolPtrOutput `pulumi:"linuxCisEnabled"` + MalwareAction pulumi.StringPtrOutput `pulumi:"malwareAction"` + // Value of allowed maximum score. + MaximumScore pulumi.Float64PtrOutput `pulumi:"maximumScore"` + // Indicates if exceeding the maximum score is scanned. + MaximumScoreEnabled pulumi.BoolPtrOutput `pulumi:"maximumScoreEnabled"` + MaximumScoreExcludeNoFix pulumi.BoolPtrOutput `pulumi:"maximumScoreExcludeNoFix"` + MonitoredMalwarePaths pulumi.StringArrayOutput `pulumi:"monitoredMalwarePaths"` + Name pulumi.StringOutput `pulumi:"name"` + // Indicates if raise a warning for images that should only be run as root. + OnlyNoneRootUsers pulumi.BoolPtrOutput `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled pulumi.BoolPtrOutput `pulumi:"openshiftHardeningEnabled"` + // Indicates if packages blacklist is relevant. + PackagesBlackListEnabled pulumi.BoolPtrOutput `pulumi:"packagesBlackListEnabled"` + // List of blacklisted images. + PackagesBlackLists VmwareAssurancePolicyPackagesBlackListArrayOutput `pulumi:"packagesBlackLists"` + // Indicates if packages whitelist is relevant. + PackagesWhiteListEnabled pulumi.BoolPtrOutput `pulumi:"packagesWhiteListEnabled"` + // List of whitelisted images. + PackagesWhiteLists VmwareAssurancePolicyPackagesWhiteListArrayOutput `pulumi:"packagesWhiteLists"` + PartialResultsImageFail pulumi.BoolPtrOutput `pulumi:"partialResultsImageFail"` + Permission pulumi.StringOutput `pulumi:"permission"` + PolicySettings VmwareAssurancePolicyPolicySettingsOutput `pulumi:"policySettings"` + ReadOnly pulumi.BoolPtrOutput `pulumi:"readOnly"` + // List of registries. + Registries pulumi.StringArrayOutput `pulumi:"registries"` + Registry pulumi.StringPtrOutput `pulumi:"registry"` + RequiredLabels VmwareAssurancePolicyRequiredLabelArrayOutput `pulumi:"requiredLabels"` + RequiredLabelsEnabled pulumi.BoolPtrOutput `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives pulumi.BoolPtrOutput `pulumi:"scanMalwareInArchives"` + ScanNfsMounts pulumi.BoolPtrOutput `pulumi:"scanNfsMounts"` + ScanProcessMemory pulumi.BoolPtrOutput `pulumi:"scanProcessMemory"` + // Indicates if scan should include sensitive data in the image. + ScanSensitiveData pulumi.BoolPtrOutput `pulumi:"scanSensitiveData"` + ScanWindowsRegistry pulumi.BoolPtrOutput `pulumi:"scanWindowsRegistry"` + // Indicates if scanning should include scap. + ScapEnabled pulumi.BoolPtrOutput `pulumi:"scapEnabled"` + // List of SCAP user scripts for checks. + ScapFiles pulumi.StringArrayOutput `pulumi:"scapFiles"` + Scopes VmwareAssurancePolicyScopeArrayOutput `pulumi:"scopes"` + // List of trusted images. + TrustedBaseImages VmwareAssurancePolicyTrustedBaseImageArrayOutput `pulumi:"trustedBaseImages"` + // Indicates if list of trusted base images is relevant. + TrustedBaseImagesEnabled pulumi.BoolPtrOutput `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability pulumi.BoolPtrOutput `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges pulumi.IntArrayOutput `pulumi:"vulnerabilityScoreRanges"` + // List of whitelisted licenses. + WhitelistedLicenses pulumi.StringArrayOutput `pulumi:"whitelistedLicenses"` + // Indicates if license blacklist is relevant. + WhitelistedLicensesEnabled pulumi.BoolPtrOutput `pulumi:"whitelistedLicensesEnabled"` +} + +// NewVmwareAssurancePolicy registers a new resource with the given unique name, arguments, and options. +func NewVmwareAssurancePolicy(ctx *pulumi.Context, + name string, args *VmwareAssurancePolicyArgs, opts ...pulumi.ResourceOption) (*VmwareAssurancePolicy, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.ApplicationScopes == nil { + return nil, errors.New("invalid value for required argument 'ApplicationScopes'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource VmwareAssurancePolicy + err := ctx.RegisterResource("aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetVmwareAssurancePolicy gets an existing VmwareAssurancePolicy resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetVmwareAssurancePolicy(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *VmwareAssurancePolicyState, opts ...pulumi.ResourceOption) (*VmwareAssurancePolicy, error) { + var resource VmwareAssurancePolicy + err := ctx.ReadResource("aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering VmwareAssurancePolicy resources. +type vmwareAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` + // List of explicitly allowed images. + AllowedImages []string `pulumi:"allowedImages"` + ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` + // Indicates if auditing for failures. + AuditOnFailure *bool `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author *string `pulumi:"author"` + AutoScanConfigured *bool `pulumi:"autoScanConfigured"` + AutoScanEnabled *bool `pulumi:"autoScanEnabled"` + AutoScanTimes []VmwareAssurancePolicyAutoScanTime `pulumi:"autoScanTimes"` + // List of function's forbidden permissions. + BlacklistPermissions []string `pulumi:"blacklistPermissions"` + // Indicates if blacklist permissions is relevant. + BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` + // List of blacklisted licenses. + BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` + // Indicates if license blacklist is relevant. + BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` + // Indicates if failed images are blocked. + BlockFailed *bool `pulumi:"blockFailed"` + ControlExcludeNoFix *bool `pulumi:"controlExcludeNoFix"` + // List of Custom user scripts for checks. + CustomChecks []VmwareAssurancePolicyCustomCheck `pulumi:"customChecks"` + // Indicates if scanning should include custom checks. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. + CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` + // List of cves blacklisted items. + CvesBlackLists []string `pulumi:"cvesBlackLists"` + // Indicates if cves whitelist is relevant. + CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` + // List of cves whitelisted licenses + CvesWhiteLists []string `pulumi:"cvesWhiteLists"` + // Identifier of the cvss severity. + CvssSeverity *string `pulumi:"cvssSeverity"` + // Indicates if the cvss severity is scanned. + CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` + // Indicates that policy should ignore cvss cases that do not have a known fix. + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` + // Indicates if malware should block the image. + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` + // Name of the container image. + Domain *string `pulumi:"domain"` + DomainName *string `pulumi:"domainName"` + DtaEnabled *bool `pulumi:"dtaEnabled"` + DtaSeverity *string `pulumi:"dtaSeverity"` + Enabled *bool `pulumi:"enabled"` + Enforce *bool `pulumi:"enforce"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` + ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Indicates if cicd failures will fail the image. + FailCicd *bool `pulumi:"failCicd"` + ForbiddenLabels []VmwareAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` + ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` + ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` + FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` + IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` + // Indicates if risk resources are ignored. + IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` + // List of ignored risk resources. + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` + // List of images. + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls []VmwareAssurancePolicyKubernetesControl `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` + // List of labels. + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` + // Value of allowed maximum score. + MaximumScore *float64 `pulumi:"maximumScore"` + // Indicates if exceeding the maximum score is scanned. + MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` + MaximumScoreExcludeNoFix *bool `pulumi:"maximumScoreExcludeNoFix"` + MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` + Name *string `pulumi:"name"` + // Indicates if raise a warning for images that should only be run as root. + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` + // Indicates if packages blacklist is relevant. + PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` + // List of blacklisted images. + PackagesBlackLists []VmwareAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` + // Indicates if packages whitelist is relevant. + PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` + // List of whitelisted images. + PackagesWhiteLists []VmwareAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` + PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *VmwareAssurancePolicyPolicySettings `pulumi:"policySettings"` + ReadOnly *bool `pulumi:"readOnly"` + // List of registries. + Registries []string `pulumi:"registries"` + Registry *string `pulumi:"registry"` + RequiredLabels []VmwareAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` + RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` + ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` + // Indicates if scan should include sensitive data in the image. + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` + // Indicates if scanning should include scap. + ScapEnabled *bool `pulumi:"scapEnabled"` + // List of SCAP user scripts for checks. + ScapFiles []string `pulumi:"scapFiles"` + Scopes []VmwareAssurancePolicyScope `pulumi:"scopes"` + // List of trusted images. + TrustedBaseImages []VmwareAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` + // Indicates if list of trusted base images is relevant. + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` + // List of whitelisted licenses. + WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` + // Indicates if license blacklist is relevant. + WhitelistedLicensesEnabled *bool `pulumi:"whitelistedLicensesEnabled"` +} + +type VmwareAssurancePolicyState struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput + // List of explicitly allowed images. + AllowedImages pulumi.StringArrayInput + ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput + // Indicates if auditing for failures. + AuditOnFailure pulumi.BoolPtrInput + // Name of user account that created the policy. + Author pulumi.StringPtrInput + AutoScanConfigured pulumi.BoolPtrInput + AutoScanEnabled pulumi.BoolPtrInput + AutoScanTimes VmwareAssurancePolicyAutoScanTimeArrayInput + // List of function's forbidden permissions. + BlacklistPermissions pulumi.StringArrayInput + // Indicates if blacklist permissions is relevant. + BlacklistPermissionsEnabled pulumi.BoolPtrInput + // List of blacklisted licenses. + BlacklistedLicenses pulumi.StringArrayInput + // Indicates if license blacklist is relevant. + BlacklistedLicensesEnabled pulumi.BoolPtrInput + // Indicates if failed images are blocked. + BlockFailed pulumi.BoolPtrInput + ControlExcludeNoFix pulumi.BoolPtrInput + // List of Custom user scripts for checks. + CustomChecks VmwareAssurancePolicyCustomCheckArrayInput + // Indicates if scanning should include custom checks. + CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput + CustomSeverityEnabled pulumi.BoolPtrInput + // Indicates if CVEs blacklist is relevant. + CvesBlackListEnabled pulumi.BoolPtrInput + // List of cves blacklisted items. + CvesBlackLists pulumi.StringArrayInput + // Indicates if cves whitelist is relevant. + CvesWhiteListEnabled pulumi.BoolPtrInput + // List of cves whitelisted licenses + CvesWhiteLists pulumi.StringArrayInput + // Identifier of the cvss severity. + CvssSeverity pulumi.StringPtrInput + // Indicates if the cvss severity is scanned. + CvssSeverityEnabled pulumi.BoolPtrInput + // Indicates that policy should ignore cvss cases that do not have a known fix. + CvssSeverityExcludeNoFix pulumi.BoolPtrInput + Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput + // Indicates if malware should block the image. + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + DockerCisEnabled pulumi.BoolPtrInput + // Name of the container image. + Domain pulumi.StringPtrInput + DomainName pulumi.StringPtrInput + DtaEnabled pulumi.BoolPtrInput + DtaSeverity pulumi.StringPtrInput + Enabled pulumi.BoolPtrInput + Enforce pulumi.BoolPtrInput + EnforceAfterDays pulumi.IntPtrInput + EnforceExcessivePermissions pulumi.BoolPtrInput + ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput + // Indicates if cicd failures will fail the image. + FailCicd pulumi.BoolPtrInput + ForbiddenLabels VmwareAssurancePolicyForbiddenLabelArrayInput + ForbiddenLabelsEnabled pulumi.BoolPtrInput + ForceMicroenforcer pulumi.BoolPtrInput + FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput + // Indicates if risk resources are ignored. + IgnoreRiskResourcesEnabled pulumi.BoolPtrInput + // List of ignored risk resources. + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput + // List of images. + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls VmwareAssurancePolicyKubernetesControlArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput + // List of labels. + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput + // Value of allowed maximum score. + MaximumScore pulumi.Float64PtrInput + // Indicates if exceeding the maximum score is scanned. + MaximumScoreEnabled pulumi.BoolPtrInput + MaximumScoreExcludeNoFix pulumi.BoolPtrInput + MonitoredMalwarePaths pulumi.StringArrayInput + Name pulumi.StringPtrInput + // Indicates if raise a warning for images that should only be run as root. + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput + // Indicates if packages blacklist is relevant. + PackagesBlackListEnabled pulumi.BoolPtrInput + // List of blacklisted images. + PackagesBlackLists VmwareAssurancePolicyPackagesBlackListArrayInput + // Indicates if packages whitelist is relevant. + PackagesWhiteListEnabled pulumi.BoolPtrInput + // List of whitelisted images. + PackagesWhiteLists VmwareAssurancePolicyPackagesWhiteListArrayInput + PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings VmwareAssurancePolicyPolicySettingsPtrInput + ReadOnly pulumi.BoolPtrInput + // List of registries. + Registries pulumi.StringArrayInput + Registry pulumi.StringPtrInput + RequiredLabels VmwareAssurancePolicyRequiredLabelArrayInput + RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput + ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput + // Indicates if scan should include sensitive data in the image. + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput + // Indicates if scanning should include scap. + ScapEnabled pulumi.BoolPtrInput + // List of SCAP user scripts for checks. + ScapFiles pulumi.StringArrayInput + Scopes VmwareAssurancePolicyScopeArrayInput + // List of trusted images. + TrustedBaseImages VmwareAssurancePolicyTrustedBaseImageArrayInput + // Indicates if list of trusted base images is relevant. + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput + // List of whitelisted licenses. + WhitelistedLicenses pulumi.StringArrayInput + // Indicates if license blacklist is relevant. + WhitelistedLicensesEnabled pulumi.BoolPtrInput +} + +func (VmwareAssurancePolicyState) ElementType() reflect.Type { + return reflect.TypeOf((*vmwareAssurancePolicyState)(nil)).Elem() +} + +type vmwareAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability map[string]string `pulumi:"aggregatedVulnerability"` + // List of explicitly allowed images. + AllowedImages []string `pulumi:"allowedImages"` + ApplicationScopes []string `pulumi:"applicationScopes"` + // What type of assurance policy is described. + AssuranceType *string `pulumi:"assuranceType"` + // Indicates if auditing for failures. + AuditOnFailure *bool `pulumi:"auditOnFailure"` + // Name of user account that created the policy. + Author *string `pulumi:"author"` + AutoScanConfigured *bool `pulumi:"autoScanConfigured"` + AutoScanEnabled *bool `pulumi:"autoScanEnabled"` + AutoScanTimes []VmwareAssurancePolicyAutoScanTime `pulumi:"autoScanTimes"` + // List of function's forbidden permissions. + BlacklistPermissions []string `pulumi:"blacklistPermissions"` + // Indicates if blacklist permissions is relevant. + BlacklistPermissionsEnabled *bool `pulumi:"blacklistPermissionsEnabled"` + // List of blacklisted licenses. + BlacklistedLicenses []string `pulumi:"blacklistedLicenses"` + // Indicates if license blacklist is relevant. + BlacklistedLicensesEnabled *bool `pulumi:"blacklistedLicensesEnabled"` + // Indicates if failed images are blocked. + BlockFailed *bool `pulumi:"blockFailed"` + ControlExcludeNoFix *bool `pulumi:"controlExcludeNoFix"` + // List of Custom user scripts for checks. + CustomChecks []VmwareAssurancePolicyCustomCheck `pulumi:"customChecks"` + // Indicates if scanning should include custom checks. + CustomChecksEnabled *bool `pulumi:"customChecksEnabled"` + CustomSeverity *string `pulumi:"customSeverity"` + CustomSeverityEnabled *bool `pulumi:"customSeverityEnabled"` + // Indicates if CVEs blacklist is relevant. + CvesBlackListEnabled *bool `pulumi:"cvesBlackListEnabled"` + // List of cves blacklisted items. + CvesBlackLists []string `pulumi:"cvesBlackLists"` + // Indicates if cves whitelist is relevant. + CvesWhiteListEnabled *bool `pulumi:"cvesWhiteListEnabled"` + // List of cves whitelisted licenses + CvesWhiteLists []string `pulumi:"cvesWhiteLists"` + // Identifier of the cvss severity. + CvssSeverity *string `pulumi:"cvssSeverity"` + // Indicates if the cvss severity is scanned. + CvssSeverityEnabled *bool `pulumi:"cvssSeverityEnabled"` + // Indicates that policy should ignore cvss cases that do not have a known fix. + CvssSeverityExcludeNoFix *bool `pulumi:"cvssSeverityExcludeNoFix"` + Description *string `pulumi:"description"` + DisallowExploitTypes []string `pulumi:"disallowExploitTypes"` + // Indicates if malware should block the image. + DisallowMalware *bool `pulumi:"disallowMalware"` + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + DockerCisEnabled *bool `pulumi:"dockerCisEnabled"` + // Name of the container image. + Domain *string `pulumi:"domain"` + DomainName *string `pulumi:"domainName"` + DtaEnabled *bool `pulumi:"dtaEnabled"` + DtaSeverity *string `pulumi:"dtaSeverity"` + Enabled *bool `pulumi:"enabled"` + Enforce *bool `pulumi:"enforce"` + EnforceAfterDays *int `pulumi:"enforceAfterDays"` + EnforceExcessivePermissions *bool `pulumi:"enforceExcessivePermissions"` + ExceptionalMonitoredMalwarePaths []string `pulumi:"exceptionalMonitoredMalwarePaths"` + ExcludeApplicationScopes []string `pulumi:"excludeApplicationScopes"` + // Indicates if cicd failures will fail the image. + FailCicd *bool `pulumi:"failCicd"` + ForbiddenLabels []VmwareAssurancePolicyForbiddenLabel `pulumi:"forbiddenLabels"` + ForbiddenLabelsEnabled *bool `pulumi:"forbiddenLabelsEnabled"` + ForceMicroenforcer *bool `pulumi:"forceMicroenforcer"` + FunctionIntegrityEnabled *bool `pulumi:"functionIntegrityEnabled"` + IgnoreBaseImageVln *bool `pulumi:"ignoreBaseImageVln"` + IgnoreRecentlyPublishedVln *bool `pulumi:"ignoreRecentlyPublishedVln"` + IgnoreRecentlyPublishedVlnPeriod *int `pulumi:"ignoreRecentlyPublishedVlnPeriod"` + // Indicates if risk resources are ignored. + IgnoreRiskResourcesEnabled *bool `pulumi:"ignoreRiskResourcesEnabled"` + // List of ignored risk resources. + IgnoredRiskResources []string `pulumi:"ignoredRiskResources"` + IgnoredSensitiveResources []string `pulumi:"ignoredSensitiveResources"` + // List of images. + Images []string `pulumi:"images"` + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled *bool `pulumi:"kubeCisEnabled"` + // List of Kubernetes controls. + KubernetesControls []VmwareAssurancePolicyKubernetesControl `pulumi:"kubernetesControls"` + KubernetesControlsAvdIds []string `pulumi:"kubernetesControlsAvdIds"` + KubernetesControlsNames []string `pulumi:"kubernetesControlsNames"` + // List of labels. + Labels []string `pulumi:"labels"` + Lastupdate *string `pulumi:"lastupdate"` + LinuxCisEnabled *bool `pulumi:"linuxCisEnabled"` + MalwareAction *string `pulumi:"malwareAction"` + // Value of allowed maximum score. + MaximumScore *float64 `pulumi:"maximumScore"` + // Indicates if exceeding the maximum score is scanned. + MaximumScoreEnabled *bool `pulumi:"maximumScoreEnabled"` + MaximumScoreExcludeNoFix *bool `pulumi:"maximumScoreExcludeNoFix"` + MonitoredMalwarePaths []string `pulumi:"monitoredMalwarePaths"` + Name *string `pulumi:"name"` + // Indicates if raise a warning for images that should only be run as root. + OnlyNoneRootUsers *bool `pulumi:"onlyNoneRootUsers"` + OpenshiftHardeningEnabled *bool `pulumi:"openshiftHardeningEnabled"` + // Indicates if packages blacklist is relevant. + PackagesBlackListEnabled *bool `pulumi:"packagesBlackListEnabled"` + // List of blacklisted images. + PackagesBlackLists []VmwareAssurancePolicyPackagesBlackList `pulumi:"packagesBlackLists"` + // Indicates if packages whitelist is relevant. + PackagesWhiteListEnabled *bool `pulumi:"packagesWhiteListEnabled"` + // List of whitelisted images. + PackagesWhiteLists []VmwareAssurancePolicyPackagesWhiteList `pulumi:"packagesWhiteLists"` + PartialResultsImageFail *bool `pulumi:"partialResultsImageFail"` + Permission *string `pulumi:"permission"` + PolicySettings *VmwareAssurancePolicyPolicySettings `pulumi:"policySettings"` + ReadOnly *bool `pulumi:"readOnly"` + // List of registries. + Registries []string `pulumi:"registries"` + Registry *string `pulumi:"registry"` + RequiredLabels []VmwareAssurancePolicyRequiredLabel `pulumi:"requiredLabels"` + RequiredLabelsEnabled *bool `pulumi:"requiredLabelsEnabled"` + ScanMalwareInArchives *bool `pulumi:"scanMalwareInArchives"` + ScanNfsMounts *bool `pulumi:"scanNfsMounts"` + ScanProcessMemory *bool `pulumi:"scanProcessMemory"` + // Indicates if scan should include sensitive data in the image. + ScanSensitiveData *bool `pulumi:"scanSensitiveData"` + ScanWindowsRegistry *bool `pulumi:"scanWindowsRegistry"` + // Indicates if scanning should include scap. + ScapEnabled *bool `pulumi:"scapEnabled"` + // List of SCAP user scripts for checks. + ScapFiles []string `pulumi:"scapFiles"` + Scopes []VmwareAssurancePolicyScope `pulumi:"scopes"` + // List of trusted images. + TrustedBaseImages []VmwareAssurancePolicyTrustedBaseImage `pulumi:"trustedBaseImages"` + // Indicates if list of trusted base images is relevant. + TrustedBaseImagesEnabled *bool `pulumi:"trustedBaseImagesEnabled"` + VulnerabilityExploitability *bool `pulumi:"vulnerabilityExploitability"` + VulnerabilityScoreRanges []int `pulumi:"vulnerabilityScoreRanges"` + // List of whitelisted licenses. + WhitelistedLicenses []string `pulumi:"whitelistedLicenses"` + // Indicates if license blacklist is relevant. + WhitelistedLicensesEnabled *bool `pulumi:"whitelistedLicensesEnabled"` +} + +// The set of arguments for constructing a VmwareAssurancePolicy resource. +type VmwareAssurancePolicyArgs struct { + // Aggregated vulnerability information. + AggregatedVulnerability pulumi.StringMapInput + // List of explicitly allowed images. + AllowedImages pulumi.StringArrayInput + ApplicationScopes pulumi.StringArrayInput + // What type of assurance policy is described. + AssuranceType pulumi.StringPtrInput + // Indicates if auditing for failures. + AuditOnFailure pulumi.BoolPtrInput + // Name of user account that created the policy. + Author pulumi.StringPtrInput + AutoScanConfigured pulumi.BoolPtrInput + AutoScanEnabled pulumi.BoolPtrInput + AutoScanTimes VmwareAssurancePolicyAutoScanTimeArrayInput + // List of function's forbidden permissions. + BlacklistPermissions pulumi.StringArrayInput + // Indicates if blacklist permissions is relevant. + BlacklistPermissionsEnabled pulumi.BoolPtrInput + // List of blacklisted licenses. + BlacklistedLicenses pulumi.StringArrayInput + // Indicates if license blacklist is relevant. + BlacklistedLicensesEnabled pulumi.BoolPtrInput + // Indicates if failed images are blocked. + BlockFailed pulumi.BoolPtrInput + ControlExcludeNoFix pulumi.BoolPtrInput + // List of Custom user scripts for checks. + CustomChecks VmwareAssurancePolicyCustomCheckArrayInput + // Indicates if scanning should include custom checks. + CustomChecksEnabled pulumi.BoolPtrInput + CustomSeverity pulumi.StringPtrInput + CustomSeverityEnabled pulumi.BoolPtrInput + // Indicates if CVEs blacklist is relevant. + CvesBlackListEnabled pulumi.BoolPtrInput + // List of cves blacklisted items. + CvesBlackLists pulumi.StringArrayInput + // Indicates if cves whitelist is relevant. + CvesWhiteListEnabled pulumi.BoolPtrInput + // List of cves whitelisted licenses + CvesWhiteLists pulumi.StringArrayInput + // Identifier of the cvss severity. + CvssSeverity pulumi.StringPtrInput + // Indicates if the cvss severity is scanned. + CvssSeverityEnabled pulumi.BoolPtrInput + // Indicates that policy should ignore cvss cases that do not have a known fix. + CvssSeverityExcludeNoFix pulumi.BoolPtrInput + Description pulumi.StringPtrInput + DisallowExploitTypes pulumi.StringArrayInput + // Indicates if malware should block the image. + DisallowMalware pulumi.BoolPtrInput + // Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + DockerCisEnabled pulumi.BoolPtrInput + // Name of the container image. + Domain pulumi.StringPtrInput + DomainName pulumi.StringPtrInput + DtaEnabled pulumi.BoolPtrInput + DtaSeverity pulumi.StringPtrInput + Enabled pulumi.BoolPtrInput + Enforce pulumi.BoolPtrInput + EnforceAfterDays pulumi.IntPtrInput + EnforceExcessivePermissions pulumi.BoolPtrInput + ExceptionalMonitoredMalwarePaths pulumi.StringArrayInput + ExcludeApplicationScopes pulumi.StringArrayInput + // Indicates if cicd failures will fail the image. + FailCicd pulumi.BoolPtrInput + ForbiddenLabels VmwareAssurancePolicyForbiddenLabelArrayInput + ForbiddenLabelsEnabled pulumi.BoolPtrInput + ForceMicroenforcer pulumi.BoolPtrInput + FunctionIntegrityEnabled pulumi.BoolPtrInput + IgnoreBaseImageVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVln pulumi.BoolPtrInput + IgnoreRecentlyPublishedVlnPeriod pulumi.IntPtrInput + // Indicates if risk resources are ignored. + IgnoreRiskResourcesEnabled pulumi.BoolPtrInput + // List of ignored risk resources. + IgnoredRiskResources pulumi.StringArrayInput + IgnoredSensitiveResources pulumi.StringArrayInput + // List of images. + Images pulumi.StringArrayInput + // Performs a Kubernetes CIS benchmark check for the host. + KubeCisEnabled pulumi.BoolPtrInput + // List of Kubernetes controls. + KubernetesControls VmwareAssurancePolicyKubernetesControlArrayInput + KubernetesControlsAvdIds pulumi.StringArrayInput + KubernetesControlsNames pulumi.StringArrayInput + // List of labels. + Labels pulumi.StringArrayInput + Lastupdate pulumi.StringPtrInput + LinuxCisEnabled pulumi.BoolPtrInput + MalwareAction pulumi.StringPtrInput + // Value of allowed maximum score. + MaximumScore pulumi.Float64PtrInput + // Indicates if exceeding the maximum score is scanned. + MaximumScoreEnabled pulumi.BoolPtrInput + MaximumScoreExcludeNoFix pulumi.BoolPtrInput + MonitoredMalwarePaths pulumi.StringArrayInput + Name pulumi.StringPtrInput + // Indicates if raise a warning for images that should only be run as root. + OnlyNoneRootUsers pulumi.BoolPtrInput + OpenshiftHardeningEnabled pulumi.BoolPtrInput + // Indicates if packages blacklist is relevant. + PackagesBlackListEnabled pulumi.BoolPtrInput + // List of blacklisted images. + PackagesBlackLists VmwareAssurancePolicyPackagesBlackListArrayInput + // Indicates if packages whitelist is relevant. + PackagesWhiteListEnabled pulumi.BoolPtrInput + // List of whitelisted images. + PackagesWhiteLists VmwareAssurancePolicyPackagesWhiteListArrayInput + PartialResultsImageFail pulumi.BoolPtrInput + Permission pulumi.StringPtrInput + PolicySettings VmwareAssurancePolicyPolicySettingsPtrInput + ReadOnly pulumi.BoolPtrInput + // List of registries. + Registries pulumi.StringArrayInput + Registry pulumi.StringPtrInput + RequiredLabels VmwareAssurancePolicyRequiredLabelArrayInput + RequiredLabelsEnabled pulumi.BoolPtrInput + ScanMalwareInArchives pulumi.BoolPtrInput + ScanNfsMounts pulumi.BoolPtrInput + ScanProcessMemory pulumi.BoolPtrInput + // Indicates if scan should include sensitive data in the image. + ScanSensitiveData pulumi.BoolPtrInput + ScanWindowsRegistry pulumi.BoolPtrInput + // Indicates if scanning should include scap. + ScapEnabled pulumi.BoolPtrInput + // List of SCAP user scripts for checks. + ScapFiles pulumi.StringArrayInput + Scopes VmwareAssurancePolicyScopeArrayInput + // List of trusted images. + TrustedBaseImages VmwareAssurancePolicyTrustedBaseImageArrayInput + // Indicates if list of trusted base images is relevant. + TrustedBaseImagesEnabled pulumi.BoolPtrInput + VulnerabilityExploitability pulumi.BoolPtrInput + VulnerabilityScoreRanges pulumi.IntArrayInput + // List of whitelisted licenses. + WhitelistedLicenses pulumi.StringArrayInput + // Indicates if license blacklist is relevant. + WhitelistedLicensesEnabled pulumi.BoolPtrInput +} + +func (VmwareAssurancePolicyArgs) ElementType() reflect.Type { + return reflect.TypeOf((*vmwareAssurancePolicyArgs)(nil)).Elem() +} + +type VmwareAssurancePolicyInput interface { + pulumi.Input + + ToVmwareAssurancePolicyOutput() VmwareAssurancePolicyOutput + ToVmwareAssurancePolicyOutputWithContext(ctx context.Context) VmwareAssurancePolicyOutput +} + +func (*VmwareAssurancePolicy) ElementType() reflect.Type { + return reflect.TypeOf((**VmwareAssurancePolicy)(nil)).Elem() +} + +func (i *VmwareAssurancePolicy) ToVmwareAssurancePolicyOutput() VmwareAssurancePolicyOutput { + return i.ToVmwareAssurancePolicyOutputWithContext(context.Background()) +} + +func (i *VmwareAssurancePolicy) ToVmwareAssurancePolicyOutputWithContext(ctx context.Context) VmwareAssurancePolicyOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyOutput) +} + +// VmwareAssurancePolicyArrayInput is an input type that accepts VmwareAssurancePolicyArray and VmwareAssurancePolicyArrayOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyArrayInput` via: +// +// VmwareAssurancePolicyArray{ VmwareAssurancePolicyArgs{...} } +type VmwareAssurancePolicyArrayInput interface { + pulumi.Input + + ToVmwareAssurancePolicyArrayOutput() VmwareAssurancePolicyArrayOutput + ToVmwareAssurancePolicyArrayOutputWithContext(context.Context) VmwareAssurancePolicyArrayOutput +} + +type VmwareAssurancePolicyArray []VmwareAssurancePolicyInput + +func (VmwareAssurancePolicyArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*VmwareAssurancePolicy)(nil)).Elem() +} + +func (i VmwareAssurancePolicyArray) ToVmwareAssurancePolicyArrayOutput() VmwareAssurancePolicyArrayOutput { + return i.ToVmwareAssurancePolicyArrayOutputWithContext(context.Background()) +} + +func (i VmwareAssurancePolicyArray) ToVmwareAssurancePolicyArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyArrayOutput) +} + +// VmwareAssurancePolicyMapInput is an input type that accepts VmwareAssurancePolicyMap and VmwareAssurancePolicyMapOutput values. +// You can construct a concrete instance of `VmwareAssurancePolicyMapInput` via: +// +// VmwareAssurancePolicyMap{ "key": VmwareAssurancePolicyArgs{...} } +type VmwareAssurancePolicyMapInput interface { + pulumi.Input + + ToVmwareAssurancePolicyMapOutput() VmwareAssurancePolicyMapOutput + ToVmwareAssurancePolicyMapOutputWithContext(context.Context) VmwareAssurancePolicyMapOutput +} + +type VmwareAssurancePolicyMap map[string]VmwareAssurancePolicyInput + +func (VmwareAssurancePolicyMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*VmwareAssurancePolicy)(nil)).Elem() +} + +func (i VmwareAssurancePolicyMap) ToVmwareAssurancePolicyMapOutput() VmwareAssurancePolicyMapOutput { + return i.ToVmwareAssurancePolicyMapOutputWithContext(context.Background()) +} + +func (i VmwareAssurancePolicyMap) ToVmwareAssurancePolicyMapOutputWithContext(ctx context.Context) VmwareAssurancePolicyMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(VmwareAssurancePolicyMapOutput) +} + +type VmwareAssurancePolicyOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyOutput) ElementType() reflect.Type { + return reflect.TypeOf((**VmwareAssurancePolicy)(nil)).Elem() +} + +func (o VmwareAssurancePolicyOutput) ToVmwareAssurancePolicyOutput() VmwareAssurancePolicyOutput { + return o +} + +func (o VmwareAssurancePolicyOutput) ToVmwareAssurancePolicyOutputWithContext(ctx context.Context) VmwareAssurancePolicyOutput { + return o +} + +// Aggregated vulnerability information. +func (o VmwareAssurancePolicyOutput) AggregatedVulnerability() pulumi.StringMapOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringMapOutput { return v.AggregatedVulnerability }).(pulumi.StringMapOutput) +} + +// List of explicitly allowed images. +func (o VmwareAssurancePolicyOutput) AllowedImages() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.AllowedImages }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) ApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.ApplicationScopes }).(pulumi.StringArrayOutput) +} + +// What type of assurance policy is described. +func (o VmwareAssurancePolicyOutput) AssuranceType() pulumi.StringOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringOutput { return v.AssuranceType }).(pulumi.StringOutput) +} + +// Indicates if auditing for failures. +func (o VmwareAssurancePolicyOutput) AuditOnFailure() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.AuditOnFailure }).(pulumi.BoolPtrOutput) +} + +// Name of user account that created the policy. +func (o VmwareAssurancePolicyOutput) Author() pulumi.StringOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringOutput { return v.Author }).(pulumi.StringOutput) +} + +func (o VmwareAssurancePolicyOutput) AutoScanConfigured() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.AutoScanConfigured }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) AutoScanEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.AutoScanEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) AutoScanTimes() VmwareAssurancePolicyAutoScanTimeArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyAutoScanTimeArrayOutput { return v.AutoScanTimes }).(VmwareAssurancePolicyAutoScanTimeArrayOutput) +} + +// List of function's forbidden permissions. +func (o VmwareAssurancePolicyOutput) BlacklistPermissions() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.BlacklistPermissions }).(pulumi.StringArrayOutput) +} + +// Indicates if blacklist permissions is relevant. +func (o VmwareAssurancePolicyOutput) BlacklistPermissionsEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.BlacklistPermissionsEnabled }).(pulumi.BoolPtrOutput) +} + +// List of blacklisted licenses. +func (o VmwareAssurancePolicyOutput) BlacklistedLicenses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.BlacklistedLicenses }).(pulumi.StringArrayOutput) +} + +// Indicates if license blacklist is relevant. +func (o VmwareAssurancePolicyOutput) BlacklistedLicensesEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.BlacklistedLicensesEnabled }).(pulumi.BoolPtrOutput) +} + +// Indicates if failed images are blocked. +func (o VmwareAssurancePolicyOutput) BlockFailed() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.BlockFailed }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ControlExcludeNoFix() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ControlExcludeNoFix }).(pulumi.BoolPtrOutput) +} + +// List of Custom user scripts for checks. +func (o VmwareAssurancePolicyOutput) CustomChecks() VmwareAssurancePolicyCustomCheckArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyCustomCheckArrayOutput { return v.CustomChecks }).(VmwareAssurancePolicyCustomCheckArrayOutput) +} + +// Indicates if scanning should include custom checks. +func (o VmwareAssurancePolicyOutput) CustomChecksEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomChecksEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) CustomSeverity() pulumi.StringOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringOutput { return v.CustomSeverity }).(pulumi.StringOutput) +} + +func (o VmwareAssurancePolicyOutput) CustomSeverityEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.CustomSeverityEnabled }).(pulumi.BoolPtrOutput) +} + +// Indicates if CVEs blacklist is relevant. +func (o VmwareAssurancePolicyOutput) CvesBlackListEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesBlackListEnabled }).(pulumi.BoolPtrOutput) +} + +// List of cves blacklisted items. +func (o VmwareAssurancePolicyOutput) CvesBlackLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.CvesBlackLists }).(pulumi.StringArrayOutput) +} + +// Indicates if cves whitelist is relevant. +func (o VmwareAssurancePolicyOutput) CvesWhiteListEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.CvesWhiteListEnabled }).(pulumi.BoolPtrOutput) +} + +// List of cves whitelisted licenses +func (o VmwareAssurancePolicyOutput) CvesWhiteLists() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.CvesWhiteLists }).(pulumi.StringArrayOutput) +} + +// Identifier of the cvss severity. +func (o VmwareAssurancePolicyOutput) CvssSeverity() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.CvssSeverity }).(pulumi.StringPtrOutput) +} + +// Indicates if the cvss severity is scanned. +func (o VmwareAssurancePolicyOutput) CvssSeverityEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.CvssSeverityEnabled }).(pulumi.BoolPtrOutput) +} + +// Indicates that policy should ignore cvss cases that do not have a known fix. +func (o VmwareAssurancePolicyOutput) CvssSeverityExcludeNoFix() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.CvssSeverityExcludeNoFix }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) DisallowExploitTypes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.DisallowExploitTypes }).(pulumi.StringArrayOutput) +} + +// Indicates if malware should block the image. +func (o VmwareAssurancePolicyOutput) DisallowMalware() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.DisallowMalware }).(pulumi.BoolPtrOutput) +} + +// Checks the host according to the Docker CIS benchmark, if Docker is found on the host. +func (o VmwareAssurancePolicyOutput) DockerCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.DockerCisEnabled }).(pulumi.BoolPtrOutput) +} + +// Name of the container image. +func (o VmwareAssurancePolicyOutput) Domain() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.Domain }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) DomainName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.DomainName }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) DtaEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.DtaEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) DtaSeverity() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.DtaSeverity }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) Enforce() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.Enforce }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) EnforceAfterDays() pulumi.IntPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.IntPtrOutput { return v.EnforceAfterDays }).(pulumi.IntPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) EnforceExcessivePermissions() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.EnforceExcessivePermissions }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ExceptionalMonitoredMalwarePaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.ExceptionalMonitoredMalwarePaths }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) ExcludeApplicationScopes() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.ExcludeApplicationScopes }).(pulumi.StringArrayOutput) +} + +// Indicates if cicd failures will fail the image. +func (o VmwareAssurancePolicyOutput) FailCicd() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.FailCicd }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ForbiddenLabels() VmwareAssurancePolicyForbiddenLabelArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyForbiddenLabelArrayOutput { + return v.ForbiddenLabels + }).(VmwareAssurancePolicyForbiddenLabelArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) ForbiddenLabelsEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ForbiddenLabelsEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ForceMicroenforcer() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ForceMicroenforcer }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) FunctionIntegrityEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.FunctionIntegrityEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) IgnoreBaseImageVln() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreBaseImageVln }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) IgnoreRecentlyPublishedVln() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreRecentlyPublishedVln }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) IgnoreRecentlyPublishedVlnPeriod() pulumi.IntOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.IntOutput { return v.IgnoreRecentlyPublishedVlnPeriod }).(pulumi.IntOutput) +} + +// Indicates if risk resources are ignored. +func (o VmwareAssurancePolicyOutput) IgnoreRiskResourcesEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.IgnoreRiskResourcesEnabled }).(pulumi.BoolPtrOutput) +} + +// List of ignored risk resources. +func (o VmwareAssurancePolicyOutput) IgnoredRiskResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredRiskResources }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) IgnoredSensitiveResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.IgnoredSensitiveResources }).(pulumi.StringArrayOutput) +} + +// List of images. +func (o VmwareAssurancePolicyOutput) Images() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.Images }).(pulumi.StringArrayOutput) +} + +// Performs a Kubernetes CIS benchmark check for the host. +func (o VmwareAssurancePolicyOutput) KubeCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.KubeCisEnabled }).(pulumi.BoolPtrOutput) +} + +// List of Kubernetes controls. +func (o VmwareAssurancePolicyOutput) KubernetesControls() VmwareAssurancePolicyKubernetesControlArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyKubernetesControlArrayOutput { + return v.KubernetesControls + }).(VmwareAssurancePolicyKubernetesControlArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) KubernetesControlsAvdIds() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsAvdIds }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) KubernetesControlsNames() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.KubernetesControlsNames }).(pulumi.StringArrayOutput) +} + +// List of labels. +func (o VmwareAssurancePolicyOutput) Labels() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.Labels }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) Lastupdate() pulumi.StringOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringOutput { return v.Lastupdate }).(pulumi.StringOutput) +} + +func (o VmwareAssurancePolicyOutput) LinuxCisEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.LinuxCisEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) MalwareAction() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.MalwareAction }).(pulumi.StringPtrOutput) +} + +// Value of allowed maximum score. +func (o VmwareAssurancePolicyOutput) MaximumScore() pulumi.Float64PtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.Float64PtrOutput { return v.MaximumScore }).(pulumi.Float64PtrOutput) +} + +// Indicates if exceeding the maximum score is scanned. +func (o VmwareAssurancePolicyOutput) MaximumScoreEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.MaximumScoreEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) MaximumScoreExcludeNoFix() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.MaximumScoreExcludeNoFix }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) MonitoredMalwarePaths() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.MonitoredMalwarePaths }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// Indicates if raise a warning for images that should only be run as root. +func (o VmwareAssurancePolicyOutput) OnlyNoneRootUsers() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.OnlyNoneRootUsers }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) OpenshiftHardeningEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.OpenshiftHardeningEnabled }).(pulumi.BoolPtrOutput) +} + +// Indicates if packages blacklist is relevant. +func (o VmwareAssurancePolicyOutput) PackagesBlackListEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.PackagesBlackListEnabled }).(pulumi.BoolPtrOutput) +} + +// List of blacklisted images. +func (o VmwareAssurancePolicyOutput) PackagesBlackLists() VmwareAssurancePolicyPackagesBlackListArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyPackagesBlackListArrayOutput { + return v.PackagesBlackLists + }).(VmwareAssurancePolicyPackagesBlackListArrayOutput) +} + +// Indicates if packages whitelist is relevant. +func (o VmwareAssurancePolicyOutput) PackagesWhiteListEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.PackagesWhiteListEnabled }).(pulumi.BoolPtrOutput) +} + +// List of whitelisted images. +func (o VmwareAssurancePolicyOutput) PackagesWhiteLists() VmwareAssurancePolicyPackagesWhiteListArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyPackagesWhiteListArrayOutput { + return v.PackagesWhiteLists + }).(VmwareAssurancePolicyPackagesWhiteListArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) PartialResultsImageFail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.PartialResultsImageFail }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) Permission() pulumi.StringOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringOutput { return v.Permission }).(pulumi.StringOutput) +} + +func (o VmwareAssurancePolicyOutput) PolicySettings() VmwareAssurancePolicyPolicySettingsOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyPolicySettingsOutput { return v.PolicySettings }).(VmwareAssurancePolicyPolicySettingsOutput) +} + +func (o VmwareAssurancePolicyOutput) ReadOnly() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ReadOnly }).(pulumi.BoolPtrOutput) +} + +// List of registries. +func (o VmwareAssurancePolicyOutput) Registries() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.Registries }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) Registry() pulumi.StringPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringPtrOutput { return v.Registry }).(pulumi.StringPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) RequiredLabels() VmwareAssurancePolicyRequiredLabelArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyRequiredLabelArrayOutput { return v.RequiredLabels }).(VmwareAssurancePolicyRequiredLabelArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) RequiredLabelsEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.RequiredLabelsEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ScanMalwareInArchives() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanMalwareInArchives }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ScanNfsMounts() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanNfsMounts }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ScanProcessMemory() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanProcessMemory }).(pulumi.BoolPtrOutput) +} + +// Indicates if scan should include sensitive data in the image. +func (o VmwareAssurancePolicyOutput) ScanSensitiveData() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanSensitiveData }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) ScanWindowsRegistry() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ScanWindowsRegistry }).(pulumi.BoolPtrOutput) +} + +// Indicates if scanning should include scap. +func (o VmwareAssurancePolicyOutput) ScapEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.ScapEnabled }).(pulumi.BoolPtrOutput) +} + +// List of SCAP user scripts for checks. +func (o VmwareAssurancePolicyOutput) ScapFiles() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.ScapFiles }).(pulumi.StringArrayOutput) +} + +func (o VmwareAssurancePolicyOutput) Scopes() VmwareAssurancePolicyScopeArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyScopeArrayOutput { return v.Scopes }).(VmwareAssurancePolicyScopeArrayOutput) +} + +// List of trusted images. +func (o VmwareAssurancePolicyOutput) TrustedBaseImages() VmwareAssurancePolicyTrustedBaseImageArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) VmwareAssurancePolicyTrustedBaseImageArrayOutput { + return v.TrustedBaseImages + }).(VmwareAssurancePolicyTrustedBaseImageArrayOutput) +} + +// Indicates if list of trusted base images is relevant. +func (o VmwareAssurancePolicyOutput) TrustedBaseImagesEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.TrustedBaseImagesEnabled }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) VulnerabilityExploitability() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.VulnerabilityExploitability }).(pulumi.BoolPtrOutput) +} + +func (o VmwareAssurancePolicyOutput) VulnerabilityScoreRanges() pulumi.IntArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.IntArrayOutput { return v.VulnerabilityScoreRanges }).(pulumi.IntArrayOutput) +} + +// List of whitelisted licenses. +func (o VmwareAssurancePolicyOutput) WhitelistedLicenses() pulumi.StringArrayOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.StringArrayOutput { return v.WhitelistedLicenses }).(pulumi.StringArrayOutput) +} + +// Indicates if license blacklist is relevant. +func (o VmwareAssurancePolicyOutput) WhitelistedLicensesEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *VmwareAssurancePolicy) pulumi.BoolPtrOutput { return v.WhitelistedLicensesEnabled }).(pulumi.BoolPtrOutput) +} + +type VmwareAssurancePolicyArrayOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*VmwareAssurancePolicy)(nil)).Elem() +} + +func (o VmwareAssurancePolicyArrayOutput) ToVmwareAssurancePolicyArrayOutput() VmwareAssurancePolicyArrayOutput { + return o +} + +func (o VmwareAssurancePolicyArrayOutput) ToVmwareAssurancePolicyArrayOutputWithContext(ctx context.Context) VmwareAssurancePolicyArrayOutput { + return o +} + +func (o VmwareAssurancePolicyArrayOutput) Index(i pulumi.IntInput) VmwareAssurancePolicyOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *VmwareAssurancePolicy { + return vs[0].([]*VmwareAssurancePolicy)[vs[1].(int)] + }).(VmwareAssurancePolicyOutput) +} + +type VmwareAssurancePolicyMapOutput struct{ *pulumi.OutputState } + +func (VmwareAssurancePolicyMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*VmwareAssurancePolicy)(nil)).Elem() +} + +func (o VmwareAssurancePolicyMapOutput) ToVmwareAssurancePolicyMapOutput() VmwareAssurancePolicyMapOutput { + return o +} + +func (o VmwareAssurancePolicyMapOutput) ToVmwareAssurancePolicyMapOutputWithContext(ctx context.Context) VmwareAssurancePolicyMapOutput { + return o +} + +func (o VmwareAssurancePolicyMapOutput) MapIndex(k pulumi.StringInput) VmwareAssurancePolicyOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *VmwareAssurancePolicy { + return vs[0].(map[string]*VmwareAssurancePolicy)[vs[1].(string)] + }).(VmwareAssurancePolicyOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyInput)(nil)).Elem(), &VmwareAssurancePolicy{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyArrayInput)(nil)).Elem(), VmwareAssurancePolicyArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*VmwareAssurancePolicyMapInput)(nil)).Elem(), VmwareAssurancePolicyMap{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyArrayOutput{}) + pulumi.RegisterOutputType(VmwareAssurancePolicyMapOutput{}) +} diff --git a/sdk/nodejs/config/vars.ts b/sdk/nodejs/config/vars.ts index 0dd3703d..b2d4724f 100644 --- a/sdk/nodejs/config/vars.ts +++ b/sdk/nodejs/config/vars.ts @@ -13,7 +13,7 @@ const __config = new pulumi.Config("aquasec"); export declare const aquaUrl: string | undefined; Object.defineProperty(exports, "aquaUrl", { get() { - return __config.get("aquaUrl"); + return __config.get("aquaUrl") ?? utilities.getEnv("AQUA_URL"); }, enumerable: true, }); @@ -25,7 +25,7 @@ Object.defineProperty(exports, "aquaUrl", { export declare const caCertificatePath: string | undefined; Object.defineProperty(exports, "caCertificatePath", { get() { - return __config.get("caCertificatePath"); + return __config.get("caCertificatePath") ?? utilities.getEnv("AQUA_CA_CERT_PATH"); }, enumerable: true, }); @@ -37,7 +37,7 @@ Object.defineProperty(exports, "caCertificatePath", { export declare const configPath: string | undefined; Object.defineProperty(exports, "configPath", { get() { - return __config.get("configPath"); + return __config.get("configPath") ?? utilities.getEnv("AQUA_CONFIG"); }, enumerable: true, }); @@ -49,7 +49,7 @@ Object.defineProperty(exports, "configPath", { export declare const password: string | undefined; Object.defineProperty(exports, "password", { get() { - return __config.get("password"); + return __config.get("password") ?? utilities.getEnv("AQUA_PASSWORD"); }, enumerable: true, }); @@ -61,7 +61,7 @@ Object.defineProperty(exports, "password", { export declare const username: string | undefined; Object.defineProperty(exports, "username", { get() { - return __config.get("username"); + return __config.get("username") ?? utilities.getEnv("AQUA_USER"); }, enumerable: true, }); @@ -70,10 +70,10 @@ Object.defineProperty(exports, "username", { * If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can * alternatively be sourced from the `AQUA_TLS_VERIFY` environment variable. */ -export declare const verifyTls: boolean | undefined; +export declare const verifyTls: boolean; Object.defineProperty(exports, "verifyTls", { get() { - return __config.getObject("verifyTls"); + return __config.getObject("verifyTls") ?? (utilities.getEnvBoolean("AQUA_TLS_VERIFY") || true); }, enumerable: true, }); diff --git a/sdk/nodejs/containerRuntimePolicy.ts b/sdk/nodejs/containerRuntimePolicy.ts index 87127095..9be324ed 100644 --- a/sdk/nodejs/containerRuntimePolicy.ts +++ b/sdk/nodejs/containerRuntimePolicy.ts @@ -6,133 +6,6 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; -/** - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as aquasec from "@pulumiverse/aquasec"; - * - * const containerRuntimePolicy = new aquasec.ContainerRuntimePolicy("containerRuntimePolicy", { - * allowedExecutables: [ - * "exe", - * "bin", - * ], - * allowedRegistries: [ - * "registry1", - * "registry2", - * ], - * applicationScopes: ["Global"], - * auditAllNetworkActivity: true, - * auditAllProcessesActivity: true, - * auditFullCommandArguments: true, - * blockAccessHostNetwork: true, - * blockAddingCapabilities: true, - * blockContainerExec: true, - * blockCryptocurrencyMining: true, - * blockFilelessExec: true, - * blockLowPortBinding: true, - * blockNonCompliantImages: true, - * blockNonCompliantWorkloads: true, - * blockNonK8sContainers: true, - * blockPrivilegedContainers: true, - * blockReverseShell: true, - * blockRootUser: true, - * blockUnregisteredImages: true, - * blockUseIpcNamespace: true, - * blockUsePidNamespace: true, - * blockUseUserNamespace: true, - * blockUseUtsNamespace: true, - * blockedCapabilities: [ - * "AUDIT_CONTROL", - * "AUDIT_WRITE", - * ], - * blockedExecutables: [ - * "exe1", - * "exe2", - * ], - * blockedFiles: [ - * "test1", - * "test2", - * ], - * blockedInboundPorts: [ - * "80", - * "8080", - * ], - * blockedOutboundPorts: [ - * "90", - * "9090", - * ], - * blockedPackages: [ - * "pkg", - * "pkg2", - * ], - * blockedVolumes: [ - * "blocked", - * "vol", - * ], - * containerExecAllowedProcesses: [ - * "proc1", - * "proc2", - * ], - * description: "container_runtime_policy", - * enableDriftPrevention: true, - * enableForkGuard: true, - * enableIpReputationSecurity: true, - * enablePortScanDetection: true, - * enabled: true, - * enforce: false, - * exceptionalReadonlyFilesAndDirectories: [ - * "readonly2", - * "/dir2/", - * ], - * fileIntegrityMonitoring: { - * excludedPaths: ["expaths"], - * excludedProcesses: ["exprocess"], - * excludedUsers: ["expuser"], - * monitorAttributes: true, - * monitorCreate: true, - * monitorDelete: true, - * monitorModify: true, - * monitorRead: true, - * monitoredPaths: ["paths"], - * monitoredProcesses: ["process"], - * monitoredUsers: ["user"], - * }, - * forkGuardProcessLimit: 13, - * limitNewPrivileges: true, - * malwareScanOptions: { - * action: "alert", - * enabled: true, - * }, - * monitorSystemTimeChanges: true, - * readonlyFilesAndDirectories: [ - * "readonly", - * "/dir/", - * ], - * reverseShellAllowedIps: [ - * "ip1", - * "ip2", - * ], - * reverseShellAllowedProcesses: [ - * "proc1", - * "proc2", - * ], - * scopeExpression: "v1 || v2", - * scopeVariables: [ - * { - * attribute: "kubernetes.cluster", - * value: "default", - * }, - * { - * attribute: "kubernetes.label", - * name: "app", - * value: "aqua", - * }, - * ], - * }); - * ``` - */ export class ContainerRuntimePolicy extends pulumi.CustomResource { /** * Get an existing ContainerRuntimePolicy resource's state with the given name, ID, and optional extra @@ -162,13 +35,13 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { } /** - * List of executables that are allowed for the user. + * Allowed executables configuration. */ - public readonly allowedExecutables!: pulumi.Output; + public readonly allowedExecutables!: pulumi.Output; /** - * List of registries that allowed for running containers. + * List of allowed registries. */ - public readonly allowedRegistries!: pulumi.Output; + public readonly allowedRegistries!: pulumi.Output; /** * Indicates the application scope of the service. */ @@ -181,14 +54,20 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * If true, all process activity will be audited. */ public readonly auditAllProcessesActivity!: pulumi.Output; + /** + * Detects brute force login attempts + */ + public readonly auditBruteForceLogin!: pulumi.Output; /** * If true, full command arguments will be audited. */ public readonly auditFullCommandArguments!: pulumi.Output; + public readonly auditing!: pulumi.Output; /** * Username of the account that created the service. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly author!: pulumi.Output; + public readonly blacklistedOsUsers!: pulumi.Output; /** * If true, prevent containers from running with access to host network. */ @@ -205,6 +84,7 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining */ public readonly blockCryptocurrencyMining!: pulumi.Output; + public readonly blockDisallowedImages!: pulumi.Output; /** * Detect and prevent running in-memory execution */ @@ -213,10 +93,6 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * If true, prevent containers from running with the capability to bind in port lower than 1024. */ public readonly blockLowPortBinding!: pulumi.Output; - /** - * If true, running non-compliant image in the container is prevented. - */ - public readonly blockNonCompliantImages!: pulumi.Output; /** * If true, running containers in non-compliant pods is prevented. */ @@ -229,18 +105,10 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * If true, prevent containers from running with privileged container capability. */ public readonly blockPrivilegedContainers!: pulumi.Output; - /** - * If true, reverse shell is prevented. - */ - public readonly blockReverseShell!: pulumi.Output; /** * If true, prevent containers from running with root user. */ public readonly blockRootUser!: pulumi.Output; - /** - * If true, running images in the container that are not registered in Aqua is prevented. - */ - public readonly blockUnregisteredImages!: pulumi.Output; /** * If true, prevent containers from running with the privilege to use the IPC namespace. */ @@ -285,32 +153,36 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * List of volumes that are prevented from being mounted in the containers. */ public readonly blockedVolumes!: pulumi.Output; + /** + * Bypass scope configuration. + */ + public readonly bypassScopes!: pulumi.Output; + public readonly containerExec!: pulumi.Output; /** * List of processes that will be allowed. */ public readonly containerExecAllowedProcesses!: pulumi.Output; + public readonly created!: pulumi.Output; + public readonly cve!: pulumi.Output; + public readonly defaultSecurityProfile!: pulumi.Output; /** * The description of the container runtime policy */ public readonly description!: pulumi.Output; + public readonly digest!: pulumi.Output; /** - * If true, executables that are not in the original image is prevented from running. + * Drift prevention configuration. */ - public readonly enableDriftPrevention!: pulumi.Output; + public readonly driftPreventions!: pulumi.Output; + public readonly enableCryptoMiningDns!: pulumi.Output; /** * If true, fork bombs are prevented in the containers. */ public readonly enableForkGuard!: pulumi.Output; + public readonly enableIpReputation!: pulumi.Output; + public readonly enablePortScanProtection!: pulumi.Output; /** - * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - */ - public readonly enableIpReputationSecurity!: pulumi.Output; - /** - * If true, detects port scanning behavior in the container. - */ - public readonly enablePortScanDetection!: pulumi.Output; - /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ public readonly enabled!: pulumi.Output; /** @@ -321,50 +193,70 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * Indicates the number of days after which the runtime policy will be changed to enforce mode. */ public readonly enforceAfterDays!: pulumi.Output; + public readonly enforceSchedulerAddedOn!: pulumi.Output; /** - * List of files and directories to be excluded from the read-only list. + * List of excluded application scopes. */ - public readonly exceptionalReadonlyFilesAndDirectories!: pulumi.Output; + public readonly excludeApplicationScopes!: pulumi.Output; /** - * Specify processes that will be allowed + * Executable blacklist configuration. */ - public readonly execLockdownWhiteLists!: pulumi.Output; + public readonly executableBlacklists!: pulumi.Output; + public readonly failedKubernetesChecks!: pulumi.Output; + public readonly fileBlock!: pulumi.Output; /** * Configuration for file integrity monitoring. */ - public readonly fileIntegrityMonitoring!: pulumi.Output; + public readonly fileIntegrityMonitoring!: pulumi.Output; /** * Process limit for the fork guard. */ public readonly forkGuardProcessLimit!: pulumi.Output; + public readonly imageName!: pulumi.Output; + public readonly isAuditChecked!: pulumi.Output; + public readonly isAutoGenerated!: pulumi.Output; + public readonly isOotbPolicy!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + /** + * Container privileges configuration. + */ + public readonly limitContainerPrivileges!: pulumi.Output; /** * If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) */ public readonly limitNewPrivileges!: pulumi.Output; + public readonly linuxCapabilities!: pulumi.Output; /** * Configuration for Real-Time Malware Protection. */ - public readonly malwareScanOptions!: pulumi.Output; + public readonly malwareScanOptions!: pulumi.Output; /** * If true, system time changes will be monitored. */ public readonly monitorSystemTimeChanges!: pulumi.Output; /** - * Name of the container runtime policy + * Name assigned to the attribute. */ public readonly name!: pulumi.Output; - /** - * List of files and directories to be restricted as read-only - */ - public readonly readonlyFilesAndDirectories!: pulumi.Output; - /** - * List of IPs/ CIDRs that will be allowed - */ - public readonly reverseShellAllowedIps!: pulumi.Output; - /** - * List of processes that will be allowed - */ - public readonly reverseShellAllowedProcesses!: pulumi.Output; + public readonly noNewPrivileges!: pulumi.Output; + public readonly onlyRegisteredImages!: pulumi.Output; + public readonly packageBlock!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly portBlock!: pulumi.Output; + public readonly readonlyFiles!: pulumi.Output; + public readonly readonlyRegistry!: pulumi.Output; + public readonly registry!: pulumi.Output; + public readonly registryAccessMonitoring!: pulumi.Output; + public readonly repoName!: pulumi.Output; + public readonly resourceName!: pulumi.Output; + public readonly resourceType!: pulumi.Output; + /** + * Restricted volumes configuration. + */ + public readonly restrictedVolumes!: pulumi.Output; + public readonly reverseShell!: pulumi.Output; + public readonly runtimeMode!: pulumi.Output; + public readonly runtimeType!: pulumi.Output; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -373,6 +265,17 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { * List of scope attributes. */ public readonly scopeVariables!: pulumi.Output; + /** + * Scope configuration. + */ + public readonly scopes!: pulumi.Output; + public readonly systemIntegrityProtection!: pulumi.Output; + public readonly tripwire!: pulumi.Output; + public readonly type!: pulumi.Output; + public readonly updated!: pulumi.Output; + public readonly version!: pulumi.Output; + public readonly vpatchVersion!: pulumi.Output; + public readonly whitelistedOsUsers!: pulumi.Output; /** * Create a ContainerRuntimePolicy resource with the given unique name, arguments, and options. @@ -392,21 +295,22 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; resourceInputs["auditAllNetworkActivity"] = state ? state.auditAllNetworkActivity : undefined; resourceInputs["auditAllProcessesActivity"] = state ? state.auditAllProcessesActivity : undefined; + resourceInputs["auditBruteForceLogin"] = state ? state.auditBruteForceLogin : undefined; resourceInputs["auditFullCommandArguments"] = state ? state.auditFullCommandArguments : undefined; + resourceInputs["auditing"] = state ? state.auditing : undefined; resourceInputs["author"] = state ? state.author : undefined; + resourceInputs["blacklistedOsUsers"] = state ? state.blacklistedOsUsers : undefined; resourceInputs["blockAccessHostNetwork"] = state ? state.blockAccessHostNetwork : undefined; resourceInputs["blockAddingCapabilities"] = state ? state.blockAddingCapabilities : undefined; resourceInputs["blockContainerExec"] = state ? state.blockContainerExec : undefined; resourceInputs["blockCryptocurrencyMining"] = state ? state.blockCryptocurrencyMining : undefined; + resourceInputs["blockDisallowedImages"] = state ? state.blockDisallowedImages : undefined; resourceInputs["blockFilelessExec"] = state ? state.blockFilelessExec : undefined; resourceInputs["blockLowPortBinding"] = state ? state.blockLowPortBinding : undefined; - resourceInputs["blockNonCompliantImages"] = state ? state.blockNonCompliantImages : undefined; resourceInputs["blockNonCompliantWorkloads"] = state ? state.blockNonCompliantWorkloads : undefined; resourceInputs["blockNonK8sContainers"] = state ? state.blockNonK8sContainers : undefined; resourceInputs["blockPrivilegedContainers"] = state ? state.blockPrivilegedContainers : undefined; - resourceInputs["blockReverseShell"] = state ? state.blockReverseShell : undefined; resourceInputs["blockRootUser"] = state ? state.blockRootUser : undefined; - resourceInputs["blockUnregisteredImages"] = state ? state.blockUnregisteredImages : undefined; resourceInputs["blockUseIpcNamespace"] = state ? state.blockUseIpcNamespace : undefined; resourceInputs["blockUsePidNamespace"] = state ? state.blockUsePidNamespace : undefined; resourceInputs["blockUseUserNamespace"] = state ? state.blockUseUserNamespace : undefined; @@ -418,28 +322,66 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { resourceInputs["blockedOutboundPorts"] = state ? state.blockedOutboundPorts : undefined; resourceInputs["blockedPackages"] = state ? state.blockedPackages : undefined; resourceInputs["blockedVolumes"] = state ? state.blockedVolumes : undefined; + resourceInputs["bypassScopes"] = state ? state.bypassScopes : undefined; + resourceInputs["containerExec"] = state ? state.containerExec : undefined; resourceInputs["containerExecAllowedProcesses"] = state ? state.containerExecAllowedProcesses : undefined; + resourceInputs["created"] = state ? state.created : undefined; + resourceInputs["cve"] = state ? state.cve : undefined; + resourceInputs["defaultSecurityProfile"] = state ? state.defaultSecurityProfile : undefined; resourceInputs["description"] = state ? state.description : undefined; - resourceInputs["enableDriftPrevention"] = state ? state.enableDriftPrevention : undefined; + resourceInputs["digest"] = state ? state.digest : undefined; + resourceInputs["driftPreventions"] = state ? state.driftPreventions : undefined; + resourceInputs["enableCryptoMiningDns"] = state ? state.enableCryptoMiningDns : undefined; resourceInputs["enableForkGuard"] = state ? state.enableForkGuard : undefined; - resourceInputs["enableIpReputationSecurity"] = state ? state.enableIpReputationSecurity : undefined; - resourceInputs["enablePortScanDetection"] = state ? state.enablePortScanDetection : undefined; + resourceInputs["enableIpReputation"] = state ? state.enableIpReputation : undefined; + resourceInputs["enablePortScanProtection"] = state ? state.enablePortScanProtection : undefined; resourceInputs["enabled"] = state ? state.enabled : undefined; resourceInputs["enforce"] = state ? state.enforce : undefined; resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; - resourceInputs["exceptionalReadonlyFilesAndDirectories"] = state ? state.exceptionalReadonlyFilesAndDirectories : undefined; - resourceInputs["execLockdownWhiteLists"] = state ? state.execLockdownWhiteLists : undefined; + resourceInputs["enforceSchedulerAddedOn"] = state ? state.enforceSchedulerAddedOn : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; + resourceInputs["executableBlacklists"] = state ? state.executableBlacklists : undefined; + resourceInputs["failedKubernetesChecks"] = state ? state.failedKubernetesChecks : undefined; + resourceInputs["fileBlock"] = state ? state.fileBlock : undefined; resourceInputs["fileIntegrityMonitoring"] = state ? state.fileIntegrityMonitoring : undefined; resourceInputs["forkGuardProcessLimit"] = state ? state.forkGuardProcessLimit : undefined; + resourceInputs["imageName"] = state ? state.imageName : undefined; + resourceInputs["isAuditChecked"] = state ? state.isAuditChecked : undefined; + resourceInputs["isAutoGenerated"] = state ? state.isAutoGenerated : undefined; + resourceInputs["isOotbPolicy"] = state ? state.isOotbPolicy : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["limitContainerPrivileges"] = state ? state.limitContainerPrivileges : undefined; resourceInputs["limitNewPrivileges"] = state ? state.limitNewPrivileges : undefined; + resourceInputs["linuxCapabilities"] = state ? state.linuxCapabilities : undefined; resourceInputs["malwareScanOptions"] = state ? state.malwareScanOptions : undefined; resourceInputs["monitorSystemTimeChanges"] = state ? state.monitorSystemTimeChanges : undefined; resourceInputs["name"] = state ? state.name : undefined; - resourceInputs["readonlyFilesAndDirectories"] = state ? state.readonlyFilesAndDirectories : undefined; - resourceInputs["reverseShellAllowedIps"] = state ? state.reverseShellAllowedIps : undefined; - resourceInputs["reverseShellAllowedProcesses"] = state ? state.reverseShellAllowedProcesses : undefined; + resourceInputs["noNewPrivileges"] = state ? state.noNewPrivileges : undefined; + resourceInputs["onlyRegisteredImages"] = state ? state.onlyRegisteredImages : undefined; + resourceInputs["packageBlock"] = state ? state.packageBlock : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["portBlock"] = state ? state.portBlock : undefined; + resourceInputs["readonlyFiles"] = state ? state.readonlyFiles : undefined; + resourceInputs["readonlyRegistry"] = state ? state.readonlyRegistry : undefined; + resourceInputs["registry"] = state ? state.registry : undefined; + resourceInputs["registryAccessMonitoring"] = state ? state.registryAccessMonitoring : undefined; + resourceInputs["repoName"] = state ? state.repoName : undefined; + resourceInputs["resourceName"] = state ? state.resourceName : undefined; + resourceInputs["resourceType"] = state ? state.resourceType : undefined; + resourceInputs["restrictedVolumes"] = state ? state.restrictedVolumes : undefined; + resourceInputs["reverseShell"] = state ? state.reverseShell : undefined; + resourceInputs["runtimeMode"] = state ? state.runtimeMode : undefined; + resourceInputs["runtimeType"] = state ? state.runtimeType : undefined; resourceInputs["scopeExpression"] = state ? state.scopeExpression : undefined; resourceInputs["scopeVariables"] = state ? state.scopeVariables : undefined; + resourceInputs["scopes"] = state ? state.scopes : undefined; + resourceInputs["systemIntegrityProtection"] = state ? state.systemIntegrityProtection : undefined; + resourceInputs["tripwire"] = state ? state.tripwire : undefined; + resourceInputs["type"] = state ? state.type : undefined; + resourceInputs["updated"] = state ? state.updated : undefined; + resourceInputs["version"] = state ? state.version : undefined; + resourceInputs["vpatchVersion"] = state ? state.vpatchVersion : undefined; + resourceInputs["whitelistedOsUsers"] = state ? state.whitelistedOsUsers : undefined; } else { const args = argsOrState as ContainerRuntimePolicyArgs | undefined; resourceInputs["allowedExecutables"] = args ? args.allowedExecutables : undefined; @@ -447,20 +389,22 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; resourceInputs["auditAllNetworkActivity"] = args ? args.auditAllNetworkActivity : undefined; resourceInputs["auditAllProcessesActivity"] = args ? args.auditAllProcessesActivity : undefined; + resourceInputs["auditBruteForceLogin"] = args ? args.auditBruteForceLogin : undefined; resourceInputs["auditFullCommandArguments"] = args ? args.auditFullCommandArguments : undefined; + resourceInputs["auditing"] = args ? args.auditing : undefined; + resourceInputs["author"] = args ? args.author : undefined; + resourceInputs["blacklistedOsUsers"] = args ? args.blacklistedOsUsers : undefined; resourceInputs["blockAccessHostNetwork"] = args ? args.blockAccessHostNetwork : undefined; resourceInputs["blockAddingCapabilities"] = args ? args.blockAddingCapabilities : undefined; resourceInputs["blockContainerExec"] = args ? args.blockContainerExec : undefined; resourceInputs["blockCryptocurrencyMining"] = args ? args.blockCryptocurrencyMining : undefined; + resourceInputs["blockDisallowedImages"] = args ? args.blockDisallowedImages : undefined; resourceInputs["blockFilelessExec"] = args ? args.blockFilelessExec : undefined; resourceInputs["blockLowPortBinding"] = args ? args.blockLowPortBinding : undefined; - resourceInputs["blockNonCompliantImages"] = args ? args.blockNonCompliantImages : undefined; resourceInputs["blockNonCompliantWorkloads"] = args ? args.blockNonCompliantWorkloads : undefined; resourceInputs["blockNonK8sContainers"] = args ? args.blockNonK8sContainers : undefined; resourceInputs["blockPrivilegedContainers"] = args ? args.blockPrivilegedContainers : undefined; - resourceInputs["blockReverseShell"] = args ? args.blockReverseShell : undefined; resourceInputs["blockRootUser"] = args ? args.blockRootUser : undefined; - resourceInputs["blockUnregisteredImages"] = args ? args.blockUnregisteredImages : undefined; resourceInputs["blockUseIpcNamespace"] = args ? args.blockUseIpcNamespace : undefined; resourceInputs["blockUsePidNamespace"] = args ? args.blockUsePidNamespace : undefined; resourceInputs["blockUseUserNamespace"] = args ? args.blockUseUserNamespace : undefined; @@ -472,29 +416,66 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { resourceInputs["blockedOutboundPorts"] = args ? args.blockedOutboundPorts : undefined; resourceInputs["blockedPackages"] = args ? args.blockedPackages : undefined; resourceInputs["blockedVolumes"] = args ? args.blockedVolumes : undefined; + resourceInputs["bypassScopes"] = args ? args.bypassScopes : undefined; + resourceInputs["containerExec"] = args ? args.containerExec : undefined; resourceInputs["containerExecAllowedProcesses"] = args ? args.containerExecAllowedProcesses : undefined; + resourceInputs["created"] = args ? args.created : undefined; + resourceInputs["cve"] = args ? args.cve : undefined; + resourceInputs["defaultSecurityProfile"] = args ? args.defaultSecurityProfile : undefined; resourceInputs["description"] = args ? args.description : undefined; - resourceInputs["enableDriftPrevention"] = args ? args.enableDriftPrevention : undefined; + resourceInputs["digest"] = args ? args.digest : undefined; + resourceInputs["driftPreventions"] = args ? args.driftPreventions : undefined; + resourceInputs["enableCryptoMiningDns"] = args ? args.enableCryptoMiningDns : undefined; resourceInputs["enableForkGuard"] = args ? args.enableForkGuard : undefined; - resourceInputs["enableIpReputationSecurity"] = args ? args.enableIpReputationSecurity : undefined; - resourceInputs["enablePortScanDetection"] = args ? args.enablePortScanDetection : undefined; + resourceInputs["enableIpReputation"] = args ? args.enableIpReputation : undefined; + resourceInputs["enablePortScanProtection"] = args ? args.enablePortScanProtection : undefined; resourceInputs["enabled"] = args ? args.enabled : undefined; resourceInputs["enforce"] = args ? args.enforce : undefined; resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; - resourceInputs["exceptionalReadonlyFilesAndDirectories"] = args ? args.exceptionalReadonlyFilesAndDirectories : undefined; - resourceInputs["execLockdownWhiteLists"] = args ? args.execLockdownWhiteLists : undefined; + resourceInputs["enforceSchedulerAddedOn"] = args ? args.enforceSchedulerAddedOn : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; + resourceInputs["executableBlacklists"] = args ? args.executableBlacklists : undefined; + resourceInputs["failedKubernetesChecks"] = args ? args.failedKubernetesChecks : undefined; + resourceInputs["fileBlock"] = args ? args.fileBlock : undefined; resourceInputs["fileIntegrityMonitoring"] = args ? args.fileIntegrityMonitoring : undefined; resourceInputs["forkGuardProcessLimit"] = args ? args.forkGuardProcessLimit : undefined; + resourceInputs["imageName"] = args ? args.imageName : undefined; + resourceInputs["isAuditChecked"] = args ? args.isAuditChecked : undefined; + resourceInputs["isAutoGenerated"] = args ? args.isAutoGenerated : undefined; + resourceInputs["isOotbPolicy"] = args ? args.isOotbPolicy : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["limitContainerPrivileges"] = args ? args.limitContainerPrivileges : undefined; resourceInputs["limitNewPrivileges"] = args ? args.limitNewPrivileges : undefined; + resourceInputs["linuxCapabilities"] = args ? args.linuxCapabilities : undefined; resourceInputs["malwareScanOptions"] = args ? args.malwareScanOptions : undefined; resourceInputs["monitorSystemTimeChanges"] = args ? args.monitorSystemTimeChanges : undefined; resourceInputs["name"] = args ? args.name : undefined; - resourceInputs["readonlyFilesAndDirectories"] = args ? args.readonlyFilesAndDirectories : undefined; - resourceInputs["reverseShellAllowedIps"] = args ? args.reverseShellAllowedIps : undefined; - resourceInputs["reverseShellAllowedProcesses"] = args ? args.reverseShellAllowedProcesses : undefined; + resourceInputs["noNewPrivileges"] = args ? args.noNewPrivileges : undefined; + resourceInputs["onlyRegisteredImages"] = args ? args.onlyRegisteredImages : undefined; + resourceInputs["packageBlock"] = args ? args.packageBlock : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["portBlock"] = args ? args.portBlock : undefined; + resourceInputs["readonlyFiles"] = args ? args.readonlyFiles : undefined; + resourceInputs["readonlyRegistry"] = args ? args.readonlyRegistry : undefined; + resourceInputs["registry"] = args ? args.registry : undefined; + resourceInputs["registryAccessMonitoring"] = args ? args.registryAccessMonitoring : undefined; + resourceInputs["repoName"] = args ? args.repoName : undefined; + resourceInputs["resourceName"] = args ? args.resourceName : undefined; + resourceInputs["resourceType"] = args ? args.resourceType : undefined; + resourceInputs["restrictedVolumes"] = args ? args.restrictedVolumes : undefined; + resourceInputs["reverseShell"] = args ? args.reverseShell : undefined; + resourceInputs["runtimeMode"] = args ? args.runtimeMode : undefined; + resourceInputs["runtimeType"] = args ? args.runtimeType : undefined; resourceInputs["scopeExpression"] = args ? args.scopeExpression : undefined; resourceInputs["scopeVariables"] = args ? args.scopeVariables : undefined; - resourceInputs["author"] = undefined /*out*/; + resourceInputs["scopes"] = args ? args.scopes : undefined; + resourceInputs["systemIntegrityProtection"] = args ? args.systemIntegrityProtection : undefined; + resourceInputs["tripwire"] = args ? args.tripwire : undefined; + resourceInputs["type"] = args ? args.type : undefined; + resourceInputs["updated"] = args ? args.updated : undefined; + resourceInputs["version"] = args ? args.version : undefined; + resourceInputs["vpatchVersion"] = args ? args.vpatchVersion : undefined; + resourceInputs["whitelistedOsUsers"] = args ? args.whitelistedOsUsers : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ContainerRuntimePolicy.__pulumiType, name, resourceInputs, opts); @@ -506,13 +487,13 @@ export class ContainerRuntimePolicy extends pulumi.CustomResource { */ export interface ContainerRuntimePolicyState { /** - * List of executables that are allowed for the user. + * Allowed executables configuration. */ - allowedExecutables?: pulumi.Input[]>; + allowedExecutables?: pulumi.Input[]>; /** - * List of registries that allowed for running containers. + * List of allowed registries. */ - allowedRegistries?: pulumi.Input[]>; + allowedRegistries?: pulumi.Input[]>; /** * Indicates the application scope of the service. */ @@ -525,14 +506,20 @@ export interface ContainerRuntimePolicyState { * If true, all process activity will be audited. */ auditAllProcessesActivity?: pulumi.Input; + /** + * Detects brute force login attempts + */ + auditBruteForceLogin?: pulumi.Input; /** * If true, full command arguments will be audited. */ auditFullCommandArguments?: pulumi.Input; + auditing?: pulumi.Input; /** * Username of the account that created the service. */ author?: pulumi.Input; + blacklistedOsUsers?: pulumi.Input; /** * If true, prevent containers from running with access to host network. */ @@ -549,6 +536,7 @@ export interface ContainerRuntimePolicyState { * Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining */ blockCryptocurrencyMining?: pulumi.Input; + blockDisallowedImages?: pulumi.Input; /** * Detect and prevent running in-memory execution */ @@ -557,10 +545,6 @@ export interface ContainerRuntimePolicyState { * If true, prevent containers from running with the capability to bind in port lower than 1024. */ blockLowPortBinding?: pulumi.Input; - /** - * If true, running non-compliant image in the container is prevented. - */ - blockNonCompliantImages?: pulumi.Input; /** * If true, running containers in non-compliant pods is prevented. */ @@ -573,18 +557,10 @@ export interface ContainerRuntimePolicyState { * If true, prevent containers from running with privileged container capability. */ blockPrivilegedContainers?: pulumi.Input; - /** - * If true, reverse shell is prevented. - */ - blockReverseShell?: pulumi.Input; /** * If true, prevent containers from running with root user. */ blockRootUser?: pulumi.Input; - /** - * If true, running images in the container that are not registered in Aqua is prevented. - */ - blockUnregisteredImages?: pulumi.Input; /** * If true, prevent containers from running with the privilege to use the IPC namespace. */ @@ -629,32 +605,36 @@ export interface ContainerRuntimePolicyState { * List of volumes that are prevented from being mounted in the containers. */ blockedVolumes?: pulumi.Input[]>; + /** + * Bypass scope configuration. + */ + bypassScopes?: pulumi.Input[]>; + containerExec?: pulumi.Input; /** * List of processes that will be allowed. */ containerExecAllowedProcesses?: pulumi.Input[]>; + created?: pulumi.Input; + cve?: pulumi.Input; + defaultSecurityProfile?: pulumi.Input; /** * The description of the container runtime policy */ description?: pulumi.Input; + digest?: pulumi.Input; /** - * If true, executables that are not in the original image is prevented from running. + * Drift prevention configuration. */ - enableDriftPrevention?: pulumi.Input; + driftPreventions?: pulumi.Input[]>; + enableCryptoMiningDns?: pulumi.Input; /** * If true, fork bombs are prevented in the containers. */ enableForkGuard?: pulumi.Input; + enableIpReputation?: pulumi.Input; + enablePortScanProtection?: pulumi.Input; /** - * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - */ - enableIpReputationSecurity?: pulumi.Input; - /** - * If true, detects port scanning behavior in the container. - */ - enablePortScanDetection?: pulumi.Input; - /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ enabled?: pulumi.Input; /** @@ -665,14 +645,17 @@ export interface ContainerRuntimePolicyState { * Indicates the number of days after which the runtime policy will be changed to enforce mode. */ enforceAfterDays?: pulumi.Input; + enforceSchedulerAddedOn?: pulumi.Input; /** - * List of files and directories to be excluded from the read-only list. + * List of excluded application scopes. */ - exceptionalReadonlyFilesAndDirectories?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** - * Specify processes that will be allowed + * Executable blacklist configuration. */ - execLockdownWhiteLists?: pulumi.Input[]>; + executableBlacklists?: pulumi.Input[]>; + failedKubernetesChecks?: pulumi.Input; + fileBlock?: pulumi.Input; /** * Configuration for file integrity monitoring. */ @@ -681,10 +664,20 @@ export interface ContainerRuntimePolicyState { * Process limit for the fork guard. */ forkGuardProcessLimit?: pulumi.Input; + imageName?: pulumi.Input; + isAuditChecked?: pulumi.Input; + isAutoGenerated?: pulumi.Input; + isOotbPolicy?: pulumi.Input; + lastupdate?: pulumi.Input; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; /** * If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) */ limitNewPrivileges?: pulumi.Input; + linuxCapabilities?: pulumi.Input; /** * Configuration for Real-Time Malware Protection. */ @@ -694,21 +687,28 @@ export interface ContainerRuntimePolicyState { */ monitorSystemTimeChanges?: pulumi.Input; /** - * Name of the container runtime policy + * Name assigned to the attribute. */ name?: pulumi.Input; - /** - * List of files and directories to be restricted as read-only - */ - readonlyFilesAndDirectories?: pulumi.Input[]>; - /** - * List of IPs/ CIDRs that will be allowed - */ - reverseShellAllowedIps?: pulumi.Input[]>; - /** - * List of processes that will be allowed - */ - reverseShellAllowedProcesses?: pulumi.Input[]>; + noNewPrivileges?: pulumi.Input; + onlyRegisteredImages?: pulumi.Input; + packageBlock?: pulumi.Input; + permission?: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; + readonlyRegistry?: pulumi.Input; + registry?: pulumi.Input; + registryAccessMonitoring?: pulumi.Input; + repoName?: pulumi.Input; + resourceName?: pulumi.Input; + resourceType?: pulumi.Input; + /** + * Restricted volumes configuration. + */ + restrictedVolumes?: pulumi.Input[]>; + reverseShell?: pulumi.Input; + runtimeMode?: pulumi.Input; + runtimeType?: pulumi.Input; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -717,6 +717,17 @@ export interface ContainerRuntimePolicyState { * List of scope attributes. */ scopeVariables?: pulumi.Input[]>; + /** + * Scope configuration. + */ + scopes?: pulumi.Input[]>; + systemIntegrityProtection?: pulumi.Input; + tripwire?: pulumi.Input; + type?: pulumi.Input; + updated?: pulumi.Input; + version?: pulumi.Input; + vpatchVersion?: pulumi.Input; + whitelistedOsUsers?: pulumi.Input; } /** @@ -724,13 +735,13 @@ export interface ContainerRuntimePolicyState { */ export interface ContainerRuntimePolicyArgs { /** - * List of executables that are allowed for the user. + * Allowed executables configuration. */ - allowedExecutables?: pulumi.Input[]>; + allowedExecutables?: pulumi.Input[]>; /** - * List of registries that allowed for running containers. + * List of allowed registries. */ - allowedRegistries?: pulumi.Input[]>; + allowedRegistries?: pulumi.Input[]>; /** * Indicates the application scope of the service. */ @@ -743,10 +754,20 @@ export interface ContainerRuntimePolicyArgs { * If true, all process activity will be audited. */ auditAllProcessesActivity?: pulumi.Input; + /** + * Detects brute force login attempts + */ + auditBruteForceLogin?: pulumi.Input; /** * If true, full command arguments will be audited. */ auditFullCommandArguments?: pulumi.Input; + auditing?: pulumi.Input; + /** + * Username of the account that created the service. + */ + author?: pulumi.Input; + blacklistedOsUsers?: pulumi.Input; /** * If true, prevent containers from running with access to host network. */ @@ -763,6 +784,7 @@ export interface ContainerRuntimePolicyArgs { * Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining */ blockCryptocurrencyMining?: pulumi.Input; + blockDisallowedImages?: pulumi.Input; /** * Detect and prevent running in-memory execution */ @@ -771,10 +793,6 @@ export interface ContainerRuntimePolicyArgs { * If true, prevent containers from running with the capability to bind in port lower than 1024. */ blockLowPortBinding?: pulumi.Input; - /** - * If true, running non-compliant image in the container is prevented. - */ - blockNonCompliantImages?: pulumi.Input; /** * If true, running containers in non-compliant pods is prevented. */ @@ -787,18 +805,10 @@ export interface ContainerRuntimePolicyArgs { * If true, prevent containers from running with privileged container capability. */ blockPrivilegedContainers?: pulumi.Input; - /** - * If true, reverse shell is prevented. - */ - blockReverseShell?: pulumi.Input; /** * If true, prevent containers from running with root user. */ blockRootUser?: pulumi.Input; - /** - * If true, running images in the container that are not registered in Aqua is prevented. - */ - blockUnregisteredImages?: pulumi.Input; /** * If true, prevent containers from running with the privilege to use the IPC namespace. */ @@ -843,32 +853,36 @@ export interface ContainerRuntimePolicyArgs { * List of volumes that are prevented from being mounted in the containers. */ blockedVolumes?: pulumi.Input[]>; + /** + * Bypass scope configuration. + */ + bypassScopes?: pulumi.Input[]>; + containerExec?: pulumi.Input; /** * List of processes that will be allowed. */ containerExecAllowedProcesses?: pulumi.Input[]>; + created?: pulumi.Input; + cve?: pulumi.Input; + defaultSecurityProfile?: pulumi.Input; /** * The description of the container runtime policy */ description?: pulumi.Input; + digest?: pulumi.Input; /** - * If true, executables that are not in the original image is prevented from running. + * Drift prevention configuration. */ - enableDriftPrevention?: pulumi.Input; + driftPreventions?: pulumi.Input[]>; + enableCryptoMiningDns?: pulumi.Input; /** * If true, fork bombs are prevented in the containers. */ enableForkGuard?: pulumi.Input; + enableIpReputation?: pulumi.Input; + enablePortScanProtection?: pulumi.Input; /** - * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - */ - enableIpReputationSecurity?: pulumi.Input; - /** - * If true, detects port scanning behavior in the container. - */ - enablePortScanDetection?: pulumi.Input; - /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ enabled?: pulumi.Input; /** @@ -879,14 +893,17 @@ export interface ContainerRuntimePolicyArgs { * Indicates the number of days after which the runtime policy will be changed to enforce mode. */ enforceAfterDays?: pulumi.Input; + enforceSchedulerAddedOn?: pulumi.Input; /** - * List of files and directories to be excluded from the read-only list. + * List of excluded application scopes. */ - exceptionalReadonlyFilesAndDirectories?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** - * Specify processes that will be allowed + * Executable blacklist configuration. */ - execLockdownWhiteLists?: pulumi.Input[]>; + executableBlacklists?: pulumi.Input[]>; + failedKubernetesChecks?: pulumi.Input; + fileBlock?: pulumi.Input; /** * Configuration for file integrity monitoring. */ @@ -895,10 +912,20 @@ export interface ContainerRuntimePolicyArgs { * Process limit for the fork guard. */ forkGuardProcessLimit?: pulumi.Input; + imageName?: pulumi.Input; + isAuditChecked?: pulumi.Input; + isAutoGenerated?: pulumi.Input; + isOotbPolicy?: pulumi.Input; + lastupdate?: pulumi.Input; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; /** * If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) */ limitNewPrivileges?: pulumi.Input; + linuxCapabilities?: pulumi.Input; /** * Configuration for Real-Time Malware Protection. */ @@ -908,21 +935,28 @@ export interface ContainerRuntimePolicyArgs { */ monitorSystemTimeChanges?: pulumi.Input; /** - * Name of the container runtime policy + * Name assigned to the attribute. */ name?: pulumi.Input; - /** - * List of files and directories to be restricted as read-only - */ - readonlyFilesAndDirectories?: pulumi.Input[]>; - /** - * List of IPs/ CIDRs that will be allowed - */ - reverseShellAllowedIps?: pulumi.Input[]>; - /** - * List of processes that will be allowed - */ - reverseShellAllowedProcesses?: pulumi.Input[]>; + noNewPrivileges?: pulumi.Input; + onlyRegisteredImages?: pulumi.Input; + packageBlock?: pulumi.Input; + permission?: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; + readonlyRegistry?: pulumi.Input; + registry?: pulumi.Input; + registryAccessMonitoring?: pulumi.Input; + repoName?: pulumi.Input; + resourceName?: pulumi.Input; + resourceType?: pulumi.Input; + /** + * Restricted volumes configuration. + */ + restrictedVolumes?: pulumi.Input[]>; + reverseShell?: pulumi.Input; + runtimeMode?: pulumi.Input; + runtimeType?: pulumi.Input; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -931,4 +965,15 @@ export interface ContainerRuntimePolicyArgs { * List of scope attributes. */ scopeVariables?: pulumi.Input[]>; + /** + * Scope configuration. + */ + scopes?: pulumi.Input[]>; + systemIntegrityProtection?: pulumi.Input; + tripwire?: pulumi.Input; + type?: pulumi.Input; + updated?: pulumi.Input; + version?: pulumi.Input; + vpatchVersion?: pulumi.Input; + whitelistedOsUsers?: pulumi.Input; } diff --git a/sdk/nodejs/functionAssurancePolicy.ts b/sdk/nodejs/functionAssurancePolicy.ts index f8f89f5d..b8861108 100644 --- a/sdk/nodejs/functionAssurancePolicy.ts +++ b/sdk/nodejs/functionAssurancePolicy.ts @@ -6,6 +6,14 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; +/** + * Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: + * Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. + * Evaluating function risks based on scan results, according to Function Assurance Policies. + * Checking function compliance with these policies. + * For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. + * Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. + */ export class FunctionAssurancePolicy extends pulumi.CustomResource { /** * Get an existing FunctionAssurancePolicy resource's state with the given name, ID, and optional extra @@ -34,11 +42,19 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { return obj['__pulumiType'] === FunctionAssurancePolicy.__pulumiType; } + /** + * Aggregated vulnerability information. + */ + public readonly aggregatedVulnerability!: pulumi.Output<{[key: string]: string} | undefined>; /** * List of explicitly allowed images. */ public readonly allowedImages!: pulumi.Output; public readonly applicationScopes!: pulumi.Output; + /** + * What type of assurance policy is described. + */ + public readonly assuranceType!: pulumi.Output; /** * Indicates if auditing for failures. */ @@ -46,7 +62,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { /** * Name of user account that created the policy. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly author!: pulumi.Output; public readonly autoScanConfigured!: pulumi.Output; public readonly autoScanEnabled!: pulumi.Output; public readonly autoScanTimes!: pulumi.Output; @@ -63,7 +79,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { */ public readonly blacklistedLicenses!: pulumi.Output; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ public readonly blacklistedLicensesEnabled!: pulumi.Output; /** @@ -79,17 +95,18 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { * Indicates if scanning should include custom checks. */ public readonly customChecksEnabled!: pulumi.Output; + public readonly customSeverity!: pulumi.Output; public readonly customSeverityEnabled!: pulumi.Output; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ public readonly cvesBlackListEnabled!: pulumi.Output; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ public readonly cvesBlackLists!: pulumi.Output; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ public readonly cvesWhiteListEnabled!: pulumi.Output; /** @@ -109,10 +126,14 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { */ public readonly cvssSeverityExcludeNoFix!: pulumi.Output; public readonly description!: pulumi.Output; + public readonly disallowExploitTypes!: pulumi.Output; /** * Indicates if malware should block the image. */ public readonly disallowMalware!: pulumi.Output; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ public readonly dockerCisEnabled!: pulumi.Output; /** * Name of the container image. @@ -126,6 +147,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { public readonly enforceAfterDays!: pulumi.Output; public readonly enforceExcessivePermissions!: pulumi.Output; public readonly exceptionalMonitoredMalwarePaths!: pulumi.Output; + public readonly excludeApplicationScopes!: pulumi.Output; /** * Indicates if cicd failures will fail the image. */ @@ -134,8 +156,9 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { public readonly forbiddenLabelsEnabled!: pulumi.Output; public readonly forceMicroenforcer!: pulumi.Output; public readonly functionIntegrityEnabled!: pulumi.Output; + public readonly ignoreBaseImageVln!: pulumi.Output; public readonly ignoreRecentlyPublishedVln!: pulumi.Output; - public /*out*/ readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; + public readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; /** * Indicates if risk resources are ignored. */ @@ -144,15 +167,27 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { * List of ignored risk resources. */ public readonly ignoredRiskResources!: pulumi.Output; + public readonly ignoredSensitiveResources!: pulumi.Output; /** * List of images. */ public readonly images!: pulumi.Output; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ public readonly kubeCisEnabled!: pulumi.Output; + /** + * List of Kubernetes controls. + */ + public readonly kubernetesControls!: pulumi.Output; + public readonly kubernetesControlsAvdIds!: pulumi.Output; + public readonly kubernetesControlsNames!: pulumi.Output; /** * List of labels. */ public readonly labels!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + public readonly linuxCisEnabled!: pulumi.Output; public readonly malwareAction!: pulumi.Output; /** * Value of allowed maximum score. @@ -162,9 +197,6 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { * Indicates if exceeding the maximum score is scanned. */ public readonly maximumScoreEnabled!: pulumi.Output; - /** - * Indicates that policy should ignore cases that do not have a known fix. - */ public readonly maximumScoreExcludeNoFix!: pulumi.Output; public readonly monitoredMalwarePaths!: pulumi.Output; public readonly name!: pulumi.Output; @@ -172,12 +204,13 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { * Indicates if raise a warning for images that should only be run as root. */ public readonly onlyNoneRootUsers!: pulumi.Output; + public readonly openshiftHardeningEnabled!: pulumi.Output; /** * Indicates if packages blacklist is relevant. */ public readonly packagesBlackListEnabled!: pulumi.Output; /** - * List of backlisted images. + * List of blacklisted images. */ public readonly packagesBlackLists!: pulumi.Output; /** @@ -189,6 +222,8 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { */ public readonly packagesWhiteLists!: pulumi.Output; public readonly partialResultsImageFail!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly policySettings!: pulumi.Output; public readonly readOnly!: pulumi.Output; /** * List of registries. @@ -197,11 +232,14 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { public readonly registry!: pulumi.Output; public readonly requiredLabels!: pulumi.Output; public readonly requiredLabelsEnabled!: pulumi.Output; + public readonly scanMalwareInArchives!: pulumi.Output; public readonly scanNfsMounts!: pulumi.Output; + public readonly scanProcessMemory!: pulumi.Output; /** * Indicates if scan should include sensitive data in the image. */ public readonly scanSensitiveData!: pulumi.Output; + public readonly scanWindowsRegistry!: pulumi.Output; /** * Indicates if scanning should include scap. */ @@ -219,6 +257,8 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { * Indicates if list of trusted base images is relevant. */ public readonly trustedBaseImagesEnabled!: pulumi.Output; + public readonly vulnerabilityExploitability!: pulumi.Output; + public readonly vulnerabilityScoreRanges!: pulumi.Output; /** * List of whitelisted licenses. */ @@ -241,8 +281,10 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { opts = opts || {}; if (opts.id) { const state = argsOrState as FunctionAssurancePolicyState | undefined; + resourceInputs["aggregatedVulnerability"] = state ? state.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = state ? state.allowedImages : undefined; resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; + resourceInputs["assuranceType"] = state ? state.assuranceType : undefined; resourceInputs["auditOnFailure"] = state ? state.auditOnFailure : undefined; resourceInputs["author"] = state ? state.author : undefined; resourceInputs["autoScanConfigured"] = state ? state.autoScanConfigured : undefined; @@ -256,6 +298,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = state ? state.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = state ? state.customChecks : undefined; resourceInputs["customChecksEnabled"] = state ? state.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = state ? state.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = state ? state.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = state ? state.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = state ? state.cvesBlackLists : undefined; @@ -265,6 +308,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = state ? state.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = state ? state.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["disallowExploitTypes"] = state ? state.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = state ? state.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = state ? state.dockerCisEnabled : undefined; resourceInputs["domain"] = state ? state.domain : undefined; @@ -276,18 +320,26 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = state ? state.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = state ? state.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; resourceInputs["failCicd"] = state ? state.failCicd : undefined; resourceInputs["forbiddenLabels"] = state ? state.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = state ? state.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = state ? state.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = state ? state.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = state ? state.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = state ? state.ignoreRecentlyPublishedVln : undefined; resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = state ? state.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = state ? state.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = state ? state.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = state ? state.ignoredSensitiveResources : undefined; resourceInputs["images"] = state ? state.images : undefined; resourceInputs["kubeCisEnabled"] = state ? state.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = state ? state.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = state ? state.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = state ? state.kubernetesControlsNames : undefined; resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = state ? state.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = state ? state.malwareAction : undefined; resourceInputs["maximumScore"] = state ? state.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = state ? state.maximumScoreEnabled : undefined; @@ -295,23 +347,31 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = state ? state.monitoredMalwarePaths : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["onlyNoneRootUsers"] = state ? state.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = state ? state.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = state ? state.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = state ? state.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = state ? state.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = state ? state.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = state ? state.partialResultsImageFail : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["policySettings"] = state ? state.policySettings : undefined; resourceInputs["readOnly"] = state ? state.readOnly : undefined; resourceInputs["registries"] = state ? state.registries : undefined; resourceInputs["registry"] = state ? state.registry : undefined; resourceInputs["requiredLabels"] = state ? state.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = state ? state.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = state ? state.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = state ? state.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = state ? state.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = state ? state.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = state ? state.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = state ? state.scapEnabled : undefined; resourceInputs["scapFiles"] = state ? state.scapFiles : undefined; resourceInputs["scopes"] = state ? state.scopes : undefined; resourceInputs["trustedBaseImages"] = state ? state.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = state ? state.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = state ? state.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = state ? state.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = state ? state.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = state ? state.whitelistedLicensesEnabled : undefined; } else { @@ -319,9 +379,12 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { if ((!args || args.applicationScopes === undefined) && !opts.urn) { throw new Error("Missing required property 'applicationScopes'"); } + resourceInputs["aggregatedVulnerability"] = args ? args.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = args ? args.allowedImages : undefined; resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; + resourceInputs["assuranceType"] = args ? args.assuranceType : undefined; resourceInputs["auditOnFailure"] = args ? args.auditOnFailure : undefined; + resourceInputs["author"] = args ? args.author : undefined; resourceInputs["autoScanConfigured"] = args ? args.autoScanConfigured : undefined; resourceInputs["autoScanEnabled"] = args ? args.autoScanEnabled : undefined; resourceInputs["autoScanTimes"] = args ? args.autoScanTimes : undefined; @@ -333,6 +396,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = args ? args.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = args ? args.customChecks : undefined; resourceInputs["customChecksEnabled"] = args ? args.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = args ? args.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = args ? args.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = args ? args.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = args ? args.cvesBlackLists : undefined; @@ -342,6 +406,7 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = args ? args.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = args ? args.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["disallowExploitTypes"] = args ? args.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = args ? args.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = args ? args.dockerCisEnabled : undefined; resourceInputs["domain"] = args ? args.domain : undefined; @@ -353,17 +418,26 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = args ? args.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = args ? args.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; resourceInputs["failCicd"] = args ? args.failCicd : undefined; resourceInputs["forbiddenLabels"] = args ? args.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = args ? args.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = args ? args.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = args ? args.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = args ? args.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = args ? args.ignoreRecentlyPublishedVln : undefined; + resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = args ? args.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = args ? args.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = args ? args.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = args ? args.ignoredSensitiveResources : undefined; resourceInputs["images"] = args ? args.images : undefined; resourceInputs["kubeCisEnabled"] = args ? args.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = args ? args.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = args ? args.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = args ? args.kubernetesControlsNames : undefined; resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = args ? args.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = args ? args.malwareAction : undefined; resourceInputs["maximumScore"] = args ? args.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = args ? args.maximumScoreEnabled : undefined; @@ -371,27 +445,33 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = args ? args.monitoredMalwarePaths : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["onlyNoneRootUsers"] = args ? args.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = args ? args.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = args ? args.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = args ? args.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = args ? args.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = args ? args.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = args ? args.partialResultsImageFail : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["policySettings"] = args ? args.policySettings : undefined; resourceInputs["readOnly"] = args ? args.readOnly : undefined; resourceInputs["registries"] = args ? args.registries : undefined; resourceInputs["registry"] = args ? args.registry : undefined; resourceInputs["requiredLabels"] = args ? args.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = args ? args.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = args ? args.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = args ? args.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = args ? args.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = args ? args.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = args ? args.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = args ? args.scapEnabled : undefined; resourceInputs["scapFiles"] = args ? args.scapFiles : undefined; resourceInputs["scopes"] = args ? args.scopes : undefined; resourceInputs["trustedBaseImages"] = args ? args.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = args ? args.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = args ? args.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = args ? args.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = args ? args.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = args ? args.whitelistedLicensesEnabled : undefined; - resourceInputs["author"] = undefined /*out*/; - resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(FunctionAssurancePolicy.__pulumiType, name, resourceInputs, opts); @@ -402,11 +482,19 @@ export class FunctionAssurancePolicy extends pulumi.CustomResource { * Input properties used for looking up and filtering FunctionAssurancePolicy resources. */ export interface FunctionAssurancePolicyState { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes?: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ @@ -431,7 +519,7 @@ export interface FunctionAssurancePolicyState { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -447,17 +535,18 @@ export interface FunctionAssurancePolicyState { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ cvesBlackLists?: pulumi.Input[]>; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ cvesWhiteListEnabled?: pulumi.Input; /** @@ -477,10 +566,14 @@ export interface FunctionAssurancePolicyState { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -494,6 +587,7 @@ export interface FunctionAssurancePolicyState { enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** * Indicates if cicd failures will fail the image. */ @@ -502,6 +596,7 @@ export interface FunctionAssurancePolicyState { forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** @@ -512,15 +607,27 @@ export interface FunctionAssurancePolicyState { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; /** * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -530,9 +637,6 @@ export interface FunctionAssurancePolicyState { * Indicates if exceeding the maximum score is scanned. */ maximumScoreEnabled?: pulumi.Input; - /** - * Indicates that policy should ignore cases that do not have a known fix. - */ maximumScoreExcludeNoFix?: pulumi.Input; monitoredMalwarePaths?: pulumi.Input[]>; name?: pulumi.Input; @@ -540,12 +644,13 @@ export interface FunctionAssurancePolicyState { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -557,6 +662,8 @@ export interface FunctionAssurancePolicyState { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -565,11 +672,14 @@ export interface FunctionAssurancePolicyState { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -587,6 +697,8 @@ export interface FunctionAssurancePolicyState { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ @@ -601,15 +713,27 @@ export interface FunctionAssurancePolicyState { * The set of arguments for constructing a FunctionAssurancePolicy resource. */ export interface FunctionAssurancePolicyArgs { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ auditOnFailure?: pulumi.Input; + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; autoScanConfigured?: pulumi.Input; autoScanEnabled?: pulumi.Input; autoScanTimes?: pulumi.Input[]>; @@ -626,7 +750,7 @@ export interface FunctionAssurancePolicyArgs { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -642,17 +766,18 @@ export interface FunctionAssurancePolicyArgs { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ cvesBlackLists?: pulumi.Input[]>; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ cvesWhiteListEnabled?: pulumi.Input; /** @@ -672,10 +797,14 @@ export interface FunctionAssurancePolicyArgs { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -689,6 +818,7 @@ export interface FunctionAssurancePolicyArgs { enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** * Indicates if cicd failures will fail the image. */ @@ -697,7 +827,9 @@ export interface FunctionAssurancePolicyArgs { forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; + ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** * Indicates if risk resources are ignored. */ @@ -706,15 +838,27 @@ export interface FunctionAssurancePolicyArgs { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; /** * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -724,9 +868,6 @@ export interface FunctionAssurancePolicyArgs { * Indicates if exceeding the maximum score is scanned. */ maximumScoreEnabled?: pulumi.Input; - /** - * Indicates that policy should ignore cases that do not have a known fix. - */ maximumScoreExcludeNoFix?: pulumi.Input; monitoredMalwarePaths?: pulumi.Input[]>; name?: pulumi.Input; @@ -734,12 +875,13 @@ export interface FunctionAssurancePolicyArgs { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -751,6 +893,8 @@ export interface FunctionAssurancePolicyArgs { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -759,11 +903,14 @@ export interface FunctionAssurancePolicyArgs { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -781,6 +928,8 @@ export interface FunctionAssurancePolicyArgs { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ diff --git a/sdk/nodejs/functionRuntimePolicy.ts b/sdk/nodejs/functionRuntimePolicy.ts index a5c4567c..a6b89cda 100644 --- a/sdk/nodejs/functionRuntimePolicy.ts +++ b/sdk/nodejs/functionRuntimePolicy.ts @@ -6,42 +6,6 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; -/** - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as aquasec from "@pulumiverse/aquasec"; - * - * const functionRuntimePolicy = new aquasec.FunctionRuntimePolicy("functionRuntimePolicy", { - * applicationScopes: ["Global"], - * blockMaliciousExecutables: true, - * blockMaliciousExecutablesAllowedProcesses: [ - * "proc1", - * "proc2", - * ], - * blockRunningExecutablesInTmpFolder: true, - * blockedExecutables: [ - * "exe1", - * "exe2", - * ], - * description: "function_runtime_policy", - * enabled: true, - * enforce: false, - * scopeVariables: [ - * { - * attribute: "kubernetes.cluster", - * value: "default", - * }, - * { - * attribute: "kubernetes.label", - * name: "app", - * value: "aqua", - * }, - * ], - * }); - * ``` - */ export class FunctionRuntimePolicy extends pulumi.CustomResource { /** * Get an existing FunctionRuntimePolicy resource's state with the given name, ID, and optional extra @@ -71,41 +35,81 @@ export class FunctionRuntimePolicy extends pulumi.CustomResource { } /** - * Indicates the application scope of the service. + * Allowed executables configuration. */ - public readonly applicationScopes!: pulumi.Output; + public readonly allowedExecutables!: pulumi.Output; /** - * Username of the account that created the service. + * List of allowed registries. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly allowedRegistries!: pulumi.Output; /** - * If true, prevent creation of malicious executables in functions during their runtime post invocation. + * Indicates the application scope of the service. */ - public readonly blockMaliciousExecutables!: pulumi.Output; + public readonly applicationScopes!: pulumi.Output; /** - * List of processes that will be allowed + * Detects brute force login attempts */ - public readonly blockMaliciousExecutablesAllowedProcesses!: pulumi.Output; + public readonly auditBruteForceLogin!: pulumi.Output; + public readonly auditing!: pulumi.Output; /** - * If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. + * Username of the account that created the service. */ - public readonly blockRunningExecutablesInTmpFolder!: pulumi.Output; + public readonly author!: pulumi.Output; + public readonly blacklistedOsUsers!: pulumi.Output; + public readonly blockContainerExec!: pulumi.Output; + public readonly blockDisallowedImages!: pulumi.Output; + public readonly blockFilelessExec!: pulumi.Output; + public readonly blockNonCompliantWorkloads!: pulumi.Output; + public readonly blockNonK8sContainers!: pulumi.Output; /** - * List of executables that are prevented from running in containers. + * Bypass scope configuration. */ - public readonly blockedExecutables!: pulumi.Output; + public readonly bypassScopes!: pulumi.Output; + public readonly containerExec!: pulumi.Output; + public readonly created!: pulumi.Output; + public readonly cve!: pulumi.Output; + public readonly defaultSecurityProfile!: pulumi.Output; /** * The description of the function runtime policy */ public readonly description!: pulumi.Output; + public readonly digest!: pulumi.Output; + /** + * Drift prevention configuration. + */ + public readonly driftPreventions!: pulumi.Output; + public readonly enableCryptoMiningDns!: pulumi.Output; + public readonly enableForkGuard!: pulumi.Output; + public readonly enableIpReputation!: pulumi.Output; + public readonly enablePortScanProtection!: pulumi.Output; /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ public readonly enabled!: pulumi.Output; /** * Indicates that policy should effect container execution (not just for audit). */ public readonly enforce!: pulumi.Output; + /** + * Indicates the number of days after which the runtime policy will be changed to enforce mode. + */ + public readonly enforceAfterDays!: pulumi.Output; + public readonly enforceSchedulerAddedOn!: pulumi.Output; + /** + * List of excluded application scopes. + */ + public readonly excludeApplicationScopes!: pulumi.Output; + /** + * Executable blacklist configuration. + */ + public readonly executableBlacklists!: pulumi.Output; + public readonly failedKubernetesChecks!: pulumi.Output; + public readonly fileBlock!: pulumi.Output; + /** + * Configuration for file integrity monitoring. + */ + public readonly fileIntegrityMonitorings!: pulumi.Output; + public readonly forkGuardProcessLimit!: pulumi.Output; /** * Honeypot User ID (Access Key) */ @@ -122,10 +126,43 @@ export class FunctionRuntimePolicy extends pulumi.CustomResource { * Serverless application name */ public readonly honeypotServerlessAppName!: pulumi.Output; + public readonly imageName!: pulumi.Output; + public readonly isAuditChecked!: pulumi.Output; + public readonly isAutoGenerated!: pulumi.Output; + public readonly isOotbPolicy!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; /** - * Name of the function runtime policy + * Container privileges configuration. + */ + public readonly limitContainerPrivileges!: pulumi.Output; + public readonly linuxCapabilities!: pulumi.Output; + /** + * Configuration for Real-Time Malware Protection. + */ + public readonly malwareScanOptions!: pulumi.Output; + /** + * Name assigned to the attribute. */ public readonly name!: pulumi.Output; + public readonly noNewPrivileges!: pulumi.Output; + public readonly onlyRegisteredImages!: pulumi.Output; + public readonly packageBlock!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly portBlock!: pulumi.Output; + public readonly readonlyFiles!: pulumi.Output; + public readonly readonlyRegistry!: pulumi.Output; + public readonly registry!: pulumi.Output; + public readonly registryAccessMonitoring!: pulumi.Output; + public readonly repoName!: pulumi.Output; + public readonly resourceName!: pulumi.Output; + public readonly resourceType!: pulumi.Output; + /** + * Restricted volumes configuration. + */ + public readonly restrictedVolumes!: pulumi.Output; + public readonly reverseShell!: pulumi.Output; + public readonly runtimeMode!: pulumi.Output; + public readonly runtimeType!: pulumi.Output; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -134,6 +171,17 @@ export class FunctionRuntimePolicy extends pulumi.CustomResource { * List of scope attributes. */ public readonly scopeVariables!: pulumi.Output; + /** + * Scope configuration. + */ + public readonly scopes!: pulumi.Output; + public readonly systemIntegrityProtection!: pulumi.Output; + public readonly tripwire!: pulumi.Output; + public readonly type!: pulumi.Output; + public readonly updated!: pulumi.Output; + public readonly version!: pulumi.Output; + public readonly vpatchVersion!: pulumi.Output; + public readonly whitelistedOsUsers!: pulumi.Output; /** * Create a FunctionRuntimePolicy resource with the given unique name, arguments, and options. @@ -148,40 +196,154 @@ export class FunctionRuntimePolicy extends pulumi.CustomResource { opts = opts || {}; if (opts.id) { const state = argsOrState as FunctionRuntimePolicyState | undefined; + resourceInputs["allowedExecutables"] = state ? state.allowedExecutables : undefined; + resourceInputs["allowedRegistries"] = state ? state.allowedRegistries : undefined; resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; + resourceInputs["auditBruteForceLogin"] = state ? state.auditBruteForceLogin : undefined; + resourceInputs["auditing"] = state ? state.auditing : undefined; resourceInputs["author"] = state ? state.author : undefined; - resourceInputs["blockMaliciousExecutables"] = state ? state.blockMaliciousExecutables : undefined; - resourceInputs["blockMaliciousExecutablesAllowedProcesses"] = state ? state.blockMaliciousExecutablesAllowedProcesses : undefined; - resourceInputs["blockRunningExecutablesInTmpFolder"] = state ? state.blockRunningExecutablesInTmpFolder : undefined; - resourceInputs["blockedExecutables"] = state ? state.blockedExecutables : undefined; + resourceInputs["blacklistedOsUsers"] = state ? state.blacklistedOsUsers : undefined; + resourceInputs["blockContainerExec"] = state ? state.blockContainerExec : undefined; + resourceInputs["blockDisallowedImages"] = state ? state.blockDisallowedImages : undefined; + resourceInputs["blockFilelessExec"] = state ? state.blockFilelessExec : undefined; + resourceInputs["blockNonCompliantWorkloads"] = state ? state.blockNonCompliantWorkloads : undefined; + resourceInputs["blockNonK8sContainers"] = state ? state.blockNonK8sContainers : undefined; + resourceInputs["bypassScopes"] = state ? state.bypassScopes : undefined; + resourceInputs["containerExec"] = state ? state.containerExec : undefined; + resourceInputs["created"] = state ? state.created : undefined; + resourceInputs["cve"] = state ? state.cve : undefined; + resourceInputs["defaultSecurityProfile"] = state ? state.defaultSecurityProfile : undefined; resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["digest"] = state ? state.digest : undefined; + resourceInputs["driftPreventions"] = state ? state.driftPreventions : undefined; + resourceInputs["enableCryptoMiningDns"] = state ? state.enableCryptoMiningDns : undefined; + resourceInputs["enableForkGuard"] = state ? state.enableForkGuard : undefined; + resourceInputs["enableIpReputation"] = state ? state.enableIpReputation : undefined; + resourceInputs["enablePortScanProtection"] = state ? state.enablePortScanProtection : undefined; resourceInputs["enabled"] = state ? state.enabled : undefined; resourceInputs["enforce"] = state ? state.enforce : undefined; + resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; + resourceInputs["enforceSchedulerAddedOn"] = state ? state.enforceSchedulerAddedOn : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; + resourceInputs["executableBlacklists"] = state ? state.executableBlacklists : undefined; + resourceInputs["failedKubernetesChecks"] = state ? state.failedKubernetesChecks : undefined; + resourceInputs["fileBlock"] = state ? state.fileBlock : undefined; + resourceInputs["fileIntegrityMonitorings"] = state ? state.fileIntegrityMonitorings : undefined; + resourceInputs["forkGuardProcessLimit"] = state ? state.forkGuardProcessLimit : undefined; resourceInputs["honeypotAccessKey"] = state ? state.honeypotAccessKey : undefined; resourceInputs["honeypotApplyOns"] = state ? state.honeypotApplyOns : undefined; resourceInputs["honeypotSecretKey"] = state ? state.honeypotSecretKey : undefined; resourceInputs["honeypotServerlessAppName"] = state ? state.honeypotServerlessAppName : undefined; + resourceInputs["imageName"] = state ? state.imageName : undefined; + resourceInputs["isAuditChecked"] = state ? state.isAuditChecked : undefined; + resourceInputs["isAutoGenerated"] = state ? state.isAutoGenerated : undefined; + resourceInputs["isOotbPolicy"] = state ? state.isOotbPolicy : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["limitContainerPrivileges"] = state ? state.limitContainerPrivileges : undefined; + resourceInputs["linuxCapabilities"] = state ? state.linuxCapabilities : undefined; + resourceInputs["malwareScanOptions"] = state ? state.malwareScanOptions : undefined; resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["noNewPrivileges"] = state ? state.noNewPrivileges : undefined; + resourceInputs["onlyRegisteredImages"] = state ? state.onlyRegisteredImages : undefined; + resourceInputs["packageBlock"] = state ? state.packageBlock : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["portBlock"] = state ? state.portBlock : undefined; + resourceInputs["readonlyFiles"] = state ? state.readonlyFiles : undefined; + resourceInputs["readonlyRegistry"] = state ? state.readonlyRegistry : undefined; + resourceInputs["registry"] = state ? state.registry : undefined; + resourceInputs["registryAccessMonitoring"] = state ? state.registryAccessMonitoring : undefined; + resourceInputs["repoName"] = state ? state.repoName : undefined; + resourceInputs["resourceName"] = state ? state.resourceName : undefined; + resourceInputs["resourceType"] = state ? state.resourceType : undefined; + resourceInputs["restrictedVolumes"] = state ? state.restrictedVolumes : undefined; + resourceInputs["reverseShell"] = state ? state.reverseShell : undefined; + resourceInputs["runtimeMode"] = state ? state.runtimeMode : undefined; + resourceInputs["runtimeType"] = state ? state.runtimeType : undefined; resourceInputs["scopeExpression"] = state ? state.scopeExpression : undefined; resourceInputs["scopeVariables"] = state ? state.scopeVariables : undefined; + resourceInputs["scopes"] = state ? state.scopes : undefined; + resourceInputs["systemIntegrityProtection"] = state ? state.systemIntegrityProtection : undefined; + resourceInputs["tripwire"] = state ? state.tripwire : undefined; + resourceInputs["type"] = state ? state.type : undefined; + resourceInputs["updated"] = state ? state.updated : undefined; + resourceInputs["version"] = state ? state.version : undefined; + resourceInputs["vpatchVersion"] = state ? state.vpatchVersion : undefined; + resourceInputs["whitelistedOsUsers"] = state ? state.whitelistedOsUsers : undefined; } else { const args = argsOrState as FunctionRuntimePolicyArgs | undefined; + resourceInputs["allowedExecutables"] = args ? args.allowedExecutables : undefined; + resourceInputs["allowedRegistries"] = args ? args.allowedRegistries : undefined; resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; - resourceInputs["blockMaliciousExecutables"] = args ? args.blockMaliciousExecutables : undefined; - resourceInputs["blockMaliciousExecutablesAllowedProcesses"] = args ? args.blockMaliciousExecutablesAllowedProcesses : undefined; - resourceInputs["blockRunningExecutablesInTmpFolder"] = args ? args.blockRunningExecutablesInTmpFolder : undefined; - resourceInputs["blockedExecutables"] = args ? args.blockedExecutables : undefined; + resourceInputs["auditBruteForceLogin"] = args ? args.auditBruteForceLogin : undefined; + resourceInputs["auditing"] = args ? args.auditing : undefined; + resourceInputs["author"] = args ? args.author : undefined; + resourceInputs["blacklistedOsUsers"] = args ? args.blacklistedOsUsers : undefined; + resourceInputs["blockContainerExec"] = args ? args.blockContainerExec : undefined; + resourceInputs["blockDisallowedImages"] = args ? args.blockDisallowedImages : undefined; + resourceInputs["blockFilelessExec"] = args ? args.blockFilelessExec : undefined; + resourceInputs["blockNonCompliantWorkloads"] = args ? args.blockNonCompliantWorkloads : undefined; + resourceInputs["blockNonK8sContainers"] = args ? args.blockNonK8sContainers : undefined; + resourceInputs["bypassScopes"] = args ? args.bypassScopes : undefined; + resourceInputs["containerExec"] = args ? args.containerExec : undefined; + resourceInputs["created"] = args ? args.created : undefined; + resourceInputs["cve"] = args ? args.cve : undefined; + resourceInputs["defaultSecurityProfile"] = args ? args.defaultSecurityProfile : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["digest"] = args ? args.digest : undefined; + resourceInputs["driftPreventions"] = args ? args.driftPreventions : undefined; + resourceInputs["enableCryptoMiningDns"] = args ? args.enableCryptoMiningDns : undefined; + resourceInputs["enableForkGuard"] = args ? args.enableForkGuard : undefined; + resourceInputs["enableIpReputation"] = args ? args.enableIpReputation : undefined; + resourceInputs["enablePortScanProtection"] = args ? args.enablePortScanProtection : undefined; resourceInputs["enabled"] = args ? args.enabled : undefined; resourceInputs["enforce"] = args ? args.enforce : undefined; + resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; + resourceInputs["enforceSchedulerAddedOn"] = args ? args.enforceSchedulerAddedOn : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; + resourceInputs["executableBlacklists"] = args ? args.executableBlacklists : undefined; + resourceInputs["failedKubernetesChecks"] = args ? args.failedKubernetesChecks : undefined; + resourceInputs["fileBlock"] = args ? args.fileBlock : undefined; + resourceInputs["fileIntegrityMonitorings"] = args ? args.fileIntegrityMonitorings : undefined; + resourceInputs["forkGuardProcessLimit"] = args ? args.forkGuardProcessLimit : undefined; resourceInputs["honeypotAccessKey"] = args ? args.honeypotAccessKey : undefined; resourceInputs["honeypotApplyOns"] = args ? args.honeypotApplyOns : undefined; resourceInputs["honeypotSecretKey"] = args?.honeypotSecretKey ? pulumi.secret(args.honeypotSecretKey) : undefined; resourceInputs["honeypotServerlessAppName"] = args ? args.honeypotServerlessAppName : undefined; + resourceInputs["imageName"] = args ? args.imageName : undefined; + resourceInputs["isAuditChecked"] = args ? args.isAuditChecked : undefined; + resourceInputs["isAutoGenerated"] = args ? args.isAutoGenerated : undefined; + resourceInputs["isOotbPolicy"] = args ? args.isOotbPolicy : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["limitContainerPrivileges"] = args ? args.limitContainerPrivileges : undefined; + resourceInputs["linuxCapabilities"] = args ? args.linuxCapabilities : undefined; + resourceInputs["malwareScanOptions"] = args ? args.malwareScanOptions : undefined; resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["noNewPrivileges"] = args ? args.noNewPrivileges : undefined; + resourceInputs["onlyRegisteredImages"] = args ? args.onlyRegisteredImages : undefined; + resourceInputs["packageBlock"] = args ? args.packageBlock : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["portBlock"] = args ? args.portBlock : undefined; + resourceInputs["readonlyFiles"] = args ? args.readonlyFiles : undefined; + resourceInputs["readonlyRegistry"] = args ? args.readonlyRegistry : undefined; + resourceInputs["registry"] = args ? args.registry : undefined; + resourceInputs["registryAccessMonitoring"] = args ? args.registryAccessMonitoring : undefined; + resourceInputs["repoName"] = args ? args.repoName : undefined; + resourceInputs["resourceName"] = args ? args.resourceName : undefined; + resourceInputs["resourceType"] = args ? args.resourceType : undefined; + resourceInputs["restrictedVolumes"] = args ? args.restrictedVolumes : undefined; + resourceInputs["reverseShell"] = args ? args.reverseShell : undefined; + resourceInputs["runtimeMode"] = args ? args.runtimeMode : undefined; + resourceInputs["runtimeType"] = args ? args.runtimeType : undefined; resourceInputs["scopeExpression"] = args ? args.scopeExpression : undefined; resourceInputs["scopeVariables"] = args ? args.scopeVariables : undefined; - resourceInputs["author"] = undefined /*out*/; + resourceInputs["scopes"] = args ? args.scopes : undefined; + resourceInputs["systemIntegrityProtection"] = args ? args.systemIntegrityProtection : undefined; + resourceInputs["tripwire"] = args ? args.tripwire : undefined; + resourceInputs["type"] = args ? args.type : undefined; + resourceInputs["updated"] = args ? args.updated : undefined; + resourceInputs["version"] = args ? args.version : undefined; + resourceInputs["vpatchVersion"] = args ? args.vpatchVersion : undefined; + resourceInputs["whitelistedOsUsers"] = args ? args.whitelistedOsUsers : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const secretOpts = { additionalSecretOutputs: ["honeypotSecretKey"] }; @@ -195,41 +357,81 @@ export class FunctionRuntimePolicy extends pulumi.CustomResource { */ export interface FunctionRuntimePolicyState { /** - * Indicates the application scope of the service. + * Allowed executables configuration. */ - applicationScopes?: pulumi.Input[]>; + allowedExecutables?: pulumi.Input[]>; /** - * Username of the account that created the service. + * List of allowed registries. */ - author?: pulumi.Input; + allowedRegistries?: pulumi.Input[]>; /** - * If true, prevent creation of malicious executables in functions during their runtime post invocation. + * Indicates the application scope of the service. */ - blockMaliciousExecutables?: pulumi.Input; + applicationScopes?: pulumi.Input[]>; /** - * List of processes that will be allowed + * Detects brute force login attempts */ - blockMaliciousExecutablesAllowedProcesses?: pulumi.Input[]>; + auditBruteForceLogin?: pulumi.Input; + auditing?: pulumi.Input; /** - * If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. + * Username of the account that created the service. */ - blockRunningExecutablesInTmpFolder?: pulumi.Input; + author?: pulumi.Input; + blacklistedOsUsers?: pulumi.Input; + blockContainerExec?: pulumi.Input; + blockDisallowedImages?: pulumi.Input; + blockFilelessExec?: pulumi.Input; + blockNonCompliantWorkloads?: pulumi.Input; + blockNonK8sContainers?: pulumi.Input; /** - * List of executables that are prevented from running in containers. + * Bypass scope configuration. */ - blockedExecutables?: pulumi.Input[]>; + bypassScopes?: pulumi.Input[]>; + containerExec?: pulumi.Input; + created?: pulumi.Input; + cve?: pulumi.Input; + defaultSecurityProfile?: pulumi.Input; /** * The description of the function runtime policy */ description?: pulumi.Input; + digest?: pulumi.Input; /** - * Indicates if the runtime policy is enabled or not. + * Drift prevention configuration. + */ + driftPreventions?: pulumi.Input[]>; + enableCryptoMiningDns?: pulumi.Input; + enableForkGuard?: pulumi.Input; + enableIpReputation?: pulumi.Input; + enablePortScanProtection?: pulumi.Input; + /** + * Whether allowed executables configuration is enabled. */ enabled?: pulumi.Input; /** * Indicates that policy should effect container execution (not just for audit). */ enforce?: pulumi.Input; + /** + * Indicates the number of days after which the runtime policy will be changed to enforce mode. + */ + enforceAfterDays?: pulumi.Input; + enforceSchedulerAddedOn?: pulumi.Input; + /** + * List of excluded application scopes. + */ + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Executable blacklist configuration. + */ + executableBlacklists?: pulumi.Input[]>; + failedKubernetesChecks?: pulumi.Input; + fileBlock?: pulumi.Input; + /** + * Configuration for file integrity monitoring. + */ + fileIntegrityMonitorings?: pulumi.Input[]>; + forkGuardProcessLimit?: pulumi.Input; /** * Honeypot User ID (Access Key) */ @@ -246,10 +448,43 @@ export interface FunctionRuntimePolicyState { * Serverless application name */ honeypotServerlessAppName?: pulumi.Input; + imageName?: pulumi.Input; + isAuditChecked?: pulumi.Input; + isAutoGenerated?: pulumi.Input; + isOotbPolicy?: pulumi.Input; + lastupdate?: pulumi.Input; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; + linuxCapabilities?: pulumi.Input; + /** + * Configuration for Real-Time Malware Protection. + */ + malwareScanOptions?: pulumi.Input; /** - * Name of the function runtime policy + * Name assigned to the attribute. */ name?: pulumi.Input; + noNewPrivileges?: pulumi.Input; + onlyRegisteredImages?: pulumi.Input; + packageBlock?: pulumi.Input; + permission?: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; + readonlyRegistry?: pulumi.Input; + registry?: pulumi.Input; + registryAccessMonitoring?: pulumi.Input; + repoName?: pulumi.Input; + resourceName?: pulumi.Input; + resourceType?: pulumi.Input; + /** + * Restricted volumes configuration. + */ + restrictedVolumes?: pulumi.Input[]>; + reverseShell?: pulumi.Input; + runtimeMode?: pulumi.Input; + runtimeType?: pulumi.Input; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -258,6 +493,17 @@ export interface FunctionRuntimePolicyState { * List of scope attributes. */ scopeVariables?: pulumi.Input[]>; + /** + * Scope configuration. + */ + scopes?: pulumi.Input[]>; + systemIntegrityProtection?: pulumi.Input; + tripwire?: pulumi.Input; + type?: pulumi.Input; + updated?: pulumi.Input; + version?: pulumi.Input; + vpatchVersion?: pulumi.Input; + whitelistedOsUsers?: pulumi.Input; } /** @@ -265,37 +511,81 @@ export interface FunctionRuntimePolicyState { */ export interface FunctionRuntimePolicyArgs { /** - * Indicates the application scope of the service. + * Allowed executables configuration. */ - applicationScopes?: pulumi.Input[]>; + allowedExecutables?: pulumi.Input[]>; /** - * If true, prevent creation of malicious executables in functions during their runtime post invocation. + * List of allowed registries. */ - blockMaliciousExecutables?: pulumi.Input; + allowedRegistries?: pulumi.Input[]>; + /** + * Indicates the application scope of the service. + */ + applicationScopes?: pulumi.Input[]>; /** - * List of processes that will be allowed + * Detects brute force login attempts */ - blockMaliciousExecutablesAllowedProcesses?: pulumi.Input[]>; + auditBruteForceLogin?: pulumi.Input; + auditing?: pulumi.Input; /** - * If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. + * Username of the account that created the service. */ - blockRunningExecutablesInTmpFolder?: pulumi.Input; + author?: pulumi.Input; + blacklistedOsUsers?: pulumi.Input; + blockContainerExec?: pulumi.Input; + blockDisallowedImages?: pulumi.Input; + blockFilelessExec?: pulumi.Input; + blockNonCompliantWorkloads?: pulumi.Input; + blockNonK8sContainers?: pulumi.Input; /** - * List of executables that are prevented from running in containers. + * Bypass scope configuration. */ - blockedExecutables?: pulumi.Input[]>; + bypassScopes?: pulumi.Input[]>; + containerExec?: pulumi.Input; + created?: pulumi.Input; + cve?: pulumi.Input; + defaultSecurityProfile?: pulumi.Input; /** * The description of the function runtime policy */ description?: pulumi.Input; + digest?: pulumi.Input; /** - * Indicates if the runtime policy is enabled or not. + * Drift prevention configuration. + */ + driftPreventions?: pulumi.Input[]>; + enableCryptoMiningDns?: pulumi.Input; + enableForkGuard?: pulumi.Input; + enableIpReputation?: pulumi.Input; + enablePortScanProtection?: pulumi.Input; + /** + * Whether allowed executables configuration is enabled. */ enabled?: pulumi.Input; /** * Indicates that policy should effect container execution (not just for audit). */ enforce?: pulumi.Input; + /** + * Indicates the number of days after which the runtime policy will be changed to enforce mode. + */ + enforceAfterDays?: pulumi.Input; + enforceSchedulerAddedOn?: pulumi.Input; + /** + * List of excluded application scopes. + */ + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Executable blacklist configuration. + */ + executableBlacklists?: pulumi.Input[]>; + failedKubernetesChecks?: pulumi.Input; + fileBlock?: pulumi.Input; + /** + * Configuration for file integrity monitoring. + */ + fileIntegrityMonitorings?: pulumi.Input[]>; + forkGuardProcessLimit?: pulumi.Input; /** * Honeypot User ID (Access Key) */ @@ -312,10 +602,43 @@ export interface FunctionRuntimePolicyArgs { * Serverless application name */ honeypotServerlessAppName?: pulumi.Input; + imageName?: pulumi.Input; + isAuditChecked?: pulumi.Input; + isAutoGenerated?: pulumi.Input; + isOotbPolicy?: pulumi.Input; + lastupdate?: pulumi.Input; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; + linuxCapabilities?: pulumi.Input; /** - * Name of the function runtime policy + * Configuration for Real-Time Malware Protection. + */ + malwareScanOptions?: pulumi.Input; + /** + * Name assigned to the attribute. */ name?: pulumi.Input; + noNewPrivileges?: pulumi.Input; + onlyRegisteredImages?: pulumi.Input; + packageBlock?: pulumi.Input; + permission?: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; + readonlyRegistry?: pulumi.Input; + registry?: pulumi.Input; + registryAccessMonitoring?: pulumi.Input; + repoName?: pulumi.Input; + resourceName?: pulumi.Input; + resourceType?: pulumi.Input; + /** + * Restricted volumes configuration. + */ + restrictedVolumes?: pulumi.Input[]>; + reverseShell?: pulumi.Input; + runtimeMode?: pulumi.Input; + runtimeType?: pulumi.Input; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -324,4 +647,15 @@ export interface FunctionRuntimePolicyArgs { * List of scope attributes. */ scopeVariables?: pulumi.Input[]>; + /** + * Scope configuration. + */ + scopes?: pulumi.Input[]>; + systemIntegrityProtection?: pulumi.Input; + tripwire?: pulumi.Input; + type?: pulumi.Input; + updated?: pulumi.Input; + version?: pulumi.Input; + vpatchVersion?: pulumi.Input; + whitelistedOsUsers?: pulumi.Input; } diff --git a/sdk/nodejs/getContainerRuntimePolicy.ts b/sdk/nodejs/getContainerRuntimePolicy.ts index a1d67b6c..83b27ca9 100644 --- a/sdk/nodejs/getContainerRuntimePolicy.ts +++ b/sdk/nodejs/getContainerRuntimePolicy.ts @@ -23,8 +23,18 @@ export function getContainerRuntimePolicy(args: GetContainerRuntimePolicyArgs, o opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("aquasec:index/getContainerRuntimePolicy:getContainerRuntimePolicy", { + "allowedExecutables": args.allowedExecutables, + "allowedRegistries": args.allowedRegistries, + "auditing": args.auditing, + "containerExec": args.containerExec, + "fileBlock": args.fileBlock, + "fileIntegrityMonitorings": args.fileIntegrityMonitorings, + "limitContainerPrivileges": args.limitContainerPrivileges, "malwareScanOptions": args.malwareScanOptions, "name": args.name, + "portBlock": args.portBlock, + "readonlyFiles": args.readonlyFiles, + "restrictedVolumes": args.restrictedVolumes, }, opts); } @@ -32,14 +42,36 @@ export function getContainerRuntimePolicy(args: GetContainerRuntimePolicyArgs, o * A collection of arguments for invoking getContainerRuntimePolicy. */ export interface GetContainerRuntimePolicyArgs { + /** + * Allowed executables configuration. + */ + allowedExecutables?: inputs.GetContainerRuntimePolicyAllowedExecutable[]; + /** + * List of allowed registries. + */ + allowedRegistries?: inputs.GetContainerRuntimePolicyAllowedRegistry[]; + auditing?: inputs.GetContainerRuntimePolicyAuditing; + containerExec?: inputs.GetContainerRuntimePolicyContainerExec; + fileBlock?: inputs.GetContainerRuntimePolicyFileBlock; + /** + * Configuration for file integrity monitoring. + */ + fileIntegrityMonitorings?: inputs.GetContainerRuntimePolicyFileIntegrityMonitoring[]; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: inputs.GetContainerRuntimePolicyLimitContainerPrivilege[]; /** * Configuration for Real-Time Malware Protection. */ malwareScanOptions?: inputs.GetContainerRuntimePolicyMalwareScanOption[]; + name: string; + portBlock?: inputs.GetContainerRuntimePolicyPortBlock; + readonlyFiles?: inputs.GetContainerRuntimePolicyReadonlyFiles; /** - * Name of the container runtime policy + * Restricted volumes configuration. */ - name: string; + restrictedVolumes?: inputs.GetContainerRuntimePolicyRestrictedVolume[]; } /** @@ -47,13 +79,13 @@ export interface GetContainerRuntimePolicyArgs { */ export interface GetContainerRuntimePolicyResult { /** - * List of executables that are allowed for the user. + * Allowed executables configuration. */ - readonly allowedExecutables: string[]; + readonly allowedExecutables?: outputs.GetContainerRuntimePolicyAllowedExecutable[]; /** - * List of registries that allowed for running containers. + * Allowed registries configuration. */ - readonly allowedRegistries: string[]; + readonly allowedRegistries?: outputs.GetContainerRuntimePolicyAllowedRegistry[]; /** * Indicates the application scope of the service. */ @@ -70,6 +102,7 @@ export interface GetContainerRuntimePolicyResult { * If true, full command arguments will be audited. */ readonly auditFullCommandArguments: boolean; + readonly auditing?: outputs.GetContainerRuntimePolicyAuditing; /** * Username of the account that created the service. */ @@ -170,6 +203,7 @@ export interface GetContainerRuntimePolicyResult { * List of volumes that are prevented from being mounted in the containers. */ readonly blockedVolumes: string[]; + readonly containerExec?: outputs.GetContainerRuntimePolicyContainerExec; /** * List of processes that will be allowed. */ @@ -214,10 +248,11 @@ export interface GetContainerRuntimePolicyResult { * Specify processes that will be allowed */ readonly execLockdownWhiteLists: string[]; + readonly fileBlock?: outputs.GetContainerRuntimePolicyFileBlock; /** * Configuration for file integrity monitoring. */ - readonly fileIntegrityMonitorings: outputs.GetContainerRuntimePolicyFileIntegrityMonitoring[]; + readonly fileIntegrityMonitorings?: outputs.GetContainerRuntimePolicyFileIntegrityMonitoring[]; /** * Process limit for the fork guard. */ @@ -226,6 +261,10 @@ export interface GetContainerRuntimePolicyResult { * The provider-assigned unique ID for this managed resource. */ readonly id: string; + /** + * Container privileges configuration. + */ + readonly limitContainerPrivileges?: outputs.GetContainerRuntimePolicyLimitContainerPrivilege[]; /** * If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) */ @@ -233,7 +272,7 @@ export interface GetContainerRuntimePolicyResult { /** * Configuration for Real-Time Malware Protection. */ - readonly malwareScanOptions: outputs.GetContainerRuntimePolicyMalwareScanOption[]; + readonly malwareScanOptions?: outputs.GetContainerRuntimePolicyMalwareScanOption[]; /** * If true, system time changes will be monitored. */ @@ -242,10 +281,16 @@ export interface GetContainerRuntimePolicyResult { * Name of the container runtime policy */ readonly name: string; + readonly portBlock?: outputs.GetContainerRuntimePolicyPortBlock; + readonly readonlyFiles?: outputs.GetContainerRuntimePolicyReadonlyFiles; /** * List of files and directories to be restricted as read-only */ readonly readonlyFilesAndDirectories: string[]; + /** + * Restricted volumes configuration. + */ + readonly restrictedVolumes?: outputs.GetContainerRuntimePolicyRestrictedVolume[]; /** * List of IPs/ CIDRs that will be allowed */ @@ -284,12 +329,34 @@ export function getContainerRuntimePolicyOutput(args: GetContainerRuntimePolicyO * A collection of arguments for invoking getContainerRuntimePolicy. */ export interface GetContainerRuntimePolicyOutputArgs { + /** + * Allowed executables configuration. + */ + allowedExecutables?: pulumi.Input[]>; + /** + * List of allowed registries. + */ + allowedRegistries?: pulumi.Input[]>; + auditing?: pulumi.Input; + containerExec?: pulumi.Input; + fileBlock?: pulumi.Input; + /** + * Configuration for file integrity monitoring. + */ + fileIntegrityMonitorings?: pulumi.Input[]>; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; /** * Configuration for Real-Time Malware Protection. */ malwareScanOptions?: pulumi.Input[]>; + name: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; /** - * Name of the container runtime policy + * Restricted volumes configuration. */ - name: pulumi.Input; + restrictedVolumes?: pulumi.Input[]>; } diff --git a/sdk/nodejs/getEnforcerGroups.ts b/sdk/nodejs/getEnforcerGroups.ts index 24e5b026..c247fb87 100644 --- a/sdk/nodejs/getEnforcerGroups.ts +++ b/sdk/nodejs/getEnforcerGroups.ts @@ -7,6 +7,8 @@ import * as outputs from "./types/output"; import * as utilities from "./utilities"; /** + * The data source `aquasec.EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. + * * ## Example Usage * * ```typescript @@ -302,6 +304,8 @@ export interface GetEnforcerGroupsResult { readonly userAccessControl: boolean; } /** + * The data source `aquasec.EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. + * * ## Example Usage * * ```typescript diff --git a/sdk/nodejs/getFunctionAssurancePolicy.ts b/sdk/nodejs/getFunctionAssurancePolicy.ts index 12159ea2..4a2d08bd 100644 --- a/sdk/nodejs/getFunctionAssurancePolicy.ts +++ b/sdk/nodejs/getFunctionAssurancePolicy.ts @@ -54,7 +54,7 @@ export interface GetFunctionAssurancePolicyResult { */ readonly blacklistedLicenses: string[]; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ readonly blacklistedLicensesEnabled: boolean; /** @@ -72,15 +72,15 @@ export interface GetFunctionAssurancePolicyResult { readonly customChecksEnabled: boolean; readonly customSeverityEnabled: boolean; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ readonly cvesBlackListEnabled: boolean; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ readonly cvesBlackLists: string[]; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ readonly cvesWhiteListEnabled: boolean; /** @@ -104,6 +104,9 @@ export interface GetFunctionAssurancePolicyResult { * Indicates if malware should block the image. */ readonly disallowMalware: boolean; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ readonly dockerCisEnabled: boolean; /** * Name of the container image. @@ -143,6 +146,9 @@ export interface GetFunctionAssurancePolicyResult { * List of images. */ readonly images: string[]; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ readonly kubeCisEnabled: boolean; /** * List of labels. @@ -172,7 +178,7 @@ export interface GetFunctionAssurancePolicyResult { */ readonly packagesBlackListEnabled: boolean; /** - * List of backlisted images. + * List of blacklisted images. */ readonly packagesBlackLists: outputs.GetFunctionAssurancePolicyPackagesBlackList[]; /** diff --git a/sdk/nodejs/getFunctionRuntimePolicy.ts b/sdk/nodejs/getFunctionRuntimePolicy.ts index e9462b84..59fa8354 100644 --- a/sdk/nodejs/getFunctionRuntimePolicy.ts +++ b/sdk/nodejs/getFunctionRuntimePolicy.ts @@ -23,6 +23,8 @@ export function getFunctionRuntimePolicy(args: GetFunctionRuntimePolicyArgs, opt opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("aquasec:index/getFunctionRuntimePolicy:getFunctionRuntimePolicy", { + "driftPreventions": args.driftPreventions, + "executableBlacklists": args.executableBlacklists, "name": args.name, }, opts); } @@ -32,8 +34,13 @@ export function getFunctionRuntimePolicy(args: GetFunctionRuntimePolicyArgs, opt */ export interface GetFunctionRuntimePolicyArgs { /** - * Name of the function runtime policy + * Drift prevention configuration. + */ + driftPreventions?: inputs.GetFunctionRuntimePolicyDriftPrevention[]; + /** + * Executable blacklist configuration. */ + executableBlacklists?: inputs.GetFunctionRuntimePolicyExecutableBlacklist[]; name: string; } @@ -69,6 +76,10 @@ export interface GetFunctionRuntimePolicyResult { * The description of the function runtime policy */ readonly description: string; + /** + * Drift prevention configuration. + */ + readonly driftPreventions?: outputs.GetFunctionRuntimePolicyDriftPrevention[]; /** * Indicates if the runtime policy is enabled or not. */ @@ -77,6 +88,10 @@ export interface GetFunctionRuntimePolicyResult { * Indicates that policy should effect container execution (not just for audit). */ readonly enforce: boolean; + /** + * Executable blacklist configuration. + */ + readonly executableBlacklists?: outputs.GetFunctionRuntimePolicyExecutableBlacklist[]; /** * Honeypot User ID (Access Key) */ @@ -132,7 +147,12 @@ export function getFunctionRuntimePolicyOutput(args: GetFunctionRuntimePolicyOut */ export interface GetFunctionRuntimePolicyOutputArgs { /** - * Name of the function runtime policy + * Drift prevention configuration. + */ + driftPreventions?: pulumi.Input[]>; + /** + * Executable blacklist configuration. */ + executableBlacklists?: pulumi.Input[]>; name: pulumi.Input; } diff --git a/sdk/nodejs/getHostAssurancePolicy.ts b/sdk/nodejs/getHostAssurancePolicy.ts index 841b1e3e..6b5012e8 100644 --- a/sdk/nodejs/getHostAssurancePolicy.ts +++ b/sdk/nodejs/getHostAssurancePolicy.ts @@ -54,7 +54,7 @@ export interface GetHostAssurancePolicyResult { */ readonly blacklistedLicenses: string[]; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ readonly blacklistedLicensesEnabled: boolean; /** @@ -72,15 +72,15 @@ export interface GetHostAssurancePolicyResult { readonly customChecksEnabled: boolean; readonly customSeverityEnabled: boolean; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ readonly cvesBlackListEnabled: boolean; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ readonly cvesBlackLists: string[]; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ readonly cvesWhiteListEnabled: boolean; /** @@ -104,6 +104,9 @@ export interface GetHostAssurancePolicyResult { * Indicates if malware should block the image. */ readonly disallowMalware: boolean; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ readonly dockerCisEnabled: boolean; /** * Name of the container image. @@ -143,6 +146,9 @@ export interface GetHostAssurancePolicyResult { * List of images. */ readonly images: string[]; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ readonly kubeCisEnabled: boolean; /** * List of labels. @@ -172,7 +178,7 @@ export interface GetHostAssurancePolicyResult { */ readonly packagesBlackListEnabled: boolean; /** - * List of backlisted images. + * List of blacklisted images. */ readonly packagesBlackLists: outputs.GetHostAssurancePolicyPackagesBlackList[]; /** diff --git a/sdk/nodejs/getHostRuntimePolicy.ts b/sdk/nodejs/getHostRuntimePolicy.ts index 05d0fe09..702d6485 100644 --- a/sdk/nodejs/getHostRuntimePolicy.ts +++ b/sdk/nodejs/getHostRuntimePolicy.ts @@ -23,7 +23,11 @@ export function getHostRuntimePolicy(args: GetHostRuntimePolicyArgs, opts?: pulu opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("aquasec:index/getHostRuntimePolicy:getHostRuntimePolicy", { + "auditing": args.auditing, + "fileIntegrityMonitorings": args.fileIntegrityMonitorings, + "malwareScanOptions": args.malwareScanOptions, "name": args.name, + "packageBlocks": args.packageBlocks, }, opts); } @@ -31,10 +35,17 @@ export function getHostRuntimePolicy(args: GetHostRuntimePolicyArgs, opts?: pulu * A collection of arguments for invoking getHostRuntimePolicy. */ export interface GetHostRuntimePolicyArgs { + auditing?: inputs.GetHostRuntimePolicyAuditing; /** - * Name of the host runtime policy + * Configuration for file integrity monitoring. + */ + fileIntegrityMonitorings?: inputs.GetHostRuntimePolicyFileIntegrityMonitoring[]; + /** + * Configuration for Real-Time Malware Protection. */ + malwareScanOptions?: inputs.GetHostRuntimePolicyMalwareScanOption[]; name: string; + packageBlocks?: inputs.GetHostRuntimePolicyPackageBlock[]; } /** @@ -69,6 +80,7 @@ export interface GetHostRuntimePolicyResult { * If true, account management will be audited. */ readonly auditUserAccountManagement: boolean; + readonly auditing?: outputs.GetHostRuntimePolicyAuditing; /** * Username of the account that created the service. */ @@ -88,7 +100,7 @@ export interface GetHostRuntimePolicyResult { /** * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. */ - readonly enableIpReputationSecurity: boolean; + readonly enableIpReputation: boolean; /** * Indicates if the runtime policy is enabled or not. */ @@ -104,7 +116,7 @@ export interface GetHostRuntimePolicyResult { /** * Configuration for file integrity monitoring. */ - readonly fileIntegrityMonitorings: outputs.GetHostRuntimePolicyFileIntegrityMonitoring[]; + readonly fileIntegrityMonitorings?: outputs.GetHostRuntimePolicyFileIntegrityMonitoring[]; /** * The provider-assigned unique ID for this managed resource. */ @@ -112,7 +124,7 @@ export interface GetHostRuntimePolicyResult { /** * Configuration for Real-Time Malware Protection. */ - readonly malwareScanOptions: outputs.GetHostRuntimePolicyMalwareScanOption[]; + readonly malwareScanOptions?: outputs.GetHostRuntimePolicyMalwareScanOption[]; /** * If true, system log will be monitored. */ @@ -145,10 +157,7 @@ export interface GetHostRuntimePolicyResult { * List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. */ readonly osUsersBlockeds: string[]; - /** - * List of packages that are not allowed read, write or execute all files that under the packages. - */ - readonly packageBlocks: string[]; + readonly packageBlocks?: outputs.GetHostRuntimePolicyPackageBlock[]; /** * If true, port scanning behaviors will be audited. */ @@ -191,8 +200,15 @@ export function getHostRuntimePolicyOutput(args: GetHostRuntimePolicyOutputArgs, * A collection of arguments for invoking getHostRuntimePolicy. */ export interface GetHostRuntimePolicyOutputArgs { + auditing?: pulumi.Input; /** - * Name of the host runtime policy + * Configuration for file integrity monitoring. + */ + fileIntegrityMonitorings?: pulumi.Input[]>; + /** + * Configuration for Real-Time Malware Protection. */ + malwareScanOptions?: pulumi.Input[]>; name: pulumi.Input; + packageBlocks?: pulumi.Input[]>; } diff --git a/sdk/nodejs/getImage.ts b/sdk/nodejs/getImage.ts index c8928203..b7b879f1 100644 --- a/sdk/nodejs/getImage.ts +++ b/sdk/nodejs/getImage.ts @@ -20,13 +20,7 @@ export function getImage(args: GetImageArgs, opts?: pulumi.InvokeOptions): Promi * A collection of arguments for invoking getImage. */ export interface GetImageArgs { - /** - * The name of the registry where the image is stored. - */ registry: string; - /** - * The name of the image's repository. - */ repository: string; /** * The tag of the image. @@ -251,13 +245,7 @@ export function getImageOutput(args: GetImageOutputArgs, opts?: pulumi.InvokeOpt * A collection of arguments for invoking getImage. */ export interface GetImageOutputArgs { - /** - * The name of the registry where the image is stored. - */ registry: pulumi.Input; - /** - * The name of the image's repository. - */ repository: pulumi.Input; /** * The tag of the image. diff --git a/sdk/nodejs/getImageAssurancePolicy.ts b/sdk/nodejs/getImageAssurancePolicy.ts index 7fd279f3..2f55fa1c 100644 --- a/sdk/nodejs/getImageAssurancePolicy.ts +++ b/sdk/nodejs/getImageAssurancePolicy.ts @@ -54,7 +54,7 @@ export interface GetImageAssurancePolicyResult { */ readonly blacklistedLicenses: string[]; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ readonly blacklistedLicensesEnabled: boolean; /** @@ -72,15 +72,15 @@ export interface GetImageAssurancePolicyResult { readonly customChecksEnabled: boolean; readonly customSeverityEnabled: boolean; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ readonly cvesBlackListEnabled: boolean; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ readonly cvesBlackLists: string[]; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ readonly cvesWhiteListEnabled: boolean; /** @@ -104,6 +104,9 @@ export interface GetImageAssurancePolicyResult { * Indicates if malware should block the image. */ readonly disallowMalware: boolean; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ readonly dockerCisEnabled: boolean; /** * Name of the container image. @@ -143,6 +146,9 @@ export interface GetImageAssurancePolicyResult { * List of images. */ readonly images: string[]; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ readonly kubeCisEnabled: boolean; /** * List of labels. @@ -172,7 +178,7 @@ export interface GetImageAssurancePolicyResult { */ readonly packagesBlackListEnabled: boolean; /** - * List of backlisted images. + * List of blacklisted images. */ readonly packagesBlackLists: outputs.GetImageAssurancePolicyPackagesBlackList[]; /** diff --git a/sdk/nodejs/getIntegrationRegistries.ts b/sdk/nodejs/getIntegrationRegistries.ts new file mode 100644 index 00000000..721e4950 --- /dev/null +++ b/sdk/nodejs/getIntegrationRegistries.ts @@ -0,0 +1,260 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "./types/input"; +import * as outputs from "./types/output"; +import * as utilities from "./utilities"; + +export function getIntegrationRegistries(args: GetIntegrationRegistriesArgs, opts?: pulumi.InvokeOptions): Promise { + + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("aquasec:index/getIntegrationRegistries:getIntegrationRegistries", { + "advancedSettingsCleanup": args.advancedSettingsCleanup, + "alwaysPullPatterns": args.alwaysPullPatterns, + "imageCreationDateCondition": args.imageCreationDateCondition, + "lastupdate": args.lastupdate, + "name": args.name, + "options": args.options, + "pullImageAge": args.pullImageAge, + "pullImageCount": args.pullImageCount, + "pullImageTagPatterns": args.pullImageTagPatterns, + "pullRepoPatternsExcludeds": args.pullRepoPatternsExcludeds, + "registryScanTimeout": args.registryScanTimeout, + "scannerNames": args.scannerNames, + "scannerType": args.scannerType, + "webhooks": args.webhooks, + }, opts); +} + +/** + * A collection of arguments for invoking getIntegrationRegistries. + */ +export interface GetIntegrationRegistriesArgs { + /** + * Automatically clean up that don't match the pull criteria + */ + advancedSettingsCleanup?: boolean; + /** + * List of image patterns to pull always + */ + alwaysPullPatterns?: string[]; + /** + * Additional condition for pulling and rescanning images, Defaults to 'none' + */ + imageCreationDateCondition?: string; + /** + * The last time the registry was modified in UNIX time + */ + lastupdate?: number; + /** + * The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + */ + name: string; + options?: inputs.GetIntegrationRegistriesOption[]; + /** + * When auto pull image enabled, sets maximum age of auto pulled images + */ + pullImageAge?: string; + /** + * When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + */ + pullImageCount?: number; + /** + * List of image tags patterns to pull + */ + pullImageTagPatterns?: string[]; + /** + * List of image patterns to exclude + */ + pullRepoPatternsExcludeds?: string[]; + /** + * Registry scan timeout in Minutes + */ + registryScanTimeout?: number; + /** + * List of scanner names + */ + scannerNames?: string[]; + /** + * Scanner type + */ + scannerType?: string; + /** + * When enabled, registry events are sent to the given Aqua webhook url + */ + webhooks?: inputs.GetIntegrationRegistriesWebhook[]; +} + +/** + * A collection of values returned by getIntegrationRegistries. + */ +export interface GetIntegrationRegistriesResult { + /** + * Automatically clean up that don't match the pull criteria + */ + readonly advancedSettingsCleanup?: boolean; + /** + * List of image patterns to pull always + */ + readonly alwaysPullPatterns?: string[]; + /** + * Automatically clean up images and repositories which are no longer present in the registry from Aqua console + */ + readonly autoCleanup: boolean; + /** + * Whether to automatically pull images from the registry on creation and daily + */ + readonly autoPull: boolean; + /** + * The interval in days to start pulling new images from the registry, Defaults to 1 + */ + readonly autoPullInterval: number; + /** + * Maximum number of repositories to pull every day, defaults to 100 + */ + readonly autoPullMax: number; + /** + * Whether to automatically pull and rescan images from the registry on creation and daily + */ + readonly autoPullRescan: boolean; + /** + * The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 + */ + readonly autoPullTime: string; + /** + * The description of the registry + */ + readonly description: string; + /** + * The provider-assigned unique ID for this managed resource. + */ + readonly id: string; + /** + * Additional condition for pulling and rescanning images, Defaults to 'none' + */ + readonly imageCreationDateCondition: string; + /** + * The last time the registry was modified in UNIX time + */ + readonly lastupdate: number; + /** + * The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + */ + readonly name: string; + readonly options?: outputs.GetIntegrationRegistriesOption[]; + /** + * The password for registry authentication + */ + readonly password: string; + /** + * List of possible prefixes to image names pulled from the registry + */ + readonly prefixes: string[]; + /** + * When auto pull image enabled, sets maximum age of auto pulled images + */ + readonly pullImageAge: string; + /** + * When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + */ + readonly pullImageCount: number; + /** + * List of image tags patterns to pull + */ + readonly pullImageTagPatterns?: string[]; + /** + * List of image patterns to exclude + */ + readonly pullRepoPatternsExcludeds?: string[]; + /** + * Registry scan timeout in Minutes + */ + readonly registryScanTimeout?: number; + /** + * List of scanner names + */ + readonly scannerNames: string[]; + /** + * Scanner type + */ + readonly scannerType: string; + /** + * Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). + */ + readonly type: string; + /** + * The URL, address or region of the registry + */ + readonly url: string; + /** + * The username for registry authentication. + */ + readonly username: string; + /** + * When enabled, registry events are sent to the given Aqua webhook url + */ + readonly webhooks?: outputs.GetIntegrationRegistriesWebhook[]; +} +export function getIntegrationRegistriesOutput(args: GetIntegrationRegistriesOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + return pulumi.output(args).apply((a: any) => getIntegrationRegistries(a, opts)) +} + +/** + * A collection of arguments for invoking getIntegrationRegistries. + */ +export interface GetIntegrationRegistriesOutputArgs { + /** + * Automatically clean up that don't match the pull criteria + */ + advancedSettingsCleanup?: pulumi.Input; + /** + * List of image patterns to pull always + */ + alwaysPullPatterns?: pulumi.Input[]>; + /** + * Additional condition for pulling and rescanning images, Defaults to 'none' + */ + imageCreationDateCondition?: pulumi.Input; + /** + * The last time the registry was modified in UNIX time + */ + lastupdate?: pulumi.Input; + /** + * The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + */ + name: pulumi.Input; + options?: pulumi.Input[]>; + /** + * When auto pull image enabled, sets maximum age of auto pulled images + */ + pullImageAge?: pulumi.Input; + /** + * When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + */ + pullImageCount?: pulumi.Input; + /** + * List of image tags patterns to pull + */ + pullImageTagPatterns?: pulumi.Input[]>; + /** + * List of image patterns to exclude + */ + pullRepoPatternsExcludeds?: pulumi.Input[]>; + /** + * Registry scan timeout in Minutes + */ + registryScanTimeout?: pulumi.Input; + /** + * List of scanner names + */ + scannerNames?: pulumi.Input[]>; + /** + * Scanner type + */ + scannerType?: pulumi.Input; + /** + * When enabled, registry events are sent to the given Aqua webhook url + */ + webhooks?: pulumi.Input[]>; +} diff --git a/sdk/nodejs/getIntegrationRegistry.ts b/sdk/nodejs/getIntegrationRegistry.ts index 62bf6be9..68653315 100644 --- a/sdk/nodejs/getIntegrationRegistry.ts +++ b/sdk/nodejs/getIntegrationRegistry.ts @@ -6,7 +6,9 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; +/** @deprecated aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries */ export function getIntegrationRegistry(args: GetIntegrationRegistryArgs, opts?: pulumi.InvokeOptions): Promise { + pulumi.log.warn("getIntegrationRegistry is deprecated: aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries") opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("aquasec:index/getIntegrationRegistry:getIntegrationRegistry", { @@ -31,58 +33,19 @@ export function getIntegrationRegistry(args: GetIntegrationRegistryArgs, opts?: * A collection of arguments for invoking getIntegrationRegistry. */ export interface GetIntegrationRegistryArgs { - /** - * Automatically clean up that don't match the pull criteria - */ advancedSettingsCleanup?: boolean; - /** - * List of image patterns to pull always - */ alwaysPullPatterns?: string[]; - /** - * Additional condition for pulling and rescanning images, Defaults to 'none' - */ imageCreationDateCondition?: string; - /** - * The last time the registry was modified in UNIX time - */ lastupdate?: number; - /** - * The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - */ name: string; options?: inputs.GetIntegrationRegistryOption[]; - /** - * When auto pull image enabled, sets maximum age of auto pulled images - */ pullImageAge?: string; - /** - * When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - */ pullImageCount?: number; - /** - * List of image tags patterns to pull - */ pullImageTagPatterns?: string[]; - /** - * List of image patterns to exclude - */ pullRepoPatternsExcludeds?: string[]; - /** - * Registry scan timeout in Minutes - */ registryScanTimeout?: number; - /** - * List of scanner names - */ scannerNames?: string[]; - /** - * Scanner type - */ scannerType?: string; - /** - * When enabled, registry events are sent to the given Aqua webhook url - */ webhooks?: inputs.GetIntegrationRegistryWebhook[]; } @@ -90,112 +53,38 @@ export interface GetIntegrationRegistryArgs { * A collection of values returned by getIntegrationRegistry. */ export interface GetIntegrationRegistryResult { - /** - * Automatically clean up that don't match the pull criteria - */ readonly advancedSettingsCleanup?: boolean; - /** - * List of image patterns to pull always - */ readonly alwaysPullPatterns?: string[]; - /** - * Automatically clean up images and repositories which are no longer present in the registry from Aqua console - */ readonly autoCleanup: boolean; - /** - * Whether to automatically pull images from the registry on creation and daily - */ readonly autoPull: boolean; - /** - * The interval in days to start pulling new images from the registry, Defaults to 1 - */ readonly autoPullInterval: number; - /** - * Maximum number of repositories to pull every day, defaults to 100 - */ readonly autoPullMax: number; - /** - * Whether to automatically pull and rescan images from the registry on creation and daily - */ readonly autoPullRescan: boolean; - /** - * The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 - */ readonly autoPullTime: string; - /** - * The description of the registry - */ readonly description: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; - /** - * Additional condition for pulling and rescanning images, Defaults to 'none' - */ readonly imageCreationDateCondition: string; - /** - * The last time the registry was modified in UNIX time - */ readonly lastupdate: number; - /** - * The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - */ readonly name: string; readonly options?: outputs.GetIntegrationRegistryOption[]; - /** - * The password for registry authentication - */ readonly password: string; - /** - * List of possible prefixes to image names pulled from the registry - */ readonly prefixes: string[]; - /** - * When auto pull image enabled, sets maximum age of auto pulled images - */ readonly pullImageAge: string; - /** - * When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - */ readonly pullImageCount: number; - /** - * List of image tags patterns to pull - */ readonly pullImageTagPatterns?: string[]; - /** - * List of image patterns to exclude - */ readonly pullRepoPatternsExcludeds?: string[]; - /** - * Registry scan timeout in Minutes - */ readonly registryScanTimeout?: number; - /** - * List of scanner names - */ readonly scannerNames: string[]; - /** - * Scanner type - */ readonly scannerType: string; - /** - * Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). - */ readonly type: string; - /** - * The URL, address or region of the registry - */ readonly url: string; - /** - * The username for registry authentication. - */ readonly username: string; - /** - * When enabled, registry events are sent to the given Aqua webhook url - */ readonly webhooks?: outputs.GetIntegrationRegistryWebhook[]; } +/** @deprecated aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries */ export function getIntegrationRegistryOutput(args: GetIntegrationRegistryOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getIntegrationRegistry(a, opts)) } @@ -204,57 +93,18 @@ export function getIntegrationRegistryOutput(args: GetIntegrationRegistryOutputA * A collection of arguments for invoking getIntegrationRegistry. */ export interface GetIntegrationRegistryOutputArgs { - /** - * Automatically clean up that don't match the pull criteria - */ advancedSettingsCleanup?: pulumi.Input; - /** - * List of image patterns to pull always - */ alwaysPullPatterns?: pulumi.Input[]>; - /** - * Additional condition for pulling and rescanning images, Defaults to 'none' - */ imageCreationDateCondition?: pulumi.Input; - /** - * The last time the registry was modified in UNIX time - */ lastupdate?: pulumi.Input; - /** - * The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - */ name: pulumi.Input; options?: pulumi.Input[]>; - /** - * When auto pull image enabled, sets maximum age of auto pulled images - */ pullImageAge?: pulumi.Input; - /** - * When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - */ pullImageCount?: pulumi.Input; - /** - * List of image tags patterns to pull - */ pullImageTagPatterns?: pulumi.Input[]>; - /** - * List of image patterns to exclude - */ pullRepoPatternsExcludeds?: pulumi.Input[]>; - /** - * Registry scan timeout in Minutes - */ registryScanTimeout?: pulumi.Input; - /** - * List of scanner names - */ scannerNames?: pulumi.Input[]>; - /** - * Scanner type - */ scannerType?: pulumi.Input; - /** - * When enabled, registry events are sent to the given Aqua webhook url - */ webhooks?: pulumi.Input[]>; } diff --git a/sdk/nodejs/getKubernetesAssurancePolicy.ts b/sdk/nodejs/getKubernetesAssurancePolicy.ts index b2cfa7e8..4a4ec5b8 100644 --- a/sdk/nodejs/getKubernetesAssurancePolicy.ts +++ b/sdk/nodejs/getKubernetesAssurancePolicy.ts @@ -54,7 +54,7 @@ export interface GetKubernetesAssurancePolicyResult { */ readonly blacklistedLicenses: string[]; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ readonly blacklistedLicensesEnabled: boolean; /** @@ -72,31 +72,31 @@ export interface GetKubernetesAssurancePolicyResult { readonly customChecksEnabled: boolean; readonly customSeverityEnabled: boolean; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ readonly cvesBlackListEnabled: boolean; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ readonly cvesBlackLists: string[]; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ readonly cvesWhiteListEnabled: boolean; /** - * List of cves whitelisted licenses + * List of CVEs whitelisted licenses */ readonly cvesWhiteLists: string[]; /** - * Identifier of the cvss severity. + * Identifier of the CVSS severity. */ readonly cvssSeverity: string; /** - * Indicates if the cvss severity is scanned. + * Indicates if the CVSS severity is scanned. */ readonly cvssSeverityEnabled: boolean; /** - * Indicates that policy should ignore cvss cases that do not have a known fix. + * Indicates that policy should ignore CVSS cases that do not have a known fix. */ readonly cvssSeverityExcludeNoFix: boolean; readonly description: string; @@ -104,6 +104,9 @@ export interface GetKubernetesAssurancePolicyResult { * Indicates if malware should block the image. */ readonly disallowMalware: boolean; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ readonly dockerCisEnabled: boolean; /** * Name of the container image. @@ -116,9 +119,12 @@ export interface GetKubernetesAssurancePolicyResult { readonly enforce: boolean; readonly enforceAfterDays: number; readonly enforceExcessivePermissions: boolean; + /** + * Directories to be excluded from monitoring. + */ readonly exceptionalMonitoredMalwarePaths: string[]; /** - * Indicates if cicd failures will fail the image. + * Indicates if CI/CD failures will fail the image. */ readonly failCicd: boolean; readonly forbiddenLabels: outputs.GetKubernetesAssurancePolicyForbiddenLabel[]; @@ -143,6 +149,9 @@ export interface GetKubernetesAssurancePolicyResult { * List of images. */ readonly images: string[]; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ readonly kubeCisEnabled: boolean; /** * List of kubernetes control names @@ -165,6 +174,9 @@ export interface GetKubernetesAssurancePolicyResult { * Indicates that policy should ignore cases that do not have a known fix. */ readonly maximumScoreExcludeNoFix: boolean; + /** + * Directories to be monitored. + */ readonly monitoredMalwarePaths: string[]; readonly name: string; /** @@ -176,7 +188,7 @@ export interface GetKubernetesAssurancePolicyResult { */ readonly packagesBlackListEnabled: boolean; /** - * List of backlisted images. + * List of blacklisted images. */ readonly packagesBlackLists: outputs.GetKubernetesAssurancePolicyPackagesBlackList[]; /** @@ -202,7 +214,7 @@ export interface GetKubernetesAssurancePolicyResult { */ readonly scanSensitiveData: boolean; /** - * Indicates if scanning should include scap. + * Indicates if scanning should include SCAP. */ readonly scapEnabled: boolean; /** diff --git a/sdk/nodejs/getService.ts b/sdk/nodejs/getService.ts index b4809177..6f495f39 100644 --- a/sdk/nodejs/getService.ts +++ b/sdk/nodejs/getService.ts @@ -18,9 +18,6 @@ export function getService(args: GetServiceArgs, opts?: pulumi.InvokeOptions): P * A collection of arguments for invoking getService. */ export interface GetServiceArgs { - /** - * The name of the service. It is recommended not to use whitespace characters in the name. - */ name: string; } @@ -141,8 +138,5 @@ export function getServiceOutput(args: GetServiceOutputArgs, opts?: pulumi.Invok * A collection of arguments for invoking getService. */ export interface GetServiceOutputArgs { - /** - * The name of the service. It is recommended not to use whitespace characters in the name. - */ name: pulumi.Input; } diff --git a/sdk/nodejs/hostAssurancePolicy.ts b/sdk/nodejs/hostAssurancePolicy.ts index dd75a4fc..283c34f0 100644 --- a/sdk/nodejs/hostAssurancePolicy.ts +++ b/sdk/nodejs/hostAssurancePolicy.ts @@ -6,6 +6,13 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; +/** + * Host Assurance is a subsystem of Aqua. It is responsible for: + * Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. + * Evaluates scan findings according to defined Host Assurance Policies. + * Determines host compliance based on these policies. + * Generates an audit event for host assurance failure. + */ export class HostAssurancePolicy extends pulumi.CustomResource { /** * Get an existing HostAssurancePolicy resource's state with the given name, ID, and optional extra @@ -34,11 +41,19 @@ export class HostAssurancePolicy extends pulumi.CustomResource { return obj['__pulumiType'] === HostAssurancePolicy.__pulumiType; } + /** + * Aggregated vulnerability information. + */ + public readonly aggregatedVulnerability!: pulumi.Output<{[key: string]: string} | undefined>; /** * List of explicitly allowed images. */ public readonly allowedImages!: pulumi.Output; public readonly applicationScopes!: pulumi.Output; + /** + * What type of assurance policy is described. + */ + public readonly assuranceType!: pulumi.Output; /** * Indicates if auditing for failures. */ @@ -46,7 +61,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { /** * Name of user account that created the policy. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly author!: pulumi.Output; public readonly autoScanConfigured!: pulumi.Output; public readonly autoScanEnabled!: pulumi.Output; public readonly autoScanTimes!: pulumi.Output; @@ -63,7 +78,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { */ public readonly blacklistedLicenses!: pulumi.Output; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ public readonly blacklistedLicensesEnabled!: pulumi.Output; /** @@ -79,17 +94,18 @@ export class HostAssurancePolicy extends pulumi.CustomResource { * Indicates if scanning should include custom checks. */ public readonly customChecksEnabled!: pulumi.Output; + public readonly customSeverity!: pulumi.Output; public readonly customSeverityEnabled!: pulumi.Output; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ public readonly cvesBlackListEnabled!: pulumi.Output; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ public readonly cvesBlackLists!: pulumi.Output; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ public readonly cvesWhiteListEnabled!: pulumi.Output; /** @@ -109,10 +125,14 @@ export class HostAssurancePolicy extends pulumi.CustomResource { */ public readonly cvssSeverityExcludeNoFix!: pulumi.Output; public readonly description!: pulumi.Output; + public readonly disallowExploitTypes!: pulumi.Output; /** * Indicates if malware should block the image. */ public readonly disallowMalware!: pulumi.Output; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ public readonly dockerCisEnabled!: pulumi.Output; /** * Name of the container image. @@ -126,6 +146,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { public readonly enforceAfterDays!: pulumi.Output; public readonly enforceExcessivePermissions!: pulumi.Output; public readonly exceptionalMonitoredMalwarePaths!: pulumi.Output; + public readonly excludeApplicationScopes!: pulumi.Output; /** * Indicates if cicd failures will fail the image. */ @@ -134,8 +155,9 @@ export class HostAssurancePolicy extends pulumi.CustomResource { public readonly forbiddenLabelsEnabled!: pulumi.Output; public readonly forceMicroenforcer!: pulumi.Output; public readonly functionIntegrityEnabled!: pulumi.Output; + public readonly ignoreBaseImageVln!: pulumi.Output; public readonly ignoreRecentlyPublishedVln!: pulumi.Output; - public /*out*/ readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; + public readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; /** * Indicates if risk resources are ignored. */ @@ -144,15 +166,24 @@ export class HostAssurancePolicy extends pulumi.CustomResource { * List of ignored risk resources. */ public readonly ignoredRiskResources!: pulumi.Output; + public readonly ignoredSensitiveResources!: pulumi.Output; /** * List of images. */ public readonly images!: pulumi.Output; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ public readonly kubeCisEnabled!: pulumi.Output; + public readonly kubernetesControls!: pulumi.Output; + public readonly kubernetesControlsAvdIds!: pulumi.Output; + public readonly kubernetesControlsNames!: pulumi.Output; /** * List of labels. */ public readonly labels!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + public readonly linuxCisEnabled!: pulumi.Output; public readonly malwareAction!: pulumi.Output; /** * Value of allowed maximum score. @@ -172,12 +203,13 @@ export class HostAssurancePolicy extends pulumi.CustomResource { * Indicates if raise a warning for images that should only be run as root. */ public readonly onlyNoneRootUsers!: pulumi.Output; + public readonly openshiftHardeningEnabled!: pulumi.Output; /** * Indicates if packages blacklist is relevant. */ public readonly packagesBlackListEnabled!: pulumi.Output; /** - * List of backlisted images. + * List of blacklisted images. */ public readonly packagesBlackLists!: pulumi.Output; /** @@ -189,6 +221,8 @@ export class HostAssurancePolicy extends pulumi.CustomResource { */ public readonly packagesWhiteLists!: pulumi.Output; public readonly partialResultsImageFail!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly policySettings!: pulumi.Output; public readonly readOnly!: pulumi.Output; /** * List of registries. @@ -197,11 +231,14 @@ export class HostAssurancePolicy extends pulumi.CustomResource { public readonly registry!: pulumi.Output; public readonly requiredLabels!: pulumi.Output; public readonly requiredLabelsEnabled!: pulumi.Output; + public readonly scanMalwareInArchives!: pulumi.Output; public readonly scanNfsMounts!: pulumi.Output; + public readonly scanProcessMemory!: pulumi.Output; /** * Indicates if scan should include sensitive data in the image. */ public readonly scanSensitiveData!: pulumi.Output; + public readonly scanWindowsRegistry!: pulumi.Output; /** * Indicates if scanning should include scap. */ @@ -219,6 +256,8 @@ export class HostAssurancePolicy extends pulumi.CustomResource { * Indicates if list of trusted base images is relevant. */ public readonly trustedBaseImagesEnabled!: pulumi.Output; + public readonly vulnerabilityExploitability!: pulumi.Output; + public readonly vulnerabilityScoreRanges!: pulumi.Output; /** * List of whitelisted licenses. */ @@ -227,6 +266,10 @@ export class HostAssurancePolicy extends pulumi.CustomResource { * Indicates if license blacklist is relevant. */ public readonly whitelistedLicensesEnabled!: pulumi.Output; + /** + * Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + */ + public readonly windowsCisEnabled!: pulumi.Output; /** * Create a HostAssurancePolicy resource with the given unique name, arguments, and options. @@ -241,8 +284,10 @@ export class HostAssurancePolicy extends pulumi.CustomResource { opts = opts || {}; if (opts.id) { const state = argsOrState as HostAssurancePolicyState | undefined; + resourceInputs["aggregatedVulnerability"] = state ? state.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = state ? state.allowedImages : undefined; resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; + resourceInputs["assuranceType"] = state ? state.assuranceType : undefined; resourceInputs["auditOnFailure"] = state ? state.auditOnFailure : undefined; resourceInputs["author"] = state ? state.author : undefined; resourceInputs["autoScanConfigured"] = state ? state.autoScanConfigured : undefined; @@ -256,6 +301,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = state ? state.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = state ? state.customChecks : undefined; resourceInputs["customChecksEnabled"] = state ? state.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = state ? state.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = state ? state.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = state ? state.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = state ? state.cvesBlackLists : undefined; @@ -265,6 +311,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = state ? state.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = state ? state.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["disallowExploitTypes"] = state ? state.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = state ? state.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = state ? state.dockerCisEnabled : undefined; resourceInputs["domain"] = state ? state.domain : undefined; @@ -276,18 +323,26 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = state ? state.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = state ? state.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; resourceInputs["failCicd"] = state ? state.failCicd : undefined; resourceInputs["forbiddenLabels"] = state ? state.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = state ? state.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = state ? state.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = state ? state.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = state ? state.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = state ? state.ignoreRecentlyPublishedVln : undefined; resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = state ? state.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = state ? state.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = state ? state.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = state ? state.ignoredSensitiveResources : undefined; resourceInputs["images"] = state ? state.images : undefined; resourceInputs["kubeCisEnabled"] = state ? state.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = state ? state.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = state ? state.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = state ? state.kubernetesControlsNames : undefined; resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = state ? state.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = state ? state.malwareAction : undefined; resourceInputs["maximumScore"] = state ? state.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = state ? state.maximumScoreEnabled : undefined; @@ -295,33 +350,45 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = state ? state.monitoredMalwarePaths : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["onlyNoneRootUsers"] = state ? state.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = state ? state.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = state ? state.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = state ? state.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = state ? state.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = state ? state.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = state ? state.partialResultsImageFail : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["policySettings"] = state ? state.policySettings : undefined; resourceInputs["readOnly"] = state ? state.readOnly : undefined; resourceInputs["registries"] = state ? state.registries : undefined; resourceInputs["registry"] = state ? state.registry : undefined; resourceInputs["requiredLabels"] = state ? state.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = state ? state.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = state ? state.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = state ? state.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = state ? state.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = state ? state.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = state ? state.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = state ? state.scapEnabled : undefined; resourceInputs["scapFiles"] = state ? state.scapFiles : undefined; resourceInputs["scopes"] = state ? state.scopes : undefined; resourceInputs["trustedBaseImages"] = state ? state.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = state ? state.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = state ? state.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = state ? state.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = state ? state.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = state ? state.whitelistedLicensesEnabled : undefined; + resourceInputs["windowsCisEnabled"] = state ? state.windowsCisEnabled : undefined; } else { const args = argsOrState as HostAssurancePolicyArgs | undefined; if ((!args || args.applicationScopes === undefined) && !opts.urn) { throw new Error("Missing required property 'applicationScopes'"); } + resourceInputs["aggregatedVulnerability"] = args ? args.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = args ? args.allowedImages : undefined; resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; + resourceInputs["assuranceType"] = args ? args.assuranceType : undefined; resourceInputs["auditOnFailure"] = args ? args.auditOnFailure : undefined; + resourceInputs["author"] = args ? args.author : undefined; resourceInputs["autoScanConfigured"] = args ? args.autoScanConfigured : undefined; resourceInputs["autoScanEnabled"] = args ? args.autoScanEnabled : undefined; resourceInputs["autoScanTimes"] = args ? args.autoScanTimes : undefined; @@ -333,6 +400,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = args ? args.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = args ? args.customChecks : undefined; resourceInputs["customChecksEnabled"] = args ? args.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = args ? args.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = args ? args.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = args ? args.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = args ? args.cvesBlackLists : undefined; @@ -342,6 +410,7 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = args ? args.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = args ? args.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["disallowExploitTypes"] = args ? args.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = args ? args.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = args ? args.dockerCisEnabled : undefined; resourceInputs["domain"] = args ? args.domain : undefined; @@ -353,17 +422,26 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = args ? args.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = args ? args.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; resourceInputs["failCicd"] = args ? args.failCicd : undefined; resourceInputs["forbiddenLabels"] = args ? args.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = args ? args.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = args ? args.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = args ? args.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = args ? args.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = args ? args.ignoreRecentlyPublishedVln : undefined; + resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = args ? args.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = args ? args.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = args ? args.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = args ? args.ignoredSensitiveResources : undefined; resourceInputs["images"] = args ? args.images : undefined; resourceInputs["kubeCisEnabled"] = args ? args.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = args ? args.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = args ? args.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = args ? args.kubernetesControlsNames : undefined; resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = args ? args.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = args ? args.malwareAction : undefined; resourceInputs["maximumScore"] = args ? args.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = args ? args.maximumScoreEnabled : undefined; @@ -371,27 +449,34 @@ export class HostAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = args ? args.monitoredMalwarePaths : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["onlyNoneRootUsers"] = args ? args.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = args ? args.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = args ? args.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = args ? args.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = args ? args.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = args ? args.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = args ? args.partialResultsImageFail : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["policySettings"] = args ? args.policySettings : undefined; resourceInputs["readOnly"] = args ? args.readOnly : undefined; resourceInputs["registries"] = args ? args.registries : undefined; resourceInputs["registry"] = args ? args.registry : undefined; resourceInputs["requiredLabels"] = args ? args.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = args ? args.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = args ? args.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = args ? args.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = args ? args.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = args ? args.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = args ? args.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = args ? args.scapEnabled : undefined; resourceInputs["scapFiles"] = args ? args.scapFiles : undefined; resourceInputs["scopes"] = args ? args.scopes : undefined; resourceInputs["trustedBaseImages"] = args ? args.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = args ? args.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = args ? args.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = args ? args.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = args ? args.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = args ? args.whitelistedLicensesEnabled : undefined; - resourceInputs["author"] = undefined /*out*/; - resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = undefined /*out*/; + resourceInputs["windowsCisEnabled"] = args ? args.windowsCisEnabled : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(HostAssurancePolicy.__pulumiType, name, resourceInputs, opts); @@ -402,11 +487,19 @@ export class HostAssurancePolicy extends pulumi.CustomResource { * Input properties used for looking up and filtering HostAssurancePolicy resources. */ export interface HostAssurancePolicyState { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes?: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ @@ -431,7 +524,7 @@ export interface HostAssurancePolicyState { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -447,17 +540,18 @@ export interface HostAssurancePolicyState { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ cvesBlackLists?: pulumi.Input[]>; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ cvesWhiteListEnabled?: pulumi.Input; /** @@ -477,10 +571,14 @@ export interface HostAssurancePolicyState { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -494,6 +592,7 @@ export interface HostAssurancePolicyState { enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** * Indicates if cicd failures will fail the image. */ @@ -502,6 +601,7 @@ export interface HostAssurancePolicyState { forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** @@ -512,15 +612,24 @@ export interface HostAssurancePolicyState { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; /** * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -540,12 +649,13 @@ export interface HostAssurancePolicyState { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -557,6 +667,8 @@ export interface HostAssurancePolicyState { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -565,11 +677,14 @@ export interface HostAssurancePolicyState { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -587,6 +702,8 @@ export interface HostAssurancePolicyState { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ @@ -595,21 +712,37 @@ export interface HostAssurancePolicyState { * Indicates if license blacklist is relevant. */ whitelistedLicensesEnabled?: pulumi.Input; + /** + * Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + */ + windowsCisEnabled?: pulumi.Input; } /** * The set of arguments for constructing a HostAssurancePolicy resource. */ export interface HostAssurancePolicyArgs { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ auditOnFailure?: pulumi.Input; + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; autoScanConfigured?: pulumi.Input; autoScanEnabled?: pulumi.Input; autoScanTimes?: pulumi.Input[]>; @@ -626,7 +759,7 @@ export interface HostAssurancePolicyArgs { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -642,17 +775,18 @@ export interface HostAssurancePolicyArgs { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ cvesBlackLists?: pulumi.Input[]>; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ cvesWhiteListEnabled?: pulumi.Input; /** @@ -672,10 +806,14 @@ export interface HostAssurancePolicyArgs { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -689,6 +827,7 @@ export interface HostAssurancePolicyArgs { enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** * Indicates if cicd failures will fail the image. */ @@ -697,7 +836,9 @@ export interface HostAssurancePolicyArgs { forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; + ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** * Indicates if risk resources are ignored. */ @@ -706,15 +847,24 @@ export interface HostAssurancePolicyArgs { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; /** * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -734,12 +884,13 @@ export interface HostAssurancePolicyArgs { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -751,6 +902,8 @@ export interface HostAssurancePolicyArgs { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -759,11 +912,14 @@ export interface HostAssurancePolicyArgs { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -781,6 +937,8 @@ export interface HostAssurancePolicyArgs { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ @@ -789,4 +947,8 @@ export interface HostAssurancePolicyArgs { * Indicates if license blacklist is relevant. */ whitelistedLicensesEnabled?: pulumi.Input; + /** + * Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + */ + windowsCisEnabled?: pulumi.Input; } diff --git a/sdk/nodejs/hostRuntimePolicy.ts b/sdk/nodejs/hostRuntimePolicy.ts index 011e8d19..9fc6d89e 100644 --- a/sdk/nodejs/hostRuntimePolicy.ts +++ b/sdk/nodejs/hostRuntimePolicy.ts @@ -6,84 +6,6 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; -/** - * ## Example Usage - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as aquasec from "@pulumiverse/aquasec"; - * - * const hostRuntimePolicy = new aquasec.HostRuntimePolicy("hostRuntimePolicy", { - * applicationScopes: ["Global"], - * auditAllOsUserActivity: true, - * auditBruteForceLogin: true, - * auditFullCommandArguments: true, - * auditHostFailedLoginEvents: true, - * auditHostSuccessfulLoginEvents: true, - * auditUserAccountManagement: true, - * blockCryptocurrencyMining: true, - * blockedFiles: ["blocked"], - * description: "host_runtime_policy", - * enableIpReputationSecurity: true, - * enabled: true, - * enforce: false, - * fileIntegrityMonitoring: { - * excludedPaths: ["expaths"], - * excludedProcesses: ["exprocess"], - * excludedUsers: ["expuser"], - * monitorAttributes: true, - * monitorCreate: true, - * monitorDelete: true, - * monitorModify: true, - * monitorRead: true, - * monitoredPaths: ["paths"], - * monitoredProcesses: ["process"], - * monitoredUsers: ["user"], - * }, - * monitorSystemLogIntegrity: true, - * monitorSystemTimeChanges: true, - * monitorWindowsServices: true, - * osGroupsAlloweds: ["group1"], - * osGroupsBlockeds: ["group2"], - * osUsersAlloweds: ["user1"], - * osUsersBlockeds: ["user2"], - * packageBlocks: ["package1"], - * portScanningDetection: true, - * scopeVariables: [ - * { - * attribute: "kubernetes.cluster", - * value: "default", - * }, - * { - * attribute: "kubernetes.label", - * name: "app", - * value: "aqua", - * }, - * ], - * windowsRegistryMonitoring: { - * excludedPaths: ["expaths"], - * excludedProcesses: ["exprocess"], - * excludedUsers: ["expuser"], - * monitorAttributes: true, - * monitorCreate: true, - * monitorDelete: true, - * monitorModify: true, - * monitorRead: true, - * monitoredPaths: ["paths"], - * monitoredProcesses: ["process"], - * monitoredUsers: ["user"], - * }, - * windowsRegistryProtection: { - * excludedPaths: ["expaths"], - * excludedProcesses: ["exprocess"], - * excludedUsers: ["expuser"], - * protectedPaths: ["paths"], - * protectedProcesses: ["process"], - * protectedUsers: ["user"], - * }, - * }); - * ``` - */ export class HostRuntimePolicy extends pulumi.CustomResource { /** * Get an existing HostRuntimePolicy resource's state with the given name, ID, and optional extra @@ -113,13 +35,17 @@ export class HostRuntimePolicy extends pulumi.CustomResource { } /** - * Indicates the application scope of the service. + * Allowed executables configuration. */ - public readonly applicationScopes!: pulumi.Output; + public readonly allowedExecutables!: pulumi.Output; /** - * If true, all process activity will be audited. + * List of allowed registries. */ - public readonly auditAllOsUserActivity!: pulumi.Output; + public readonly allowedRegistries!: pulumi.Output; + /** + * Indicates the application scope of the service. + */ + public readonly applicationScopes!: pulumi.Output; /** * Detects brute force login attempts */ @@ -140,28 +66,48 @@ export class HostRuntimePolicy extends pulumi.CustomResource { * If true, account management will be audited. */ public readonly auditUserAccountManagement!: pulumi.Output; + public readonly auditing!: pulumi.Output; /** * Username of the account that created the service. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly author!: pulumi.Output; + public readonly blacklistedOsUsers!: pulumi.Output; + public readonly blockContainerExec!: pulumi.Output; /** * Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining */ public readonly blockCryptocurrencyMining!: pulumi.Output; + public readonly blockDisallowedImages!: pulumi.Output; + public readonly blockFilelessExec!: pulumi.Output; + public readonly blockNonCompliantWorkloads!: pulumi.Output; + public readonly blockNonK8sContainers!: pulumi.Output; /** * List of files that are prevented from being read, modified and executed in the containers. */ public readonly blockedFiles!: pulumi.Output; + /** + * Bypass scope configuration. + */ + public readonly bypassScopes!: pulumi.Output; + public readonly containerExec!: pulumi.Output; + public readonly created!: pulumi.Output; + public readonly cve!: pulumi.Output; + public readonly defaultSecurityProfile!: pulumi.Output; /** * The description of the host runtime policy */ public readonly description!: pulumi.Output; + public readonly digest!: pulumi.Output; /** - * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + * Drift prevention configuration. */ - public readonly enableIpReputationSecurity!: pulumi.Output; + public readonly driftPreventions!: pulumi.Output; + public readonly enableCryptoMiningDns!: pulumi.Output; + public readonly enableForkGuard!: pulumi.Output; + public readonly enableIpReputation!: pulumi.Output; + public readonly enablePortScanProtection!: pulumi.Output; /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ public readonly enabled!: pulumi.Output; /** @@ -172,14 +118,36 @@ export class HostRuntimePolicy extends pulumi.CustomResource { * Indicates the number of days after which the runtime policy will be changed to enforce mode. */ public readonly enforceAfterDays!: pulumi.Output; + public readonly enforceSchedulerAddedOn!: pulumi.Output; + /** + * List of excluded application scopes. + */ + public readonly excludeApplicationScopes!: pulumi.Output; + /** + * Executable blacklist configuration. + */ + public readonly executableBlacklists!: pulumi.Output; + public readonly failedKubernetesChecks!: pulumi.Output; + public readonly fileBlock!: pulumi.Output; /** * Configuration for file integrity monitoring. */ - public readonly fileIntegrityMonitoring!: pulumi.Output; + public readonly fileIntegrityMonitoring!: pulumi.Output; + public readonly forkGuardProcessLimit!: pulumi.Output; + public readonly imageName!: pulumi.Output; + public readonly isAuditChecked!: pulumi.Output; + public readonly isAutoGenerated!: pulumi.Output; + public readonly isOotbPolicy!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + /** + * Container privileges configuration. + */ + public readonly limitContainerPrivileges!: pulumi.Output; + public readonly linuxCapabilities!: pulumi.Output; /** * Configuration for Real-Time Malware Protection. */ - public readonly malwareScanOptions!: pulumi.Output; + public readonly malwareScanOptions!: pulumi.Output; /** * If true, system log will be monitored. */ @@ -193,9 +161,11 @@ export class HostRuntimePolicy extends pulumi.CustomResource { */ public readonly monitorWindowsServices!: pulumi.Output; /** - * Name of the host runtime policy + * Name assigned to the attribute. */ public readonly name!: pulumi.Output; + public readonly noNewPrivileges!: pulumi.Output; + public readonly onlyRegisteredImages!: pulumi.Output; /** * List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. */ @@ -212,14 +182,23 @@ export class HostRuntimePolicy extends pulumi.CustomResource { * List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. */ public readonly osUsersBlockeds!: pulumi.Output; - /** - * List of packages that are not allowed read, write or execute all files that under the packages. - */ - public readonly packageBlocks!: pulumi.Output; - /** - * If true, port scanning behaviors will be audited. - */ - public readonly portScanningDetection!: pulumi.Output; + public readonly packageBlocks!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly portBlock!: pulumi.Output; + public readonly readonlyFiles!: pulumi.Output; + public readonly readonlyRegistry!: pulumi.Output; + public readonly registry!: pulumi.Output; + public readonly registryAccessMonitoring!: pulumi.Output; + public readonly repoName!: pulumi.Output; + public readonly resourceName!: pulumi.Output; + public readonly resourceType!: pulumi.Output; + /** + * Restricted volumes configuration. + */ + public readonly restrictedVolumes!: pulumi.Output; + public readonly reverseShell!: pulumi.Output; + public readonly runtimeMode!: pulumi.Output; + public readonly runtimeType!: pulumi.Output; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -229,13 +208,16 @@ export class HostRuntimePolicy extends pulumi.CustomResource { */ public readonly scopeVariables!: pulumi.Output; /** - * Configuration for windows registry monitoring. - */ - public readonly windowsRegistryMonitoring!: pulumi.Output; - /** - * Configuration for windows registry protection. + * Scope configuration. */ - public readonly windowsRegistryProtection!: pulumi.Output; + public readonly scopes!: pulumi.Output; + public readonly systemIntegrityProtection!: pulumi.Output; + public readonly tripwire!: pulumi.Output; + public readonly type!: pulumi.Output; + public readonly updated!: pulumi.Output; + public readonly version!: pulumi.Output; + public readonly vpatchVersion!: pulumi.Output; + public readonly whitelistedOsUsers!: pulumi.Output; /** * Create a HostRuntimePolicy resource with the given unique name, arguments, and options. @@ -250,70 +232,172 @@ export class HostRuntimePolicy extends pulumi.CustomResource { opts = opts || {}; if (opts.id) { const state = argsOrState as HostRuntimePolicyState | undefined; + resourceInputs["allowedExecutables"] = state ? state.allowedExecutables : undefined; + resourceInputs["allowedRegistries"] = state ? state.allowedRegistries : undefined; resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; - resourceInputs["auditAllOsUserActivity"] = state ? state.auditAllOsUserActivity : undefined; resourceInputs["auditBruteForceLogin"] = state ? state.auditBruteForceLogin : undefined; resourceInputs["auditFullCommandArguments"] = state ? state.auditFullCommandArguments : undefined; resourceInputs["auditHostFailedLoginEvents"] = state ? state.auditHostFailedLoginEvents : undefined; resourceInputs["auditHostSuccessfulLoginEvents"] = state ? state.auditHostSuccessfulLoginEvents : undefined; resourceInputs["auditUserAccountManagement"] = state ? state.auditUserAccountManagement : undefined; + resourceInputs["auditing"] = state ? state.auditing : undefined; resourceInputs["author"] = state ? state.author : undefined; + resourceInputs["blacklistedOsUsers"] = state ? state.blacklistedOsUsers : undefined; + resourceInputs["blockContainerExec"] = state ? state.blockContainerExec : undefined; resourceInputs["blockCryptocurrencyMining"] = state ? state.blockCryptocurrencyMining : undefined; + resourceInputs["blockDisallowedImages"] = state ? state.blockDisallowedImages : undefined; + resourceInputs["blockFilelessExec"] = state ? state.blockFilelessExec : undefined; + resourceInputs["blockNonCompliantWorkloads"] = state ? state.blockNonCompliantWorkloads : undefined; + resourceInputs["blockNonK8sContainers"] = state ? state.blockNonK8sContainers : undefined; resourceInputs["blockedFiles"] = state ? state.blockedFiles : undefined; + resourceInputs["bypassScopes"] = state ? state.bypassScopes : undefined; + resourceInputs["containerExec"] = state ? state.containerExec : undefined; + resourceInputs["created"] = state ? state.created : undefined; + resourceInputs["cve"] = state ? state.cve : undefined; + resourceInputs["defaultSecurityProfile"] = state ? state.defaultSecurityProfile : undefined; resourceInputs["description"] = state ? state.description : undefined; - resourceInputs["enableIpReputationSecurity"] = state ? state.enableIpReputationSecurity : undefined; + resourceInputs["digest"] = state ? state.digest : undefined; + resourceInputs["driftPreventions"] = state ? state.driftPreventions : undefined; + resourceInputs["enableCryptoMiningDns"] = state ? state.enableCryptoMiningDns : undefined; + resourceInputs["enableForkGuard"] = state ? state.enableForkGuard : undefined; + resourceInputs["enableIpReputation"] = state ? state.enableIpReputation : undefined; + resourceInputs["enablePortScanProtection"] = state ? state.enablePortScanProtection : undefined; resourceInputs["enabled"] = state ? state.enabled : undefined; resourceInputs["enforce"] = state ? state.enforce : undefined; resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; + resourceInputs["enforceSchedulerAddedOn"] = state ? state.enforceSchedulerAddedOn : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; + resourceInputs["executableBlacklists"] = state ? state.executableBlacklists : undefined; + resourceInputs["failedKubernetesChecks"] = state ? state.failedKubernetesChecks : undefined; + resourceInputs["fileBlock"] = state ? state.fileBlock : undefined; resourceInputs["fileIntegrityMonitoring"] = state ? state.fileIntegrityMonitoring : undefined; + resourceInputs["forkGuardProcessLimit"] = state ? state.forkGuardProcessLimit : undefined; + resourceInputs["imageName"] = state ? state.imageName : undefined; + resourceInputs["isAuditChecked"] = state ? state.isAuditChecked : undefined; + resourceInputs["isAutoGenerated"] = state ? state.isAutoGenerated : undefined; + resourceInputs["isOotbPolicy"] = state ? state.isOotbPolicy : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["limitContainerPrivileges"] = state ? state.limitContainerPrivileges : undefined; + resourceInputs["linuxCapabilities"] = state ? state.linuxCapabilities : undefined; resourceInputs["malwareScanOptions"] = state ? state.malwareScanOptions : undefined; resourceInputs["monitorSystemLogIntegrity"] = state ? state.monitorSystemLogIntegrity : undefined; resourceInputs["monitorSystemTimeChanges"] = state ? state.monitorSystemTimeChanges : undefined; resourceInputs["monitorWindowsServices"] = state ? state.monitorWindowsServices : undefined; resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["noNewPrivileges"] = state ? state.noNewPrivileges : undefined; + resourceInputs["onlyRegisteredImages"] = state ? state.onlyRegisteredImages : undefined; resourceInputs["osGroupsAlloweds"] = state ? state.osGroupsAlloweds : undefined; resourceInputs["osGroupsBlockeds"] = state ? state.osGroupsBlockeds : undefined; resourceInputs["osUsersAlloweds"] = state ? state.osUsersAlloweds : undefined; resourceInputs["osUsersBlockeds"] = state ? state.osUsersBlockeds : undefined; resourceInputs["packageBlocks"] = state ? state.packageBlocks : undefined; - resourceInputs["portScanningDetection"] = state ? state.portScanningDetection : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["portBlock"] = state ? state.portBlock : undefined; + resourceInputs["readonlyFiles"] = state ? state.readonlyFiles : undefined; + resourceInputs["readonlyRegistry"] = state ? state.readonlyRegistry : undefined; + resourceInputs["registry"] = state ? state.registry : undefined; + resourceInputs["registryAccessMonitoring"] = state ? state.registryAccessMonitoring : undefined; + resourceInputs["repoName"] = state ? state.repoName : undefined; + resourceInputs["resourceName"] = state ? state.resourceName : undefined; + resourceInputs["resourceType"] = state ? state.resourceType : undefined; + resourceInputs["restrictedVolumes"] = state ? state.restrictedVolumes : undefined; + resourceInputs["reverseShell"] = state ? state.reverseShell : undefined; + resourceInputs["runtimeMode"] = state ? state.runtimeMode : undefined; + resourceInputs["runtimeType"] = state ? state.runtimeType : undefined; resourceInputs["scopeExpression"] = state ? state.scopeExpression : undefined; resourceInputs["scopeVariables"] = state ? state.scopeVariables : undefined; - resourceInputs["windowsRegistryMonitoring"] = state ? state.windowsRegistryMonitoring : undefined; - resourceInputs["windowsRegistryProtection"] = state ? state.windowsRegistryProtection : undefined; + resourceInputs["scopes"] = state ? state.scopes : undefined; + resourceInputs["systemIntegrityProtection"] = state ? state.systemIntegrityProtection : undefined; + resourceInputs["tripwire"] = state ? state.tripwire : undefined; + resourceInputs["type"] = state ? state.type : undefined; + resourceInputs["updated"] = state ? state.updated : undefined; + resourceInputs["version"] = state ? state.version : undefined; + resourceInputs["vpatchVersion"] = state ? state.vpatchVersion : undefined; + resourceInputs["whitelistedOsUsers"] = state ? state.whitelistedOsUsers : undefined; } else { const args = argsOrState as HostRuntimePolicyArgs | undefined; + resourceInputs["allowedExecutables"] = args ? args.allowedExecutables : undefined; + resourceInputs["allowedRegistries"] = args ? args.allowedRegistries : undefined; resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; - resourceInputs["auditAllOsUserActivity"] = args ? args.auditAllOsUserActivity : undefined; resourceInputs["auditBruteForceLogin"] = args ? args.auditBruteForceLogin : undefined; resourceInputs["auditFullCommandArguments"] = args ? args.auditFullCommandArguments : undefined; resourceInputs["auditHostFailedLoginEvents"] = args ? args.auditHostFailedLoginEvents : undefined; resourceInputs["auditHostSuccessfulLoginEvents"] = args ? args.auditHostSuccessfulLoginEvents : undefined; resourceInputs["auditUserAccountManagement"] = args ? args.auditUserAccountManagement : undefined; + resourceInputs["auditing"] = args ? args.auditing : undefined; + resourceInputs["author"] = args ? args.author : undefined; + resourceInputs["blacklistedOsUsers"] = args ? args.blacklistedOsUsers : undefined; + resourceInputs["blockContainerExec"] = args ? args.blockContainerExec : undefined; resourceInputs["blockCryptocurrencyMining"] = args ? args.blockCryptocurrencyMining : undefined; + resourceInputs["blockDisallowedImages"] = args ? args.blockDisallowedImages : undefined; + resourceInputs["blockFilelessExec"] = args ? args.blockFilelessExec : undefined; + resourceInputs["blockNonCompliantWorkloads"] = args ? args.blockNonCompliantWorkloads : undefined; + resourceInputs["blockNonK8sContainers"] = args ? args.blockNonK8sContainers : undefined; resourceInputs["blockedFiles"] = args ? args.blockedFiles : undefined; + resourceInputs["bypassScopes"] = args ? args.bypassScopes : undefined; + resourceInputs["containerExec"] = args ? args.containerExec : undefined; + resourceInputs["created"] = args ? args.created : undefined; + resourceInputs["cve"] = args ? args.cve : undefined; + resourceInputs["defaultSecurityProfile"] = args ? args.defaultSecurityProfile : undefined; resourceInputs["description"] = args ? args.description : undefined; - resourceInputs["enableIpReputationSecurity"] = args ? args.enableIpReputationSecurity : undefined; + resourceInputs["digest"] = args ? args.digest : undefined; + resourceInputs["driftPreventions"] = args ? args.driftPreventions : undefined; + resourceInputs["enableCryptoMiningDns"] = args ? args.enableCryptoMiningDns : undefined; + resourceInputs["enableForkGuard"] = args ? args.enableForkGuard : undefined; + resourceInputs["enableIpReputation"] = args ? args.enableIpReputation : undefined; + resourceInputs["enablePortScanProtection"] = args ? args.enablePortScanProtection : undefined; resourceInputs["enabled"] = args ? args.enabled : undefined; resourceInputs["enforce"] = args ? args.enforce : undefined; resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; + resourceInputs["enforceSchedulerAddedOn"] = args ? args.enforceSchedulerAddedOn : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; + resourceInputs["executableBlacklists"] = args ? args.executableBlacklists : undefined; + resourceInputs["failedKubernetesChecks"] = args ? args.failedKubernetesChecks : undefined; + resourceInputs["fileBlock"] = args ? args.fileBlock : undefined; resourceInputs["fileIntegrityMonitoring"] = args ? args.fileIntegrityMonitoring : undefined; + resourceInputs["forkGuardProcessLimit"] = args ? args.forkGuardProcessLimit : undefined; + resourceInputs["imageName"] = args ? args.imageName : undefined; + resourceInputs["isAuditChecked"] = args ? args.isAuditChecked : undefined; + resourceInputs["isAutoGenerated"] = args ? args.isAutoGenerated : undefined; + resourceInputs["isOotbPolicy"] = args ? args.isOotbPolicy : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["limitContainerPrivileges"] = args ? args.limitContainerPrivileges : undefined; + resourceInputs["linuxCapabilities"] = args ? args.linuxCapabilities : undefined; resourceInputs["malwareScanOptions"] = args ? args.malwareScanOptions : undefined; resourceInputs["monitorSystemLogIntegrity"] = args ? args.monitorSystemLogIntegrity : undefined; resourceInputs["monitorSystemTimeChanges"] = args ? args.monitorSystemTimeChanges : undefined; resourceInputs["monitorWindowsServices"] = args ? args.monitorWindowsServices : undefined; resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["noNewPrivileges"] = args ? args.noNewPrivileges : undefined; + resourceInputs["onlyRegisteredImages"] = args ? args.onlyRegisteredImages : undefined; resourceInputs["osGroupsAlloweds"] = args ? args.osGroupsAlloweds : undefined; resourceInputs["osGroupsBlockeds"] = args ? args.osGroupsBlockeds : undefined; resourceInputs["osUsersAlloweds"] = args ? args.osUsersAlloweds : undefined; resourceInputs["osUsersBlockeds"] = args ? args.osUsersBlockeds : undefined; resourceInputs["packageBlocks"] = args ? args.packageBlocks : undefined; - resourceInputs["portScanningDetection"] = args ? args.portScanningDetection : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["portBlock"] = args ? args.portBlock : undefined; + resourceInputs["readonlyFiles"] = args ? args.readonlyFiles : undefined; + resourceInputs["readonlyRegistry"] = args ? args.readonlyRegistry : undefined; + resourceInputs["registry"] = args ? args.registry : undefined; + resourceInputs["registryAccessMonitoring"] = args ? args.registryAccessMonitoring : undefined; + resourceInputs["repoName"] = args ? args.repoName : undefined; + resourceInputs["resourceName"] = args ? args.resourceName : undefined; + resourceInputs["resourceType"] = args ? args.resourceType : undefined; + resourceInputs["restrictedVolumes"] = args ? args.restrictedVolumes : undefined; + resourceInputs["reverseShell"] = args ? args.reverseShell : undefined; + resourceInputs["runtimeMode"] = args ? args.runtimeMode : undefined; + resourceInputs["runtimeType"] = args ? args.runtimeType : undefined; resourceInputs["scopeExpression"] = args ? args.scopeExpression : undefined; resourceInputs["scopeVariables"] = args ? args.scopeVariables : undefined; - resourceInputs["windowsRegistryMonitoring"] = args ? args.windowsRegistryMonitoring : undefined; - resourceInputs["windowsRegistryProtection"] = args ? args.windowsRegistryProtection : undefined; - resourceInputs["author"] = undefined /*out*/; + resourceInputs["scopes"] = args ? args.scopes : undefined; + resourceInputs["systemIntegrityProtection"] = args ? args.systemIntegrityProtection : undefined; + resourceInputs["tripwire"] = args ? args.tripwire : undefined; + resourceInputs["type"] = args ? args.type : undefined; + resourceInputs["updated"] = args ? args.updated : undefined; + resourceInputs["version"] = args ? args.version : undefined; + resourceInputs["vpatchVersion"] = args ? args.vpatchVersion : undefined; + resourceInputs["whitelistedOsUsers"] = args ? args.whitelistedOsUsers : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(HostRuntimePolicy.__pulumiType, name, resourceInputs, opts); @@ -325,13 +409,17 @@ export class HostRuntimePolicy extends pulumi.CustomResource { */ export interface HostRuntimePolicyState { /** - * Indicates the application scope of the service. + * Allowed executables configuration. */ - applicationScopes?: pulumi.Input[]>; + allowedExecutables?: pulumi.Input[]>; + /** + * List of allowed registries. + */ + allowedRegistries?: pulumi.Input[]>; /** - * If true, all process activity will be audited. + * Indicates the application scope of the service. */ - auditAllOsUserActivity?: pulumi.Input; + applicationScopes?: pulumi.Input[]>; /** * Detects brute force login attempts */ @@ -352,28 +440,48 @@ export interface HostRuntimePolicyState { * If true, account management will be audited. */ auditUserAccountManagement?: pulumi.Input; + auditing?: pulumi.Input; /** * Username of the account that created the service. */ author?: pulumi.Input; + blacklistedOsUsers?: pulumi.Input; + blockContainerExec?: pulumi.Input; /** * Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining */ blockCryptocurrencyMining?: pulumi.Input; + blockDisallowedImages?: pulumi.Input; + blockFilelessExec?: pulumi.Input; + blockNonCompliantWorkloads?: pulumi.Input; + blockNonK8sContainers?: pulumi.Input; /** * List of files that are prevented from being read, modified and executed in the containers. */ blockedFiles?: pulumi.Input[]>; + /** + * Bypass scope configuration. + */ + bypassScopes?: pulumi.Input[]>; + containerExec?: pulumi.Input; + created?: pulumi.Input; + cve?: pulumi.Input; + defaultSecurityProfile?: pulumi.Input; /** * The description of the host runtime policy */ description?: pulumi.Input; + digest?: pulumi.Input; /** - * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + * Drift prevention configuration. */ - enableIpReputationSecurity?: pulumi.Input; + driftPreventions?: pulumi.Input[]>; + enableCryptoMiningDns?: pulumi.Input; + enableForkGuard?: pulumi.Input; + enableIpReputation?: pulumi.Input; + enablePortScanProtection?: pulumi.Input; /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ enabled?: pulumi.Input; /** @@ -384,10 +492,32 @@ export interface HostRuntimePolicyState { * Indicates the number of days after which the runtime policy will be changed to enforce mode. */ enforceAfterDays?: pulumi.Input; + enforceSchedulerAddedOn?: pulumi.Input; + /** + * List of excluded application scopes. + */ + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Executable blacklist configuration. + */ + executableBlacklists?: pulumi.Input[]>; + failedKubernetesChecks?: pulumi.Input; + fileBlock?: pulumi.Input; /** * Configuration for file integrity monitoring. */ fileIntegrityMonitoring?: pulumi.Input; + forkGuardProcessLimit?: pulumi.Input; + imageName?: pulumi.Input; + isAuditChecked?: pulumi.Input; + isAutoGenerated?: pulumi.Input; + isOotbPolicy?: pulumi.Input; + lastupdate?: pulumi.Input; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; + linuxCapabilities?: pulumi.Input; /** * Configuration for Real-Time Malware Protection. */ @@ -405,9 +535,11 @@ export interface HostRuntimePolicyState { */ monitorWindowsServices?: pulumi.Input; /** - * Name of the host runtime policy + * Name assigned to the attribute. */ name?: pulumi.Input; + noNewPrivileges?: pulumi.Input; + onlyRegisteredImages?: pulumi.Input; /** * List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. */ @@ -424,14 +556,23 @@ export interface HostRuntimePolicyState { * List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. */ osUsersBlockeds?: pulumi.Input[]>; - /** - * List of packages that are not allowed read, write or execute all files that under the packages. - */ - packageBlocks?: pulumi.Input[]>; - /** - * If true, port scanning behaviors will be audited. - */ - portScanningDetection?: pulumi.Input; + packageBlocks?: pulumi.Input[]>; + permission?: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; + readonlyRegistry?: pulumi.Input; + registry?: pulumi.Input; + registryAccessMonitoring?: pulumi.Input; + repoName?: pulumi.Input; + resourceName?: pulumi.Input; + resourceType?: pulumi.Input; + /** + * Restricted volumes configuration. + */ + restrictedVolumes?: pulumi.Input[]>; + reverseShell?: pulumi.Input; + runtimeMode?: pulumi.Input; + runtimeType?: pulumi.Input; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -441,13 +582,16 @@ export interface HostRuntimePolicyState { */ scopeVariables?: pulumi.Input[]>; /** - * Configuration for windows registry monitoring. - */ - windowsRegistryMonitoring?: pulumi.Input; - /** - * Configuration for windows registry protection. + * Scope configuration. */ - windowsRegistryProtection?: pulumi.Input; + scopes?: pulumi.Input[]>; + systemIntegrityProtection?: pulumi.Input; + tripwire?: pulumi.Input; + type?: pulumi.Input; + updated?: pulumi.Input; + version?: pulumi.Input; + vpatchVersion?: pulumi.Input; + whitelistedOsUsers?: pulumi.Input; } /** @@ -455,13 +599,17 @@ export interface HostRuntimePolicyState { */ export interface HostRuntimePolicyArgs { /** - * Indicates the application scope of the service. + * Allowed executables configuration. */ - applicationScopes?: pulumi.Input[]>; + allowedExecutables?: pulumi.Input[]>; + /** + * List of allowed registries. + */ + allowedRegistries?: pulumi.Input[]>; /** - * If true, all process activity will be audited. + * Indicates the application scope of the service. */ - auditAllOsUserActivity?: pulumi.Input; + applicationScopes?: pulumi.Input[]>; /** * Detects brute force login attempts */ @@ -482,24 +630,48 @@ export interface HostRuntimePolicyArgs { * If true, account management will be audited. */ auditUserAccountManagement?: pulumi.Input; + auditing?: pulumi.Input; + /** + * Username of the account that created the service. + */ + author?: pulumi.Input; + blacklistedOsUsers?: pulumi.Input; + blockContainerExec?: pulumi.Input; /** * Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining */ blockCryptocurrencyMining?: pulumi.Input; + blockDisallowedImages?: pulumi.Input; + blockFilelessExec?: pulumi.Input; + blockNonCompliantWorkloads?: pulumi.Input; + blockNonK8sContainers?: pulumi.Input; /** * List of files that are prevented from being read, modified and executed in the containers. */ blockedFiles?: pulumi.Input[]>; + /** + * Bypass scope configuration. + */ + bypassScopes?: pulumi.Input[]>; + containerExec?: pulumi.Input; + created?: pulumi.Input; + cve?: pulumi.Input; + defaultSecurityProfile?: pulumi.Input; /** * The description of the host runtime policy */ description?: pulumi.Input; + digest?: pulumi.Input; /** - * If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + * Drift prevention configuration. */ - enableIpReputationSecurity?: pulumi.Input; + driftPreventions?: pulumi.Input[]>; + enableCryptoMiningDns?: pulumi.Input; + enableForkGuard?: pulumi.Input; + enableIpReputation?: pulumi.Input; + enablePortScanProtection?: pulumi.Input; /** - * Indicates if the runtime policy is enabled or not. + * Whether allowed executables configuration is enabled. */ enabled?: pulumi.Input; /** @@ -510,10 +682,32 @@ export interface HostRuntimePolicyArgs { * Indicates the number of days after which the runtime policy will be changed to enforce mode. */ enforceAfterDays?: pulumi.Input; + enforceSchedulerAddedOn?: pulumi.Input; + /** + * List of excluded application scopes. + */ + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Executable blacklist configuration. + */ + executableBlacklists?: pulumi.Input[]>; + failedKubernetesChecks?: pulumi.Input; + fileBlock?: pulumi.Input; /** * Configuration for file integrity monitoring. */ fileIntegrityMonitoring?: pulumi.Input; + forkGuardProcessLimit?: pulumi.Input; + imageName?: pulumi.Input; + isAuditChecked?: pulumi.Input; + isAutoGenerated?: pulumi.Input; + isOotbPolicy?: pulumi.Input; + lastupdate?: pulumi.Input; + /** + * Container privileges configuration. + */ + limitContainerPrivileges?: pulumi.Input[]>; + linuxCapabilities?: pulumi.Input; /** * Configuration for Real-Time Malware Protection. */ @@ -531,9 +725,11 @@ export interface HostRuntimePolicyArgs { */ monitorWindowsServices?: pulumi.Input; /** - * Name of the host runtime policy + * Name assigned to the attribute. */ name?: pulumi.Input; + noNewPrivileges?: pulumi.Input; + onlyRegisteredImages?: pulumi.Input; /** * List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. */ @@ -550,14 +746,23 @@ export interface HostRuntimePolicyArgs { * List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. */ osUsersBlockeds?: pulumi.Input[]>; - /** - * List of packages that are not allowed read, write or execute all files that under the packages. - */ - packageBlocks?: pulumi.Input[]>; - /** - * If true, port scanning behaviors will be audited. - */ - portScanningDetection?: pulumi.Input; + packageBlocks?: pulumi.Input[]>; + permission?: pulumi.Input; + portBlock?: pulumi.Input; + readonlyFiles?: pulumi.Input; + readonlyRegistry?: pulumi.Input; + registry?: pulumi.Input; + registryAccessMonitoring?: pulumi.Input; + repoName?: pulumi.Input; + resourceName?: pulumi.Input; + resourceType?: pulumi.Input; + /** + * Restricted volumes configuration. + */ + restrictedVolumes?: pulumi.Input[]>; + reverseShell?: pulumi.Input; + runtimeMode?: pulumi.Input; + runtimeType?: pulumi.Input; /** * Logical expression of how to compute the dependency of the scope variables. */ @@ -567,11 +772,14 @@ export interface HostRuntimePolicyArgs { */ scopeVariables?: pulumi.Input[]>; /** - * Configuration for windows registry monitoring. - */ - windowsRegistryMonitoring?: pulumi.Input; - /** - * Configuration for windows registry protection. + * Scope configuration. */ - windowsRegistryProtection?: pulumi.Input; + scopes?: pulumi.Input[]>; + systemIntegrityProtection?: pulumi.Input; + tripwire?: pulumi.Input; + type?: pulumi.Input; + updated?: pulumi.Input; + version?: pulumi.Input; + vpatchVersion?: pulumi.Input; + whitelistedOsUsers?: pulumi.Input; } diff --git a/sdk/nodejs/imageAssurancePolicy.ts b/sdk/nodejs/imageAssurancePolicy.ts index abea4efc..85fe1eb2 100644 --- a/sdk/nodejs/imageAssurancePolicy.ts +++ b/sdk/nodejs/imageAssurancePolicy.ts @@ -6,6 +6,9 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; +/** + * Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. + */ export class ImageAssurancePolicy extends pulumi.CustomResource { /** * Get an existing ImageAssurancePolicy resource's state with the given name, ID, and optional extra @@ -34,11 +37,19 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { return obj['__pulumiType'] === ImageAssurancePolicy.__pulumiType; } + /** + * Aggregated vulnerability information. + */ + public readonly aggregatedVulnerability!: pulumi.Output<{[key: string]: string} | undefined>; /** * List of explicitly allowed images. */ public readonly allowedImages!: pulumi.Output; public readonly applicationScopes!: pulumi.Output; + /** + * What type of assurance policy is described. + */ + public readonly assuranceType!: pulumi.Output; /** * Indicates if auditing for failures. */ @@ -46,7 +57,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { /** * Name of user account that created the policy. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly author!: pulumi.Output; public readonly autoScanConfigured!: pulumi.Output; public readonly autoScanEnabled!: pulumi.Output; public readonly autoScanTimes!: pulumi.Output; @@ -63,7 +74,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { */ public readonly blacklistedLicenses!: pulumi.Output; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ public readonly blacklistedLicensesEnabled!: pulumi.Output; /** @@ -79,9 +90,10 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { * Indicates if scanning should include custom checks. */ public readonly customChecksEnabled!: pulumi.Output; + public readonly customSeverity!: pulumi.Output; public readonly customSeverityEnabled!: pulumi.Output; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ public readonly cvesBlackListEnabled!: pulumi.Output; /** @@ -109,10 +121,14 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { */ public readonly cvssSeverityExcludeNoFix!: pulumi.Output; public readonly description!: pulumi.Output; + public readonly disallowExploitTypes!: pulumi.Output; /** * Indicates if malware should block the image. */ public readonly disallowMalware!: pulumi.Output; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ public readonly dockerCisEnabled!: pulumi.Output; /** * Name of the container image. @@ -126,6 +142,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { public readonly enforceAfterDays!: pulumi.Output; public readonly enforceExcessivePermissions!: pulumi.Output; public readonly exceptionalMonitoredMalwarePaths!: pulumi.Output; + public readonly excludeApplicationScopes!: pulumi.Output; /** * Indicates if cicd failures will fail the image. */ @@ -134,8 +151,9 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { public readonly forbiddenLabelsEnabled!: pulumi.Output; public readonly forceMicroenforcer!: pulumi.Output; public readonly functionIntegrityEnabled!: pulumi.Output; + public readonly ignoreBaseImageVln!: pulumi.Output; public readonly ignoreRecentlyPublishedVln!: pulumi.Output; - public /*out*/ readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; + public readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; /** * Indicates if risk resources are ignored. */ @@ -144,15 +162,27 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { * List of ignored risk resources. */ public readonly ignoredRiskResources!: pulumi.Output; + public readonly ignoredSensitiveResources!: pulumi.Output; /** * List of images. */ public readonly images!: pulumi.Output; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ public readonly kubeCisEnabled!: pulumi.Output; + /** + * List of Kubernetes controls. + */ + public readonly kubernetesControls!: pulumi.Output; + public readonly kubernetesControlsAvdIds!: pulumi.Output; + public readonly kubernetesControlsNames!: pulumi.Output; /** * List of labels. */ public readonly labels!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + public readonly linuxCisEnabled!: pulumi.Output; public readonly malwareAction!: pulumi.Output; /** * Value of allowed maximum score. @@ -162,9 +192,6 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { * Indicates if exceeding the maximum score is scanned. */ public readonly maximumScoreEnabled!: pulumi.Output; - /** - * Indicates that policy should ignore cases that do not have a known fix. - */ public readonly maximumScoreExcludeNoFix!: pulumi.Output; public readonly monitoredMalwarePaths!: pulumi.Output; public readonly name!: pulumi.Output; @@ -172,12 +199,13 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { * Indicates if raise a warning for images that should only be run as root. */ public readonly onlyNoneRootUsers!: pulumi.Output; + public readonly openshiftHardeningEnabled!: pulumi.Output; /** * Indicates if packages blacklist is relevant. */ public readonly packagesBlackListEnabled!: pulumi.Output; /** - * List of backlisted images. + * List of blacklisted images. */ public readonly packagesBlackLists!: pulumi.Output; /** @@ -189,6 +217,8 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { */ public readonly packagesWhiteLists!: pulumi.Output; public readonly partialResultsImageFail!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly policySettings!: pulumi.Output; public readonly readOnly!: pulumi.Output; /** * List of registries. @@ -197,11 +227,14 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { public readonly registry!: pulumi.Output; public readonly requiredLabels!: pulumi.Output; public readonly requiredLabelsEnabled!: pulumi.Output; + public readonly scanMalwareInArchives!: pulumi.Output; public readonly scanNfsMounts!: pulumi.Output; + public readonly scanProcessMemory!: pulumi.Output; /** * Indicates if scan should include sensitive data in the image. */ public readonly scanSensitiveData!: pulumi.Output; + public readonly scanWindowsRegistry!: pulumi.Output; /** * Indicates if scanning should include scap. */ @@ -219,6 +252,8 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { * Indicates if list of trusted base images is relevant. */ public readonly trustedBaseImagesEnabled!: pulumi.Output; + public readonly vulnerabilityExploitability!: pulumi.Output; + public readonly vulnerabilityScoreRanges!: pulumi.Output; /** * List of whitelisted licenses. */ @@ -241,8 +276,10 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { opts = opts || {}; if (opts.id) { const state = argsOrState as ImageAssurancePolicyState | undefined; + resourceInputs["aggregatedVulnerability"] = state ? state.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = state ? state.allowedImages : undefined; resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; + resourceInputs["assuranceType"] = state ? state.assuranceType : undefined; resourceInputs["auditOnFailure"] = state ? state.auditOnFailure : undefined; resourceInputs["author"] = state ? state.author : undefined; resourceInputs["autoScanConfigured"] = state ? state.autoScanConfigured : undefined; @@ -256,6 +293,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = state ? state.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = state ? state.customChecks : undefined; resourceInputs["customChecksEnabled"] = state ? state.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = state ? state.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = state ? state.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = state ? state.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = state ? state.cvesBlackLists : undefined; @@ -265,6 +303,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = state ? state.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = state ? state.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["disallowExploitTypes"] = state ? state.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = state ? state.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = state ? state.dockerCisEnabled : undefined; resourceInputs["domain"] = state ? state.domain : undefined; @@ -276,18 +315,26 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = state ? state.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = state ? state.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; resourceInputs["failCicd"] = state ? state.failCicd : undefined; resourceInputs["forbiddenLabels"] = state ? state.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = state ? state.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = state ? state.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = state ? state.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = state ? state.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = state ? state.ignoreRecentlyPublishedVln : undefined; resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = state ? state.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = state ? state.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = state ? state.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = state ? state.ignoredSensitiveResources : undefined; resourceInputs["images"] = state ? state.images : undefined; resourceInputs["kubeCisEnabled"] = state ? state.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = state ? state.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = state ? state.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = state ? state.kubernetesControlsNames : undefined; resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = state ? state.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = state ? state.malwareAction : undefined; resourceInputs["maximumScore"] = state ? state.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = state ? state.maximumScoreEnabled : undefined; @@ -295,23 +342,31 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = state ? state.monitoredMalwarePaths : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["onlyNoneRootUsers"] = state ? state.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = state ? state.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = state ? state.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = state ? state.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = state ? state.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = state ? state.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = state ? state.partialResultsImageFail : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["policySettings"] = state ? state.policySettings : undefined; resourceInputs["readOnly"] = state ? state.readOnly : undefined; resourceInputs["registries"] = state ? state.registries : undefined; resourceInputs["registry"] = state ? state.registry : undefined; resourceInputs["requiredLabels"] = state ? state.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = state ? state.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = state ? state.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = state ? state.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = state ? state.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = state ? state.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = state ? state.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = state ? state.scapEnabled : undefined; resourceInputs["scapFiles"] = state ? state.scapFiles : undefined; resourceInputs["scopes"] = state ? state.scopes : undefined; resourceInputs["trustedBaseImages"] = state ? state.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = state ? state.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = state ? state.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = state ? state.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = state ? state.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = state ? state.whitelistedLicensesEnabled : undefined; } else { @@ -319,9 +374,12 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { if ((!args || args.applicationScopes === undefined) && !opts.urn) { throw new Error("Missing required property 'applicationScopes'"); } + resourceInputs["aggregatedVulnerability"] = args ? args.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = args ? args.allowedImages : undefined; resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; + resourceInputs["assuranceType"] = args ? args.assuranceType : undefined; resourceInputs["auditOnFailure"] = args ? args.auditOnFailure : undefined; + resourceInputs["author"] = args ? args.author : undefined; resourceInputs["autoScanConfigured"] = args ? args.autoScanConfigured : undefined; resourceInputs["autoScanEnabled"] = args ? args.autoScanEnabled : undefined; resourceInputs["autoScanTimes"] = args ? args.autoScanTimes : undefined; @@ -333,6 +391,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = args ? args.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = args ? args.customChecks : undefined; resourceInputs["customChecksEnabled"] = args ? args.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = args ? args.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = args ? args.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = args ? args.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = args ? args.cvesBlackLists : undefined; @@ -342,6 +401,7 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = args ? args.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = args ? args.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["disallowExploitTypes"] = args ? args.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = args ? args.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = args ? args.dockerCisEnabled : undefined; resourceInputs["domain"] = args ? args.domain : undefined; @@ -353,17 +413,26 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = args ? args.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = args ? args.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; resourceInputs["failCicd"] = args ? args.failCicd : undefined; resourceInputs["forbiddenLabels"] = args ? args.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = args ? args.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = args ? args.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = args ? args.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = args ? args.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = args ? args.ignoreRecentlyPublishedVln : undefined; + resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = args ? args.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = args ? args.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = args ? args.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = args ? args.ignoredSensitiveResources : undefined; resourceInputs["images"] = args ? args.images : undefined; resourceInputs["kubeCisEnabled"] = args ? args.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = args ? args.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = args ? args.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = args ? args.kubernetesControlsNames : undefined; resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = args ? args.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = args ? args.malwareAction : undefined; resourceInputs["maximumScore"] = args ? args.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = args ? args.maximumScoreEnabled : undefined; @@ -371,27 +440,33 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = args ? args.monitoredMalwarePaths : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["onlyNoneRootUsers"] = args ? args.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = args ? args.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = args ? args.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = args ? args.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = args ? args.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = args ? args.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = args ? args.partialResultsImageFail : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["policySettings"] = args ? args.policySettings : undefined; resourceInputs["readOnly"] = args ? args.readOnly : undefined; resourceInputs["registries"] = args ? args.registries : undefined; resourceInputs["registry"] = args ? args.registry : undefined; resourceInputs["requiredLabels"] = args ? args.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = args ? args.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = args ? args.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = args ? args.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = args ? args.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = args ? args.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = args ? args.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = args ? args.scapEnabled : undefined; resourceInputs["scapFiles"] = args ? args.scapFiles : undefined; resourceInputs["scopes"] = args ? args.scopes : undefined; resourceInputs["trustedBaseImages"] = args ? args.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = args ? args.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = args ? args.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = args ? args.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = args ? args.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = args ? args.whitelistedLicensesEnabled : undefined; - resourceInputs["author"] = undefined /*out*/; - resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ImageAssurancePolicy.__pulumiType, name, resourceInputs, opts); @@ -402,11 +477,19 @@ export class ImageAssurancePolicy extends pulumi.CustomResource { * Input properties used for looking up and filtering ImageAssurancePolicy resources. */ export interface ImageAssurancePolicyState { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes?: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ @@ -431,7 +514,7 @@ export interface ImageAssurancePolicyState { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -447,9 +530,10 @@ export interface ImageAssurancePolicyState { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** @@ -477,10 +561,14 @@ export interface ImageAssurancePolicyState { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -494,6 +582,7 @@ export interface ImageAssurancePolicyState { enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** * Indicates if cicd failures will fail the image. */ @@ -502,6 +591,7 @@ export interface ImageAssurancePolicyState { forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** @@ -512,15 +602,27 @@ export interface ImageAssurancePolicyState { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; /** * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -530,9 +632,6 @@ export interface ImageAssurancePolicyState { * Indicates if exceeding the maximum score is scanned. */ maximumScoreEnabled?: pulumi.Input; - /** - * Indicates that policy should ignore cases that do not have a known fix. - */ maximumScoreExcludeNoFix?: pulumi.Input; monitoredMalwarePaths?: pulumi.Input[]>; name?: pulumi.Input; @@ -540,12 +639,13 @@ export interface ImageAssurancePolicyState { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -557,6 +657,8 @@ export interface ImageAssurancePolicyState { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -565,11 +667,14 @@ export interface ImageAssurancePolicyState { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -587,6 +692,8 @@ export interface ImageAssurancePolicyState { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ @@ -601,15 +708,27 @@ export interface ImageAssurancePolicyState { * The set of arguments for constructing a ImageAssurancePolicy resource. */ export interface ImageAssurancePolicyArgs { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ auditOnFailure?: pulumi.Input; + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; autoScanConfigured?: pulumi.Input; autoScanEnabled?: pulumi.Input; autoScanTimes?: pulumi.Input[]>; @@ -626,7 +745,7 @@ export interface ImageAssurancePolicyArgs { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -642,9 +761,10 @@ export interface ImageAssurancePolicyArgs { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** @@ -672,10 +792,14 @@ export interface ImageAssurancePolicyArgs { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -689,6 +813,7 @@ export interface ImageAssurancePolicyArgs { enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; /** * Indicates if cicd failures will fail the image. */ @@ -697,7 +822,9 @@ export interface ImageAssurancePolicyArgs { forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; + ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** * Indicates if risk resources are ignored. */ @@ -706,15 +833,27 @@ export interface ImageAssurancePolicyArgs { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; /** * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -724,9 +863,6 @@ export interface ImageAssurancePolicyArgs { * Indicates if exceeding the maximum score is scanned. */ maximumScoreEnabled?: pulumi.Input; - /** - * Indicates that policy should ignore cases that do not have a known fix. - */ maximumScoreExcludeNoFix?: pulumi.Input; monitoredMalwarePaths?: pulumi.Input[]>; name?: pulumi.Input; @@ -734,12 +870,13 @@ export interface ImageAssurancePolicyArgs { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -751,6 +888,8 @@ export interface ImageAssurancePolicyArgs { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -759,11 +898,14 @@ export interface ImageAssurancePolicyArgs { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -781,6 +923,8 @@ export interface ImageAssurancePolicyArgs { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index 5a0aecaa..ba78339f 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -115,6 +115,11 @@ export const getImageAssurancePolicy: typeof import("./getImageAssurancePolicy") export const getImageAssurancePolicyOutput: typeof import("./getImageAssurancePolicy").getImageAssurancePolicyOutput = null as any; utilities.lazyLoad(exports, ["getImageAssurancePolicy","getImageAssurancePolicyOutput"], () => require("./getImageAssurancePolicy")); +export { GetIntegrationRegistriesArgs, GetIntegrationRegistriesResult, GetIntegrationRegistriesOutputArgs } from "./getIntegrationRegistries"; +export const getIntegrationRegistries: typeof import("./getIntegrationRegistries").getIntegrationRegistries = null as any; +export const getIntegrationRegistriesOutput: typeof import("./getIntegrationRegistries").getIntegrationRegistriesOutput = null as any; +utilities.lazyLoad(exports, ["getIntegrationRegistries","getIntegrationRegistriesOutput"], () => require("./getIntegrationRegistries")); + export { GetIntegrationRegistryArgs, GetIntegrationRegistryResult, GetIntegrationRegistryOutputArgs } from "./getIntegrationRegistry"; export const getIntegrationRegistry: typeof import("./getIntegrationRegistry").getIntegrationRegistry = null as any; export const getIntegrationRegistryOutput: typeof import("./getIntegrationRegistry").getIntegrationRegistryOutput = null as any; @@ -255,6 +260,11 @@ export type UserSaas = import("./userSaas").UserSaas; export const UserSaas: typeof import("./userSaas").UserSaas = null as any; utilities.lazyLoad(exports, ["UserSaas"], () => require("./userSaas")); +export { VmwareAssurancePolicyArgs, VmwareAssurancePolicyState } from "./vmwareAssurancePolicy"; +export type VmwareAssurancePolicy = import("./vmwareAssurancePolicy").VmwareAssurancePolicy; +export const VmwareAssurancePolicy: typeof import("./vmwareAssurancePolicy").VmwareAssurancePolicy = null as any; +utilities.lazyLoad(exports, ["VmwareAssurancePolicy"], () => require("./vmwareAssurancePolicy")); + // Export sub-modules: import * as config from "./config"; @@ -317,6 +327,8 @@ const _module = { return new User(name, undefined, { urn }) case "aquasec:index/userSaas:UserSaas": return new UserSaas(name, undefined, { urn }) + case "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": + return new VmwareAssurancePolicy(name, undefined, { urn }) default: throw new Error(`unknown resource type ${type}`); } @@ -346,6 +358,7 @@ pulumi.runtime.registerResourceModule("aquasec", "index/roleMappingSaas", _modul pulumi.runtime.registerResourceModule("aquasec", "index/service", _module) pulumi.runtime.registerResourceModule("aquasec", "index/user", _module) pulumi.runtime.registerResourceModule("aquasec", "index/userSaas", _module) +pulumi.runtime.registerResourceModule("aquasec", "index/vmwareAssurancePolicy", _module) pulumi.runtime.registerResourcePackage("aquasec", { version: utilities.getVersion(), constructProvider: (name: string, type: string, urn: string): pulumi.ProviderResource => { diff --git a/sdk/nodejs/integrationRegistry.ts b/sdk/nodejs/integrationRegistry.ts index edc039d6..dedbba4b 100644 --- a/sdk/nodejs/integrationRegistry.ts +++ b/sdk/nodejs/integrationRegistry.ts @@ -42,6 +42,7 @@ import * as utilities from "./utilities"; * value: "nginx:latest", * }, * ], + * password: "", * prefixes: ["111111111111.dkr.ecr.us-east-1.amazonaws.com"], * pullImageAge: "0D", * pullImageCount: 3, @@ -53,11 +54,8 @@ import * as utilities from "./utilities"; * ":xyz", * ":onlytest", * ], - * scannerNames: [ - * "aqua-scanner-645f867c4f-4sbtj", - * "aqua-scanner-645f867c4f-8pkdd", - * ], - * scannerType: "specific", + * scannerNames: [], + * scannerType: "any", * type: "AWS", * url: "us-east-1", * username: "", @@ -188,7 +186,7 @@ export class IntegrationRegistry extends pulumi.CustomResource { */ public readonly scannerType!: pulumi.Output; /** - * Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + * Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). */ public readonly type!: pulumi.Output; /** @@ -376,7 +374,7 @@ export interface IntegrationRegistryState { */ scannerType?: pulumi.Input; /** - * Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + * Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). */ type?: pulumi.Input; /** @@ -487,7 +485,7 @@ export interface IntegrationRegistryArgs { */ scannerType?: pulumi.Input; /** - * Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + * Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). */ type: pulumi.Input; /** diff --git a/sdk/nodejs/kubernetesAssurancePolicy.ts b/sdk/nodejs/kubernetesAssurancePolicy.ts index 9dae142a..0563c98a 100644 --- a/sdk/nodejs/kubernetesAssurancePolicy.ts +++ b/sdk/nodejs/kubernetesAssurancePolicy.ts @@ -6,6 +6,9 @@ import * as inputs from "./types/input"; import * as outputs from "./types/output"; import * as utilities from "./utilities"; +/** + * Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. + */ export class KubernetesAssurancePolicy extends pulumi.CustomResource { /** * Get an existing KubernetesAssurancePolicy resource's state with the given name, ID, and optional extra @@ -34,11 +37,19 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { return obj['__pulumiType'] === KubernetesAssurancePolicy.__pulumiType; } + /** + * Aggregated vulnerability information. + */ + public readonly aggregatedVulnerability!: pulumi.Output<{[key: string]: string} | undefined>; /** * List of explicitly allowed images. */ public readonly allowedImages!: pulumi.Output; public readonly applicationScopes!: pulumi.Output; + /** + * What type of assurance policy is described. + */ + public readonly assuranceType!: pulumi.Output; /** * Indicates if auditing for failures. */ @@ -46,7 +57,7 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { /** * Name of user account that created the policy. */ - public /*out*/ readonly author!: pulumi.Output; + public readonly author!: pulumi.Output; public readonly autoScanConfigured!: pulumi.Output; public readonly autoScanEnabled!: pulumi.Output; public readonly autoScanTimes!: pulumi.Output; @@ -63,7 +74,7 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { */ public readonly blacklistedLicenses!: pulumi.Output; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ public readonly blacklistedLicensesEnabled!: pulumi.Output; /** @@ -79,17 +90,18 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { * Indicates if scanning should include custom checks. */ public readonly customChecksEnabled!: pulumi.Output; + public readonly customSeverity!: pulumi.Output; public readonly customSeverityEnabled!: pulumi.Output; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ public readonly cvesBlackListEnabled!: pulumi.Output; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ public readonly cvesBlackLists!: pulumi.Output; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ public readonly cvesWhiteListEnabled!: pulumi.Output; /** @@ -109,10 +121,14 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { */ public readonly cvssSeverityExcludeNoFix!: pulumi.Output; public readonly description!: pulumi.Output; + public readonly disallowExploitTypes!: pulumi.Output; /** * Indicates if malware should block the image. */ public readonly disallowMalware!: pulumi.Output; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ public readonly dockerCisEnabled!: pulumi.Output; /** * Name of the container image. @@ -121,17 +137,26 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { public readonly domainName!: pulumi.Output; public readonly dtaEnabled!: pulumi.Output; public readonly dtaSeverity!: pulumi.Output; + /** + * Is the control enabled? + */ public readonly enabled!: pulumi.Output; public readonly enforce!: pulumi.Output; public readonly enforceAfterDays!: pulumi.Output; public readonly enforceExcessivePermissions!: pulumi.Output; public readonly exceptionalMonitoredMalwarePaths!: pulumi.Output; + public readonly excludeApplicationScopes!: pulumi.Output; + /** + * Indicates if cicd failures will fail the image. + */ + public readonly failCicd!: pulumi.Output; public readonly forbiddenLabels!: pulumi.Output; public readonly forbiddenLabelsEnabled!: pulumi.Output; public readonly forceMicroenforcer!: pulumi.Output; public readonly functionIntegrityEnabled!: pulumi.Output; + public readonly ignoreBaseImageVln!: pulumi.Output; public readonly ignoreRecentlyPublishedVln!: pulumi.Output; - public /*out*/ readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; + public readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; /** * Indicates if risk resources are ignored. */ @@ -140,11 +165,20 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { * List of ignored risk resources. */ public readonly ignoredRiskResources!: pulumi.Output; + public readonly ignoredSensitiveResources!: pulumi.Output; /** * List of images. */ public readonly images!: pulumi.Output; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ public readonly kubeCisEnabled!: pulumi.Output; + /** + * List of Kubernetes controls. + */ + public readonly kubernetesControls!: pulumi.Output; + public readonly kubernetesControlsAvdIds!: pulumi.Output; /** * List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' */ @@ -153,6 +187,8 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { * List of labels. */ public readonly labels!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + public readonly linuxCisEnabled!: pulumi.Output; public readonly malwareAction!: pulumi.Output; /** * Value of allowed maximum score. @@ -172,12 +208,13 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { * Indicates if raise a warning for images that should only be run as root. */ public readonly onlyNoneRootUsers!: pulumi.Output; + public readonly openshiftHardeningEnabled!: pulumi.Output; /** * Indicates if packages blacklist is relevant. */ public readonly packagesBlackListEnabled!: pulumi.Output; /** - * List of backlisted images. + * List of blacklisted images. */ public readonly packagesBlackLists!: pulumi.Output; /** @@ -189,6 +226,8 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { */ public readonly packagesWhiteLists!: pulumi.Output; public readonly partialResultsImageFail!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly policySettings!: pulumi.Output; public readonly readOnly!: pulumi.Output; /** * List of registries. @@ -197,11 +236,14 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { public readonly registry!: pulumi.Output; public readonly requiredLabels!: pulumi.Output; public readonly requiredLabelsEnabled!: pulumi.Output; + public readonly scanMalwareInArchives!: pulumi.Output; public readonly scanNfsMounts!: pulumi.Output; + public readonly scanProcessMemory!: pulumi.Output; /** * Indicates if scan should include sensitive data in the image. */ public readonly scanSensitiveData!: pulumi.Output; + public readonly scanWindowsRegistry!: pulumi.Output; /** * Indicates if scanning should include scap. */ @@ -219,6 +261,8 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { * Indicates if list of trusted base images is relevant. */ public readonly trustedBaseImagesEnabled!: pulumi.Output; + public readonly vulnerabilityExploitability!: pulumi.Output; + public readonly vulnerabilityScoreRanges!: pulumi.Output; /** * List of whitelisted licenses. */ @@ -241,8 +285,10 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { opts = opts || {}; if (opts.id) { const state = argsOrState as KubernetesAssurancePolicyState | undefined; + resourceInputs["aggregatedVulnerability"] = state ? state.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = state ? state.allowedImages : undefined; resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; + resourceInputs["assuranceType"] = state ? state.assuranceType : undefined; resourceInputs["auditOnFailure"] = state ? state.auditOnFailure : undefined; resourceInputs["author"] = state ? state.author : undefined; resourceInputs["autoScanConfigured"] = state ? state.autoScanConfigured : undefined; @@ -256,6 +302,7 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = state ? state.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = state ? state.customChecks : undefined; resourceInputs["customChecksEnabled"] = state ? state.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = state ? state.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = state ? state.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = state ? state.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = state ? state.cvesBlackLists : undefined; @@ -265,6 +312,7 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = state ? state.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = state ? state.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["disallowExploitTypes"] = state ? state.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = state ? state.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = state ? state.dockerCisEnabled : undefined; resourceInputs["domain"] = state ? state.domain : undefined; @@ -276,18 +324,26 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = state ? state.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = state ? state.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; + resourceInputs["failCicd"] = state ? state.failCicd : undefined; resourceInputs["forbiddenLabels"] = state ? state.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = state ? state.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = state ? state.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = state ? state.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = state ? state.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = state ? state.ignoreRecentlyPublishedVln : undefined; resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = state ? state.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = state ? state.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = state ? state.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = state ? state.ignoredSensitiveResources : undefined; resourceInputs["images"] = state ? state.images : undefined; resourceInputs["kubeCisEnabled"] = state ? state.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = state ? state.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = state ? state.kubernetesControlsAvdIds : undefined; resourceInputs["kubernetesControlsNames"] = state ? state.kubernetesControlsNames : undefined; resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = state ? state.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = state ? state.malwareAction : undefined; resourceInputs["maximumScore"] = state ? state.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = state ? state.maximumScoreEnabled : undefined; @@ -295,23 +351,31 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = state ? state.monitoredMalwarePaths : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["onlyNoneRootUsers"] = state ? state.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = state ? state.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = state ? state.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = state ? state.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = state ? state.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = state ? state.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = state ? state.partialResultsImageFail : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["policySettings"] = state ? state.policySettings : undefined; resourceInputs["readOnly"] = state ? state.readOnly : undefined; resourceInputs["registries"] = state ? state.registries : undefined; resourceInputs["registry"] = state ? state.registry : undefined; resourceInputs["requiredLabels"] = state ? state.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = state ? state.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = state ? state.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = state ? state.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = state ? state.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = state ? state.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = state ? state.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = state ? state.scapEnabled : undefined; resourceInputs["scapFiles"] = state ? state.scapFiles : undefined; resourceInputs["scopes"] = state ? state.scopes : undefined; resourceInputs["trustedBaseImages"] = state ? state.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = state ? state.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = state ? state.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = state ? state.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = state ? state.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = state ? state.whitelistedLicensesEnabled : undefined; } else { @@ -319,9 +383,12 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { if ((!args || args.applicationScopes === undefined) && !opts.urn) { throw new Error("Missing required property 'applicationScopes'"); } + resourceInputs["aggregatedVulnerability"] = args ? args.aggregatedVulnerability : undefined; resourceInputs["allowedImages"] = args ? args.allowedImages : undefined; resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; + resourceInputs["assuranceType"] = args ? args.assuranceType : undefined; resourceInputs["auditOnFailure"] = args ? args.auditOnFailure : undefined; + resourceInputs["author"] = args ? args.author : undefined; resourceInputs["autoScanConfigured"] = args ? args.autoScanConfigured : undefined; resourceInputs["autoScanEnabled"] = args ? args.autoScanEnabled : undefined; resourceInputs["autoScanTimes"] = args ? args.autoScanTimes : undefined; @@ -333,6 +400,7 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["controlExcludeNoFix"] = args ? args.controlExcludeNoFix : undefined; resourceInputs["customChecks"] = args ? args.customChecks : undefined; resourceInputs["customChecksEnabled"] = args ? args.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = args ? args.customSeverity : undefined; resourceInputs["customSeverityEnabled"] = args ? args.customSeverityEnabled : undefined; resourceInputs["cvesBlackListEnabled"] = args ? args.cvesBlackListEnabled : undefined; resourceInputs["cvesBlackLists"] = args ? args.cvesBlackLists : undefined; @@ -342,6 +410,7 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["cvssSeverityEnabled"] = args ? args.cvssSeverityEnabled : undefined; resourceInputs["cvssSeverityExcludeNoFix"] = args ? args.cvssSeverityExcludeNoFix : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["disallowExploitTypes"] = args ? args.disallowExploitTypes : undefined; resourceInputs["disallowMalware"] = args ? args.disallowMalware : undefined; resourceInputs["dockerCisEnabled"] = args ? args.dockerCisEnabled : undefined; resourceInputs["domain"] = args ? args.domain : undefined; @@ -353,17 +422,26 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; resourceInputs["enforceExcessivePermissions"] = args ? args.enforceExcessivePermissions : undefined; resourceInputs["exceptionalMonitoredMalwarePaths"] = args ? args.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; + resourceInputs["failCicd"] = args ? args.failCicd : undefined; resourceInputs["forbiddenLabels"] = args ? args.forbiddenLabels : undefined; resourceInputs["forbiddenLabelsEnabled"] = args ? args.forbiddenLabelsEnabled : undefined; resourceInputs["forceMicroenforcer"] = args ? args.forceMicroenforcer : undefined; resourceInputs["functionIntegrityEnabled"] = args ? args.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = args ? args.ignoreBaseImageVln : undefined; resourceInputs["ignoreRecentlyPublishedVln"] = args ? args.ignoreRecentlyPublishedVln : undefined; + resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = args ? args.ignoreRecentlyPublishedVlnPeriod : undefined; resourceInputs["ignoreRiskResourcesEnabled"] = args ? args.ignoreRiskResourcesEnabled : undefined; resourceInputs["ignoredRiskResources"] = args ? args.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = args ? args.ignoredSensitiveResources : undefined; resourceInputs["images"] = args ? args.images : undefined; resourceInputs["kubeCisEnabled"] = args ? args.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = args ? args.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = args ? args.kubernetesControlsAvdIds : undefined; resourceInputs["kubernetesControlsNames"] = args ? args.kubernetesControlsNames : undefined; resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = args ? args.linuxCisEnabled : undefined; resourceInputs["malwareAction"] = args ? args.malwareAction : undefined; resourceInputs["maximumScore"] = args ? args.maximumScore : undefined; resourceInputs["maximumScoreEnabled"] = args ? args.maximumScoreEnabled : undefined; @@ -371,27 +449,33 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { resourceInputs["monitoredMalwarePaths"] = args ? args.monitoredMalwarePaths : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["onlyNoneRootUsers"] = args ? args.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = args ? args.openshiftHardeningEnabled : undefined; resourceInputs["packagesBlackListEnabled"] = args ? args.packagesBlackListEnabled : undefined; resourceInputs["packagesBlackLists"] = args ? args.packagesBlackLists : undefined; resourceInputs["packagesWhiteListEnabled"] = args ? args.packagesWhiteListEnabled : undefined; resourceInputs["packagesWhiteLists"] = args ? args.packagesWhiteLists : undefined; resourceInputs["partialResultsImageFail"] = args ? args.partialResultsImageFail : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["policySettings"] = args ? args.policySettings : undefined; resourceInputs["readOnly"] = args ? args.readOnly : undefined; resourceInputs["registries"] = args ? args.registries : undefined; resourceInputs["registry"] = args ? args.registry : undefined; resourceInputs["requiredLabels"] = args ? args.requiredLabels : undefined; resourceInputs["requiredLabelsEnabled"] = args ? args.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = args ? args.scanMalwareInArchives : undefined; resourceInputs["scanNfsMounts"] = args ? args.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = args ? args.scanProcessMemory : undefined; resourceInputs["scanSensitiveData"] = args ? args.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = args ? args.scanWindowsRegistry : undefined; resourceInputs["scapEnabled"] = args ? args.scapEnabled : undefined; resourceInputs["scapFiles"] = args ? args.scapFiles : undefined; resourceInputs["scopes"] = args ? args.scopes : undefined; resourceInputs["trustedBaseImages"] = args ? args.trustedBaseImages : undefined; resourceInputs["trustedBaseImagesEnabled"] = args ? args.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = args ? args.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = args ? args.vulnerabilityScoreRanges : undefined; resourceInputs["whitelistedLicenses"] = args ? args.whitelistedLicenses : undefined; resourceInputs["whitelistedLicensesEnabled"] = args ? args.whitelistedLicensesEnabled : undefined; - resourceInputs["author"] = undefined /*out*/; - resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(KubernetesAssurancePolicy.__pulumiType, name, resourceInputs, opts); @@ -402,11 +486,19 @@ export class KubernetesAssurancePolicy extends pulumi.CustomResource { * Input properties used for looking up and filtering KubernetesAssurancePolicy resources. */ export interface KubernetesAssurancePolicyState { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes?: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ @@ -431,7 +523,7 @@ export interface KubernetesAssurancePolicyState { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -447,17 +539,18 @@ export interface KubernetesAssurancePolicyState { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ cvesBlackLists?: pulumi.Input[]>; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ cvesWhiteListEnabled?: pulumi.Input; /** @@ -477,10 +570,14 @@ export interface KubernetesAssurancePolicyState { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -489,15 +586,24 @@ export interface KubernetesAssurancePolicyState { domainName?: pulumi.Input; dtaEnabled?: pulumi.Input; dtaSeverity?: pulumi.Input; + /** + * Is the control enabled? + */ enabled?: pulumi.Input; enforce?: pulumi.Input; enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Indicates if cicd failures will fail the image. + */ + failCicd?: pulumi.Input; forbiddenLabels?: pulumi.Input[]>; forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** @@ -508,11 +614,20 @@ export interface KubernetesAssurancePolicyState { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; /** * List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' */ @@ -521,6 +636,8 @@ export interface KubernetesAssurancePolicyState { * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -540,12 +657,13 @@ export interface KubernetesAssurancePolicyState { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -557,6 +675,8 @@ export interface KubernetesAssurancePolicyState { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -565,11 +685,14 @@ export interface KubernetesAssurancePolicyState { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -587,6 +710,8 @@ export interface KubernetesAssurancePolicyState { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ @@ -601,15 +726,27 @@ export interface KubernetesAssurancePolicyState { * The set of arguments for constructing a KubernetesAssurancePolicy resource. */ export interface KubernetesAssurancePolicyArgs { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List of explicitly allowed images. */ allowedImages?: pulumi.Input[]>; applicationScopes: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; /** * Indicates if auditing for failures. */ auditOnFailure?: pulumi.Input; + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; autoScanConfigured?: pulumi.Input; autoScanEnabled?: pulumi.Input; autoScanTimes?: pulumi.Input[]>; @@ -626,7 +763,7 @@ export interface KubernetesAssurancePolicyArgs { */ blacklistedLicenses?: pulumi.Input[]>; /** - * Lndicates if license blacklist is relevant. + * Indicates if license blacklist is relevant. */ blacklistedLicensesEnabled?: pulumi.Input; /** @@ -642,17 +779,18 @@ export interface KubernetesAssurancePolicyArgs { * Indicates if scanning should include custom checks. */ customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; customSeverityEnabled?: pulumi.Input; /** - * Indicates if cves blacklist is relevant. + * Indicates if CVEs blacklist is relevant. */ cvesBlackListEnabled?: pulumi.Input; /** - * List of cves blacklisted items. + * List of CVEs blacklisted items. */ cvesBlackLists?: pulumi.Input[]>; /** - * Indicates if cves whitelist is relevant. + * Indicates if CVEs whitelist is relevant. */ cvesWhiteListEnabled?: pulumi.Input; /** @@ -672,10 +810,14 @@ export interface KubernetesAssurancePolicyArgs { */ cvssSeverityExcludeNoFix?: pulumi.Input; description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; /** * Indicates if malware should block the image. */ disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ dockerCisEnabled?: pulumi.Input; /** * Name of the container image. @@ -684,16 +826,26 @@ export interface KubernetesAssurancePolicyArgs { domainName?: pulumi.Input; dtaEnabled?: pulumi.Input; dtaSeverity?: pulumi.Input; + /** + * Is the control enabled? + */ enabled?: pulumi.Input; enforce?: pulumi.Input; enforceAfterDays?: pulumi.Input; enforceExcessivePermissions?: pulumi.Input; exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Indicates if cicd failures will fail the image. + */ + failCicd?: pulumi.Input; forbiddenLabels?: pulumi.Input[]>; forbiddenLabelsEnabled?: pulumi.Input; forceMicroenforcer?: pulumi.Input; functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; ignoreRecentlyPublishedVln?: pulumi.Input; + ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; /** * Indicates if risk resources are ignored. */ @@ -702,11 +854,20 @@ export interface KubernetesAssurancePolicyArgs { * List of ignored risk resources. */ ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; /** * List of images. */ images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; /** * List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' */ @@ -715,6 +876,8 @@ export interface KubernetesAssurancePolicyArgs { * List of labels. */ labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; malwareAction?: pulumi.Input; /** * Value of allowed maximum score. @@ -734,12 +897,13 @@ export interface KubernetesAssurancePolicyArgs { * Indicates if raise a warning for images that should only be run as root. */ onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; /** * Indicates if packages blacklist is relevant. */ packagesBlackListEnabled?: pulumi.Input; /** - * List of backlisted images. + * List of blacklisted images. */ packagesBlackLists?: pulumi.Input[]>; /** @@ -751,6 +915,8 @@ export interface KubernetesAssurancePolicyArgs { */ packagesWhiteLists?: pulumi.Input[]>; partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; readOnly?: pulumi.Input; /** * List of registries. @@ -759,11 +925,14 @@ export interface KubernetesAssurancePolicyArgs { registry?: pulumi.Input; requiredLabels?: pulumi.Input[]>; requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; /** * Indicates if scan should include sensitive data in the image. */ scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; /** * Indicates if scanning should include scap. */ @@ -781,6 +950,8 @@ export interface KubernetesAssurancePolicyArgs { * Indicates if list of trusted base images is relevant. */ trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; /** * List of whitelisted licenses. */ diff --git a/sdk/nodejs/provider.ts b/sdk/nodejs/provider.ts index 5c2c2b14..03dd1aae 100644 --- a/sdk/nodejs/provider.ts +++ b/sdk/nodejs/provider.ts @@ -61,12 +61,12 @@ export class Provider extends pulumi.ProviderResource { let resourceInputs: pulumi.Inputs = {}; opts = opts || {}; { - resourceInputs["aquaUrl"] = args ? args.aquaUrl : undefined; - resourceInputs["caCertificatePath"] = args ? args.caCertificatePath : undefined; - resourceInputs["configPath"] = args ? args.configPath : undefined; - resourceInputs["password"] = args?.password ? pulumi.secret(args.password) : undefined; - resourceInputs["username"] = args?.username ? pulumi.secret(args.username) : undefined; - resourceInputs["verifyTls"] = pulumi.output(args ? args.verifyTls : undefined).apply(JSON.stringify); + resourceInputs["aquaUrl"] = (args ? args.aquaUrl : undefined) ?? utilities.getEnv("AQUA_URL"); + resourceInputs["caCertificatePath"] = (args ? args.caCertificatePath : undefined) ?? utilities.getEnv("AQUA_CA_CERT_PATH"); + resourceInputs["configPath"] = (args ? args.configPath : undefined) ?? utilities.getEnv("AQUA_CONFIG"); + resourceInputs["password"] = (args?.password ? pulumi.secret(args.password) : undefined) ?? utilities.getEnv("AQUA_PASSWORD"); + resourceInputs["username"] = (args?.username ? pulumi.secret(args.username) : undefined) ?? utilities.getEnv("AQUA_USER"); + resourceInputs["verifyTls"] = pulumi.output((args ? args.verifyTls : undefined) ?? (utilities.getEnvBoolean("AQUA_TLS_VERIFY") || true)).apply(JSON.stringify); } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const secretOpts = { additionalSecretOutputs: ["password", "username"] }; diff --git a/sdk/nodejs/roleMapping.ts b/sdk/nodejs/roleMapping.ts index 2dc7a31c..dad1a6a8 100644 --- a/sdk/nodejs/roleMapping.ts +++ b/sdk/nodejs/roleMapping.ts @@ -16,6 +16,7 @@ import * as utilities from "./utilities"; * const roleMappingRoleMapping = new aquasec.RoleMapping("roleMappingRoleMapping", {saml: { * roleMapping: { * Administrator: "group1", + * Scanner: "group2|group3", * }, * }}); * export const roleMapping = roleMappingRoleMapping; diff --git a/sdk/nodejs/service.ts b/sdk/nodejs/service.ts index 06a49832..96ef8606 100644 --- a/sdk/nodejs/service.ts +++ b/sdk/nodejs/service.ts @@ -71,7 +71,7 @@ export class Service extends pulumi.CustomResource { */ public readonly monitoring!: pulumi.Output; /** - * The name of the service. It is recommended not to use whitespace characters in the name. + * Name assigned to the attribute. */ public readonly name!: pulumi.Output; /** @@ -256,7 +256,7 @@ export interface ServiceState { */ monitoring?: pulumi.Input; /** - * The name of the service. It is recommended not to use whitespace characters in the name. + * Name assigned to the attribute. */ name?: pulumi.Input; /** @@ -342,7 +342,7 @@ export interface ServiceArgs { */ monitoring?: pulumi.Input; /** - * The name of the service. It is recommended not to use whitespace characters in the name. + * Name assigned to the attribute. */ name?: pulumi.Input; /** diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 07312995..b4a3eeb3 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -37,6 +37,7 @@ "getHostRuntimePolicy.ts", "getImage.ts", "getImageAssurancePolicy.ts", + "getIntegrationRegistries.ts", "getIntegrationRegistry.ts", "getIntegrationState.ts", "getKubernetesAssurancePolicy.ts", @@ -69,6 +70,7 @@ "types/output.ts", "user.ts", "userSaas.ts", - "utilities.ts" + "utilities.ts", + "vmwareAssurancePolicy.ts" ] } diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index fe802365..1b4ec9c4 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -107,7 +107,13 @@ export interface ApplicationScopeCategory { export interface ApplicationScopeCategoryArtifact { cfs?: pulumi.Input[]>; + /** + * Function name + */ functions?: pulumi.Input[]>; + /** + * Name of a registry as defined in Aqua + */ images?: pulumi.Input[]>; } @@ -212,51 +218,239 @@ export interface ApplicationScopeCategoryWorkloadOVariable { value?: pulumi.Input; } -export interface ContainerRuntimePolicyFileIntegrityMonitoring { +export interface ContainerRuntimePolicyAllowedExecutable { + /** + * List of allowed executables. + */ + allowExecutables?: pulumi.Input[]>; + /** + * List of allowed root executables. + */ + allowRootExecutables?: pulumi.Input[]>; + /** + * Whether allowed executables configuration is enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to treat executables separately. + */ + separateExecutables?: pulumi.Input; +} + +export interface ContainerRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: pulumi.Input[]>; + /** + * Whether allowed registries are enabled. + */ + enabled?: pulumi.Input; +} + +export interface ContainerRuntimePolicyAuditing { + auditAllNetwork?: pulumi.Input; + auditAllProcesses?: pulumi.Input; + auditFailedLogin?: pulumi.Input; + auditOsUserActivity?: pulumi.Input; + auditProcessCmdline?: pulumi.Input; + auditSuccessLogin?: pulumi.Input; + auditUserAccountManagement?: pulumi.Input; + enabled?: pulumi.Input; +} + +export interface ContainerRuntimePolicyBlacklistedOsUsers { + enabled?: pulumi.Input; + groupBlackLists?: pulumi.Input[]>; + userBlackLists?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyBypassScope { + /** + * Whether bypassing the scope is enabled. + */ + enabled?: pulumi.Input; /** - * List of paths to be excluded from being monitored. + * Scope configuration. */ - excludedPaths?: pulumi.Input[]>; + scopes?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyBypassScopeScope { + /** + * Scope expression. + */ + expression?: pulumi.Input; + /** + * List of variables in the scope. + */ + variables?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyBypassScopeScopeVariable { + /** + * Variable attribute. + */ + attribute?: pulumi.Input; + /** + * Variable value. + */ + value?: pulumi.Input; +} + +export interface ContainerRuntimePolicyContainerExec { + blockContainerExec?: pulumi.Input; + containerExecProcWhiteLists?: pulumi.Input[]>; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: pulumi.Input; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: pulumi.Input[]>; /** - * List of processes to be excluded from being monitored. + * Whether to lockdown image drift. */ - excludedProcesses?: pulumi.Input[]>; + imageLockdown?: pulumi.Input; +} + +export interface ContainerRuntimePolicyExecutableBlacklist { /** - * List of users to be excluded from being monitored. + * Whether the executable blacklist is enabled. */ - excludedUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; /** - * If true, add attributes operations will be monitored. + * List of blacklisted executables. */ - monitorAttributes?: pulumi.Input; + executables?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyFailedKubernetesChecks { + enabled?: pulumi.Input; + failedChecks?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyFileBlock { + blockFilesProcesses?: pulumi.Input[]>; + blockFilesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockFiles?: pulumi.Input[]>; + exceptionalBlockFilesProcesses?: pulumi.Input[]>; + exceptionalBlockFilesUsers?: pulumi.Input[]>; + filenameBlockLists?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyFileIntegrityMonitoring { /** - * If true, create operations will be monitored. + * If true, file integrity monitoring is enabled. */ - monitorCreate?: pulumi.Input; + enabled?: pulumi.Input; /** - * If true, deletion operations will be monitored. + * List of paths to be excluded from monitoring. */ - monitorDelete?: pulumi.Input; + exceptionalMonitoredFiles?: pulumi.Input[]>; /** - * If true, modification operations will be monitored. + * List of processes to be excluded from monitoring. */ - monitorModify?: pulumi.Input; + exceptionalMonitoredFilesProcesses?: pulumi.Input[]>; /** - * If true, read operations will be monitored. + * List of users to be excluded from monitoring. */ - monitorRead?: pulumi.Input; + exceptionalMonitoredFilesUsers?: pulumi.Input[]>; /** * List of paths to be monitored. */ - monitoredPaths?: pulumi.Input[]>; + monitoredFiles?: pulumi.Input[]>; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: pulumi.Input; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: pulumi.Input; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: pulumi.Input; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: pulumi.Input; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: pulumi.Input[]>; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: pulumi.Input; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyLimitContainerPrivilege { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: pulumi.Input; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: pulumi.Input; + /** + * Whether to limit network-related capabilities. + */ + netmode?: pulumi.Input; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: pulumi.Input; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: pulumi.Input; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: pulumi.Input; + /** + * Whether the container is run in privileged mode. + */ + privileged?: pulumi.Input; + /** + * Whether to use the host user. + */ + useHostUser?: pulumi.Input; /** - * List of processes to be monitored. + * Whether to limit user-related capabilities. */ - monitoredProcesses?: pulumi.Input[]>; + usermode?: pulumi.Input; /** - * List of users to be monitored. + * Whether to limit UTS-related capabilities. */ - monitoredUsers?: pulumi.Input[]>; + utsmode?: pulumi.Input; +} + +export interface ContainerRuntimePolicyLinuxCapabilities { + enabled?: pulumi.Input; + removeLinuxCapabilities?: pulumi.Input[]>; } export interface ContainerRuntimePolicyMalwareScanOptions { @@ -276,6 +470,90 @@ export interface ContainerRuntimePolicyMalwareScanOptions { * List of registry processes to be excluded from being protected. */ excludeProcesses?: pulumi.Input[]>; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyPackageBlock { + blockPackagesProcesses?: pulumi.Input[]>; + blockPackagesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockPackagesFiles?: pulumi.Input[]>; + exceptionalBlockPackagesProcesses?: pulumi.Input[]>; + exceptionalBlockPackagesUsers?: pulumi.Input[]>; + packagesBlackLists?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyPortBlock { + blockInboundPorts?: pulumi.Input[]>; + blockOutboundPorts?: pulumi.Input[]>; + enabled?: pulumi.Input; +} + +export interface ContainerRuntimePolicyReadonlyFiles { + enabled?: pulumi.Input; + exceptionalReadonlyFiles?: pulumi.Input[]>; + exceptionalReadonlyFilesProcesses?: pulumi.Input[]>; + exceptionalReadonlyFilesUsers?: pulumi.Input[]>; + readonlyFiles?: pulumi.Input[]>; + readonlyFilesProcesses?: pulumi.Input[]>; + readonlyFilesUsers?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyReadonlyRegistry { + enabled?: pulumi.Input; + exceptionalReadonlyRegistryPaths?: pulumi.Input[]>; + exceptionalReadonlyRegistryProcesses?: pulumi.Input[]>; + exceptionalReadonlyRegistryUsers?: pulumi.Input[]>; + readonlyRegistryPaths?: pulumi.Input[]>; + readonlyRegistryProcesses?: pulumi.Input[]>; + readonlyRegistryUsers?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyRegistryAccessMonitoring { + enabled?: pulumi.Input; + exceptionalMonitoredRegistryPaths?: pulumi.Input[]>; + exceptionalMonitoredRegistryProcesses?: pulumi.Input[]>; + exceptionalMonitoredRegistryUsers?: pulumi.Input[]>; + monitoredRegistryAttributes?: pulumi.Input; + monitoredRegistryCreate?: pulumi.Input; + monitoredRegistryDelete?: pulumi.Input; + monitoredRegistryModify?: pulumi.Input; + monitoredRegistryPaths?: pulumi.Input[]>; + monitoredRegistryProcesses?: pulumi.Input[]>; + monitoredRegistryRead?: pulumi.Input; + monitoredRegistryUsers?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyRestrictedVolume { + /** + * Whether restricted volumes are enabled. + */ + enabled?: pulumi.Input; + /** + * List of restricted volumes. + */ + volumes?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyReverseShell { + blockReverseShell?: pulumi.Input; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; + reverseShellProcWhiteLists?: pulumi.Input[]>; +} + +export interface ContainerRuntimePolicyScope { + /** + * Scope expression. + */ + expression: pulumi.Input; + /** + * List of variables in the scope. + */ + variables: pulumi.Input[]>; } export interface ContainerRuntimePolicyScopeVariable { @@ -293,6 +571,27 @@ export interface ContainerRuntimePolicyScopeVariable { value: pulumi.Input; } +export interface ContainerRuntimePolicySystemIntegrityProtection { + auditSystemtimeChange?: pulumi.Input; + enabled?: pulumi.Input; + monitorAuditLogIntegrity?: pulumi.Input; + windowsServicesMonitoring?: pulumi.Input; +} + +export interface ContainerRuntimePolicyTripwire { + applyOns?: pulumi.Input[]>; + enabled?: pulumi.Input; + serverlessApp?: pulumi.Input; + userId?: pulumi.Input; + userPassword?: pulumi.Input; +} + +export interface ContainerRuntimePolicyWhitelistedOsUsers { + enabled?: pulumi.Input; + groupWhiteLists?: pulumi.Input[]>; + userWhiteLists?: pulumi.Input[]>; +} + export interface EnforcerGroupsCommand { default?: pulumi.Input; kubernetes?: pulumi.Input; @@ -310,9 +609,6 @@ export interface EnforcerGroupsOrchestrator { * May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). */ serviceAccount?: pulumi.Input; - /** - * Enforcer Type. - */ type?: pulumi.Input; } @@ -382,6 +678,17 @@ export interface FunctionAssurancePolicyForbiddenLabel { value?: pulumi.Input; } +export interface FunctionAssurancePolicyKubernetesControl { + avdId?: pulumi.Input; + description?: pulumi.Input; + enabled?: pulumi.Input; + kind?: pulumi.Input; + name?: pulumi.Input; + ootb?: pulumi.Input; + scriptId?: pulumi.Input; + severity?: pulumi.Input; +} + export interface FunctionAssurancePolicyPackagesBlackList { arch?: pulumi.Input; display?: pulumi.Input; @@ -406,6 +713,13 @@ export interface FunctionAssurancePolicyPackagesWhiteList { versionRange?: pulumi.Input; } +export interface FunctionAssurancePolicyPolicySettings { + enforce?: pulumi.Input; + isAuditChecked?: pulumi.Input; + warn?: pulumi.Input; + warningMessage?: pulumi.Input; +} + export interface FunctionAssurancePolicyRequiredLabel { key?: pulumi.Input; value?: pulumi.Input; @@ -427,90 +741,449 @@ export interface FunctionAssurancePolicyTrustedBaseImage { registry?: pulumi.Input; } -export interface FunctionRuntimePolicyScopeVariable { +export interface FunctionRuntimePolicyAllowedExecutable { /** - * Class of supported scope. + * List of allowed executables. */ - attribute: pulumi.Input; + allowExecutables?: pulumi.Input[]>; /** - * Name assigned to the attribute. + * List of allowed root executables. */ - name?: pulumi.Input; + allowRootExecutables?: pulumi.Input[]>; /** - * Value assigned to the attribute. + * Whether allowed executables configuration is enabled. */ - value: pulumi.Input; -} - -export interface GetApplicationScopeCategory { - artifacts?: inputs.GetApplicationScopeCategoryArtifact[]; - entityScopes?: inputs.GetApplicationScopeCategoryEntityScope[]; - infrastructures?: inputs.GetApplicationScopeCategoryInfrastructure[]; - workloads?: inputs.GetApplicationScopeCategoryWorkload[]; + enabled?: pulumi.Input; + /** + * Whether to treat executables separately. + */ + separateExecutables?: pulumi.Input; } -export interface GetApplicationScopeCategoryArgs { - artifacts?: pulumi.Input[]>; - entityScopes?: pulumi.Input[]>; - infrastructures?: pulumi.Input[]>; - workloads?: pulumi.Input[]>; +export interface FunctionRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: pulumi.Input[]>; + /** + * Whether allowed registries are enabled. + */ + enabled?: pulumi.Input; } -export interface GetApplicationScopeCategoryArtifact { - cfs?: inputs.GetApplicationScopeCategoryArtifactCf[]; - functions?: inputs.GetApplicationScopeCategoryArtifactFunction[]; - images?: inputs.GetApplicationScopeCategoryArtifactImage[]; +export interface FunctionRuntimePolicyAuditing { + auditAllNetwork?: pulumi.Input; + auditAllProcesses?: pulumi.Input; + auditFailedLogin?: pulumi.Input; + auditOsUserActivity?: pulumi.Input; + auditProcessCmdline?: pulumi.Input; + auditSuccessLogin?: pulumi.Input; + auditUserAccountManagement?: pulumi.Input; + enabled?: pulumi.Input; } -export interface GetApplicationScopeCategoryArtifactArgs { - cfs?: pulumi.Input[]>; - functions?: pulumi.Input[]>; - images?: pulumi.Input[]>; +export interface FunctionRuntimePolicyBlacklistedOsUsers { + enabled?: pulumi.Input; + groupBlackLists?: pulumi.Input[]>; + userBlackLists?: pulumi.Input[]>; } -export interface GetApplicationScopeCategoryArtifactCf { - expression?: string; - variables?: inputs.GetApplicationScopeCategoryArtifactCfVariable[]; +export interface FunctionRuntimePolicyBypassScope { + /** + * Whether bypassing the scope is enabled. + */ + enabled?: pulumi.Input; + /** + * Scope configuration. + */ + scopes?: pulumi.Input[]>; } -export interface GetApplicationScopeCategoryArtifactCfArgs { +export interface FunctionRuntimePolicyBypassScopeScope { + /** + * Scope expression. + */ expression?: pulumi.Input; - variables?: pulumi.Input[]>; -} - -export interface GetApplicationScopeCategoryArtifactCfVariable { - attribute?: string; - value?: string; + /** + * List of variables in the scope. + */ + variables?: pulumi.Input[]>; } -export interface GetApplicationScopeCategoryArtifactCfVariableArgs { +export interface FunctionRuntimePolicyBypassScopeScopeVariable { + /** + * Variable attribute. + */ attribute?: pulumi.Input; + /** + * Variable value. + */ value?: pulumi.Input; } -export interface GetApplicationScopeCategoryArtifactFunction { - expression?: string; - variables?: inputs.GetApplicationScopeCategoryArtifactFunctionVariable[]; +export interface FunctionRuntimePolicyContainerExec { + blockContainerExec?: pulumi.Input; + containerExecProcWhiteLists?: pulumi.Input[]>; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; } -export interface GetApplicationScopeCategoryArtifactFunctionArgs { - expression?: pulumi.Input; - variables?: pulumi.Input[]>; +export interface FunctionRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: pulumi.Input; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: pulumi.Input[]>; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: pulumi.Input; } -export interface GetApplicationScopeCategoryArtifactFunctionVariable { - attribute?: string; - value?: string; +export interface FunctionRuntimePolicyExecutableBlacklist { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: pulumi.Input; + /** + * List of blacklisted executables. + */ + executables?: pulumi.Input[]>; } -export interface GetApplicationScopeCategoryArtifactFunctionVariableArgs { - attribute?: pulumi.Input; - value?: pulumi.Input; +export interface FunctionRuntimePolicyFailedKubernetesChecks { + enabled?: pulumi.Input; + failedChecks?: pulumi.Input[]>; } -export interface GetApplicationScopeCategoryArtifactImage { - expression?: string; - variables?: inputs.GetApplicationScopeCategoryArtifactImageVariable[]; +export interface FunctionRuntimePolicyFileBlock { + blockFilesProcesses?: pulumi.Input[]>; + blockFilesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockFiles?: pulumi.Input[]>; + exceptionalBlockFilesProcesses?: pulumi.Input[]>; + exceptionalBlockFilesUsers?: pulumi.Input[]>; + filenameBlockLists?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyFileIntegrityMonitoring { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: pulumi.Input; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: pulumi.Input[]>; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: pulumi.Input[]>; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: pulumi.Input[]>; + /** + * List of paths to be monitored. + */ + monitoredFiles?: pulumi.Input[]>; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: pulumi.Input; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: pulumi.Input; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: pulumi.Input; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: pulumi.Input; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: pulumi.Input[]>; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: pulumi.Input; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyLimitContainerPrivilege { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: pulumi.Input; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: pulumi.Input; + /** + * Whether to limit network-related capabilities. + */ + netmode?: pulumi.Input; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: pulumi.Input; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: pulumi.Input; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: pulumi.Input; + /** + * Whether the container is run in privileged mode. + */ + privileged?: pulumi.Input; + /** + * Whether to use the host user. + */ + useHostUser?: pulumi.Input; + /** + * Whether to limit user-related capabilities. + */ + usermode?: pulumi.Input; + /** + * Whether to limit UTS-related capabilities. + */ + utsmode?: pulumi.Input; +} + +export interface FunctionRuntimePolicyLinuxCapabilities { + enabled?: pulumi.Input; + removeLinuxCapabilities?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyMalwareScanOptions { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: pulumi.Input; + /** + * Defines if enabled or not + */ + enabled?: pulumi.Input; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: pulumi.Input[]>; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: pulumi.Input[]>; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyPackageBlock { + blockPackagesProcesses?: pulumi.Input[]>; + blockPackagesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockPackagesFiles?: pulumi.Input[]>; + exceptionalBlockPackagesProcesses?: pulumi.Input[]>; + exceptionalBlockPackagesUsers?: pulumi.Input[]>; + packagesBlackLists?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyPortBlock { + blockInboundPorts?: pulumi.Input[]>; + blockOutboundPorts?: pulumi.Input[]>; + enabled?: pulumi.Input; +} + +export interface FunctionRuntimePolicyReadonlyFiles { + enabled?: pulumi.Input; + exceptionalReadonlyFiles?: pulumi.Input[]>; + exceptionalReadonlyFilesProcesses?: pulumi.Input[]>; + exceptionalReadonlyFilesUsers?: pulumi.Input[]>; + readonlyFiles?: pulumi.Input[]>; + readonlyFilesProcesses?: pulumi.Input[]>; + readonlyFilesUsers?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyReadonlyRegistry { + enabled?: pulumi.Input; + exceptionalReadonlyRegistryPaths?: pulumi.Input[]>; + exceptionalReadonlyRegistryProcesses?: pulumi.Input[]>; + exceptionalReadonlyRegistryUsers?: pulumi.Input[]>; + readonlyRegistryPaths?: pulumi.Input[]>; + readonlyRegistryProcesses?: pulumi.Input[]>; + readonlyRegistryUsers?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyRegistryAccessMonitoring { + enabled?: pulumi.Input; + exceptionalMonitoredRegistryPaths?: pulumi.Input[]>; + exceptionalMonitoredRegistryProcesses?: pulumi.Input[]>; + exceptionalMonitoredRegistryUsers?: pulumi.Input[]>; + monitoredRegistryAttributes?: pulumi.Input; + monitoredRegistryCreate?: pulumi.Input; + monitoredRegistryDelete?: pulumi.Input; + monitoredRegistryModify?: pulumi.Input; + monitoredRegistryPaths?: pulumi.Input[]>; + monitoredRegistryProcesses?: pulumi.Input[]>; + monitoredRegistryRead?: pulumi.Input; + monitoredRegistryUsers?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyRestrictedVolume { + /** + * Whether restricted volumes are enabled. + */ + enabled?: pulumi.Input; + /** + * List of restricted volumes. + */ + volumes?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyReverseShell { + blockReverseShell?: pulumi.Input; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; + reverseShellProcWhiteLists?: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyScope { + /** + * Scope expression. + */ + expression: pulumi.Input; + /** + * List of variables in the scope. + */ + variables: pulumi.Input[]>; +} + +export interface FunctionRuntimePolicyScopeVariable { + /** + * Class of supported scope. + */ + attribute: pulumi.Input; + /** + * Name assigned to the attribute. + */ + name?: pulumi.Input; + /** + * Value assigned to the attribute. + */ + value: pulumi.Input; +} + +export interface FunctionRuntimePolicySystemIntegrityProtection { + auditSystemtimeChange?: pulumi.Input; + enabled?: pulumi.Input; + monitorAuditLogIntegrity?: pulumi.Input; + windowsServicesMonitoring?: pulumi.Input; +} + +export interface FunctionRuntimePolicyTripwire { + applyOns?: pulumi.Input[]>; + enabled?: pulumi.Input; + serverlessApp?: pulumi.Input; + userId?: pulumi.Input; + userPassword?: pulumi.Input; +} + +export interface FunctionRuntimePolicyWhitelistedOsUsers { + enabled?: pulumi.Input; + groupWhiteLists?: pulumi.Input[]>; + userWhiteLists?: pulumi.Input[]>; +} + +export interface GetApplicationScopeCategory { + artifacts?: inputs.GetApplicationScopeCategoryArtifact[]; + entityScopes?: inputs.GetApplicationScopeCategoryEntityScope[]; + infrastructures?: inputs.GetApplicationScopeCategoryInfrastructure[]; + workloads?: inputs.GetApplicationScopeCategoryWorkload[]; +} + +export interface GetApplicationScopeCategoryArgs { + artifacts?: pulumi.Input[]>; + entityScopes?: pulumi.Input[]>; + infrastructures?: pulumi.Input[]>; + workloads?: pulumi.Input[]>; +} + +export interface GetApplicationScopeCategoryArtifact { + cfs?: inputs.GetApplicationScopeCategoryArtifactCf[]; + functions?: inputs.GetApplicationScopeCategoryArtifactFunction[]; + images?: inputs.GetApplicationScopeCategoryArtifactImage[]; +} + +export interface GetApplicationScopeCategoryArtifactArgs { + cfs?: pulumi.Input[]>; + functions?: pulumi.Input[]>; + images?: pulumi.Input[]>; +} + +export interface GetApplicationScopeCategoryArtifactCf { + expression?: string; + variables?: inputs.GetApplicationScopeCategoryArtifactCfVariable[]; +} + +export interface GetApplicationScopeCategoryArtifactCfArgs { + expression?: pulumi.Input; + variables?: pulumi.Input[]>; +} + +export interface GetApplicationScopeCategoryArtifactCfVariable { + attribute?: string; + value?: string; +} + +export interface GetApplicationScopeCategoryArtifactCfVariableArgs { + attribute?: pulumi.Input; + value?: pulumi.Input; +} + +export interface GetApplicationScopeCategoryArtifactFunction { + expression?: string; + variables?: inputs.GetApplicationScopeCategoryArtifactFunctionVariable[]; +} + +export interface GetApplicationScopeCategoryArtifactFunctionArgs { + expression?: pulumi.Input; + variables?: pulumi.Input[]>; +} + +export interface GetApplicationScopeCategoryArtifactFunctionVariable { + attribute?: string; + value?: string; +} + +export interface GetApplicationScopeCategoryArtifactFunctionVariableArgs { + attribute?: pulumi.Input; + value?: pulumi.Input; +} + +export interface GetApplicationScopeCategoryArtifactImage { + expression?: string; + variables?: inputs.GetApplicationScopeCategoryArtifactImageVariable[]; } export interface GetApplicationScopeCategoryArtifactImageArgs { @@ -670,88 +1343,736 @@ export interface GetApplicationScopeCategoryWorkloadOVariableArgs { value?: pulumi.Input; } -export interface GetContainerRuntimePolicyMalwareScanOption { +export interface GetContainerRuntimePolicyAllowedExecutable { /** - * Set Action, Defaults to 'Alert' when empty + * List of allowed executables. */ - action?: string; + allowExecutables?: string[]; /** - * Defines if enabled or not + * List of allowed root executables. */ - enabled?: boolean; + allowRootExecutables?: string[]; /** - * List of registry paths to be excluded from being protected. + * Whether allowed executables configuration is enabled. */ - excludeDirectories?: string[]; + enabled?: boolean; /** - * List of registry processes to be excluded from being protected. + * Whether to treat executables separately. */ - excludeProcesses?: string[]; + separateExecutables?: boolean; } -export interface GetContainerRuntimePolicyMalwareScanOptionArgs { +export interface GetContainerRuntimePolicyAllowedExecutableArgs { /** - * Set Action, Defaults to 'Alert' when empty + * List of allowed executables. */ - action?: pulumi.Input; + allowExecutables?: pulumi.Input[]>; /** - * Defines if enabled or not + * List of allowed root executables. */ - enabled?: pulumi.Input; + allowRootExecutables?: pulumi.Input[]>; /** - * List of registry paths to be excluded from being protected. + * Whether allowed executables configuration is enabled. */ - excludeDirectories?: pulumi.Input[]>; + enabled?: pulumi.Input; /** - * List of registry processes to be excluded from being protected. + * Whether to treat executables separately. */ - excludeProcesses?: pulumi.Input[]>; + separateExecutables?: pulumi.Input; } -export interface GetFirewallPolicyOutboundNetwork { +export interface GetContainerRuntimePolicyAllowedRegistry { /** - * Indicates whether the specified resources are allowed to receive data or requests. - */ - allow?: boolean; - /** - * Range of ports affected by firewall. - */ - portRange?: string; - /** - * Information of the resource. + * List of allowed registries. */ - resource?: string; + allowedRegistries?: string[]; /** - * Type of the resource. + * Whether allowed registries are enabled. */ - resourceType?: string; + enabled?: boolean; } -export interface GetFirewallPolicyOutboundNetworkArgs { - /** - * Indicates whether the specified resources are allowed to receive data or requests. - */ - allow?: pulumi.Input; - /** - * Range of ports affected by firewall. - */ - portRange?: pulumi.Input; +export interface GetContainerRuntimePolicyAllowedRegistryArgs { /** - * Information of the resource. + * List of allowed registries. */ - resource?: pulumi.Input; + allowedRegistries?: pulumi.Input[]>; /** - * Type of the resource. + * Whether allowed registries are enabled. */ - resourceType?: pulumi.Input; + enabled?: pulumi.Input; } -export interface GetIntegrationRegistryOption { - option?: string; - value?: string; +export interface GetContainerRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; } -export interface GetIntegrationRegistryOptionArgs { +export interface GetContainerRuntimePolicyAuditingArgs { + auditAllNetwork?: pulumi.Input; + auditAllProcesses?: pulumi.Input; + auditFailedLogin?: pulumi.Input; + auditOsUserActivity?: pulumi.Input; + auditProcessCmdline?: pulumi.Input; + auditSuccessLogin?: pulumi.Input; + auditUserAccountManagement?: pulumi.Input; + enabled?: pulumi.Input; +} + +export interface GetContainerRuntimePolicyContainerExec { + blockContainerExec?: boolean; + containerExecProcWhiteLists?: string[]; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; +} + +export interface GetContainerRuntimePolicyContainerExecArgs { + blockContainerExec?: pulumi.Input; + containerExecProcWhiteLists?: pulumi.Input[]>; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; +} + +export interface GetContainerRuntimePolicyFileBlock { + blockFilesProcesses?: string[]; + blockFilesUsers?: string[]; + enabled?: boolean; + exceptionalBlockFiles?: string[]; + exceptionalBlockFilesProcesses?: string[]; + exceptionalBlockFilesUsers?: string[]; + filenameBlockLists?: string[]; +} + +export interface GetContainerRuntimePolicyFileBlockArgs { + blockFilesProcesses?: pulumi.Input[]>; + blockFilesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockFiles?: pulumi.Input[]>; + exceptionalBlockFilesProcesses?: pulumi.Input[]>; + exceptionalBlockFilesUsers?: pulumi.Input[]>; + filenameBlockLists?: pulumi.Input[]>; +} + +export interface GetContainerRuntimePolicyFileIntegrityMonitoring { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: string[]; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: string[]; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: string[]; + /** + * List of paths to be monitored. + */ + monitoredFiles?: string[]; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: boolean; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: boolean; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: boolean; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: boolean; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: string[]; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: boolean; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: string[]; +} + +export interface GetContainerRuntimePolicyFileIntegrityMonitoringArgs { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: pulumi.Input; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: pulumi.Input[]>; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: pulumi.Input[]>; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: pulumi.Input[]>; + /** + * List of paths to be monitored. + */ + monitoredFiles?: pulumi.Input[]>; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: pulumi.Input; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: pulumi.Input; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: pulumi.Input; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: pulumi.Input; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: pulumi.Input[]>; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: pulumi.Input; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: pulumi.Input[]>; +} + +export interface GetContainerRuntimePolicyLimitContainerPrivilege { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: boolean; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: boolean; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: boolean; + /** + * Whether to limit network-related capabilities. + */ + netmode?: boolean; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: boolean; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: boolean; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: boolean; + /** + * Whether the container is run in privileged mode. + */ + privileged?: boolean; + /** + * Whether to use the host user. + */ + useHostUser?: boolean; + /** + * Whether to limit user-related capabilities. + */ + usermode?: boolean; + /** + * Whether to limit UTS-related capabilities. + */ + utsmode?: boolean; +} + +export interface GetContainerRuntimePolicyLimitContainerPrivilegeArgs { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: pulumi.Input; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: pulumi.Input; + /** + * Whether to limit network-related capabilities. + */ + netmode?: pulumi.Input; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: pulumi.Input; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: pulumi.Input; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: pulumi.Input; + /** + * Whether the container is run in privileged mode. + */ + privileged?: pulumi.Input; + /** + * Whether to use the host user. + */ + useHostUser?: pulumi.Input; + /** + * Whether to limit user-related capabilities. + */ + usermode?: pulumi.Input; + /** + * Whether to limit UTS-related capabilities. + */ + utsmode?: pulumi.Input; +} + +export interface GetContainerRuntimePolicyMalwareScanOption { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: string; + /** + * Defines if enabled or not + */ + enabled?: boolean; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: string[]; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: string[]; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: string[]; +} + +export interface GetContainerRuntimePolicyMalwareScanOptionArgs { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: pulumi.Input; + /** + * Defines if enabled or not + */ + enabled?: pulumi.Input; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: pulumi.Input[]>; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: pulumi.Input[]>; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: pulumi.Input[]>; +} + +export interface GetContainerRuntimePolicyPortBlock { + blockInboundPorts?: string[]; + blockOutboundPorts?: string[]; + enabled?: boolean; +} + +export interface GetContainerRuntimePolicyPortBlockArgs { + blockInboundPorts?: pulumi.Input[]>; + blockOutboundPorts?: pulumi.Input[]>; + enabled?: pulumi.Input; +} + +export interface GetContainerRuntimePolicyReadonlyFiles { + enabled?: boolean; + exceptionalReadonlyFiles?: string[]; + exceptionalReadonlyFilesProcesses?: string[]; + exceptionalReadonlyFilesUsers?: string[]; + readonlyFiles?: string[]; + readonlyFilesProcesses?: string[]; + readonlyFilesUsers?: string[]; +} + +export interface GetContainerRuntimePolicyReadonlyFilesArgs { + enabled?: pulumi.Input; + exceptionalReadonlyFiles?: pulumi.Input[]>; + exceptionalReadonlyFilesProcesses?: pulumi.Input[]>; + exceptionalReadonlyFilesUsers?: pulumi.Input[]>; + readonlyFiles?: pulumi.Input[]>; + readonlyFilesProcesses?: pulumi.Input[]>; + readonlyFilesUsers?: pulumi.Input[]>; +} + +export interface GetContainerRuntimePolicyRestrictedVolume { + /** + * Whether restricted volumes are enabled. + */ + enabled?: boolean; + /** + * List of restricted volumes. + */ + volumes?: string[]; +} + +export interface GetContainerRuntimePolicyRestrictedVolumeArgs { + /** + * Whether restricted volumes are enabled. + */ + enabled?: pulumi.Input; + /** + * List of restricted volumes. + */ + volumes?: pulumi.Input[]>; +} + +export interface GetFirewallPolicyOutboundNetwork { + /** + * Indicates whether the specified resources are allowed to receive data or requests. + */ + allow?: boolean; + /** + * Range of ports affected by firewall. + */ + portRange?: string; + /** + * Information of the resource. + */ + resource?: string; + /** + * Type of the resource. + */ + resourceType?: string; +} + +export interface GetFirewallPolicyOutboundNetworkArgs { + /** + * Indicates whether the specified resources are allowed to receive data or requests. + */ + allow?: pulumi.Input; + /** + * Range of ports affected by firewall. + */ + portRange?: pulumi.Input; + /** + * Information of the resource. + */ + resource?: pulumi.Input; + /** + * Type of the resource. + */ + resourceType?: pulumi.Input; +} + +export interface GetFunctionRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: boolean; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: boolean; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: string[]; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: boolean; +} + +export interface GetFunctionRuntimePolicyDriftPreventionArgs { + /** + * Whether drift prevention is enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: pulumi.Input; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: pulumi.Input[]>; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: pulumi.Input; +} + +export interface GetFunctionRuntimePolicyExecutableBlacklist { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: boolean; + /** + * List of blacklisted executables. + */ + executables?: string[]; +} + +export interface GetFunctionRuntimePolicyExecutableBlacklistArgs { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: pulumi.Input; + /** + * List of blacklisted executables. + */ + executables?: pulumi.Input[]>; +} + +export interface GetHostRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; +} + +export interface GetHostRuntimePolicyAuditingArgs { + auditAllNetwork?: pulumi.Input; + auditAllProcesses?: pulumi.Input; + auditFailedLogin?: pulumi.Input; + auditOsUserActivity?: pulumi.Input; + auditProcessCmdline?: pulumi.Input; + auditSuccessLogin?: pulumi.Input; + auditUserAccountManagement?: pulumi.Input; + enabled?: pulumi.Input; +} + +export interface GetHostRuntimePolicyFileIntegrityMonitoring { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: string[]; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: string[]; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: string[]; + /** + * List of paths to be monitored. + */ + monitoredFiles?: string[]; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: boolean; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: boolean; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: boolean; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: boolean; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: string[]; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: boolean; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: string[]; +} + +export interface GetHostRuntimePolicyFileIntegrityMonitoringArgs { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: pulumi.Input; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: pulumi.Input[]>; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: pulumi.Input[]>; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: pulumi.Input[]>; + /** + * List of paths to be monitored. + */ + monitoredFiles?: pulumi.Input[]>; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: pulumi.Input; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: pulumi.Input; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: pulumi.Input; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: pulumi.Input; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: pulumi.Input[]>; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: pulumi.Input; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: pulumi.Input[]>; +} + +export interface GetHostRuntimePolicyMalwareScanOption { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: string; + /** + * Defines if enabled or not + */ + enabled?: boolean; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: string[]; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: string[]; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: string[]; +} + +export interface GetHostRuntimePolicyMalwareScanOptionArgs { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: pulumi.Input; + /** + * Defines if enabled or not + */ + enabled?: pulumi.Input; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: pulumi.Input[]>; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: pulumi.Input[]>; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: pulumi.Input[]>; +} + +export interface GetHostRuntimePolicyPackageBlock { + blockPackagesProcesses?: string[]; + blockPackagesUsers?: string[]; + enabled?: boolean; + exceptionalBlockPackagesFiles?: string[]; + exceptionalBlockPackagesProcesses?: string[]; + exceptionalBlockPackagesUsers?: string[]; + packagesBlackLists?: string[]; +} + +export interface GetHostRuntimePolicyPackageBlockArgs { + blockPackagesProcesses?: pulumi.Input[]>; + blockPackagesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockPackagesFiles?: pulumi.Input[]>; + exceptionalBlockPackagesProcesses?: pulumi.Input[]>; + exceptionalBlockPackagesUsers?: pulumi.Input[]>; + packagesBlackLists?: pulumi.Input[]>; +} + +export interface GetIntegrationRegistriesOption { + option?: string; + value?: string; +} + +export interface GetIntegrationRegistriesOptionArgs { + option?: pulumi.Input; + value?: pulumi.Input; +} + +export interface GetIntegrationRegistriesWebhook { + authToken?: string; + enabled?: boolean; + unQuarantine?: boolean; + url?: string; +} + +export interface GetIntegrationRegistriesWebhookArgs { + authToken?: pulumi.Input; + enabled?: pulumi.Input; + unQuarantine?: pulumi.Input; + url?: pulumi.Input; +} + +export interface GetIntegrationRegistryOption { + option?: string; + value?: string; +} + +export interface GetIntegrationRegistryOptionArgs { option?: pulumi.Input; value?: pulumi.Input; } @@ -760,9 +2081,6 @@ export interface GetIntegrationRegistryWebhook { authToken?: string; enabled?: boolean; unQuarantine?: boolean; - /** - * The URL, address or region of the registry - */ url?: string; } @@ -770,9 +2088,6 @@ export interface GetIntegrationRegistryWebhookArgs { authToken?: pulumi.Input; enabled?: pulumi.Input; unQuarantine?: pulumi.Input; - /** - * The URL, address or region of the registry - */ url?: pulumi.Input; } @@ -828,193 +2143,413 @@ export interface HostAssurancePolicyPackagesWhiteList { versionRange?: pulumi.Input; } +export interface HostAssurancePolicyPolicySettings { + enforce?: pulumi.Input; + isAuditChecked?: pulumi.Input; + warn?: pulumi.Input; + warningMessage?: pulumi.Input; +} + export interface HostAssurancePolicyRequiredLabel { key?: pulumi.Input; value?: pulumi.Input; } -export interface HostAssurancePolicyScope { +export interface HostAssurancePolicyScope { + expression?: pulumi.Input; + variables?: pulumi.Input[]>; +} + +export interface HostAssurancePolicyScopeVariable { + attribute?: pulumi.Input; + name?: pulumi.Input; + value?: pulumi.Input; +} + +export interface HostAssurancePolicyTrustedBaseImage { + imagename?: pulumi.Input; + registry?: pulumi.Input; +} + +export interface HostRuntimePolicyAllowedExecutable { + /** + * List of allowed executables. + */ + allowExecutables?: pulumi.Input[]>; + /** + * List of allowed root executables. + */ + allowRootExecutables?: pulumi.Input[]>; + /** + * Whether allowed executables configuration is enabled. + */ + enabled?: pulumi.Input; + /** + * Whether to treat executables separately. + */ + separateExecutables?: pulumi.Input; +} + +export interface HostRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: pulumi.Input[]>; + /** + * Whether allowed registries are enabled. + */ + enabled?: pulumi.Input; +} + +export interface HostRuntimePolicyAuditing { + auditAllNetwork?: pulumi.Input; + auditAllProcesses?: pulumi.Input; + auditFailedLogin?: pulumi.Input; + auditOsUserActivity?: pulumi.Input; + auditProcessCmdline?: pulumi.Input; + auditSuccessLogin?: pulumi.Input; + auditUserAccountManagement?: pulumi.Input; + enabled?: pulumi.Input; +} + +export interface HostRuntimePolicyBlacklistedOsUsers { + enabled?: pulumi.Input; + groupBlackLists?: pulumi.Input[]>; + userBlackLists?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyBypassScope { + /** + * Whether bypassing the scope is enabled. + */ + enabled?: pulumi.Input; + /** + * Scope configuration. + */ + scopes?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyBypassScopeScope { + /** + * Scope expression. + */ expression?: pulumi.Input; - variables?: pulumi.Input[]>; + /** + * List of variables in the scope. + */ + variables?: pulumi.Input[]>; } -export interface HostAssurancePolicyScopeVariable { +export interface HostRuntimePolicyBypassScopeScopeVariable { + /** + * Variable attribute. + */ attribute?: pulumi.Input; - name?: pulumi.Input; + /** + * Variable value. + */ value?: pulumi.Input; } -export interface HostAssurancePolicyTrustedBaseImage { - imagename?: pulumi.Input; - registry?: pulumi.Input; +export interface HostRuntimePolicyContainerExec { + blockContainerExec?: pulumi.Input; + containerExecProcWhiteLists?: pulumi.Input[]>; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; } -export interface HostRuntimePolicyFileIntegrityMonitoring { +export interface HostRuntimePolicyDriftPrevention { /** - * List of paths to be excluded from being monitored. + * Whether drift prevention is enabled. */ - excludedPaths?: pulumi.Input[]>; + enabled?: pulumi.Input; /** - * List of processes to be excluded from being monitored. + * Whether to lockdown execution drift. */ - excludedProcesses?: pulumi.Input[]>; + execLockdown?: pulumi.Input; /** - * List of users to be excluded from being monitored. + * List of items in the execution lockdown white list. */ - excludedUsers?: pulumi.Input[]>; + execLockdownWhiteLists?: pulumi.Input[]>; /** - * If true, add attributes operations will be monitored. + * Whether to lockdown image drift. */ - monitorAttributes?: pulumi.Input; + imageLockdown?: pulumi.Input; +} + +export interface HostRuntimePolicyExecutableBlacklist { /** - * If true, create operations will be monitored. + * Whether the executable blacklist is enabled. */ - monitorCreate?: pulumi.Input; + enabled?: pulumi.Input; /** - * If true, deletion operations will be monitored. + * List of blacklisted executables. */ - monitorDelete?: pulumi.Input; + executables?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyFailedKubernetesChecks { + enabled?: pulumi.Input; + failedChecks?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyFileBlock { + blockFilesProcesses?: pulumi.Input[]>; + blockFilesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockFiles?: pulumi.Input[]>; + exceptionalBlockFilesProcesses?: pulumi.Input[]>; + exceptionalBlockFilesUsers?: pulumi.Input[]>; + filenameBlockLists?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyFileIntegrityMonitoring { /** - * If true, modification operations will be monitored. + * If true, file integrity monitoring is enabled. */ - monitorModify?: pulumi.Input; + enabled?: pulumi.Input; /** - * If true, read operations will be monitored. + * List of paths to be excluded from monitoring. */ - monitorRead?: pulumi.Input; + exceptionalMonitoredFiles?: pulumi.Input[]>; /** - * List of paths to be monitored. + * List of processes to be excluded from monitoring. */ - monitoredPaths?: pulumi.Input[]>; + exceptionalMonitoredFilesProcesses?: pulumi.Input[]>; /** - * List of processes to be monitored. + * List of users to be excluded from monitoring. */ - monitoredProcesses?: pulumi.Input[]>; + exceptionalMonitoredFilesUsers?: pulumi.Input[]>; /** - * List of users to be monitored. + * List of paths to be monitored. */ - monitoredUsers?: pulumi.Input[]>; -} - -export interface HostRuntimePolicyMalwareScanOptions { + monitoredFiles?: pulumi.Input[]>; /** - * Set Action, Defaults to 'Alert' when empty + * Whether to monitor file attribute operations. */ - action?: pulumi.Input; + monitoredFilesAttributes?: pulumi.Input; /** - * Defines if enabled or not + * Whether to monitor file create operations. */ - enabled?: pulumi.Input; + monitoredFilesCreate?: pulumi.Input; /** - * List of registry paths to be excluded from being protected. + * Whether to monitor file delete operations. */ - excludeDirectories?: pulumi.Input[]>; + monitoredFilesDelete?: pulumi.Input; /** - * List of registry processes to be excluded from being protected. + * Whether to monitor file modify operations. */ - excludeProcesses?: pulumi.Input[]>; -} - -export interface HostRuntimePolicyScopeVariable { + monitoredFilesModify?: pulumi.Input; /** - * Class of supported scope. + * List of processes associated with monitored files. */ - attribute: pulumi.Input; + monitoredFilesProcesses?: pulumi.Input[]>; /** - * Name assigned to the attribute. + * Whether to monitor file read operations. */ - name?: pulumi.Input; + monitoredFilesRead?: pulumi.Input; /** - * Value assigned to the attribute. + * List of users associated with monitored files. */ - value: pulumi.Input; + monitoredFilesUsers?: pulumi.Input[]>; } -export interface HostRuntimePolicyWindowsRegistryMonitoring { +export interface HostRuntimePolicyLimitContainerPrivilege { /** - * List of paths to be excluded from being monitored. + * Whether to block adding capabilities. */ - excludedPaths?: pulumi.Input[]>; + blockAddCapabilities?: pulumi.Input; /** - * List of registry processes to be excluded from being monitored. + * Whether container privilege limitations are enabled. */ - excludedProcesses?: pulumi.Input[]>; + enabled?: pulumi.Input; /** - * List of registry users to be excluded from being monitored. + * Whether to limit IPC-related capabilities. */ - excludedUsers?: pulumi.Input[]>; + ipcmode?: pulumi.Input; /** - * If true, add attributes operations will be monitored. + * Whether to limit network-related capabilities. */ - monitorAttributes?: pulumi.Input; + netmode?: pulumi.Input; /** - * If true, create operations will be monitored. + * Whether to limit process-related capabilities. */ - monitorCreate?: pulumi.Input; + pidmode?: pulumi.Input; /** - * If true, deletion operations will be monitored. + * Whether to prevent low port binding. */ - monitorDelete?: pulumi.Input; + preventLowPortBinding?: pulumi.Input; /** - * If true, modification operations will be monitored. + * Whether to prevent the use of the root user. */ - monitorModify?: pulumi.Input; + preventRootUser?: pulumi.Input; /** - * If true, read operations will be monitored. + * Whether the container is run in privileged mode. */ - monitorRead?: pulumi.Input; + privileged?: pulumi.Input; /** - * List of paths to be monitored. + * Whether to use the host user. */ - monitoredPaths?: pulumi.Input[]>; + useHostUser?: pulumi.Input; /** - * List of registry processes to be monitored. + * Whether to limit user-related capabilities. */ - monitoredProcesses?: pulumi.Input[]>; + usermode?: pulumi.Input; /** - * List of registry users to be monitored. + * Whether to limit UTS-related capabilities. */ - monitoredUsers?: pulumi.Input[]>; + utsmode?: pulumi.Input; +} + +export interface HostRuntimePolicyLinuxCapabilities { + enabled?: pulumi.Input; + removeLinuxCapabilities?: pulumi.Input[]>; } -export interface HostRuntimePolicyWindowsRegistryProtection { +export interface HostRuntimePolicyMalwareScanOptions { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: pulumi.Input; + /** + * Defines if enabled or not + */ + enabled?: pulumi.Input; /** * List of registry paths to be excluded from being protected. */ - excludedPaths?: pulumi.Input[]>; + excludeDirectories?: pulumi.Input[]>; /** * List of registry processes to be excluded from being protected. */ - excludedProcesses?: pulumi.Input[]>; + excludeProcesses?: pulumi.Input[]>; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyPackageBlock { + blockPackagesProcesses?: pulumi.Input[]>; + blockPackagesUsers?: pulumi.Input[]>; + enabled?: pulumi.Input; + exceptionalBlockPackagesFiles?: pulumi.Input[]>; + exceptionalBlockPackagesProcesses?: pulumi.Input[]>; + exceptionalBlockPackagesUsers?: pulumi.Input[]>; + packagesBlackLists?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyPortBlock { + blockInboundPorts?: pulumi.Input[]>; + blockOutboundPorts?: pulumi.Input[]>; + enabled?: pulumi.Input; +} + +export interface HostRuntimePolicyReadonlyFiles { + enabled?: pulumi.Input; + exceptionalReadonlyFiles?: pulumi.Input[]>; + exceptionalReadonlyFilesProcesses?: pulumi.Input[]>; + exceptionalReadonlyFilesUsers?: pulumi.Input[]>; + readonlyFiles?: pulumi.Input[]>; + readonlyFilesProcesses?: pulumi.Input[]>; + readonlyFilesUsers?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyReadonlyRegistry { + enabled?: pulumi.Input; + exceptionalReadonlyRegistryPaths?: pulumi.Input[]>; + exceptionalReadonlyRegistryProcesses?: pulumi.Input[]>; + exceptionalReadonlyRegistryUsers?: pulumi.Input[]>; + readonlyRegistryPaths?: pulumi.Input[]>; + readonlyRegistryProcesses?: pulumi.Input[]>; + readonlyRegistryUsers?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyRegistryAccessMonitoring { + enabled?: pulumi.Input; + exceptionalMonitoredRegistryPaths?: pulumi.Input[]>; + exceptionalMonitoredRegistryProcesses?: pulumi.Input[]>; + exceptionalMonitoredRegistryUsers?: pulumi.Input[]>; + monitoredRegistryAttributes?: pulumi.Input; + monitoredRegistryCreate?: pulumi.Input; + monitoredRegistryDelete?: pulumi.Input; + monitoredRegistryModify?: pulumi.Input; + monitoredRegistryPaths?: pulumi.Input[]>; + monitoredRegistryProcesses?: pulumi.Input[]>; + monitoredRegistryRead?: pulumi.Input; + monitoredRegistryUsers?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyRestrictedVolume { + /** + * Whether restricted volumes are enabled. + */ + enabled?: pulumi.Input; + /** + * List of restricted volumes. + */ + volumes?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyReverseShell { + blockReverseShell?: pulumi.Input; + enabled?: pulumi.Input; + reverseShellIpWhiteLists?: pulumi.Input[]>; + reverseShellProcWhiteLists?: pulumi.Input[]>; +} + +export interface HostRuntimePolicyScope { + /** + * Scope expression. + */ + expression: pulumi.Input; /** - * List of registry paths to be users from being protected. + * List of variables in the scope. */ - excludedUsers?: pulumi.Input[]>; + variables: pulumi.Input[]>; +} + +export interface HostRuntimePolicyScopeVariable { /** - * List of registry paths to be protected. + * Class of supported scope. */ - protectedPaths?: pulumi.Input[]>; + attribute: pulumi.Input; /** - * List of registry processes to be protected. + * Name assigned to the attribute. */ - protectedProcesses?: pulumi.Input[]>; + name?: pulumi.Input; /** - * List of registry users to be protected. + * Value assigned to the attribute. */ - protectedUsers?: pulumi.Input[]>; + value: pulumi.Input; +} + +export interface HostRuntimePolicySystemIntegrityProtection { + auditSystemtimeChange?: pulumi.Input; + enabled?: pulumi.Input; + monitorAuditLogIntegrity?: pulumi.Input; + windowsServicesMonitoring?: pulumi.Input; +} + +export interface HostRuntimePolicyTripwire { + applyOns?: pulumi.Input[]>; + enabled?: pulumi.Input; + serverlessApp?: pulumi.Input; + userId?: pulumi.Input; + userPassword?: pulumi.Input; +} + +export interface HostRuntimePolicyWhitelistedOsUsers { + enabled?: pulumi.Input; + groupWhiteLists?: pulumi.Input[]>; + userWhiteLists?: pulumi.Input[]>; } export interface ImageAssuranceChecksPerformed { assuranceType?: pulumi.Input; blocking?: pulumi.Input; control?: pulumi.Input; - /** - * If DTA was skipped. - */ dtaSkipped?: pulumi.Input; - /** - * The reason why DTA was skipped. - */ dtaSkippedReason?: pulumi.Input; failed?: pulumi.Input; policyName?: pulumi.Input; @@ -1048,6 +2583,17 @@ export interface ImageAssurancePolicyForbiddenLabel { value?: pulumi.Input; } +export interface ImageAssurancePolicyKubernetesControls { + avdId?: pulumi.Input; + description?: pulumi.Input; + enabled?: pulumi.Input; + kind?: pulumi.Input; + name?: pulumi.Input; + ootb?: pulumi.Input; + scriptId?: pulumi.Input; + severity?: pulumi.Input; +} + export interface ImageAssurancePolicyPackagesBlackList { arch?: pulumi.Input; display?: pulumi.Input; @@ -1072,6 +2618,13 @@ export interface ImageAssurancePolicyPackagesWhiteList { versionRange?: pulumi.Input; } +export interface ImageAssurancePolicyPolicySettings { + enforce?: pulumi.Input; + isAuditChecked?: pulumi.Input; + warn?: pulumi.Input; + warningMessage?: pulumi.Input; +} + export interface ImageAssurancePolicyRequiredLabel { key?: pulumi.Input; value?: pulumi.Input; @@ -1094,18 +2647,9 @@ export interface ImageAssurancePolicyTrustedBaseImage { } export interface ImageHistory { - /** - * The image creation comment. - */ comment?: pulumi.Input; - /** - * The date and time when the image was registered. - */ created?: pulumi.Input; createdBy?: pulumi.Input; - /** - * The ID of this resource. - */ id?: pulumi.Input; size?: pulumi.Input; } @@ -1129,9 +2673,6 @@ export interface ImageVulnerability { blockEventsCount?: pulumi.Input; classification?: pulumi.Input; description?: pulumi.Input; - /** - * The content digest of the image. - */ digest?: pulumi.Input; exploitReference?: pulumi.Input; exploitType?: pulumi.Input; @@ -1140,9 +2681,6 @@ export interface ImageVulnerability { imageName?: pulumi.Input; lastFoundDate?: pulumi.Input; modificationDate?: pulumi.Input; - /** - * The name of the image. - */ name?: pulumi.Input; nvdCvss2Score?: pulumi.Input; nvdCvss2Vectors?: pulumi.Input; @@ -1151,26 +2689,11 @@ export interface ImageVulnerability { nvdCvss3Vectors?: pulumi.Input; nvdSeverity?: pulumi.Input; nvdUrl?: pulumi.Input; - /** - * The operating system detected in the image - */ os?: pulumi.Input; - /** - * The version of the OS detected in the image. - */ osVersion?: pulumi.Input; - /** - * Permission of the image. - */ permission?: pulumi.Input; publishDate?: pulumi.Input; - /** - * The name of the registry where the image is stored. - */ registry?: pulumi.Input; - /** - * The name of the image's repository. - */ repository?: pulumi.Input; resourceArchitecture?: pulumi.Input; resourceCpe?: pulumi.Input; @@ -1209,9 +2732,6 @@ export interface IntegrationRegistryWebhook { authToken?: pulumi.Input; enabled?: pulumi.Input; unQuarantine?: pulumi.Input; - /** - * The URL, address or region of the registry - */ url?: pulumi.Input; } @@ -1243,6 +2763,41 @@ export interface KubernetesAssurancePolicyForbiddenLabel { value?: pulumi.Input; } +export interface KubernetesAssurancePolicyKubernetesControl { + /** + * AVD ID. + */ + avdId?: pulumi.Input; + /** + * Description of the control. + */ + description?: pulumi.Input; + /** + * Is the control enabled? + */ + enabled?: pulumi.Input; + /** + * Kind of the control. + */ + kind?: pulumi.Input; + /** + * Name of the control. + */ + name?: pulumi.Input; + /** + * Out-of-the-box status of the control. + */ + ootb?: pulumi.Input; + /** + * Script ID. + */ + scriptId?: pulumi.Input; + /** + * Severity of the control. + */ + severity?: pulumi.Input; +} + export interface KubernetesAssurancePolicyPackagesBlackList { arch?: pulumi.Input; display?: pulumi.Input; @@ -1267,6 +2822,13 @@ export interface KubernetesAssurancePolicyPackagesWhiteList { versionRange?: pulumi.Input; } +export interface KubernetesAssurancePolicyPolicySettings { + enforce?: pulumi.Input; + isAuditChecked?: pulumi.Input; + warn?: pulumi.Input; + warningMessage?: pulumi.Input; +} + export interface KubernetesAssurancePolicyRequiredLabel { key?: pulumi.Input; value?: pulumi.Input; @@ -1290,28 +2852,28 @@ export interface KubernetesAssurancePolicyTrustedBaseImage { export interface RoleMappingLdap { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface RoleMappingOauth2 { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface RoleMappingOpenid { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface RoleMappingSaml { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: pulumi.Input<{[key: string]: pulumi.Input}>; } @@ -1338,10 +2900,98 @@ export interface UserSaasGroup { export interface UserSaasLogin { created?: pulumi.Input; - /** - * The ID of this resource. - */ id?: pulumi.Input; ipAddress?: pulumi.Input; userId?: pulumi.Input; } + +export interface VmwareAssurancePolicyAutoScanTime { + iteration?: pulumi.Input; + iterationType?: pulumi.Input; + time?: pulumi.Input; + weekDays?: pulumi.Input[]>; +} + +export interface VmwareAssurancePolicyCustomCheck { + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; + description?: pulumi.Input; + engine?: pulumi.Input; + lastModified?: pulumi.Input; + name?: pulumi.Input; + path?: pulumi.Input; + readOnly?: pulumi.Input; + scriptId?: pulumi.Input; + severity?: pulumi.Input; + snippet?: pulumi.Input; +} + +export interface VmwareAssurancePolicyForbiddenLabel { + key?: pulumi.Input; + value?: pulumi.Input; +} + +export interface VmwareAssurancePolicyKubernetesControl { + avdId?: pulumi.Input; + description?: pulumi.Input; + enabled?: pulumi.Input; + kind?: pulumi.Input; + name?: pulumi.Input; + ootb?: pulumi.Input; + scriptId?: pulumi.Input; + severity?: pulumi.Input; +} + +export interface VmwareAssurancePolicyPackagesBlackList { + arch?: pulumi.Input; + display?: pulumi.Input; + epoch?: pulumi.Input; + format?: pulumi.Input; + license?: pulumi.Input; + name?: pulumi.Input; + release?: pulumi.Input; + version?: pulumi.Input; + versionRange?: pulumi.Input; +} + +export interface VmwareAssurancePolicyPackagesWhiteList { + arch?: pulumi.Input; + display?: pulumi.Input; + epoch?: pulumi.Input; + format?: pulumi.Input; + license?: pulumi.Input; + name?: pulumi.Input; + release?: pulumi.Input; + version?: pulumi.Input; + versionRange?: pulumi.Input; +} + +export interface VmwareAssurancePolicyPolicySettings { + enforce?: pulumi.Input; + isAuditChecked?: pulumi.Input; + warn?: pulumi.Input; + warningMessage?: pulumi.Input; +} + +export interface VmwareAssurancePolicyRequiredLabel { + key?: pulumi.Input; + value?: pulumi.Input; +} + +export interface VmwareAssurancePolicyScope { + expression?: pulumi.Input; + variables?: pulumi.Input[]>; +} + +export interface VmwareAssurancePolicyScopeVariable { + attribute?: pulumi.Input; + name?: pulumi.Input; + value?: pulumi.Input; +} + +export interface VmwareAssurancePolicyTrustedBaseImage { + imagename?: pulumi.Input; + registry?: pulumi.Input; +} diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 9bc94cef..0ab99a3d 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -107,7 +107,13 @@ export interface ApplicationScopeCategory { export interface ApplicationScopeCategoryArtifact { cfs?: outputs.ApplicationScopeCategoryArtifactCf[]; + /** + * Function name + */ functions?: outputs.ApplicationScopeCategoryArtifactFunction[]; + /** + * Name of a registry as defined in Aqua + */ images?: outputs.ApplicationScopeCategoryArtifactImage[]; } @@ -212,51 +218,239 @@ export interface ApplicationScopeCategoryWorkloadOVariable { value?: string; } -export interface ContainerRuntimePolicyFileIntegrityMonitoring { +export interface ContainerRuntimePolicyAllowedExecutable { + /** + * List of allowed executables. + */ + allowExecutables?: string[]; + /** + * List of allowed root executables. + */ + allowRootExecutables?: string[]; + /** + * Whether allowed executables configuration is enabled. + */ + enabled?: boolean; + /** + * Whether to treat executables separately. + */ + separateExecutables?: boolean; +} + +export interface ContainerRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: string[]; + /** + * Whether allowed registries are enabled. + */ + enabled?: boolean; +} + +export interface ContainerRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; +} + +export interface ContainerRuntimePolicyBlacklistedOsUsers { + enabled?: boolean; + groupBlackLists?: string[]; + userBlackLists?: string[]; +} + +export interface ContainerRuntimePolicyBypassScope { /** - * List of paths to be excluded from being monitored. + * Whether bypassing the scope is enabled. */ - excludedPaths?: string[]; + enabled?: boolean; /** - * List of processes to be excluded from being monitored. + * Scope configuration. */ - excludedProcesses?: string[]; + scopes?: outputs.ContainerRuntimePolicyBypassScopeScope[]; +} + +export interface ContainerRuntimePolicyBypassScopeScope { /** - * List of users to be excluded from being monitored. + * Scope expression. */ - excludedUsers?: string[]; + expression?: string; /** - * If true, add attributes operations will be monitored. + * List of variables in the scope. */ - monitorAttributes?: boolean; + variables?: outputs.ContainerRuntimePolicyBypassScopeScopeVariable[]; +} + +export interface ContainerRuntimePolicyBypassScopeScopeVariable { /** - * If true, create operations will be monitored. + * Variable attribute. */ - monitorCreate?: boolean; + attribute?: string; /** - * If true, deletion operations will be monitored. + * Variable value. */ - monitorDelete?: boolean; + value?: string; +} + +export interface ContainerRuntimePolicyContainerExec { + blockContainerExec?: boolean; + containerExecProcWhiteLists?: string[]; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; +} + +export interface ContainerRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: boolean; /** - * If true, modification operations will be monitored. + * Whether to lockdown execution drift. */ - monitorModify?: boolean; + execLockdown?: boolean; /** - * If true, read operations will be monitored. + * List of items in the execution lockdown white list. */ - monitorRead?: boolean; + execLockdownWhiteLists?: string[]; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: boolean; +} + +export interface ContainerRuntimePolicyExecutableBlacklist { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: boolean; + /** + * List of blacklisted executables. + */ + executables?: string[]; +} + +export interface ContainerRuntimePolicyFailedKubernetesChecks { + enabled?: boolean; + failedChecks?: string[]; +} + +export interface ContainerRuntimePolicyFileBlock { + blockFilesProcesses?: string[]; + blockFilesUsers?: string[]; + enabled?: boolean; + exceptionalBlockFiles?: string[]; + exceptionalBlockFilesProcesses?: string[]; + exceptionalBlockFilesUsers?: string[]; + filenameBlockLists?: string[]; +} + +export interface ContainerRuntimePolicyFileIntegrityMonitoring { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: string[]; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: string[]; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: string[]; /** * List of paths to be monitored. */ - monitoredPaths?: string[]; + monitoredFiles?: string[]; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: boolean; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: boolean; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: boolean; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: boolean; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: string[]; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: boolean; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: string[]; +} + +export interface ContainerRuntimePolicyLimitContainerPrivilege { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: boolean; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: boolean; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: boolean; + /** + * Whether to limit network-related capabilities. + */ + netmode?: boolean; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: boolean; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: boolean; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: boolean; + /** + * Whether the container is run in privileged mode. + */ + privileged?: boolean; + /** + * Whether to use the host user. + */ + useHostUser?: boolean; /** - * List of processes to be monitored. + * Whether to limit user-related capabilities. */ - monitoredProcesses?: string[]; + usermode?: boolean; /** - * List of users to be monitored. + * Whether to limit UTS-related capabilities. */ - monitoredUsers?: string[]; + utsmode?: boolean; +} + +export interface ContainerRuntimePolicyLinuxCapabilities { + enabled?: boolean; + removeLinuxCapabilities?: string[]; } export interface ContainerRuntimePolicyMalwareScanOptions { @@ -276,6 +470,90 @@ export interface ContainerRuntimePolicyMalwareScanOptions { * List of registry processes to be excluded from being protected. */ excludeProcesses?: string[]; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: string[]; +} + +export interface ContainerRuntimePolicyPackageBlock { + blockPackagesProcesses?: string[]; + blockPackagesUsers?: string[]; + enabled?: boolean; + exceptionalBlockPackagesFiles?: string[]; + exceptionalBlockPackagesProcesses?: string[]; + exceptionalBlockPackagesUsers?: string[]; + packagesBlackLists?: string[]; +} + +export interface ContainerRuntimePolicyPortBlock { + blockInboundPorts?: string[]; + blockOutboundPorts?: string[]; + enabled?: boolean; +} + +export interface ContainerRuntimePolicyReadonlyFiles { + enabled?: boolean; + exceptionalReadonlyFiles?: string[]; + exceptionalReadonlyFilesProcesses?: string[]; + exceptionalReadonlyFilesUsers?: string[]; + readonlyFiles?: string[]; + readonlyFilesProcesses?: string[]; + readonlyFilesUsers?: string[]; +} + +export interface ContainerRuntimePolicyReadonlyRegistry { + enabled?: boolean; + exceptionalReadonlyRegistryPaths?: string[]; + exceptionalReadonlyRegistryProcesses?: string[]; + exceptionalReadonlyRegistryUsers?: string[]; + readonlyRegistryPaths?: string[]; + readonlyRegistryProcesses?: string[]; + readonlyRegistryUsers?: string[]; +} + +export interface ContainerRuntimePolicyRegistryAccessMonitoring { + enabled?: boolean; + exceptionalMonitoredRegistryPaths?: string[]; + exceptionalMonitoredRegistryProcesses?: string[]; + exceptionalMonitoredRegistryUsers?: string[]; + monitoredRegistryAttributes?: boolean; + monitoredRegistryCreate?: boolean; + monitoredRegistryDelete?: boolean; + monitoredRegistryModify?: boolean; + monitoredRegistryPaths?: string[]; + monitoredRegistryProcesses?: string[]; + monitoredRegistryRead?: boolean; + monitoredRegistryUsers?: string[]; +} + +export interface ContainerRuntimePolicyRestrictedVolume { + /** + * Whether restricted volumes are enabled. + */ + enabled?: boolean; + /** + * List of restricted volumes. + */ + volumes?: string[]; +} + +export interface ContainerRuntimePolicyReverseShell { + blockReverseShell?: boolean; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; + reverseShellProcWhiteLists?: string[]; +} + +export interface ContainerRuntimePolicyScope { + /** + * Scope expression. + */ + expression: string; + /** + * List of variables in the scope. + */ + variables: outputs.ContainerRuntimePolicyScopeVariable[]; } export interface ContainerRuntimePolicyScopeVariable { @@ -293,6 +571,27 @@ export interface ContainerRuntimePolicyScopeVariable { value: string; } +export interface ContainerRuntimePolicySystemIntegrityProtection { + auditSystemtimeChange?: boolean; + enabled?: boolean; + monitorAuditLogIntegrity?: boolean; + windowsServicesMonitoring?: boolean; +} + +export interface ContainerRuntimePolicyTripwire { + applyOns?: string[]; + enabled?: boolean; + serverlessApp?: string; + userId?: string; + userPassword?: string; +} + +export interface ContainerRuntimePolicyWhitelistedOsUsers { + enabled?: boolean; + groupWhiteLists?: string[]; + userWhiteLists?: string[]; +} + export interface EnforcerGroupsCommand { default: string; kubernetes: string; @@ -310,9 +609,6 @@ export interface EnforcerGroupsOrchestrator { * May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). */ serviceAccount?: string; - /** - * Enforcer Type. - */ type?: string; } @@ -382,6 +678,17 @@ export interface FunctionAssurancePolicyForbiddenLabel { value?: string; } +export interface FunctionAssurancePolicyKubernetesControl { + avdId?: string; + description?: string; + enabled?: boolean; + kind?: string; + name?: string; + ootb?: boolean; + scriptId?: number; + severity?: string; +} + export interface FunctionAssurancePolicyPackagesBlackList { arch?: string; display?: string; @@ -406,6 +713,13 @@ export interface FunctionAssurancePolicyPackagesWhiteList { versionRange?: string; } +export interface FunctionAssurancePolicyPolicySettings { + enforce?: boolean; + isAuditChecked?: boolean; + warn?: boolean; + warningMessage?: string; +} + export interface FunctionAssurancePolicyRequiredLabel { key?: string; value?: string; @@ -427,6 +741,344 @@ export interface FunctionAssurancePolicyTrustedBaseImage { registry?: string; } +export interface FunctionRuntimePolicyAllowedExecutable { + /** + * List of allowed executables. + */ + allowExecutables?: string[]; + /** + * List of allowed root executables. + */ + allowRootExecutables?: string[]; + /** + * Whether allowed executables configuration is enabled. + */ + enabled?: boolean; + /** + * Whether to treat executables separately. + */ + separateExecutables?: boolean; +} + +export interface FunctionRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: string[]; + /** + * Whether allowed registries are enabled. + */ + enabled?: boolean; +} + +export interface FunctionRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; +} + +export interface FunctionRuntimePolicyBlacklistedOsUsers { + enabled?: boolean; + groupBlackLists?: string[]; + userBlackLists?: string[]; +} + +export interface FunctionRuntimePolicyBypassScope { + /** + * Whether bypassing the scope is enabled. + */ + enabled?: boolean; + /** + * Scope configuration. + */ + scopes?: outputs.FunctionRuntimePolicyBypassScopeScope[]; +} + +export interface FunctionRuntimePolicyBypassScopeScope { + /** + * Scope expression. + */ + expression?: string; + /** + * List of variables in the scope. + */ + variables?: outputs.FunctionRuntimePolicyBypassScopeScopeVariable[]; +} + +export interface FunctionRuntimePolicyBypassScopeScopeVariable { + /** + * Variable attribute. + */ + attribute?: string; + /** + * Variable value. + */ + value?: string; +} + +export interface FunctionRuntimePolicyContainerExec { + blockContainerExec?: boolean; + containerExecProcWhiteLists?: string[]; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; +} + +export interface FunctionRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: boolean; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: boolean; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: string[]; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: boolean; +} + +export interface FunctionRuntimePolicyExecutableBlacklist { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: boolean; + /** + * List of blacklisted executables. + */ + executables?: string[]; +} + +export interface FunctionRuntimePolicyFailedKubernetesChecks { + enabled?: boolean; + failedChecks?: string[]; +} + +export interface FunctionRuntimePolicyFileBlock { + blockFilesProcesses?: string[]; + blockFilesUsers?: string[]; + enabled?: boolean; + exceptionalBlockFiles?: string[]; + exceptionalBlockFilesProcesses?: string[]; + exceptionalBlockFilesUsers?: string[]; + filenameBlockLists?: string[]; +} + +export interface FunctionRuntimePolicyFileIntegrityMonitoring { + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: string[]; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: string[]; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: string[]; + /** + * List of paths to be monitored. + */ + monitoredFiles?: string[]; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: boolean; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: boolean; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: boolean; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: boolean; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: string[]; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: boolean; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: string[]; +} + +export interface FunctionRuntimePolicyLimitContainerPrivilege { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: boolean; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: boolean; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: boolean; + /** + * Whether to limit network-related capabilities. + */ + netmode?: boolean; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: boolean; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: boolean; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: boolean; + /** + * Whether the container is run in privileged mode. + */ + privileged?: boolean; + /** + * Whether to use the host user. + */ + useHostUser?: boolean; + /** + * Whether to limit user-related capabilities. + */ + usermode?: boolean; + /** + * Whether to limit UTS-related capabilities. + */ + utsmode?: boolean; +} + +export interface FunctionRuntimePolicyLinuxCapabilities { + enabled?: boolean; + removeLinuxCapabilities?: string[]; +} + +export interface FunctionRuntimePolicyMalwareScanOptions { + /** + * Set Action, Defaults to 'Alert' when empty + */ + action?: string; + /** + * Defines if enabled or not + */ + enabled?: boolean; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: string[]; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: string[]; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: string[]; +} + +export interface FunctionRuntimePolicyPackageBlock { + blockPackagesProcesses?: string[]; + blockPackagesUsers?: string[]; + enabled?: boolean; + exceptionalBlockPackagesFiles?: string[]; + exceptionalBlockPackagesProcesses?: string[]; + exceptionalBlockPackagesUsers?: string[]; + packagesBlackLists?: string[]; +} + +export interface FunctionRuntimePolicyPortBlock { + blockInboundPorts?: string[]; + blockOutboundPorts?: string[]; + enabled?: boolean; +} + +export interface FunctionRuntimePolicyReadonlyFiles { + enabled?: boolean; + exceptionalReadonlyFiles?: string[]; + exceptionalReadonlyFilesProcesses?: string[]; + exceptionalReadonlyFilesUsers?: string[]; + readonlyFiles?: string[]; + readonlyFilesProcesses?: string[]; + readonlyFilesUsers?: string[]; +} + +export interface FunctionRuntimePolicyReadonlyRegistry { + enabled?: boolean; + exceptionalReadonlyRegistryPaths?: string[]; + exceptionalReadonlyRegistryProcesses?: string[]; + exceptionalReadonlyRegistryUsers?: string[]; + readonlyRegistryPaths?: string[]; + readonlyRegistryProcesses?: string[]; + readonlyRegistryUsers?: string[]; +} + +export interface FunctionRuntimePolicyRegistryAccessMonitoring { + enabled?: boolean; + exceptionalMonitoredRegistryPaths?: string[]; + exceptionalMonitoredRegistryProcesses?: string[]; + exceptionalMonitoredRegistryUsers?: string[]; + monitoredRegistryAttributes?: boolean; + monitoredRegistryCreate?: boolean; + monitoredRegistryDelete?: boolean; + monitoredRegistryModify?: boolean; + monitoredRegistryPaths?: string[]; + monitoredRegistryProcesses?: string[]; + monitoredRegistryRead?: boolean; + monitoredRegistryUsers?: string[]; +} + +export interface FunctionRuntimePolicyRestrictedVolume { + /** + * Whether restricted volumes are enabled. + */ + enabled?: boolean; + /** + * List of restricted volumes. + */ + volumes?: string[]; +} + +export interface FunctionRuntimePolicyReverseShell { + blockReverseShell?: boolean; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; + reverseShellProcWhiteLists?: string[]; +} + +export interface FunctionRuntimePolicyScope { + /** + * Scope expression. + */ + expression: string; + /** + * List of variables in the scope. + */ + variables: outputs.FunctionRuntimePolicyScopeVariable[]; +} + export interface FunctionRuntimePolicyScopeVariable { /** * Class of supported scope. @@ -442,6 +1094,27 @@ export interface FunctionRuntimePolicyScopeVariable { value: string; } +export interface FunctionRuntimePolicySystemIntegrityProtection { + auditSystemtimeChange?: boolean; + enabled?: boolean; + monitorAuditLogIntegrity?: boolean; + windowsServicesMonitoring?: boolean; +} + +export interface FunctionRuntimePolicyTripwire { + applyOns?: string[]; + enabled?: boolean; + serverlessApp?: string; + userId?: string; + userPassword?: string; +} + +export interface FunctionRuntimePolicyWhitelistedOsUsers { + enabled?: boolean; + groupWhiteLists?: string[]; + userWhiteLists?: string[]; +} + export interface GetAcknowledgesAcknowledge { author: string; comment: string; @@ -588,44 +1261,214 @@ export interface GetAquaLabelsAquaLabel { name: string; } +export interface GetContainerRuntimePolicyAllowedExecutable { + /** + * List of allowed executables. + */ + allowExecutables?: string[]; + /** + * List of allowed root executables. + */ + allowRootExecutables?: string[]; + /** + * Whether allowed executables configuration is enabled. + */ + enabled?: boolean; + /** + * Whether to treat executables separately. + */ + separateExecutables?: boolean; +} + +export interface GetContainerRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: string[]; + /** + * Whether allowed registries are enabled. + */ + enabled?: boolean; +} + +export interface GetContainerRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; +} + +export interface GetContainerRuntimePolicyContainerExec { + blockContainerExec?: boolean; + containerExecProcWhiteLists?: string[]; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; +} + +export interface GetContainerRuntimePolicyFileBlock { + blockFilesProcesses?: string[]; + blockFilesUsers?: string[]; + enabled?: boolean; + exceptionalBlockFiles?: string[]; + exceptionalBlockFilesProcesses?: string[]; + exceptionalBlockFilesUsers?: string[]; + filenameBlockLists?: string[]; +} + export interface GetContainerRuntimePolicyFileIntegrityMonitoring { - excludedPaths: string[]; - excludedProcesses: string[]; - excludedUsers: string[]; - monitorAttributes: boolean; - monitorCreate: boolean; - monitorDelete: boolean; - monitorModify: boolean; - monitorRead: boolean; - monitoredPaths: string[]; - monitoredProcesses: string[]; - monitoredUsers: string[]; + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: string[]; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: string[]; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: string[]; + /** + * List of paths to be monitored. + */ + monitoredFiles?: string[]; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: boolean; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: boolean; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: boolean; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: boolean; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: string[]; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: boolean; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: string[]; +} + +export interface GetContainerRuntimePolicyLimitContainerPrivilege { + /** + * Whether to block adding capabilities. + */ + blockAddCapabilities?: boolean; + /** + * Whether container privilege limitations are enabled. + */ + enabled?: boolean; + /** + * Whether to limit IPC-related capabilities. + */ + ipcmode?: boolean; + /** + * Whether to limit network-related capabilities. + */ + netmode?: boolean; + /** + * Whether to limit process-related capabilities. + */ + pidmode?: boolean; + /** + * Whether to prevent low port binding. + */ + preventLowPortBinding?: boolean; + /** + * Whether to prevent the use of the root user. + */ + preventRootUser?: boolean; + /** + * Whether the container is run in privileged mode. + */ + privileged?: boolean; + /** + * Whether to use the host user. + */ + useHostUser?: boolean; + /** + * Whether to limit user-related capabilities. + */ + usermode?: boolean; + /** + * Whether to limit UTS-related capabilities. + */ + utsmode?: boolean; } export interface GetContainerRuntimePolicyMalwareScanOption { /** * Set Action, Defaults to 'Alert' when empty */ - action: string; + action?: string; /** * Defines if enabled or not */ - enabled: boolean; + enabled?: boolean; /** * List of registry paths to be excluded from being protected. */ - excludeDirectories: string[]; + excludeDirectories?: string[]; /** * List of registry processes to be excluded from being protected. */ - excludeProcesses: string[]; + excludeProcesses?: string[]; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: string[]; } -export interface GetContainerRuntimePolicyScopeVariable { - attribute: string; +export interface GetContainerRuntimePolicyPortBlock { + blockInboundPorts?: string[]; + blockOutboundPorts?: string[]; + enabled?: boolean; +} + +export interface GetContainerRuntimePolicyReadonlyFiles { + enabled?: boolean; + exceptionalReadonlyFiles?: string[]; + exceptionalReadonlyFilesProcesses?: string[]; + exceptionalReadonlyFilesUsers?: string[]; + readonlyFiles?: string[]; + readonlyFilesProcesses?: string[]; + readonlyFilesUsers?: string[]; +} + +export interface GetContainerRuntimePolicyRestrictedVolume { /** - * Name of the container runtime policy + * Whether restricted volumes are enabled. */ + enabled?: boolean; + /** + * List of restricted volumes. + */ + volumes?: string[]; +} + +export interface GetContainerRuntimePolicyScopeVariable { + attribute: string; name: string; value: string; } @@ -641,9 +1484,6 @@ export interface GetEnforcerGroupsOrchestrator { master: boolean; namespace: string; serviceAccount: string; - /** - * Enforcer Type. - */ type: string; } @@ -681,9 +1521,6 @@ export interface GetFunctionAssurancePolicyAutoScanTime { } export interface GetFunctionAssurancePolicyCustomCheck { - /** - * Name of user account that created the policy. - */ author: string; description: string; engine: string; @@ -746,11 +1583,38 @@ export interface GetFunctionAssurancePolicyTrustedBaseImage { registry: string; } -export interface GetFunctionRuntimePolicyScopeVariable { - attribute: string; +export interface GetFunctionRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: boolean; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: boolean; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: string[]; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: boolean; +} + +export interface GetFunctionRuntimePolicyExecutableBlacklist { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: boolean; /** - * Name of the function runtime policy + * List of blacklisted executables. */ + executables?: string[]; +} + +export interface GetFunctionRuntimePolicyScopeVariable { + attribute: string; name: string; value: string; } @@ -759,9 +1623,6 @@ export interface GetGatewaysGateway { description: string; grpcAddress: string; hostname: string; - /** - * The ID of this resource. - */ id: string; logicalname: string; publicAddress: string; @@ -783,9 +1644,6 @@ export interface GetHostAssurancePolicyAutoScanTime { } export interface GetHostAssurancePolicyCustomCheck { - /** - * Name of user account that created the policy. - */ author: string; description: string; engine: string; @@ -848,35 +1706,103 @@ export interface GetHostAssurancePolicyTrustedBaseImage { registry: string; } +export interface GetHostRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; +} + export interface GetHostRuntimePolicyFileIntegrityMonitoring { - excludedPaths: string[]; - excludedProcesses: string[]; - excludedUsers: string[]; - monitorAttributes: boolean; - monitorCreate: boolean; - monitorDelete: boolean; - monitorModify: boolean; - monitorRead: boolean; - monitoredPaths: string[]; - monitoredProcesses: string[]; - monitoredUsers: string[]; + /** + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. + */ + exceptionalMonitoredFiles?: string[]; + /** + * List of processes to be excluded from monitoring. + */ + exceptionalMonitoredFilesProcesses?: string[]; + /** + * List of users to be excluded from monitoring. + */ + exceptionalMonitoredFilesUsers?: string[]; + /** + * List of paths to be monitored. + */ + monitoredFiles?: string[]; + /** + * Whether to monitor file attribute operations. + */ + monitoredFilesAttributes?: boolean; + /** + * Whether to monitor file create operations. + */ + monitoredFilesCreate?: boolean; + /** + * Whether to monitor file delete operations. + */ + monitoredFilesDelete?: boolean; + /** + * Whether to monitor file modify operations. + */ + monitoredFilesModify?: boolean; + /** + * List of processes associated with monitored files. + */ + monitoredFilesProcesses?: string[]; + /** + * Whether to monitor file read operations. + */ + monitoredFilesRead?: boolean; + /** + * List of users associated with monitored files. + */ + monitoredFilesUsers?: string[]; } export interface GetHostRuntimePolicyMalwareScanOption { - action: string; /** - * Indicates if the runtime policy is enabled or not. + * Set Action, Defaults to 'Alert' when empty */ - enabled: boolean; - excludeProcesses: string[]; - includeDirectories: string[]; + action?: string; + /** + * Defines if enabled or not + */ + enabled?: boolean; + /** + * List of registry paths to be excluded from being protected. + */ + excludeDirectories?: string[]; + /** + * List of registry processes to be excluded from being protected. + */ + excludeProcesses?: string[]; + /** + * List of registry paths to be excluded from being protected. + */ + includeDirectories?: string[]; +} + +export interface GetHostRuntimePolicyPackageBlock { + blockPackagesProcesses?: string[]; + blockPackagesUsers?: string[]; + enabled?: boolean; + exceptionalBlockPackagesFiles?: string[]; + exceptionalBlockPackagesProcesses?: string[]; + exceptionalBlockPackagesUsers?: string[]; + packagesBlackLists?: string[]; } export interface GetHostRuntimePolicyScopeVariable { attribute: string; - /** - * Name of the host runtime policy - */ name: string; value: string; } @@ -908,13 +1834,7 @@ export interface GetImageAssuranceChecksPerformed { assuranceType: string; blocking: boolean; control: string; - /** - * If DTA was skipped. - */ dtaSkipped: boolean; - /** - * The reason why DTA was skipped. - */ dtaSkippedReason: string; failed: boolean; policyName: string; @@ -928,9 +1848,6 @@ export interface GetImageAssurancePolicyAutoScanTime { } export interface GetImageAssurancePolicyCustomCheck { - /** - * Name of user account that created the policy. - */ author: string; description: string; engine: string; @@ -994,18 +1911,9 @@ export interface GetImageAssurancePolicyTrustedBaseImage { } export interface GetImageHistory { - /** - * The image creation comment. - */ comment: string; - /** - * The date and time when the image was registered. - */ created: string; createdBy: string; - /** - * The ID of this resource. - */ id: string; size: number; } @@ -1029,9 +1937,6 @@ export interface GetImageVulnerability { blockEventsCount: number; classification: string; description: string; - /** - * The content digest of the image. - */ digest: string; exploitReference: string; exploitType: string; @@ -1040,9 +1945,6 @@ export interface GetImageVulnerability { imageName: string; lastFoundDate: string; modificationDate: string; - /** - * The name of the image. - */ name: string; nvdCvss2Score: number; nvdCvss2Vectors: string; @@ -1051,26 +1953,11 @@ export interface GetImageVulnerability { nvdCvss3Vectors: string; nvdSeverity: string; nvdUrl: string; - /** - * The operating system detected in the image - */ os: string; - /** - * The version of the OS detected in the image. - */ osVersion: string; - /** - * Permission of the image. - */ permission: string; publishDate: string; - /** - * The name of the registry where the image is stored. - */ registry: string; - /** - * The name of the image's repository. - */ repository: string; resourceArchitecture: string; resourceCpe: string; @@ -1100,6 +1987,18 @@ export interface GetImageVulnerability { vendorUrl: string; } +export interface GetIntegrationRegistriesOption { + option?: string; + value?: string; +} + +export interface GetIntegrationRegistriesWebhook { + authToken?: string; + enabled?: boolean; + unQuarantine?: boolean; + url?: string; +} + export interface GetIntegrationRegistryOption { option?: string; value?: string; @@ -1109,9 +2008,6 @@ export interface GetIntegrationRegistryWebhook { authToken?: string; enabled?: boolean; unQuarantine?: boolean; - /** - * The URL, address or region of the registry - */ url?: string; } @@ -1123,9 +2019,6 @@ export interface GetKubernetesAssurancePolicyAutoScanTime { } export interface GetKubernetesAssurancePolicyCustomCheck { - /** - * Name of user account that created the policy. - */ author: string; description: string; engine: string; @@ -1190,9 +2083,6 @@ export interface GetKubernetesAssurancePolicyTrustedBaseImage { export interface GetNotificationsEmail { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1203,9 +2093,6 @@ export interface GetNotificationsEmail { export interface GetNotificationsJira { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1216,9 +2103,6 @@ export interface GetNotificationsJira { export interface GetNotificationsServicenow { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1229,9 +2113,6 @@ export interface GetNotificationsServicenow { export interface GetNotificationsSlack { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1242,9 +2123,6 @@ export interface GetNotificationsSlack { export interface GetNotificationsSplunk { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1255,9 +2133,6 @@ export interface GetNotificationsSplunk { export interface GetNotificationsTeam { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1268,9 +2143,6 @@ export interface GetNotificationsTeam { export interface GetNotificationsWebhook { author: string; - /** - * The ID of this resource. - */ id: number; lastUpdated: string; name: string; @@ -1305,9 +2177,6 @@ export interface GetRolesMappingSaasRolesMapping { accountId: number; created: string; cspRole: string; - /** - * The ID of this resource. - */ id: number; samlGroups: string[]; } @@ -1326,9 +2195,6 @@ export interface GetRolesRole { export interface GetServiceScopeVariable { attribute: string; - /** - * The name of the service. It is recommended not to use whitespace characters in the name. - */ name: string; value: string; } @@ -1354,18 +2220,12 @@ export interface GetUsersSaasUser { export interface GetUsersSaasUserGroup { created: string; - /** - * The ID of this resource. - */ id: number; name: string; } export interface GetUsersSaasUserLogin { created: string; - /** - * The ID of this resource. - */ id: number; ipAddress: string; userId: number; @@ -1436,203 +2296,423 @@ export interface HostAssurancePolicyPackagesWhiteList { versionRange?: string; } -export interface HostAssurancePolicyRequiredLabel { - key?: string; +export interface HostAssurancePolicyPolicySettings { + enforce?: boolean; + isAuditChecked?: boolean; + warn?: boolean; + warningMessage?: string; +} + +export interface HostAssurancePolicyRequiredLabel { + key?: string; + value?: string; +} + +export interface HostAssurancePolicyScope { + expression: string; + variables?: outputs.HostAssurancePolicyScopeVariable[]; +} + +export interface HostAssurancePolicyScopeVariable { + attribute: string; + name?: string; + value: string; +} + +export interface HostAssurancePolicyTrustedBaseImage { + imagename?: string; + registry?: string; +} + +export interface HostRuntimePolicyAllowedExecutable { + /** + * List of allowed executables. + */ + allowExecutables?: string[]; + /** + * List of allowed root executables. + */ + allowRootExecutables?: string[]; + /** + * Whether allowed executables configuration is enabled. + */ + enabled?: boolean; + /** + * Whether to treat executables separately. + */ + separateExecutables?: boolean; +} + +export interface HostRuntimePolicyAllowedRegistry { + /** + * List of allowed registries. + */ + allowedRegistries?: string[]; + /** + * Whether allowed registries are enabled. + */ + enabled?: boolean; +} + +export interface HostRuntimePolicyAuditing { + auditAllNetwork?: boolean; + auditAllProcesses?: boolean; + auditFailedLogin?: boolean; + auditOsUserActivity?: boolean; + auditProcessCmdline?: boolean; + auditSuccessLogin?: boolean; + auditUserAccountManagement?: boolean; + enabled?: boolean; +} + +export interface HostRuntimePolicyBlacklistedOsUsers { + enabled?: boolean; + groupBlackLists?: string[]; + userBlackLists?: string[]; +} + +export interface HostRuntimePolicyBypassScope { + /** + * Whether bypassing the scope is enabled. + */ + enabled?: boolean; + /** + * Scope configuration. + */ + scopes?: outputs.HostRuntimePolicyBypassScopeScope[]; +} + +export interface HostRuntimePolicyBypassScopeScope { + /** + * Scope expression. + */ + expression?: string; + /** + * List of variables in the scope. + */ + variables?: outputs.HostRuntimePolicyBypassScopeScopeVariable[]; +} + +export interface HostRuntimePolicyBypassScopeScopeVariable { + /** + * Variable attribute. + */ + attribute?: string; + /** + * Variable value. + */ value?: string; } -export interface HostAssurancePolicyScope { - expression: string; - variables?: outputs.HostAssurancePolicyScopeVariable[]; +export interface HostRuntimePolicyContainerExec { + blockContainerExec?: boolean; + containerExecProcWhiteLists?: string[]; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; } -export interface HostAssurancePolicyScopeVariable { - attribute: string; - name?: string; - value: string; +export interface HostRuntimePolicyDriftPrevention { + /** + * Whether drift prevention is enabled. + */ + enabled?: boolean; + /** + * Whether to lockdown execution drift. + */ + execLockdown?: boolean; + /** + * List of items in the execution lockdown white list. + */ + execLockdownWhiteLists?: string[]; + /** + * Whether to lockdown image drift. + */ + imageLockdown?: boolean; } -export interface HostAssurancePolicyTrustedBaseImage { - imagename?: string; - registry?: string; +export interface HostRuntimePolicyExecutableBlacklist { + /** + * Whether the executable blacklist is enabled. + */ + enabled?: boolean; + /** + * List of blacklisted executables. + */ + executables?: string[]; +} + +export interface HostRuntimePolicyFailedKubernetesChecks { + enabled?: boolean; + failedChecks?: string[]; +} + +export interface HostRuntimePolicyFileBlock { + blockFilesProcesses?: string[]; + blockFilesUsers?: string[]; + enabled?: boolean; + exceptionalBlockFiles?: string[]; + exceptionalBlockFilesProcesses?: string[]; + exceptionalBlockFilesUsers?: string[]; + filenameBlockLists?: string[]; } export interface HostRuntimePolicyFileIntegrityMonitoring { /** - * List of paths to be excluded from being monitored. + * If true, file integrity monitoring is enabled. + */ + enabled?: boolean; + /** + * List of paths to be excluded from monitoring. */ - excludedPaths?: string[]; + exceptionalMonitoredFiles?: string[]; /** - * List of processes to be excluded from being monitored. + * List of processes to be excluded from monitoring. */ - excludedProcesses?: string[]; + exceptionalMonitoredFilesProcesses?: string[]; /** - * List of users to be excluded from being monitored. + * List of users to be excluded from monitoring. */ - excludedUsers?: string[]; + exceptionalMonitoredFilesUsers?: string[]; /** - * If true, add attributes operations will be monitored. + * List of paths to be monitored. */ - monitorAttributes?: boolean; + monitoredFiles?: string[]; /** - * If true, create operations will be monitored. + * Whether to monitor file attribute operations. */ - monitorCreate?: boolean; + monitoredFilesAttributes?: boolean; /** - * If true, deletion operations will be monitored. + * Whether to monitor file create operations. */ - monitorDelete?: boolean; + monitoredFilesCreate?: boolean; /** - * If true, modification operations will be monitored. + * Whether to monitor file delete operations. */ - monitorModify?: boolean; + monitoredFilesDelete?: boolean; /** - * If true, read operations will be monitored. + * Whether to monitor file modify operations. */ - monitorRead?: boolean; + monitoredFilesModify?: boolean; /** - * List of paths to be monitored. + * List of processes associated with monitored files. */ - monitoredPaths?: string[]; + monitoredFilesProcesses?: string[]; /** - * List of processes to be monitored. + * Whether to monitor file read operations. */ - monitoredProcesses?: string[]; + monitoredFilesRead?: boolean; /** - * List of users to be monitored. + * List of users associated with monitored files. */ - monitoredUsers?: string[]; + monitoredFilesUsers?: string[]; } -export interface HostRuntimePolicyMalwareScanOptions { +export interface HostRuntimePolicyLimitContainerPrivilege { /** - * Set Action, Defaults to 'Alert' when empty + * Whether to block adding capabilities. */ - action?: string; + blockAddCapabilities?: boolean; /** - * Defines if enabled or not + * Whether container privilege limitations are enabled. */ enabled?: boolean; /** - * List of registry paths to be excluded from being protected. + * Whether to limit IPC-related capabilities. */ - excludeDirectories?: string[]; + ipcmode?: boolean; /** - * List of registry processes to be excluded from being protected. + * Whether to limit network-related capabilities. */ - excludeProcesses?: string[]; -} - -export interface HostRuntimePolicyScopeVariable { + netmode?: boolean; /** - * Class of supported scope. + * Whether to limit process-related capabilities. */ - attribute: string; + pidmode?: boolean; /** - * Name assigned to the attribute. + * Whether to prevent low port binding. */ - name?: string; + preventLowPortBinding?: boolean; /** - * Value assigned to the attribute. + * Whether to prevent the use of the root user. */ - value: string; -} - -export interface HostRuntimePolicyWindowsRegistryMonitoring { + preventRootUser?: boolean; /** - * List of paths to be excluded from being monitored. + * Whether the container is run in privileged mode. */ - excludedPaths?: string[]; + privileged?: boolean; /** - * List of registry processes to be excluded from being monitored. + * Whether to use the host user. */ - excludedProcesses?: string[]; + useHostUser?: boolean; /** - * List of registry users to be excluded from being monitored. + * Whether to limit user-related capabilities. */ - excludedUsers?: string[]; + usermode?: boolean; /** - * If true, add attributes operations will be monitored. + * Whether to limit UTS-related capabilities. */ - monitorAttributes?: boolean; + utsmode?: boolean; +} + +export interface HostRuntimePolicyLinuxCapabilities { + enabled?: boolean; + removeLinuxCapabilities?: string[]; +} + +export interface HostRuntimePolicyMalwareScanOptions { /** - * If true, create operations will be monitored. + * Set Action, Defaults to 'Alert' when empty */ - monitorCreate?: boolean; + action?: string; /** - * If true, deletion operations will be monitored. + * Defines if enabled or not */ - monitorDelete?: boolean; + enabled?: boolean; /** - * If true, modification operations will be monitored. + * List of registry paths to be excluded from being protected. */ - monitorModify?: boolean; + excludeDirectories?: string[]; /** - * If true, read operations will be monitored. + * List of registry processes to be excluded from being protected. */ - monitorRead?: boolean; + excludeProcesses?: string[]; /** - * List of paths to be monitored. + * List of registry paths to be excluded from being protected. */ - monitoredPaths?: string[]; + includeDirectories?: string[]; +} + +export interface HostRuntimePolicyPackageBlock { + blockPackagesProcesses?: string[]; + blockPackagesUsers?: string[]; + enabled?: boolean; + exceptionalBlockPackagesFiles?: string[]; + exceptionalBlockPackagesProcesses?: string[]; + exceptionalBlockPackagesUsers?: string[]; + packagesBlackLists?: string[]; +} + +export interface HostRuntimePolicyPortBlock { + blockInboundPorts?: string[]; + blockOutboundPorts?: string[]; + enabled?: boolean; +} + +export interface HostRuntimePolicyReadonlyFiles { + enabled?: boolean; + exceptionalReadonlyFiles?: string[]; + exceptionalReadonlyFilesProcesses?: string[]; + exceptionalReadonlyFilesUsers?: string[]; + readonlyFiles?: string[]; + readonlyFilesProcesses?: string[]; + readonlyFilesUsers?: string[]; +} + +export interface HostRuntimePolicyReadonlyRegistry { + enabled?: boolean; + exceptionalReadonlyRegistryPaths?: string[]; + exceptionalReadonlyRegistryProcesses?: string[]; + exceptionalReadonlyRegistryUsers?: string[]; + readonlyRegistryPaths?: string[]; + readonlyRegistryProcesses?: string[]; + readonlyRegistryUsers?: string[]; +} + +export interface HostRuntimePolicyRegistryAccessMonitoring { + enabled?: boolean; + exceptionalMonitoredRegistryPaths?: string[]; + exceptionalMonitoredRegistryProcesses?: string[]; + exceptionalMonitoredRegistryUsers?: string[]; + monitoredRegistryAttributes?: boolean; + monitoredRegistryCreate?: boolean; + monitoredRegistryDelete?: boolean; + monitoredRegistryModify?: boolean; + monitoredRegistryPaths?: string[]; + monitoredRegistryProcesses?: string[]; + monitoredRegistryRead?: boolean; + monitoredRegistryUsers?: string[]; +} + +export interface HostRuntimePolicyRestrictedVolume { /** - * List of registry processes to be monitored. + * Whether restricted volumes are enabled. */ - monitoredProcesses?: string[]; + enabled?: boolean; /** - * List of registry users to be monitored. + * List of restricted volumes. */ - monitoredUsers?: string[]; + volumes?: string[]; } -export interface HostRuntimePolicyWindowsRegistryProtection { - /** - * List of registry paths to be excluded from being protected. - */ - excludedPaths?: string[]; +export interface HostRuntimePolicyReverseShell { + blockReverseShell?: boolean; + enabled?: boolean; + reverseShellIpWhiteLists?: string[]; + reverseShellProcWhiteLists?: string[]; +} + +export interface HostRuntimePolicyScope { /** - * List of registry processes to be excluded from being protected. + * Scope expression. */ - excludedProcesses?: string[]; + expression: string; /** - * List of registry paths to be users from being protected. + * List of variables in the scope. */ - excludedUsers?: string[]; + variables: outputs.HostRuntimePolicyScopeVariable[]; +} + +export interface HostRuntimePolicyScopeVariable { /** - * List of registry paths to be protected. + * Class of supported scope. */ - protectedPaths?: string[]; + attribute: string; /** - * List of registry processes to be protected. + * Name assigned to the attribute. */ - protectedProcesses?: string[]; + name?: string; /** - * List of registry users to be protected. + * Value assigned to the attribute. */ - protectedUsers?: string[]; + value: string; +} + +export interface HostRuntimePolicySystemIntegrityProtection { + auditSystemtimeChange?: boolean; + enabled?: boolean; + monitorAuditLogIntegrity?: boolean; + windowsServicesMonitoring?: boolean; +} + +export interface HostRuntimePolicyTripwire { + applyOns?: string[]; + enabled?: boolean; + serverlessApp?: string; + userId?: string; + userPassword?: string; +} + +export interface HostRuntimePolicyWhitelistedOsUsers { + enabled?: boolean; + groupWhiteLists?: string[]; + userWhiteLists?: string[]; } export interface ImageAssuranceChecksPerformed { assuranceType: string; blocking: boolean; control: string; - /** - * If DTA was skipped. - */ dtaSkipped: boolean; - /** - * The reason why DTA was skipped. - */ dtaSkippedReason: string; failed: boolean; policyName: string; } export interface ImageAssurancePolicyAutoScanTime { - iteration: number; + iteration?: number; iterationType?: string; time?: string; - weekDays: string[]; + weekDays?: string[]; } export interface ImageAssurancePolicyCustomCheck { @@ -1656,6 +2736,17 @@ export interface ImageAssurancePolicyForbiddenLabel { value?: string; } +export interface ImageAssurancePolicyKubernetesControls { + avdId?: string; + description?: string; + enabled?: boolean; + kind?: string; + name?: string; + ootb?: boolean; + scriptId?: number; + severity?: string; +} + export interface ImageAssurancePolicyPackagesBlackList { arch?: string; display?: string; @@ -1680,6 +2771,13 @@ export interface ImageAssurancePolicyPackagesWhiteList { versionRange?: string; } +export interface ImageAssurancePolicyPolicySettings { + enforce?: boolean; + isAuditChecked?: boolean; + warn?: boolean; + warningMessage?: string; +} + export interface ImageAssurancePolicyRequiredLabel { key?: string; value?: string; @@ -1702,18 +2800,9 @@ export interface ImageAssurancePolicyTrustedBaseImage { } export interface ImageHistory { - /** - * The image creation comment. - */ comment: string; - /** - * The date and time when the image was registered. - */ created: string; createdBy: string; - /** - * The ID of this resource. - */ id: string; size: number; } @@ -1737,9 +2826,6 @@ export interface ImageVulnerability { blockEventsCount: number; classification: string; description: string; - /** - * The content digest of the image. - */ digest: string; exploitReference: string; exploitType: string; @@ -1748,9 +2834,6 @@ export interface ImageVulnerability { imageName: string; lastFoundDate: string; modificationDate: string; - /** - * The name of the image. - */ name: string; nvdCvss2Score: number; nvdCvss2Vectors: string; @@ -1759,26 +2842,11 @@ export interface ImageVulnerability { nvdCvss3Vectors: string; nvdSeverity: string; nvdUrl: string; - /** - * The operating system detected in the image - */ os: string; - /** - * The version of the OS detected in the image. - */ osVersion: string; - /** - * Permission of the image. - */ permission: string; publishDate: string; - /** - * The name of the registry where the image is stored. - */ registry: string; - /** - * The name of the image's repository. - */ repository: string; resourceArchitecture: string; resourceCpe: string; @@ -1817,9 +2885,6 @@ export interface IntegrationRegistryWebhook { authToken?: string; enabled: boolean; unQuarantine: boolean; - /** - * The URL, address or region of the registry - */ url?: string; } @@ -1851,6 +2916,41 @@ export interface KubernetesAssurancePolicyForbiddenLabel { value?: string; } +export interface KubernetesAssurancePolicyKubernetesControl { + /** + * AVD ID. + */ + avdId?: string; + /** + * Description of the control. + */ + description?: string; + /** + * Is the control enabled? + */ + enabled?: boolean; + /** + * Kind of the control. + */ + kind?: string; + /** + * Name of the control. + */ + name?: string; + /** + * Out-of-the-box status of the control. + */ + ootb?: boolean; + /** + * Script ID. + */ + scriptId?: number; + /** + * Severity of the control. + */ + severity?: string; +} + export interface KubernetesAssurancePolicyPackagesBlackList { arch?: string; display?: string; @@ -1875,6 +2975,13 @@ export interface KubernetesAssurancePolicyPackagesWhiteList { versionRange?: string; } +export interface KubernetesAssurancePolicyPolicySettings { + enforce?: boolean; + isAuditChecked?: boolean; + warn?: boolean; + warningMessage?: string; +} + export interface KubernetesAssurancePolicyRequiredLabel { key?: string; value?: string; @@ -1898,28 +3005,28 @@ export interface KubernetesAssurancePolicyTrustedBaseImage { export interface RoleMappingLdap { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: {[key: string]: string}; } export interface RoleMappingOauth2 { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: {[key: string]: string}; } export interface RoleMappingOpenid { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: {[key: string]: string}; } export interface RoleMappingSaml { /** - * Role Mapping is used to define the IdP role that the user will assume in Aqua + * Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. */ roleMapping: {[key: string]: string}; } @@ -1946,11 +3053,99 @@ export interface UserSaasGroup { export interface UserSaasLogin { created: string; - /** - * The ID of this resource. - */ id: number; ipAddress: string; userId: number; } +export interface VmwareAssurancePolicyAutoScanTime { + iteration: number; + iterationType?: string; + time?: string; + weekDays: string[]; +} + +export interface VmwareAssurancePolicyCustomCheck { + /** + * Name of user account that created the policy. + */ + author?: string; + description?: string; + engine?: string; + lastModified?: number; + name?: string; + path?: string; + readOnly?: boolean; + scriptId?: string; + severity?: string; + snippet?: string; +} + +export interface VmwareAssurancePolicyForbiddenLabel { + key?: string; + value?: string; +} + +export interface VmwareAssurancePolicyKubernetesControl { + avdId?: string; + description?: string; + enabled?: boolean; + kind?: string; + name?: string; + ootb?: boolean; + scriptId?: number; + severity?: string; +} + +export interface VmwareAssurancePolicyPackagesBlackList { + arch?: string; + display?: string; + epoch?: string; + format?: string; + license?: string; + name?: string; + release?: string; + version?: string; + versionRange?: string; +} + +export interface VmwareAssurancePolicyPackagesWhiteList { + arch?: string; + display?: string; + epoch?: string; + format?: string; + license?: string; + name?: string; + release?: string; + version?: string; + versionRange?: string; +} + +export interface VmwareAssurancePolicyPolicySettings { + enforce?: boolean; + isAuditChecked?: boolean; + warn?: boolean; + warningMessage?: string; +} + +export interface VmwareAssurancePolicyRequiredLabel { + key?: string; + value?: string; +} + +export interface VmwareAssurancePolicyScope { + expression: string; + variables?: outputs.VmwareAssurancePolicyScopeVariable[]; +} + +export interface VmwareAssurancePolicyScopeVariable { + attribute: string; + name?: string; + value: string; +} + +export interface VmwareAssurancePolicyTrustedBaseImage { + imagename?: string; + registry?: string; +} + diff --git a/sdk/nodejs/utilities.ts b/sdk/nodejs/utilities.ts index 0d758135..9808a3a6 100644 --- a/sdk/nodejs/utilities.ts +++ b/sdk/nodejs/utilities.ts @@ -2,6 +2,9 @@ // *** Do not edit by hand unless you're certain you know what you are doing! *** +import * as runtime from "@pulumi/pulumi/runtime"; +import * as pulumi from "@pulumi/pulumi"; + export function getEnv(...vars: string[]): string | undefined { for (const v of vars) { const value = process.env[v]; @@ -64,3 +67,29 @@ export function lazyLoad(exports: any, props: string[], loadModule: any) { }); } } + +export async function callAsync( + tok: string, + props: pulumi.Inputs, + res?: pulumi.Resource, + opts?: {property?: string}, +): Promise { + const o: any = runtime.call(tok, props, res); + const value = await o.promise(true /*withUnknowns*/); + const isKnown = await o.isKnown; + const isSecret = await o.isSecret; + const problem: string|undefined = + !isKnown ? "an unknown value" + : isSecret ? "a secret value" + : undefined; + // Ingoring o.resources silently. They are typically non-empty, r.f() calls include r as a dependency. + if (problem) { + throw new Error(`Plain resource method "${tok}" incorrectly returned ${problem}. ` + + "This is an error in the provider, please report this to the provider developer."); + } + // Extract a single property if requested. + if (opts && opts.property) { + return value[opts.property]; + } + return value; +} diff --git a/sdk/nodejs/vmwareAssurancePolicy.ts b/sdk/nodejs/vmwareAssurancePolicy.ts new file mode 100644 index 00000000..76f22df0 --- /dev/null +++ b/sdk/nodejs/vmwareAssurancePolicy.ts @@ -0,0 +1,933 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "./types/input"; +import * as outputs from "./types/output"; +import * as utilities from "./utilities"; + +export class VmwareAssurancePolicy extends pulumi.CustomResource { + /** + * Get an existing VmwareAssurancePolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: VmwareAssurancePolicyState, opts?: pulumi.CustomResourceOptions): VmwareAssurancePolicy { + return new VmwareAssurancePolicy(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy'; + + /** + * Returns true if the given object is an instance of VmwareAssurancePolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is VmwareAssurancePolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === VmwareAssurancePolicy.__pulumiType; + } + + /** + * Aggregated vulnerability information. + */ + public readonly aggregatedVulnerability!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * List of explicitly allowed images. + */ + public readonly allowedImages!: pulumi.Output; + public readonly applicationScopes!: pulumi.Output; + /** + * What type of assurance policy is described. + */ + public readonly assuranceType!: pulumi.Output; + /** + * Indicates if auditing for failures. + */ + public readonly auditOnFailure!: pulumi.Output; + /** + * Name of user account that created the policy. + */ + public readonly author!: pulumi.Output; + public readonly autoScanConfigured!: pulumi.Output; + public readonly autoScanEnabled!: pulumi.Output; + public readonly autoScanTimes!: pulumi.Output; + /** + * List of function's forbidden permissions. + */ + public readonly blacklistPermissions!: pulumi.Output; + /** + * Indicates if blacklist permissions is relevant. + */ + public readonly blacklistPermissionsEnabled!: pulumi.Output; + /** + * List of blacklisted licenses. + */ + public readonly blacklistedLicenses!: pulumi.Output; + /** + * Indicates if license blacklist is relevant. + */ + public readonly blacklistedLicensesEnabled!: pulumi.Output; + /** + * Indicates if failed images are blocked. + */ + public readonly blockFailed!: pulumi.Output; + public readonly controlExcludeNoFix!: pulumi.Output; + /** + * List of Custom user scripts for checks. + */ + public readonly customChecks!: pulumi.Output; + /** + * Indicates if scanning should include custom checks. + */ + public readonly customChecksEnabled!: pulumi.Output; + public readonly customSeverity!: pulumi.Output; + public readonly customSeverityEnabled!: pulumi.Output; + /** + * Indicates if CVEs blacklist is relevant. + */ + public readonly cvesBlackListEnabled!: pulumi.Output; + /** + * List of cves blacklisted items. + */ + public readonly cvesBlackLists!: pulumi.Output; + /** + * Indicates if cves whitelist is relevant. + */ + public readonly cvesWhiteListEnabled!: pulumi.Output; + /** + * List of cves whitelisted licenses + */ + public readonly cvesWhiteLists!: pulumi.Output; + /** + * Identifier of the cvss severity. + */ + public readonly cvssSeverity!: pulumi.Output; + /** + * Indicates if the cvss severity is scanned. + */ + public readonly cvssSeverityEnabled!: pulumi.Output; + /** + * Indicates that policy should ignore cvss cases that do not have a known fix. + */ + public readonly cvssSeverityExcludeNoFix!: pulumi.Output; + public readonly description!: pulumi.Output; + public readonly disallowExploitTypes!: pulumi.Output; + /** + * Indicates if malware should block the image. + */ + public readonly disallowMalware!: pulumi.Output; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ + public readonly dockerCisEnabled!: pulumi.Output; + /** + * Name of the container image. + */ + public readonly domain!: pulumi.Output; + public readonly domainName!: pulumi.Output; + public readonly dtaEnabled!: pulumi.Output; + public readonly dtaSeverity!: pulumi.Output; + public readonly enabled!: pulumi.Output; + public readonly enforce!: pulumi.Output; + public readonly enforceAfterDays!: pulumi.Output; + public readonly enforceExcessivePermissions!: pulumi.Output; + public readonly exceptionalMonitoredMalwarePaths!: pulumi.Output; + public readonly excludeApplicationScopes!: pulumi.Output; + /** + * Indicates if cicd failures will fail the image. + */ + public readonly failCicd!: pulumi.Output; + public readonly forbiddenLabels!: pulumi.Output; + public readonly forbiddenLabelsEnabled!: pulumi.Output; + public readonly forceMicroenforcer!: pulumi.Output; + public readonly functionIntegrityEnabled!: pulumi.Output; + public readonly ignoreBaseImageVln!: pulumi.Output; + public readonly ignoreRecentlyPublishedVln!: pulumi.Output; + public readonly ignoreRecentlyPublishedVlnPeriod!: pulumi.Output; + /** + * Indicates if risk resources are ignored. + */ + public readonly ignoreRiskResourcesEnabled!: pulumi.Output; + /** + * List of ignored risk resources. + */ + public readonly ignoredRiskResources!: pulumi.Output; + public readonly ignoredSensitiveResources!: pulumi.Output; + /** + * List of images. + */ + public readonly images!: pulumi.Output; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ + public readonly kubeCisEnabled!: pulumi.Output; + /** + * List of Kubernetes controls. + */ + public readonly kubernetesControls!: pulumi.Output; + public readonly kubernetesControlsAvdIds!: pulumi.Output; + public readonly kubernetesControlsNames!: pulumi.Output; + /** + * List of labels. + */ + public readonly labels!: pulumi.Output; + public readonly lastupdate!: pulumi.Output; + public readonly linuxCisEnabled!: pulumi.Output; + public readonly malwareAction!: pulumi.Output; + /** + * Value of allowed maximum score. + */ + public readonly maximumScore!: pulumi.Output; + /** + * Indicates if exceeding the maximum score is scanned. + */ + public readonly maximumScoreEnabled!: pulumi.Output; + public readonly maximumScoreExcludeNoFix!: pulumi.Output; + public readonly monitoredMalwarePaths!: pulumi.Output; + public readonly name!: pulumi.Output; + /** + * Indicates if raise a warning for images that should only be run as root. + */ + public readonly onlyNoneRootUsers!: pulumi.Output; + public readonly openshiftHardeningEnabled!: pulumi.Output; + /** + * Indicates if packages blacklist is relevant. + */ + public readonly packagesBlackListEnabled!: pulumi.Output; + /** + * List of blacklisted images. + */ + public readonly packagesBlackLists!: pulumi.Output; + /** + * Indicates if packages whitelist is relevant. + */ + public readonly packagesWhiteListEnabled!: pulumi.Output; + /** + * List of whitelisted images. + */ + public readonly packagesWhiteLists!: pulumi.Output; + public readonly partialResultsImageFail!: pulumi.Output; + public readonly permission!: pulumi.Output; + public readonly policySettings!: pulumi.Output; + public readonly readOnly!: pulumi.Output; + /** + * List of registries. + */ + public readonly registries!: pulumi.Output; + public readonly registry!: pulumi.Output; + public readonly requiredLabels!: pulumi.Output; + public readonly requiredLabelsEnabled!: pulumi.Output; + public readonly scanMalwareInArchives!: pulumi.Output; + public readonly scanNfsMounts!: pulumi.Output; + public readonly scanProcessMemory!: pulumi.Output; + /** + * Indicates if scan should include sensitive data in the image. + */ + public readonly scanSensitiveData!: pulumi.Output; + public readonly scanWindowsRegistry!: pulumi.Output; + /** + * Indicates if scanning should include scap. + */ + public readonly scapEnabled!: pulumi.Output; + /** + * List of SCAP user scripts for checks. + */ + public readonly scapFiles!: pulumi.Output; + public readonly scopes!: pulumi.Output; + /** + * List of trusted images. + */ + public readonly trustedBaseImages!: pulumi.Output; + /** + * Indicates if list of trusted base images is relevant. + */ + public readonly trustedBaseImagesEnabled!: pulumi.Output; + public readonly vulnerabilityExploitability!: pulumi.Output; + public readonly vulnerabilityScoreRanges!: pulumi.Output; + /** + * List of whitelisted licenses. + */ + public readonly whitelistedLicenses!: pulumi.Output; + /** + * Indicates if license blacklist is relevant. + */ + public readonly whitelistedLicensesEnabled!: pulumi.Output; + + /** + * Create a VmwareAssurancePolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: VmwareAssurancePolicyArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: VmwareAssurancePolicyArgs | VmwareAssurancePolicyState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as VmwareAssurancePolicyState | undefined; + resourceInputs["aggregatedVulnerability"] = state ? state.aggregatedVulnerability : undefined; + resourceInputs["allowedImages"] = state ? state.allowedImages : undefined; + resourceInputs["applicationScopes"] = state ? state.applicationScopes : undefined; + resourceInputs["assuranceType"] = state ? state.assuranceType : undefined; + resourceInputs["auditOnFailure"] = state ? state.auditOnFailure : undefined; + resourceInputs["author"] = state ? state.author : undefined; + resourceInputs["autoScanConfigured"] = state ? state.autoScanConfigured : undefined; + resourceInputs["autoScanEnabled"] = state ? state.autoScanEnabled : undefined; + resourceInputs["autoScanTimes"] = state ? state.autoScanTimes : undefined; + resourceInputs["blacklistPermissions"] = state ? state.blacklistPermissions : undefined; + resourceInputs["blacklistPermissionsEnabled"] = state ? state.blacklistPermissionsEnabled : undefined; + resourceInputs["blacklistedLicenses"] = state ? state.blacklistedLicenses : undefined; + resourceInputs["blacklistedLicensesEnabled"] = state ? state.blacklistedLicensesEnabled : undefined; + resourceInputs["blockFailed"] = state ? state.blockFailed : undefined; + resourceInputs["controlExcludeNoFix"] = state ? state.controlExcludeNoFix : undefined; + resourceInputs["customChecks"] = state ? state.customChecks : undefined; + resourceInputs["customChecksEnabled"] = state ? state.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = state ? state.customSeverity : undefined; + resourceInputs["customSeverityEnabled"] = state ? state.customSeverityEnabled : undefined; + resourceInputs["cvesBlackListEnabled"] = state ? state.cvesBlackListEnabled : undefined; + resourceInputs["cvesBlackLists"] = state ? state.cvesBlackLists : undefined; + resourceInputs["cvesWhiteListEnabled"] = state ? state.cvesWhiteListEnabled : undefined; + resourceInputs["cvesWhiteLists"] = state ? state.cvesWhiteLists : undefined; + resourceInputs["cvssSeverity"] = state ? state.cvssSeverity : undefined; + resourceInputs["cvssSeverityEnabled"] = state ? state.cvssSeverityEnabled : undefined; + resourceInputs["cvssSeverityExcludeNoFix"] = state ? state.cvssSeverityExcludeNoFix : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["disallowExploitTypes"] = state ? state.disallowExploitTypes : undefined; + resourceInputs["disallowMalware"] = state ? state.disallowMalware : undefined; + resourceInputs["dockerCisEnabled"] = state ? state.dockerCisEnabled : undefined; + resourceInputs["domain"] = state ? state.domain : undefined; + resourceInputs["domainName"] = state ? state.domainName : undefined; + resourceInputs["dtaEnabled"] = state ? state.dtaEnabled : undefined; + resourceInputs["dtaSeverity"] = state ? state.dtaSeverity : undefined; + resourceInputs["enabled"] = state ? state.enabled : undefined; + resourceInputs["enforce"] = state ? state.enforce : undefined; + resourceInputs["enforceAfterDays"] = state ? state.enforceAfterDays : undefined; + resourceInputs["enforceExcessivePermissions"] = state ? state.enforceExcessivePermissions : undefined; + resourceInputs["exceptionalMonitoredMalwarePaths"] = state ? state.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = state ? state.excludeApplicationScopes : undefined; + resourceInputs["failCicd"] = state ? state.failCicd : undefined; + resourceInputs["forbiddenLabels"] = state ? state.forbiddenLabels : undefined; + resourceInputs["forbiddenLabelsEnabled"] = state ? state.forbiddenLabelsEnabled : undefined; + resourceInputs["forceMicroenforcer"] = state ? state.forceMicroenforcer : undefined; + resourceInputs["functionIntegrityEnabled"] = state ? state.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = state ? state.ignoreBaseImageVln : undefined; + resourceInputs["ignoreRecentlyPublishedVln"] = state ? state.ignoreRecentlyPublishedVln : undefined; + resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = state ? state.ignoreRecentlyPublishedVlnPeriod : undefined; + resourceInputs["ignoreRiskResourcesEnabled"] = state ? state.ignoreRiskResourcesEnabled : undefined; + resourceInputs["ignoredRiskResources"] = state ? state.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = state ? state.ignoredSensitiveResources : undefined; + resourceInputs["images"] = state ? state.images : undefined; + resourceInputs["kubeCisEnabled"] = state ? state.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = state ? state.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = state ? state.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = state ? state.kubernetesControlsNames : undefined; + resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["lastupdate"] = state ? state.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = state ? state.linuxCisEnabled : undefined; + resourceInputs["malwareAction"] = state ? state.malwareAction : undefined; + resourceInputs["maximumScore"] = state ? state.maximumScore : undefined; + resourceInputs["maximumScoreEnabled"] = state ? state.maximumScoreEnabled : undefined; + resourceInputs["maximumScoreExcludeNoFix"] = state ? state.maximumScoreExcludeNoFix : undefined; + resourceInputs["monitoredMalwarePaths"] = state ? state.monitoredMalwarePaths : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["onlyNoneRootUsers"] = state ? state.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = state ? state.openshiftHardeningEnabled : undefined; + resourceInputs["packagesBlackListEnabled"] = state ? state.packagesBlackListEnabled : undefined; + resourceInputs["packagesBlackLists"] = state ? state.packagesBlackLists : undefined; + resourceInputs["packagesWhiteListEnabled"] = state ? state.packagesWhiteListEnabled : undefined; + resourceInputs["packagesWhiteLists"] = state ? state.packagesWhiteLists : undefined; + resourceInputs["partialResultsImageFail"] = state ? state.partialResultsImageFail : undefined; + resourceInputs["permission"] = state ? state.permission : undefined; + resourceInputs["policySettings"] = state ? state.policySettings : undefined; + resourceInputs["readOnly"] = state ? state.readOnly : undefined; + resourceInputs["registries"] = state ? state.registries : undefined; + resourceInputs["registry"] = state ? state.registry : undefined; + resourceInputs["requiredLabels"] = state ? state.requiredLabels : undefined; + resourceInputs["requiredLabelsEnabled"] = state ? state.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = state ? state.scanMalwareInArchives : undefined; + resourceInputs["scanNfsMounts"] = state ? state.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = state ? state.scanProcessMemory : undefined; + resourceInputs["scanSensitiveData"] = state ? state.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = state ? state.scanWindowsRegistry : undefined; + resourceInputs["scapEnabled"] = state ? state.scapEnabled : undefined; + resourceInputs["scapFiles"] = state ? state.scapFiles : undefined; + resourceInputs["scopes"] = state ? state.scopes : undefined; + resourceInputs["trustedBaseImages"] = state ? state.trustedBaseImages : undefined; + resourceInputs["trustedBaseImagesEnabled"] = state ? state.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = state ? state.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = state ? state.vulnerabilityScoreRanges : undefined; + resourceInputs["whitelistedLicenses"] = state ? state.whitelistedLicenses : undefined; + resourceInputs["whitelistedLicensesEnabled"] = state ? state.whitelistedLicensesEnabled : undefined; + } else { + const args = argsOrState as VmwareAssurancePolicyArgs | undefined; + if ((!args || args.applicationScopes === undefined) && !opts.urn) { + throw new Error("Missing required property 'applicationScopes'"); + } + resourceInputs["aggregatedVulnerability"] = args ? args.aggregatedVulnerability : undefined; + resourceInputs["allowedImages"] = args ? args.allowedImages : undefined; + resourceInputs["applicationScopes"] = args ? args.applicationScopes : undefined; + resourceInputs["assuranceType"] = args ? args.assuranceType : undefined; + resourceInputs["auditOnFailure"] = args ? args.auditOnFailure : undefined; + resourceInputs["author"] = args ? args.author : undefined; + resourceInputs["autoScanConfigured"] = args ? args.autoScanConfigured : undefined; + resourceInputs["autoScanEnabled"] = args ? args.autoScanEnabled : undefined; + resourceInputs["autoScanTimes"] = args ? args.autoScanTimes : undefined; + resourceInputs["blacklistPermissions"] = args ? args.blacklistPermissions : undefined; + resourceInputs["blacklistPermissionsEnabled"] = args ? args.blacklistPermissionsEnabled : undefined; + resourceInputs["blacklistedLicenses"] = args ? args.blacklistedLicenses : undefined; + resourceInputs["blacklistedLicensesEnabled"] = args ? args.blacklistedLicensesEnabled : undefined; + resourceInputs["blockFailed"] = args ? args.blockFailed : undefined; + resourceInputs["controlExcludeNoFix"] = args ? args.controlExcludeNoFix : undefined; + resourceInputs["customChecks"] = args ? args.customChecks : undefined; + resourceInputs["customChecksEnabled"] = args ? args.customChecksEnabled : undefined; + resourceInputs["customSeverity"] = args ? args.customSeverity : undefined; + resourceInputs["customSeverityEnabled"] = args ? args.customSeverityEnabled : undefined; + resourceInputs["cvesBlackListEnabled"] = args ? args.cvesBlackListEnabled : undefined; + resourceInputs["cvesBlackLists"] = args ? args.cvesBlackLists : undefined; + resourceInputs["cvesWhiteListEnabled"] = args ? args.cvesWhiteListEnabled : undefined; + resourceInputs["cvesWhiteLists"] = args ? args.cvesWhiteLists : undefined; + resourceInputs["cvssSeverity"] = args ? args.cvssSeverity : undefined; + resourceInputs["cvssSeverityEnabled"] = args ? args.cvssSeverityEnabled : undefined; + resourceInputs["cvssSeverityExcludeNoFix"] = args ? args.cvssSeverityExcludeNoFix : undefined; + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["disallowExploitTypes"] = args ? args.disallowExploitTypes : undefined; + resourceInputs["disallowMalware"] = args ? args.disallowMalware : undefined; + resourceInputs["dockerCisEnabled"] = args ? args.dockerCisEnabled : undefined; + resourceInputs["domain"] = args ? args.domain : undefined; + resourceInputs["domainName"] = args ? args.domainName : undefined; + resourceInputs["dtaEnabled"] = args ? args.dtaEnabled : undefined; + resourceInputs["dtaSeverity"] = args ? args.dtaSeverity : undefined; + resourceInputs["enabled"] = args ? args.enabled : undefined; + resourceInputs["enforce"] = args ? args.enforce : undefined; + resourceInputs["enforceAfterDays"] = args ? args.enforceAfterDays : undefined; + resourceInputs["enforceExcessivePermissions"] = args ? args.enforceExcessivePermissions : undefined; + resourceInputs["exceptionalMonitoredMalwarePaths"] = args ? args.exceptionalMonitoredMalwarePaths : undefined; + resourceInputs["excludeApplicationScopes"] = args ? args.excludeApplicationScopes : undefined; + resourceInputs["failCicd"] = args ? args.failCicd : undefined; + resourceInputs["forbiddenLabels"] = args ? args.forbiddenLabels : undefined; + resourceInputs["forbiddenLabelsEnabled"] = args ? args.forbiddenLabelsEnabled : undefined; + resourceInputs["forceMicroenforcer"] = args ? args.forceMicroenforcer : undefined; + resourceInputs["functionIntegrityEnabled"] = args ? args.functionIntegrityEnabled : undefined; + resourceInputs["ignoreBaseImageVln"] = args ? args.ignoreBaseImageVln : undefined; + resourceInputs["ignoreRecentlyPublishedVln"] = args ? args.ignoreRecentlyPublishedVln : undefined; + resourceInputs["ignoreRecentlyPublishedVlnPeriod"] = args ? args.ignoreRecentlyPublishedVlnPeriod : undefined; + resourceInputs["ignoreRiskResourcesEnabled"] = args ? args.ignoreRiskResourcesEnabled : undefined; + resourceInputs["ignoredRiskResources"] = args ? args.ignoredRiskResources : undefined; + resourceInputs["ignoredSensitiveResources"] = args ? args.ignoredSensitiveResources : undefined; + resourceInputs["images"] = args ? args.images : undefined; + resourceInputs["kubeCisEnabled"] = args ? args.kubeCisEnabled : undefined; + resourceInputs["kubernetesControls"] = args ? args.kubernetesControls : undefined; + resourceInputs["kubernetesControlsAvdIds"] = args ? args.kubernetesControlsAvdIds : undefined; + resourceInputs["kubernetesControlsNames"] = args ? args.kubernetesControlsNames : undefined; + resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["lastupdate"] = args ? args.lastupdate : undefined; + resourceInputs["linuxCisEnabled"] = args ? args.linuxCisEnabled : undefined; + resourceInputs["malwareAction"] = args ? args.malwareAction : undefined; + resourceInputs["maximumScore"] = args ? args.maximumScore : undefined; + resourceInputs["maximumScoreEnabled"] = args ? args.maximumScoreEnabled : undefined; + resourceInputs["maximumScoreExcludeNoFix"] = args ? args.maximumScoreExcludeNoFix : undefined; + resourceInputs["monitoredMalwarePaths"] = args ? args.monitoredMalwarePaths : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["onlyNoneRootUsers"] = args ? args.onlyNoneRootUsers : undefined; + resourceInputs["openshiftHardeningEnabled"] = args ? args.openshiftHardeningEnabled : undefined; + resourceInputs["packagesBlackListEnabled"] = args ? args.packagesBlackListEnabled : undefined; + resourceInputs["packagesBlackLists"] = args ? args.packagesBlackLists : undefined; + resourceInputs["packagesWhiteListEnabled"] = args ? args.packagesWhiteListEnabled : undefined; + resourceInputs["packagesWhiteLists"] = args ? args.packagesWhiteLists : undefined; + resourceInputs["partialResultsImageFail"] = args ? args.partialResultsImageFail : undefined; + resourceInputs["permission"] = args ? args.permission : undefined; + resourceInputs["policySettings"] = args ? args.policySettings : undefined; + resourceInputs["readOnly"] = args ? args.readOnly : undefined; + resourceInputs["registries"] = args ? args.registries : undefined; + resourceInputs["registry"] = args ? args.registry : undefined; + resourceInputs["requiredLabels"] = args ? args.requiredLabels : undefined; + resourceInputs["requiredLabelsEnabled"] = args ? args.requiredLabelsEnabled : undefined; + resourceInputs["scanMalwareInArchives"] = args ? args.scanMalwareInArchives : undefined; + resourceInputs["scanNfsMounts"] = args ? args.scanNfsMounts : undefined; + resourceInputs["scanProcessMemory"] = args ? args.scanProcessMemory : undefined; + resourceInputs["scanSensitiveData"] = args ? args.scanSensitiveData : undefined; + resourceInputs["scanWindowsRegistry"] = args ? args.scanWindowsRegistry : undefined; + resourceInputs["scapEnabled"] = args ? args.scapEnabled : undefined; + resourceInputs["scapFiles"] = args ? args.scapFiles : undefined; + resourceInputs["scopes"] = args ? args.scopes : undefined; + resourceInputs["trustedBaseImages"] = args ? args.trustedBaseImages : undefined; + resourceInputs["trustedBaseImagesEnabled"] = args ? args.trustedBaseImagesEnabled : undefined; + resourceInputs["vulnerabilityExploitability"] = args ? args.vulnerabilityExploitability : undefined; + resourceInputs["vulnerabilityScoreRanges"] = args ? args.vulnerabilityScoreRanges : undefined; + resourceInputs["whitelistedLicenses"] = args ? args.whitelistedLicenses : undefined; + resourceInputs["whitelistedLicensesEnabled"] = args ? args.whitelistedLicensesEnabled : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(VmwareAssurancePolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering VmwareAssurancePolicy resources. + */ +export interface VmwareAssurancePolicyState { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * List of explicitly allowed images. + */ + allowedImages?: pulumi.Input[]>; + applicationScopes?: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; + /** + * Indicates if auditing for failures. + */ + auditOnFailure?: pulumi.Input; + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; + autoScanConfigured?: pulumi.Input; + autoScanEnabled?: pulumi.Input; + autoScanTimes?: pulumi.Input[]>; + /** + * List of function's forbidden permissions. + */ + blacklistPermissions?: pulumi.Input[]>; + /** + * Indicates if blacklist permissions is relevant. + */ + blacklistPermissionsEnabled?: pulumi.Input; + /** + * List of blacklisted licenses. + */ + blacklistedLicenses?: pulumi.Input[]>; + /** + * Indicates if license blacklist is relevant. + */ + blacklistedLicensesEnabled?: pulumi.Input; + /** + * Indicates if failed images are blocked. + */ + blockFailed?: pulumi.Input; + controlExcludeNoFix?: pulumi.Input; + /** + * List of Custom user scripts for checks. + */ + customChecks?: pulumi.Input[]>; + /** + * Indicates if scanning should include custom checks. + */ + customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; + customSeverityEnabled?: pulumi.Input; + /** + * Indicates if CVEs blacklist is relevant. + */ + cvesBlackListEnabled?: pulumi.Input; + /** + * List of cves blacklisted items. + */ + cvesBlackLists?: pulumi.Input[]>; + /** + * Indicates if cves whitelist is relevant. + */ + cvesWhiteListEnabled?: pulumi.Input; + /** + * List of cves whitelisted licenses + */ + cvesWhiteLists?: pulumi.Input[]>; + /** + * Identifier of the cvss severity. + */ + cvssSeverity?: pulumi.Input; + /** + * Indicates if the cvss severity is scanned. + */ + cvssSeverityEnabled?: pulumi.Input; + /** + * Indicates that policy should ignore cvss cases that do not have a known fix. + */ + cvssSeverityExcludeNoFix?: pulumi.Input; + description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; + /** + * Indicates if malware should block the image. + */ + disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ + dockerCisEnabled?: pulumi.Input; + /** + * Name of the container image. + */ + domain?: pulumi.Input; + domainName?: pulumi.Input; + dtaEnabled?: pulumi.Input; + dtaSeverity?: pulumi.Input; + enabled?: pulumi.Input; + enforce?: pulumi.Input; + enforceAfterDays?: pulumi.Input; + enforceExcessivePermissions?: pulumi.Input; + exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Indicates if cicd failures will fail the image. + */ + failCicd?: pulumi.Input; + forbiddenLabels?: pulumi.Input[]>; + forbiddenLabelsEnabled?: pulumi.Input; + forceMicroenforcer?: pulumi.Input; + functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; + ignoreRecentlyPublishedVln?: pulumi.Input; + ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; + /** + * Indicates if risk resources are ignored. + */ + ignoreRiskResourcesEnabled?: pulumi.Input; + /** + * List of ignored risk resources. + */ + ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; + /** + * List of images. + */ + images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ + kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; + /** + * List of labels. + */ + labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; + malwareAction?: pulumi.Input; + /** + * Value of allowed maximum score. + */ + maximumScore?: pulumi.Input; + /** + * Indicates if exceeding the maximum score is scanned. + */ + maximumScoreEnabled?: pulumi.Input; + maximumScoreExcludeNoFix?: pulumi.Input; + monitoredMalwarePaths?: pulumi.Input[]>; + name?: pulumi.Input; + /** + * Indicates if raise a warning for images that should only be run as root. + */ + onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; + /** + * Indicates if packages blacklist is relevant. + */ + packagesBlackListEnabled?: pulumi.Input; + /** + * List of blacklisted images. + */ + packagesBlackLists?: pulumi.Input[]>; + /** + * Indicates if packages whitelist is relevant. + */ + packagesWhiteListEnabled?: pulumi.Input; + /** + * List of whitelisted images. + */ + packagesWhiteLists?: pulumi.Input[]>; + partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; + readOnly?: pulumi.Input; + /** + * List of registries. + */ + registries?: pulumi.Input[]>; + registry?: pulumi.Input; + requiredLabels?: pulumi.Input[]>; + requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; + scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; + /** + * Indicates if scan should include sensitive data in the image. + */ + scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; + /** + * Indicates if scanning should include scap. + */ + scapEnabled?: pulumi.Input; + /** + * List of SCAP user scripts for checks. + */ + scapFiles?: pulumi.Input[]>; + scopes?: pulumi.Input[]>; + /** + * List of trusted images. + */ + trustedBaseImages?: pulumi.Input[]>; + /** + * Indicates if list of trusted base images is relevant. + */ + trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; + /** + * List of whitelisted licenses. + */ + whitelistedLicenses?: pulumi.Input[]>; + /** + * Indicates if license blacklist is relevant. + */ + whitelistedLicensesEnabled?: pulumi.Input; +} + +/** + * The set of arguments for constructing a VmwareAssurancePolicy resource. + */ +export interface VmwareAssurancePolicyArgs { + /** + * Aggregated vulnerability information. + */ + aggregatedVulnerability?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * List of explicitly allowed images. + */ + allowedImages?: pulumi.Input[]>; + applicationScopes: pulumi.Input[]>; + /** + * What type of assurance policy is described. + */ + assuranceType?: pulumi.Input; + /** + * Indicates if auditing for failures. + */ + auditOnFailure?: pulumi.Input; + /** + * Name of user account that created the policy. + */ + author?: pulumi.Input; + autoScanConfigured?: pulumi.Input; + autoScanEnabled?: pulumi.Input; + autoScanTimes?: pulumi.Input[]>; + /** + * List of function's forbidden permissions. + */ + blacklistPermissions?: pulumi.Input[]>; + /** + * Indicates if blacklist permissions is relevant. + */ + blacklistPermissionsEnabled?: pulumi.Input; + /** + * List of blacklisted licenses. + */ + blacklistedLicenses?: pulumi.Input[]>; + /** + * Indicates if license blacklist is relevant. + */ + blacklistedLicensesEnabled?: pulumi.Input; + /** + * Indicates if failed images are blocked. + */ + blockFailed?: pulumi.Input; + controlExcludeNoFix?: pulumi.Input; + /** + * List of Custom user scripts for checks. + */ + customChecks?: pulumi.Input[]>; + /** + * Indicates if scanning should include custom checks. + */ + customChecksEnabled?: pulumi.Input; + customSeverity?: pulumi.Input; + customSeverityEnabled?: pulumi.Input; + /** + * Indicates if CVEs blacklist is relevant. + */ + cvesBlackListEnabled?: pulumi.Input; + /** + * List of cves blacklisted items. + */ + cvesBlackLists?: pulumi.Input[]>; + /** + * Indicates if cves whitelist is relevant. + */ + cvesWhiteListEnabled?: pulumi.Input; + /** + * List of cves whitelisted licenses + */ + cvesWhiteLists?: pulumi.Input[]>; + /** + * Identifier of the cvss severity. + */ + cvssSeverity?: pulumi.Input; + /** + * Indicates if the cvss severity is scanned. + */ + cvssSeverityEnabled?: pulumi.Input; + /** + * Indicates that policy should ignore cvss cases that do not have a known fix. + */ + cvssSeverityExcludeNoFix?: pulumi.Input; + description?: pulumi.Input; + disallowExploitTypes?: pulumi.Input[]>; + /** + * Indicates if malware should block the image. + */ + disallowMalware?: pulumi.Input; + /** + * Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + */ + dockerCisEnabled?: pulumi.Input; + /** + * Name of the container image. + */ + domain?: pulumi.Input; + domainName?: pulumi.Input; + dtaEnabled?: pulumi.Input; + dtaSeverity?: pulumi.Input; + enabled?: pulumi.Input; + enforce?: pulumi.Input; + enforceAfterDays?: pulumi.Input; + enforceExcessivePermissions?: pulumi.Input; + exceptionalMonitoredMalwarePaths?: pulumi.Input[]>; + excludeApplicationScopes?: pulumi.Input[]>; + /** + * Indicates if cicd failures will fail the image. + */ + failCicd?: pulumi.Input; + forbiddenLabels?: pulumi.Input[]>; + forbiddenLabelsEnabled?: pulumi.Input; + forceMicroenforcer?: pulumi.Input; + functionIntegrityEnabled?: pulumi.Input; + ignoreBaseImageVln?: pulumi.Input; + ignoreRecentlyPublishedVln?: pulumi.Input; + ignoreRecentlyPublishedVlnPeriod?: pulumi.Input; + /** + * Indicates if risk resources are ignored. + */ + ignoreRiskResourcesEnabled?: pulumi.Input; + /** + * List of ignored risk resources. + */ + ignoredRiskResources?: pulumi.Input[]>; + ignoredSensitiveResources?: pulumi.Input[]>; + /** + * List of images. + */ + images?: pulumi.Input[]>; + /** + * Performs a Kubernetes CIS benchmark check for the host. + */ + kubeCisEnabled?: pulumi.Input; + /** + * List of Kubernetes controls. + */ + kubernetesControls?: pulumi.Input[]>; + kubernetesControlsAvdIds?: pulumi.Input[]>; + kubernetesControlsNames?: pulumi.Input[]>; + /** + * List of labels. + */ + labels?: pulumi.Input[]>; + lastupdate?: pulumi.Input; + linuxCisEnabled?: pulumi.Input; + malwareAction?: pulumi.Input; + /** + * Value of allowed maximum score. + */ + maximumScore?: pulumi.Input; + /** + * Indicates if exceeding the maximum score is scanned. + */ + maximumScoreEnabled?: pulumi.Input; + maximumScoreExcludeNoFix?: pulumi.Input; + monitoredMalwarePaths?: pulumi.Input[]>; + name?: pulumi.Input; + /** + * Indicates if raise a warning for images that should only be run as root. + */ + onlyNoneRootUsers?: pulumi.Input; + openshiftHardeningEnabled?: pulumi.Input; + /** + * Indicates if packages blacklist is relevant. + */ + packagesBlackListEnabled?: pulumi.Input; + /** + * List of blacklisted images. + */ + packagesBlackLists?: pulumi.Input[]>; + /** + * Indicates if packages whitelist is relevant. + */ + packagesWhiteListEnabled?: pulumi.Input; + /** + * List of whitelisted images. + */ + packagesWhiteLists?: pulumi.Input[]>; + partialResultsImageFail?: pulumi.Input; + permission?: pulumi.Input; + policySettings?: pulumi.Input; + readOnly?: pulumi.Input; + /** + * List of registries. + */ + registries?: pulumi.Input[]>; + registry?: pulumi.Input; + requiredLabels?: pulumi.Input[]>; + requiredLabelsEnabled?: pulumi.Input; + scanMalwareInArchives?: pulumi.Input; + scanNfsMounts?: pulumi.Input; + scanProcessMemory?: pulumi.Input; + /** + * Indicates if scan should include sensitive data in the image. + */ + scanSensitiveData?: pulumi.Input; + scanWindowsRegistry?: pulumi.Input; + /** + * Indicates if scanning should include scap. + */ + scapEnabled?: pulumi.Input; + /** + * List of SCAP user scripts for checks. + */ + scapFiles?: pulumi.Input[]>; + scopes?: pulumi.Input[]>; + /** + * List of trusted images. + */ + trustedBaseImages?: pulumi.Input[]>; + /** + * Indicates if list of trusted base images is relevant. + */ + trustedBaseImagesEnabled?: pulumi.Input; + vulnerabilityExploitability?: pulumi.Input; + vulnerabilityScoreRanges?: pulumi.Input[]>; + /** + * List of whitelisted licenses. + */ + whitelistedLicenses?: pulumi.Input[]>; + /** + * Indicates if license blacklist is relevant. + */ + whitelistedLicensesEnabled?: pulumi.Input; +} diff --git a/sdk/python/pulumiverse_aquasec/__init__.py b/sdk/python/pulumiverse_aquasec/__init__.py index c641cd11..f17c52b9 100644 --- a/sdk/python/pulumiverse_aquasec/__init__.py +++ b/sdk/python/pulumiverse_aquasec/__init__.py @@ -27,6 +27,7 @@ from .get_host_runtime_policy import * from .get_image import * from .get_image_assurance_policy import * +from .get_integration_registries import * from .get_integration_registry import * from .get_integration_state import * from .get_kubernetes_assurance_policy import * @@ -55,6 +56,7 @@ from .service import * from .user import * from .user_saas import * +from .vmware_assurance_policy import * from ._inputs import * from . import outputs @@ -259,6 +261,14 @@ "classes": { "aquasec:index/userSaas:UserSaas": "UserSaas" } + }, + { + "pkg": "aquasec", + "mod": "index/vmwareAssurancePolicy", + "fqn": "pulumiverse_aquasec", + "classes": { + "aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy": "VmwareAssurancePolicy" + } } ] """, diff --git a/sdk/python/pulumiverse_aquasec/_inputs.py b/sdk/python/pulumiverse_aquasec/_inputs.py index 9976dddb..6ccedbc5 100644 --- a/sdk/python/pulumiverse_aquasec/_inputs.py +++ b/sdk/python/pulumiverse_aquasec/_inputs.py @@ -33,9 +33,34 @@ 'ApplicationScopeCategoryWorkloadKuberneteVariableArgs', 'ApplicationScopeCategoryWorkloadOArgs', 'ApplicationScopeCategoryWorkloadOVariableArgs', + 'ContainerRuntimePolicyAllowedExecutableArgs', + 'ContainerRuntimePolicyAllowedRegistryArgs', + 'ContainerRuntimePolicyAuditingArgs', + 'ContainerRuntimePolicyBlacklistedOsUsersArgs', + 'ContainerRuntimePolicyBypassScopeArgs', + 'ContainerRuntimePolicyBypassScopeScopeArgs', + 'ContainerRuntimePolicyBypassScopeScopeVariableArgs', + 'ContainerRuntimePolicyContainerExecArgs', + 'ContainerRuntimePolicyDriftPreventionArgs', + 'ContainerRuntimePolicyExecutableBlacklistArgs', + 'ContainerRuntimePolicyFailedKubernetesChecksArgs', + 'ContainerRuntimePolicyFileBlockArgs', 'ContainerRuntimePolicyFileIntegrityMonitoringArgs', + 'ContainerRuntimePolicyLimitContainerPrivilegeArgs', + 'ContainerRuntimePolicyLinuxCapabilitiesArgs', 'ContainerRuntimePolicyMalwareScanOptionsArgs', + 'ContainerRuntimePolicyPackageBlockArgs', + 'ContainerRuntimePolicyPortBlockArgs', + 'ContainerRuntimePolicyReadonlyFilesArgs', + 'ContainerRuntimePolicyReadonlyRegistryArgs', + 'ContainerRuntimePolicyRegistryAccessMonitoringArgs', + 'ContainerRuntimePolicyRestrictedVolumeArgs', + 'ContainerRuntimePolicyReverseShellArgs', + 'ContainerRuntimePolicyScopeArgs', 'ContainerRuntimePolicyScopeVariableArgs', + 'ContainerRuntimePolicySystemIntegrityProtectionArgs', + 'ContainerRuntimePolicyTripwireArgs', + 'ContainerRuntimePolicyWhitelistedOsUsersArgs', 'EnforcerGroupsCommandArgs', 'EnforcerGroupsOrchestratorArgs', 'FirewallPolicyInboundNetworkArgs', @@ -43,33 +68,88 @@ 'FunctionAssurancePolicyAutoScanTimeArgs', 'FunctionAssurancePolicyCustomCheckArgs', 'FunctionAssurancePolicyForbiddenLabelArgs', + 'FunctionAssurancePolicyKubernetesControlArgs', 'FunctionAssurancePolicyPackagesBlackListArgs', 'FunctionAssurancePolicyPackagesWhiteListArgs', + 'FunctionAssurancePolicyPolicySettingsArgs', 'FunctionAssurancePolicyRequiredLabelArgs', 'FunctionAssurancePolicyScopeArgs', 'FunctionAssurancePolicyScopeVariableArgs', 'FunctionAssurancePolicyTrustedBaseImageArgs', + 'FunctionRuntimePolicyAllowedExecutableArgs', + 'FunctionRuntimePolicyAllowedRegistryArgs', + 'FunctionRuntimePolicyAuditingArgs', + 'FunctionRuntimePolicyBlacklistedOsUsersArgs', + 'FunctionRuntimePolicyBypassScopeArgs', + 'FunctionRuntimePolicyBypassScopeScopeArgs', + 'FunctionRuntimePolicyBypassScopeScopeVariableArgs', + 'FunctionRuntimePolicyContainerExecArgs', + 'FunctionRuntimePolicyDriftPreventionArgs', + 'FunctionRuntimePolicyExecutableBlacklistArgs', + 'FunctionRuntimePolicyFailedKubernetesChecksArgs', + 'FunctionRuntimePolicyFileBlockArgs', + 'FunctionRuntimePolicyFileIntegrityMonitoringArgs', + 'FunctionRuntimePolicyLimitContainerPrivilegeArgs', + 'FunctionRuntimePolicyLinuxCapabilitiesArgs', + 'FunctionRuntimePolicyMalwareScanOptionsArgs', + 'FunctionRuntimePolicyPackageBlockArgs', + 'FunctionRuntimePolicyPortBlockArgs', + 'FunctionRuntimePolicyReadonlyFilesArgs', + 'FunctionRuntimePolicyReadonlyRegistryArgs', + 'FunctionRuntimePolicyRegistryAccessMonitoringArgs', + 'FunctionRuntimePolicyRestrictedVolumeArgs', + 'FunctionRuntimePolicyReverseShellArgs', + 'FunctionRuntimePolicyScopeArgs', 'FunctionRuntimePolicyScopeVariableArgs', + 'FunctionRuntimePolicySystemIntegrityProtectionArgs', + 'FunctionRuntimePolicyTripwireArgs', + 'FunctionRuntimePolicyWhitelistedOsUsersArgs', 'HostAssurancePolicyAutoScanTimeArgs', 'HostAssurancePolicyCustomCheckArgs', 'HostAssurancePolicyForbiddenLabelArgs', 'HostAssurancePolicyPackagesBlackListArgs', 'HostAssurancePolicyPackagesWhiteListArgs', + 'HostAssurancePolicyPolicySettingsArgs', 'HostAssurancePolicyRequiredLabelArgs', 'HostAssurancePolicyScopeArgs', 'HostAssurancePolicyScopeVariableArgs', 'HostAssurancePolicyTrustedBaseImageArgs', + 'HostRuntimePolicyAllowedExecutableArgs', + 'HostRuntimePolicyAllowedRegistryArgs', + 'HostRuntimePolicyAuditingArgs', + 'HostRuntimePolicyBlacklistedOsUsersArgs', + 'HostRuntimePolicyBypassScopeArgs', + 'HostRuntimePolicyBypassScopeScopeArgs', + 'HostRuntimePolicyBypassScopeScopeVariableArgs', + 'HostRuntimePolicyContainerExecArgs', + 'HostRuntimePolicyDriftPreventionArgs', + 'HostRuntimePolicyExecutableBlacklistArgs', + 'HostRuntimePolicyFailedKubernetesChecksArgs', + 'HostRuntimePolicyFileBlockArgs', 'HostRuntimePolicyFileIntegrityMonitoringArgs', + 'HostRuntimePolicyLimitContainerPrivilegeArgs', + 'HostRuntimePolicyLinuxCapabilitiesArgs', 'HostRuntimePolicyMalwareScanOptionsArgs', + 'HostRuntimePolicyPackageBlockArgs', + 'HostRuntimePolicyPortBlockArgs', + 'HostRuntimePolicyReadonlyFilesArgs', + 'HostRuntimePolicyReadonlyRegistryArgs', + 'HostRuntimePolicyRegistryAccessMonitoringArgs', + 'HostRuntimePolicyRestrictedVolumeArgs', + 'HostRuntimePolicyReverseShellArgs', + 'HostRuntimePolicyScopeArgs', 'HostRuntimePolicyScopeVariableArgs', - 'HostRuntimePolicyWindowsRegistryMonitoringArgs', - 'HostRuntimePolicyWindowsRegistryProtectionArgs', + 'HostRuntimePolicySystemIntegrityProtectionArgs', + 'HostRuntimePolicyTripwireArgs', + 'HostRuntimePolicyWhitelistedOsUsersArgs', 'ImageAssuranceChecksPerformedArgs', 'ImageAssurancePolicyAutoScanTimeArgs', 'ImageAssurancePolicyCustomCheckArgs', 'ImageAssurancePolicyForbiddenLabelArgs', + 'ImageAssurancePolicyKubernetesControlsArgs', 'ImageAssurancePolicyPackagesBlackListArgs', 'ImageAssurancePolicyPackagesWhiteListArgs', + 'ImageAssurancePolicyPolicySettingsArgs', 'ImageAssurancePolicyRequiredLabelArgs', 'ImageAssurancePolicyScopeArgs', 'ImageAssurancePolicyScopeVariableArgs', @@ -81,8 +161,10 @@ 'KubernetesAssurancePolicyAutoScanTimeArgs', 'KubernetesAssurancePolicyCustomCheckArgs', 'KubernetesAssurancePolicyForbiddenLabelArgs', + 'KubernetesAssurancePolicyKubernetesControlArgs', 'KubernetesAssurancePolicyPackagesBlackListArgs', 'KubernetesAssurancePolicyPackagesWhiteListArgs', + 'KubernetesAssurancePolicyPolicySettingsArgs', 'KubernetesAssurancePolicyRequiredLabelArgs', 'KubernetesAssurancePolicyScopeArgs', 'KubernetesAssurancePolicyScopeVariableArgs', @@ -94,6 +176,17 @@ 'ServiceScopeVariableArgs', 'UserSaasGroupArgs', 'UserSaasLoginArgs', + 'VmwareAssurancePolicyAutoScanTimeArgs', + 'VmwareAssurancePolicyCustomCheckArgs', + 'VmwareAssurancePolicyForbiddenLabelArgs', + 'VmwareAssurancePolicyKubernetesControlArgs', + 'VmwareAssurancePolicyPackagesBlackListArgs', + 'VmwareAssurancePolicyPackagesWhiteListArgs', + 'VmwareAssurancePolicyPolicySettingsArgs', + 'VmwareAssurancePolicyRequiredLabelArgs', + 'VmwareAssurancePolicyScopeArgs', + 'VmwareAssurancePolicyScopeVariableArgs', + 'VmwareAssurancePolicyTrustedBaseImageArgs', 'GetApplicationScopeCategoryArgs', 'GetApplicationScopeCategoryArtifactArgs', 'GetApplicationScopeCategoryArtifactCfArgs', @@ -116,8 +209,26 @@ 'GetApplicationScopeCategoryWorkloadKuberneteVariableArgs', 'GetApplicationScopeCategoryWorkloadOArgs', 'GetApplicationScopeCategoryWorkloadOVariableArgs', + 'GetContainerRuntimePolicyAllowedExecutableArgs', + 'GetContainerRuntimePolicyAllowedRegistryArgs', + 'GetContainerRuntimePolicyAuditingArgs', + 'GetContainerRuntimePolicyContainerExecArgs', + 'GetContainerRuntimePolicyFileBlockArgs', + 'GetContainerRuntimePolicyFileIntegrityMonitoringArgs', + 'GetContainerRuntimePolicyLimitContainerPrivilegeArgs', 'GetContainerRuntimePolicyMalwareScanOptionArgs', + 'GetContainerRuntimePolicyPortBlockArgs', + 'GetContainerRuntimePolicyReadonlyFilesArgs', + 'GetContainerRuntimePolicyRestrictedVolumeArgs', 'GetFirewallPolicyOutboundNetworkArgs', + 'GetFunctionRuntimePolicyDriftPreventionArgs', + 'GetFunctionRuntimePolicyExecutableBlacklistArgs', + 'GetHostRuntimePolicyAuditingArgs', + 'GetHostRuntimePolicyFileIntegrityMonitoringArgs', + 'GetHostRuntimePolicyMalwareScanOptionArgs', + 'GetHostRuntimePolicyPackageBlockArgs', + 'GetIntegrationRegistriesOptionArgs', + 'GetIntegrationRegistriesWebhookArgs', 'GetIntegrationRegistryOptionArgs', 'GetIntegrationRegistryWebhookArgs', ] @@ -531,6 +642,10 @@ def __init__(__self__, *, cfs: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactCfArgs']]]] = None, functions: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactFunctionArgs']]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactImageArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactFunctionArgs']]] functions: Function name + :param pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactImageArgs']]] images: Name of a registry as defined in Aqua + """ if cfs is not None: pulumi.set(__self__, "cfs", cfs) if functions is not None: @@ -550,6 +665,9 @@ def cfs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationSco @property @pulumi.getter def functions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactFunctionArgs']]]]: + """ + Function name + """ return pulumi.get(self, "functions") @functions.setter @@ -559,6 +677,9 @@ def functions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['Applicat @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApplicationScopeCategoryArtifactImageArgs']]]]: + """ + Name of a registry as defined in Aqua + """ return pulumi.get(self, "images") @images.setter @@ -1159,227 +1280,276 @@ def value(self, value: Optional[pulumi.Input[str]]): @pulumi.input_type -class ContainerRuntimePolicyFileIntegrityMonitoringArgs: +class ContainerRuntimePolicyAllowedExecutableArgs: def __init__(__self__, *, - excluded_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitor_attributes: Optional[pulumi.Input[bool]] = None, - monitor_create: Optional[pulumi.Input[bool]] = None, - monitor_delete: Optional[pulumi.Input[bool]] = None, - monitor_modify: Optional[pulumi.Input[bool]] = None, - monitor_read: Optional[pulumi.Input[bool]] = None, - monitored_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitored_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitored_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + allow_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allow_root_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + separate_executables: Optional[pulumi.Input[bool]] = None): """ - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_paths: List of paths to be excluded from being monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_processes: List of processes to be excluded from being monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_users: List of users to be excluded from being monitored. - :param pulumi.Input[bool] monitor_attributes: If true, add attributes operations will be monitored. - :param pulumi.Input[bool] monitor_create: If true, create operations will be monitored. - :param pulumi.Input[bool] monitor_delete: If true, deletion operations will be monitored. - :param pulumi.Input[bool] monitor_modify: If true, modification operations will be monitored. - :param pulumi.Input[bool] monitor_read: If true, read operations will be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_paths: List of paths to be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_processes: List of processes to be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_users: List of users to be monitored. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allow_executables: List of allowed executables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allow_root_executables: List of allowed root executables. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. + :param pulumi.Input[bool] separate_executables: Whether to treat executables separately. """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if monitor_attributes is not None: - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - if monitor_create is not None: - pulumi.set(__self__, "monitor_create", monitor_create) - if monitor_delete is not None: - pulumi.set(__self__, "monitor_delete", monitor_delete) - if monitor_modify is not None: - pulumi.set(__self__, "monitor_modify", monitor_modify) - if monitor_read is not None: - pulumi.set(__self__, "monitor_read", monitor_read) - if monitored_paths is not None: - pulumi.set(__self__, "monitored_paths", monitored_paths) - if monitored_processes is not None: - pulumi.set(__self__, "monitored_processes", monitored_processes) - if monitored_users is not None: - pulumi.set(__self__, "monitored_users", monitored_users) + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of paths to be excluded from being monitored. + List of allowed executables. """ - return pulumi.get(self, "excluded_paths") + return pulumi.get(self, "allow_executables") - @excluded_paths.setter - def excluded_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_paths", value) + @allow_executables.setter + def allow_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allow_executables", value) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of processes to be excluded from being monitored. + List of allowed root executables. """ - return pulumi.get(self, "excluded_processes") + return pulumi.get(self, "allow_root_executables") - @excluded_processes.setter - def excluded_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_processes", value) + @allow_root_executables.setter + def allow_root_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allow_root_executables", value) @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - List of users to be excluded from being monitored. + Whether allowed executables configuration is enabled. """ - return pulumi.get(self, "excluded_users") + return pulumi.get(self, "enabled") - @excluded_users.setter - def excluded_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_users", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[pulumi.Input[bool]]: """ - If true, add attributes operations will be monitored. + Whether to treat executables separately. """ - return pulumi.get(self, "monitor_attributes") + return pulumi.get(self, "separate_executables") - @monitor_attributes.setter - def monitor_attributes(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_attributes", value) + @separate_executables.setter + def separate_executables(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "separate_executables", value) - @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> Optional[pulumi.Input[bool]]: + +@pulumi.input_type +class ContainerRuntimePolicyAllowedRegistryArgs: + def __init__(__self__, *, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None): """ - If true, create operations will be monitored. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of allowed registries. + :param pulumi.Input[bool] enabled: Whether allowed registries are enabled. """ - return pulumi.get(self, "monitor_create") - - @monitor_create.setter - def monitor_create(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_create", value) + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - If true, deletion operations will be monitored. + List of allowed registries. """ - return pulumi.get(self, "monitor_delete") + return pulumi.get(self, "allowed_registries") - @monitor_delete.setter - def monitor_delete(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_delete", value) + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowed_registries", value) @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - If true, modification operations will be monitored. + Whether allowed registries are enabled. """ - return pulumi.get(self, "monitor_modify") + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class ContainerRuntimePolicyAuditingArgs: + def __init__(__self__, *, + audit_all_network: Optional[pulumi.Input[bool]] = None, + audit_all_processes: Optional[pulumi.Input[bool]] = None, + audit_failed_login: Optional[pulumi.Input[bool]] = None, + audit_os_user_activity: Optional[pulumi.Input[bool]] = None, + audit_process_cmdline: Optional[pulumi.Input[bool]] = None, + audit_success_login: Optional[pulumi.Input[bool]] = None, + audit_user_account_management: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) - @monitor_modify.setter - def monitor_modify(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_modify", value) + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_all_network") + + @audit_all_network.setter + def audit_all_network(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_all_network", value) @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> Optional[pulumi.Input[bool]]: - """ - If true, read operations will be monitored. - """ - return pulumi.get(self, "monitor_read") + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_all_processes") - @monitor_read.setter - def monitor_read(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_read", value) + @audit_all_processes.setter + def audit_all_processes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_all_processes", value) @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of paths to be monitored. - """ - return pulumi.get(self, "monitored_paths") + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_failed_login") - @monitored_paths.setter - def monitored_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_paths", value) + @audit_failed_login.setter + def audit_failed_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_failed_login", value) @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of processes to be monitored. - """ - return pulumi.get(self, "monitored_processes") + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_os_user_activity") - @monitored_processes.setter - def monitored_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_processes", value) + @audit_os_user_activity.setter + def audit_os_user_activity(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_os_user_activity", value) @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of users to be monitored. - """ - return pulumi.get(self, "monitored_users") + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_process_cmdline") + + @audit_process_cmdline.setter + def audit_process_cmdline(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_process_cmdline", value) - @monitored_users.setter - def monitored_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_users", value) + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_success_login") + + @audit_success_login.setter + def audit_success_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_success_login", value) + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_user_account_management") + + @audit_user_account_management.setter + def audit_user_account_management(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_user_account_management", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @pulumi.input_type -class ContainerRuntimePolicyMalwareScanOptionsArgs: +class ContainerRuntimePolicyBlacklistedOsUsersArgs: def __init__(__self__, *, - action: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, - exclude_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exclude_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - """ - :param pulumi.Input[str] action: Set Action, Defaults to 'Alert' when empty - :param pulumi.Input[bool] enabled: Defines if enabled or not - :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_directories: List of registry paths to be excluded from being protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_processes: List of registry processes to be excluded from being protected. - """ - if action is not None: - pulumi.set(__self__, "action", action) + group_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + user_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): if enabled is not None: pulumi.set(__self__, "enabled", enabled) - if exclude_directories is not None: - pulumi.set(__self__, "exclude_directories", exclude_directories) - if exclude_processes is not None: - pulumi.set(__self__, "exclude_processes", exclude_processes) + if group_black_lists is not None: + pulumi.set(__self__, "group_black_lists", group_black_lists) + if user_black_lists is not None: + pulumi.set(__self__, "user_black_lists", user_black_lists) @property @pulumi.getter - def action(self) -> Optional[pulumi.Input[str]]: + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="groupBlackLists") + def group_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "group_black_lists") + + @group_black_lists.setter + def group_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "group_black_lists", value) + + @property + @pulumi.getter(name="userBlackLists") + def user_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "user_black_lists") + + @user_black_lists.setter + def user_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "user_black_lists", value) + + +@pulumi.input_type +class ContainerRuntimePolicyBypassScopeArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeArgs']]]] = None): """ - Set Action, Defaults to 'Alert' when empty + :param pulumi.Input[bool] enabled: Whether bypassing the scope is enabled. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeArgs']]] scopes: Scope configuration. """ - return pulumi.get(self, "action") - - @action.setter - def action(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "action", value) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Defines if enabled or not + Whether bypassing the scope is enabled. """ return pulumi.get(self, "enabled") @@ -1388,2433 +1558,2354 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="excludeDirectories") - def exclude_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeArgs']]]]: """ - List of registry paths to be excluded from being protected. + Scope configuration. """ - return pulumi.get(self, "exclude_directories") + return pulumi.get(self, "scopes") - @exclude_directories.setter - def exclude_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exclude_directories", value) + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + +@pulumi.input_type +class ContainerRuntimePolicyBypassScopeScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeVariableArgs']]]] = None): + """ + :param pulumi.Input[str] expression: Scope expression. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeVariableArgs']]] variables: List of variables in the scope. + """ + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property - @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: """ - List of registry processes to be excluded from being protected. + Scope expression. """ - return pulumi.get(self, "exclude_processes") + return pulumi.get(self, "expression") - @exclude_processes.setter - def exclude_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exclude_processes", value) + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeVariableArgs']]]]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) @pulumi.input_type -class ContainerRuntimePolicyScopeVariableArgs: +class ContainerRuntimePolicyBypassScopeScopeVariableArgs: def __init__(__self__, *, - attribute: pulumi.Input[str], - value: pulumi.Input[str], - name: Optional[pulumi.Input[str]] = None): + attribute: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[str] attribute: Class of supported scope. - :param pulumi.Input[str] value: Value assigned to the attribute. - :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[str] attribute: Variable attribute. + :param pulumi.Input[str] value: Variable value. """ - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) - if name is not None: - pulumi.set(__self__, "name", name) + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def attribute(self) -> pulumi.Input[str]: + def attribute(self) -> Optional[pulumi.Input[str]]: """ - Class of supported scope. + Variable attribute. """ return pulumi.get(self, "attribute") @attribute.setter - def attribute(self, value: pulumi.Input[str]): + def attribute(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "attribute", value) @property @pulumi.getter - def value(self) -> pulumi.Input[str]: + def value(self) -> Optional[pulumi.Input[str]]: """ - Value assigned to the attribute. + Variable value. """ return pulumi.get(self, "value") @value.setter - def value(self, value: pulumi.Input[str]): + def value(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "value", value) - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - """ - Name assigned to the attribute. - """ - return pulumi.get(self, "name") - - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) - @pulumi.input_type -class EnforcerGroupsCommandArgs: +class ContainerRuntimePolicyContainerExecArgs: def __init__(__self__, *, - default: Optional[pulumi.Input[str]] = None, - kubernetes: Optional[pulumi.Input[str]] = None, - swarm: Optional[pulumi.Input[str]] = None, - windows: Optional[pulumi.Input[str]] = None): - if default is not None: - pulumi.set(__self__, "default", default) - if kubernetes is not None: - pulumi.set(__self__, "kubernetes", kubernetes) - if swarm is not None: - pulumi.set(__self__, "swarm", swarm) - if windows is not None: - pulumi.set(__self__, "windows", windows) + block_container_exec: Optional[pulumi.Input[bool]] = None, + container_exec_proc_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + reverse_shell_ip_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) @property - @pulumi.getter - def default(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "default") + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") - @default.setter - def default(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "default", value) + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) @property - @pulumi.getter - def kubernetes(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "kubernetes") + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "container_exec_proc_white_lists") - @kubernetes.setter - def kubernetes(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "kubernetes", value) + @container_exec_proc_white_lists.setter + def container_exec_proc_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "container_exec_proc_white_lists", value) @property @pulumi.getter - def swarm(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "swarm") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @swarm.setter - def swarm(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "swarm", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def windows(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "windows") + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") - @windows.setter - def windows(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "windows", value) + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) @pulumi.input_type -class EnforcerGroupsOrchestratorArgs: +class ContainerRuntimePolicyDriftPreventionArgs: def __init__(__self__, *, - master: Optional[pulumi.Input[bool]] = None, - namespace: Optional[pulumi.Input[str]] = None, - service_account: Optional[pulumi.Input[str]] = None, - type: Optional[pulumi.Input[str]] = None): + enabled: Optional[pulumi.Input[bool]] = None, + exec_lockdown: Optional[pulumi.Input[bool]] = None, + exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + image_lockdown: Optional[pulumi.Input[bool]] = None): """ - :param pulumi.Input[str] namespace: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - :param pulumi.Input[str] service_account: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - :param pulumi.Input[str] type: Enforcer Type. + :param pulumi.Input[bool] enabled: Whether drift prevention is enabled. + :param pulumi.Input[bool] exec_lockdown: Whether to lockdown execution drift. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param pulumi.Input[bool] image_lockdown: Whether to lockdown image drift. """ - if master is not None: - pulumi.set(__self__, "master", master) - if namespace is not None: - pulumi.set(__self__, "namespace", namespace) - if service_account is not None: - pulumi.set(__self__, "service_account", service_account) - if type is not None: - pulumi.set(__self__, "type", type) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) @property @pulumi.getter - def master(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "master") - - @master.setter - def master(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "master", value) + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def namespace(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[pulumi.Input[bool]]: """ - May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + Whether to lockdown execution drift. """ - return pulumi.get(self, "namespace") + return pulumi.get(self, "exec_lockdown") - @namespace.setter - def namespace(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "namespace", value) + @exec_lockdown.setter + def exec_lockdown(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "exec_lockdown", value) @property - @pulumi.getter(name="serviceAccount") - def service_account(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + List of items in the execution lockdown white list. """ - return pulumi.get(self, "service_account") + return pulumi.get(self, "exec_lockdown_white_lists") - @service_account.setter - def service_account(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "service_account", value) + @exec_lockdown_white_lists.setter + def exec_lockdown_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exec_lockdown_white_lists", value) @property - @pulumi.getter - def type(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[pulumi.Input[bool]]: """ - Enforcer Type. + Whether to lockdown image drift. """ - return pulumi.get(self, "type") + return pulumi.get(self, "image_lockdown") - @type.setter - def type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "type", value) + @image_lockdown.setter + def image_lockdown(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "image_lockdown", value) @pulumi.input_type -class FirewallPolicyInboundNetworkArgs: +class ContainerRuntimePolicyExecutableBlacklistArgs: def __init__(__self__, *, - allow: pulumi.Input[bool], - port_range: pulumi.Input[str], - resource_type: pulumi.Input[str], - resource: Optional[pulumi.Input[str]] = None): + enabled: Optional[pulumi.Input[bool]] = None, + executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ - :param pulumi.Input[bool] allow: Indicates whether the specified resources are allowed to pass in data or requests. - :param pulumi.Input[str] port_range: Range of ports affected by firewall. - :param pulumi.Input[str] resource_type: Type of the resource - :param pulumi.Input[str] resource: Information of the resource. + :param pulumi.Input[bool] enabled: Whether the executable blacklist is enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] executables: List of blacklisted executables. """ - pulumi.set(__self__, "allow", allow) - pulumi.set(__self__, "port_range", port_range) - pulumi.set(__self__, "resource_type", resource_type) - if resource is not None: - pulumi.set(__self__, "resource", resource) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) @property @pulumi.getter - def allow(self) -> pulumi.Input[bool]: + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether the specified resources are allowed to pass in data or requests. + Whether the executable blacklist is enabled. """ - return pulumi.get(self, "allow") + return pulumi.get(self, "enabled") - @allow.setter - def allow(self, value: pulumi.Input[bool]): - pulumi.set(self, "allow", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="portRange") - def port_range(self) -> pulumi.Input[str]: + @pulumi.getter + def executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Range of ports affected by firewall. + List of blacklisted executables. """ - return pulumi.get(self, "port_range") + return pulumi.get(self, "executables") - @port_range.setter - def port_range(self, value: pulumi.Input[str]): - pulumi.set(self, "port_range", value) + @executables.setter + def executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "executables", value) + + +@pulumi.input_type +class ContainerRuntimePolicyFailedKubernetesChecksArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + failed_checks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if failed_checks is not None: + pulumi.set(__self__, "failed_checks", failed_checks) @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> pulumi.Input[str]: - """ - Type of the resource - """ - return pulumi.get(self, "resource_type") + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @resource_type.setter - def resource_type(self, value: pulumi.Input[str]): - pulumi.set(self, "resource_type", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="failedChecks") + def failed_checks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "failed_checks") + + @failed_checks.setter + def failed_checks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "failed_checks", value) + + +@pulumi.input_type +class ContainerRuntimePolicyFileBlockArgs: + def __init__(__self__, *, + block_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_block_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + filename_block_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_files_processes") + + @block_files_processes.setter + def block_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_files_processes", value) + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_files_users") + + @block_files_users.setter + def block_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_files_users", value) @property @pulumi.getter - def resource(self) -> Optional[pulumi.Input[str]]: - """ - Information of the resource. - """ - return pulumi.get(self, "resource") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @resource.setter - def resource(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files") + + @exceptional_block_files.setter + def exceptional_block_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @exceptional_block_files_processes.setter + def exceptional_block_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files_users") + + @exceptional_block_files_users.setter + def exceptional_block_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files_users", value) + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "filename_block_lists") + + @filename_block_lists.setter + def filename_block_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "filename_block_lists", value) @pulumi.input_type -class FirewallPolicyOutboundNetworkArgs: +class ContainerRuntimePolicyFileIntegrityMonitoringArgs: def __init__(__self__, *, - allow: pulumi.Input[bool], - port_range: pulumi.Input[str], - resource_type: pulumi.Input[str], - resource: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[bool] allow: Indicates whether the specified resources are allowed to receive data or requests. - :param pulumi.Input[str] port_range: Range of ports affected by firewall. - :param pulumi.Input[str] resource_type: Type of the resource. - :param pulumi.Input[str] resource: Information of the resource. + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files_attributes: Optional[pulumi.Input[bool]] = None, + monitored_files_create: Optional[pulumi.Input[bool]] = None, + monitored_files_delete: Optional[pulumi.Input[bool]] = None, + monitored_files_modify: Optional[pulumi.Input[bool]] = None, + monitored_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files_read: Optional[pulumi.Input[bool]] = None, + monitored_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: If true, file integrity monitoring is enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files: List of paths to be monitored. + :param pulumi.Input[bool] monitored_files_attributes: Whether to monitor file attribute operations. + :param pulumi.Input[bool] monitored_files_create: Whether to monitor file create operations. + :param pulumi.Input[bool] monitored_files_delete: Whether to monitor file delete operations. + :param pulumi.Input[bool] monitored_files_modify: Whether to monitor file modify operations. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files_processes: List of processes associated with monitored files. + :param pulumi.Input[bool] monitored_files_read: Whether to monitor file read operations. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files_users: List of users associated with monitored files. """ - pulumi.set(__self__, "allow", allow) - pulumi.set(__self__, "port_range", port_range) - pulumi.set(__self__, "resource_type", resource_type) - if resource is not None: - pulumi.set(__self__, "resource", resource) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) @property @pulumi.getter - def allow(self) -> pulumi.Input[bool]: + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates whether the specified resources are allowed to receive data or requests. + If true, file integrity monitoring is enabled. """ - return pulumi.get(self, "allow") + return pulumi.get(self, "enabled") - @allow.setter - def allow(self, value: pulumi.Input[bool]): - pulumi.set(self, "allow", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="portRange") - def port_range(self) -> pulumi.Input[str]: + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Range of ports affected by firewall. + List of paths to be excluded from monitoring. """ - return pulumi.get(self, "port_range") + return pulumi.get(self, "exceptional_monitored_files") - @port_range.setter - def port_range(self, value: pulumi.Input[str]): - pulumi.set(self, "port_range", value) + @exceptional_monitored_files.setter + def exceptional_monitored_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files", value) @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> pulumi.Input[str]: + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Type of the resource. + List of processes to be excluded from monitoring. """ - return pulumi.get(self, "resource_type") + return pulumi.get(self, "exceptional_monitored_files_processes") - @resource_type.setter - def resource_type(self, value: pulumi.Input[str]): - pulumi.set(self, "resource_type", value) + @exceptional_monitored_files_processes.setter + def exceptional_monitored_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files_processes", value) @property - @pulumi.getter - def resource(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Information of the resource. + List of users to be excluded from monitoring. """ - return pulumi.get(self, "resource") + return pulumi.get(self, "exceptional_monitored_files_users") - @resource.setter - def resource(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource", value) + @exceptional_monitored_files_users.setter + def exceptional_monitored_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files_users", value) + @property + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") -@pulumi.input_type -class FunctionAssurancePolicyAutoScanTimeArgs: - def __init__(__self__, *, - iteration: Optional[pulumi.Input[int]] = None, - iteration_type: Optional[pulumi.Input[str]] = None, - time: Optional[pulumi.Input[str]] = None, - week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + @monitored_files.setter + def monitored_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files", value) @property - @pulumi.getter - def iteration(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "iteration") + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") - @iteration.setter - def iteration(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "iteration", value) + @monitored_files_attributes.setter + def monitored_files_attributes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_attributes", value) @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "iteration_type") + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") - @iteration_type.setter - def iteration_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "iteration_type", value) + @monitored_files_create.setter + def monitored_files_create(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_create", value) @property - @pulumi.getter - def time(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "time") + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") - @time.setter - def time(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "time", value) + @monitored_files_delete.setter + def monitored_files_delete(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_delete", value) @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "week_days") + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") - @week_days.setter - def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "week_days", value) + @monitored_files_modify.setter + def monitored_files_modify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_modify", value) + + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") + + @monitored_files_processes.setter + def monitored_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files_processes", value) + + @property + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") + + @monitored_files_read.setter + def monitored_files_read(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_read", value) + + @property + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") + + @monitored_files_users.setter + def monitored_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files_users", value) @pulumi.input_type -class FunctionAssurancePolicyCustomCheckArgs: +class ContainerRuntimePolicyLimitContainerPrivilegeArgs: def __init__(__self__, *, - author: Optional[pulumi.Input[str]] = None, - description: Optional[pulumi.Input[str]] = None, - engine: Optional[pulumi.Input[str]] = None, - last_modified: Optional[pulumi.Input[int]] = None, - name: Optional[pulumi.Input[str]] = None, - path: Optional[pulumi.Input[str]] = None, - read_only: Optional[pulumi.Input[bool]] = None, - script_id: Optional[pulumi.Input[str]] = None, - severity: Optional[pulumi.Input[str]] = None, - snippet: Optional[pulumi.Input[str]] = None): + block_add_capabilities: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + ipcmode: Optional[pulumi.Input[bool]] = None, + netmode: Optional[pulumi.Input[bool]] = None, + pidmode: Optional[pulumi.Input[bool]] = None, + prevent_low_port_binding: Optional[pulumi.Input[bool]] = None, + prevent_root_user: Optional[pulumi.Input[bool]] = None, + privileged: Optional[pulumi.Input[bool]] = None, + use_host_user: Optional[pulumi.Input[bool]] = None, + usermode: Optional[pulumi.Input[bool]] = None, + utsmode: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[bool] block_add_capabilities: Whether to block adding capabilities. + :param pulumi.Input[bool] enabled: Whether container privilege limitations are enabled. + :param pulumi.Input[bool] ipcmode: Whether to limit IPC-related capabilities. + :param pulumi.Input[bool] netmode: Whether to limit network-related capabilities. + :param pulumi.Input[bool] pidmode: Whether to limit process-related capabilities. + :param pulumi.Input[bool] prevent_low_port_binding: Whether to prevent low port binding. + :param pulumi.Input[bool] prevent_root_user: Whether to prevent the use of the root user. + :param pulumi.Input[bool] privileged: Whether the container is run in privileged mode. + :param pulumi.Input[bool] use_host_user: Whether to use the host user. + :param pulumi.Input[bool] usermode: Whether to limit user-related capabilities. + :param pulumi.Input[bool] utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) + + @property + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[pulumi.Input[bool]]: """ - :param pulumi.Input[str] author: Name of user account that created the policy. + Whether to block adding capabilities. """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) + return pulumi.get(self, "block_add_capabilities") + + @block_add_capabilities.setter + def block_add_capabilities(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_add_capabilities", value) @property @pulumi.getter - def author(self) -> Optional[pulumi.Input[str]]: + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Name of user account that created the policy. + Whether container privilege limitations are enabled. """ - return pulumi.get(self, "author") + return pulumi.get(self, "enabled") - @author.setter - def author(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "author", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property @pulumi.getter - def description(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "description") + def ipcmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") - @description.setter - def description(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "description", value) + @ipcmode.setter + def ipcmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ipcmode", value) @property @pulumi.getter - def engine(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "engine") + def netmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") - @engine.setter - def engine(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "engine", value) + @netmode.setter + def netmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "netmode", value) @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "last_modified") + @pulumi.getter + def pidmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") - @last_modified.setter - def last_modified(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "last_modified", value) + @pidmode.setter + def pidmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "pidmode", value) @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @prevent_low_port_binding.setter + def prevent_low_port_binding(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "prevent_low_port_binding", value) @property - @pulumi.getter - def path(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "path") + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") - @path.setter - def path(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "path", value) + @prevent_root_user.setter + def prevent_root_user(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "prevent_root_user", value) @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "read_only") + @pulumi.getter + def privileged(self) -> Optional[pulumi.Input[bool]]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") - @read_only.setter - def read_only(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "read_only", value) + @privileged.setter + def privileged(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "privileged", value) @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "script_id") + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") - @script_id.setter - def script_id(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "script_id", value) + @use_host_user.setter + def use_host_user(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "use_host_user", value) @property @pulumi.getter - def severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "severity") + def usermode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") - @severity.setter - def severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "severity", value) + @usermode.setter + def usermode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "usermode", value) @property @pulumi.getter - def snippet(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "snippet") + def utsmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") - @snippet.setter - def snippet(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "snippet", value) + @utsmode.setter + def utsmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "utsmode", value) @pulumi.input_type -class FunctionAssurancePolicyForbiddenLabelArgs: +class ContainerRuntimePolicyLinuxCapabilitiesArgs: def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + enabled: Optional[pulumi.Input[bool]] = None, + remove_linux_capabilities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if remove_linux_capabilities is not None: + pulumi.set(__self__, "remove_linux_capabilities", remove_linux_capabilities) @property @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") + @pulumi.getter(name="removeLinuxCapabilities") + def remove_linux_capabilities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "remove_linux_capabilities") - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) + @remove_linux_capabilities.setter + def remove_linux_capabilities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "remove_linux_capabilities", value) @pulumi.input_type -class FunctionAssurancePolicyPackagesBlackListArgs: +class ContainerRuntimePolicyMalwareScanOptionsArgs: def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + action: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exclude_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + include_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[str] action: Set Action, Defaults to 'Alert' when empty + :param pulumi.Input[bool] enabled: Defines if enabled or not + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_directories: List of registry paths to be excluded from being protected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_processes: List of registry processes to be excluded from being protected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) @property @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") + def action(self) -> Optional[pulumi.Input[str]]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + @action.setter + def action(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "action", value) @property @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) + @exclude_directories.setter + def exclude_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_directories", value) @property - @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @exclude_processes.setter + def exclude_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_processes", value) @property - @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) + @include_directories.setter + def include_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "include_directories", value) + + +@pulumi.input_type +class ContainerRuntimePolicyPackageBlockArgs: + def __init__(__self__, *, + block_packages_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_packages_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_block_packages_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_packages_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_packages_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_packages_processes") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @block_packages_processes.setter + def block_packages_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_packages_processes", value) @property - @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_packages_users") - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) + @block_packages_users.setter + def block_packages_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_packages_users", value) @property @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_files") - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) + @exceptional_block_packages_files.setter + def exceptional_block_packages_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_files", value) + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_processes") -@pulumi.input_type -class FunctionAssurancePolicyPackagesWhiteListArgs: - def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + @exceptional_block_packages_processes.setter + def exceptional_block_packages_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_processes", value) @property - @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_users") - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + @exceptional_block_packages_users.setter + def exceptional_block_packages_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_users", value) @property - @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "packages_black_lists") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @packages_black_lists.setter + def packages_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "packages_black_lists", value) + + +@pulumi.input_type +class ContainerRuntimePolicyPortBlockArgs: + def __init__(__self__, *, + block_inbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_inbound_ports") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) + @block_inbound_ports.setter + def block_inbound_ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_inbound_ports", value) @property - @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_outbound_ports") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @block_outbound_ports.setter + def block_outbound_ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_outbound_ports", value) @property @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class ContainerRuntimePolicyReadonlyFilesArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_readonly_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) @property @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files") - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) + @exceptional_readonly_files.setter + def exceptional_readonly_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files", value) @property - @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files_processes") - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) + @exceptional_readonly_files_processes.setter + def exceptional_readonly_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files_processes", value) @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files_users") - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) + @exceptional_readonly_files_users.setter + def exceptional_readonly_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files_users", value) + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files") -@pulumi.input_type -class FunctionAssurancePolicyRequiredLabelArgs: - def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files", value) @property - @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files_processes") - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) + @readonly_files_processes.setter + def readonly_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files_processes", value) @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files_users") - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) + @readonly_files_users.setter + def readonly_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files_users", value) @pulumi.input_type -class FunctionAssurancePolicyScopeArgs: +class ContainerRuntimePolicyReadonlyRegistryArgs: def __init__(__self__, *, - expression: Optional[pulumi.Input[str]] = None, - variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeVariableArgs']]]] = None): - if expression is not None: - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_readonly_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_registry_paths is not None: + pulumi.set(__self__, "exceptional_readonly_registry_paths", exceptional_readonly_registry_paths) + if exceptional_readonly_registry_processes is not None: + pulumi.set(__self__, "exceptional_readonly_registry_processes", exceptional_readonly_registry_processes) + if exceptional_readonly_registry_users is not None: + pulumi.set(__self__, "exceptional_readonly_registry_users", exceptional_readonly_registry_users) + if readonly_registry_paths is not None: + pulumi.set(__self__, "readonly_registry_paths", readonly_registry_paths) + if readonly_registry_processes is not None: + pulumi.set(__self__, "readonly_registry_processes", readonly_registry_processes) + if readonly_registry_users is not None: + pulumi.set(__self__, "readonly_registry_users", readonly_registry_users) @property @pulumi.getter - def expression(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "expression") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @expression.setter - def expression(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "expression", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeVariableArgs']]]]: - return pulumi.get(self, "variables") + @pulumi.getter(name="exceptionalReadonlyRegistryPaths") + def exceptional_readonly_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_paths") - @variables.setter - def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeVariableArgs']]]]): - pulumi.set(self, "variables", value) + @exceptional_readonly_registry_paths.setter + def exceptional_readonly_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_paths", value) + @property + @pulumi.getter(name="exceptionalReadonlyRegistryProcesses") + def exceptional_readonly_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_processes") -@pulumi.input_type -class FunctionAssurancePolicyScopeVariableArgs: - def __init__(__self__, *, - attribute: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) - if value is not None: - pulumi.set(__self__, "value", value) + @exceptional_readonly_registry_processes.setter + def exceptional_readonly_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_processes", value) @property - @pulumi.getter - def attribute(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "attribute") + @pulumi.getter(name="exceptionalReadonlyRegistryUsers") + def exceptional_readonly_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_users") - @attribute.setter - def attribute(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "attribute", value) + @exceptional_readonly_registry_users.setter + def exceptional_readonly_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_users", value) @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + @pulumi.getter(name="readonlyRegistryPaths") + def readonly_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_paths") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @readonly_registry_paths.setter + def readonly_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_paths", value) @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") + @pulumi.getter(name="readonlyRegistryProcesses") + def readonly_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_processes") - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) + @readonly_registry_processes.setter + def readonly_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_processes", value) + + @property + @pulumi.getter(name="readonlyRegistryUsers") + def readonly_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_users") + + @readonly_registry_users.setter + def readonly_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_users", value) @pulumi.input_type -class FunctionAssurancePolicyTrustedBaseImageArgs: +class ContainerRuntimePolicyRegistryAccessMonitoringArgs: def __init__(__self__, *, - imagename: Optional[pulumi.Input[str]] = None, - registry: Optional[pulumi.Input[str]] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_attributes: Optional[pulumi.Input[bool]] = None, + monitored_registry_create: Optional[pulumi.Input[bool]] = None, + monitored_registry_delete: Optional[pulumi.Input[bool]] = None, + monitored_registry_modify: Optional[pulumi.Input[bool]] = None, + monitored_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_read: Optional[pulumi.Input[bool]] = None, + monitored_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_registry_paths is not None: + pulumi.set(__self__, "exceptional_monitored_registry_paths", exceptional_monitored_registry_paths) + if exceptional_monitored_registry_processes is not None: + pulumi.set(__self__, "exceptional_monitored_registry_processes", exceptional_monitored_registry_processes) + if exceptional_monitored_registry_users is not None: + pulumi.set(__self__, "exceptional_monitored_registry_users", exceptional_monitored_registry_users) + if monitored_registry_attributes is not None: + pulumi.set(__self__, "monitored_registry_attributes", monitored_registry_attributes) + if monitored_registry_create is not None: + pulumi.set(__self__, "monitored_registry_create", monitored_registry_create) + if monitored_registry_delete is not None: + pulumi.set(__self__, "monitored_registry_delete", monitored_registry_delete) + if monitored_registry_modify is not None: + pulumi.set(__self__, "monitored_registry_modify", monitored_registry_modify) + if monitored_registry_paths is not None: + pulumi.set(__self__, "monitored_registry_paths", monitored_registry_paths) + if monitored_registry_processes is not None: + pulumi.set(__self__, "monitored_registry_processes", monitored_registry_processes) + if monitored_registry_read is not None: + pulumi.set(__self__, "monitored_registry_read", monitored_registry_read) + if monitored_registry_users is not None: + pulumi.set(__self__, "monitored_registry_users", monitored_registry_users) @property @pulumi.getter - def imagename(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "imagename") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @imagename.setter - def imagename(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "imagename", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def registry(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "registry") + @pulumi.getter(name="exceptionalMonitoredRegistryPaths") + def exceptional_monitored_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_paths") - @registry.setter - def registry(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "registry", value) + @exceptional_monitored_registry_paths.setter + def exceptional_monitored_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_paths", value) + @property + @pulumi.getter(name="exceptionalMonitoredRegistryProcesses") + def exceptional_monitored_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_processes") -@pulumi.input_type -class FunctionRuntimePolicyScopeVariableArgs: - def __init__(__self__, *, - attribute: pulumi.Input[str], - value: pulumi.Input[str], - name: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] attribute: Class of supported scope. - :param pulumi.Input[str] value: Value assigned to the attribute. - :param pulumi.Input[str] name: Name assigned to the attribute. - """ - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) - if name is not None: - pulumi.set(__self__, "name", name) + @exceptional_monitored_registry_processes.setter + def exceptional_monitored_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_processes", value) @property - @pulumi.getter - def attribute(self) -> pulumi.Input[str]: - """ - Class of supported scope. - """ - return pulumi.get(self, "attribute") + @pulumi.getter(name="exceptionalMonitoredRegistryUsers") + def exceptional_monitored_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_users") - @attribute.setter - def attribute(self, value: pulumi.Input[str]): - pulumi.set(self, "attribute", value) + @exceptional_monitored_registry_users.setter + def exceptional_monitored_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_users", value) + + @property + @pulumi.getter(name="monitoredRegistryAttributes") + def monitored_registry_attributes(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_attributes") + + @monitored_registry_attributes.setter + def monitored_registry_attributes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_attributes", value) + + @property + @pulumi.getter(name="monitoredRegistryCreate") + def monitored_registry_create(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_create") + + @monitored_registry_create.setter + def monitored_registry_create(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_create", value) + + @property + @pulumi.getter(name="monitoredRegistryDelete") + def monitored_registry_delete(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_delete") + + @monitored_registry_delete.setter + def monitored_registry_delete(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_delete", value) + + @property + @pulumi.getter(name="monitoredRegistryModify") + def monitored_registry_modify(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_modify") + + @monitored_registry_modify.setter + def monitored_registry_modify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_modify", value) + + @property + @pulumi.getter(name="monitoredRegistryPaths") + def monitored_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_paths") + + @monitored_registry_paths.setter + def monitored_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_paths", value) + + @property + @pulumi.getter(name="monitoredRegistryProcesses") + def monitored_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_processes") + + @monitored_registry_processes.setter + def monitored_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_processes", value) + + @property + @pulumi.getter(name="monitoredRegistryRead") + def monitored_registry_read(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_read") + + @monitored_registry_read.setter + def monitored_registry_read(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_read", value) + + @property + @pulumi.getter(name="monitoredRegistryUsers") + def monitored_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_users") + + @monitored_registry_users.setter + def monitored_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_users", value) + + +@pulumi.input_type +class ContainerRuntimePolicyRestrictedVolumeArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: Whether restricted volumes are enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) @property @pulumi.getter - def value(self) -> pulumi.Input[str]: + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Value assigned to the attribute. + Whether restricted volumes are enabled. """ - return pulumi.get(self, "value") + return pulumi.get(self, "enabled") - @value.setter - def value(self, value: pulumi.Input[str]): - pulumi.set(self, "value", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: + def volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Name assigned to the attribute. + List of restricted volumes. """ - return pulumi.get(self, "name") + return pulumi.get(self, "volumes") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @volumes.setter + def volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "volumes", value) @pulumi.input_type -class HostAssurancePolicyAutoScanTimeArgs: +class ContainerRuntimePolicyReverseShellArgs: def __init__(__self__, *, - iteration: Optional[pulumi.Input[int]] = None, - iteration_type: Optional[pulumi.Input[str]] = None, - time: Optional[pulumi.Input[str]] = None, - week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + block_reverse_shell: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + reverse_shell_ip_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + reverse_shell_proc_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_reverse_shell is not None: + pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + if reverse_shell_proc_white_lists is not None: + pulumi.set(__self__, "reverse_shell_proc_white_lists", reverse_shell_proc_white_lists) @property - @pulumi.getter - def iteration(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "iteration") + @pulumi.getter(name="blockReverseShell") + def block_reverse_shell(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_reverse_shell") - @iteration.setter - def iteration(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "iteration", value) + @block_reverse_shell.setter + def block_reverse_shell(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_reverse_shell", value) @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "iteration_type") + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @iteration_type.setter - def iteration_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "iteration_type", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def time(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "time") + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") - @time.setter - def time(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "time", value) + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "week_days") + @pulumi.getter(name="reverseShellProcWhiteLists") + def reverse_shell_proc_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_proc_white_lists") - @week_days.setter - def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "week_days", value) + @reverse_shell_proc_white_lists.setter + def reverse_shell_proc_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_proc_white_lists", value) @pulumi.input_type -class HostAssurancePolicyCustomCheckArgs: +class ContainerRuntimePolicyScopeArgs: def __init__(__self__, *, - author: Optional[pulumi.Input[str]] = None, - description: Optional[pulumi.Input[str]] = None, - engine: Optional[pulumi.Input[str]] = None, - last_modified: Optional[pulumi.Input[int]] = None, - name: Optional[pulumi.Input[str]] = None, - path: Optional[pulumi.Input[str]] = None, - read_only: Optional[pulumi.Input[bool]] = None, - script_id: Optional[pulumi.Input[str]] = None, - severity: Optional[pulumi.Input[str]] = None, - snippet: Optional[pulumi.Input[str]] = None): + expression: pulumi.Input[str], + variables: pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]): """ - :param pulumi.Input[str] author: Name of user account that created the policy. + :param pulumi.Input[str] expression: Scope expression. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]] variables: List of variables in the scope. """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def author(self) -> Optional[pulumi.Input[str]]: + def expression(self) -> pulumi.Input[str]: """ - Name of user account that created the policy. + Scope expression. """ - return pulumi.get(self, "author") + return pulumi.get(self, "expression") - @author.setter - def author(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "author", value) + @expression.setter + def expression(self, value: pulumi.Input[str]): + pulumi.set(self, "expression", value) @property @pulumi.getter - def description(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "description") + def variables(self) -> pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") - @description.setter - def description(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "description", value) + @variables.setter + def variables(self, value: pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class ContainerRuntimePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: pulumi.Input[str], + value: pulumi.Input[str], + name: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] attribute: Class of supported scope. + :param pulumi.Input[str] value: Value assigned to the attribute. + :param pulumi.Input[str] name: Name assigned to the attribute. + """ + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) + if name is not None: + pulumi.set(__self__, "name", name) @property @pulumi.getter - def engine(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "engine") + def attribute(self) -> pulumi.Input[str]: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") - @engine.setter - def engine(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "engine", value) + @attribute.setter + def attribute(self, value: pulumi.Input[str]): + pulumi.set(self, "attribute", value) @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "last_modified") + @pulumi.getter + def value(self) -> pulumi.Input[str]: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") - @last_modified.setter - def last_modified(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "last_modified", value) + @value.setter + def value(self, value: pulumi.Input[str]): + pulumi.set(self, "value", value) @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: + """ + Name assigned to the attribute. + """ return pulumi.get(self, "name") @name.setter def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) - @property - @pulumi.getter - def path(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "path") - @path.setter - def path(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "path", value) +@pulumi.input_type +class ContainerRuntimePolicySystemIntegrityProtectionArgs: + def __init__(__self__, *, + audit_systemtime_change: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + monitor_audit_log_integrity: Optional[pulumi.Input[bool]] = None, + windows_services_monitoring: Optional[pulumi.Input[bool]] = None): + if audit_systemtime_change is not None: + pulumi.set(__self__, "audit_systemtime_change", audit_systemtime_change) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if monitor_audit_log_integrity is not None: + pulumi.set(__self__, "monitor_audit_log_integrity", monitor_audit_log_integrity) + if windows_services_monitoring is not None: + pulumi.set(__self__, "windows_services_monitoring", windows_services_monitoring) @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "read_only") + @pulumi.getter(name="auditSystemtimeChange") + def audit_systemtime_change(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_systemtime_change") - @read_only.setter - def read_only(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "read_only", value) + @audit_systemtime_change.setter + def audit_systemtime_change(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_systemtime_change", value) @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "script_id") + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @script_id.setter - def script_id(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "script_id", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "severity") + @pulumi.getter(name="monitorAuditLogIntegrity") + def monitor_audit_log_integrity(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitor_audit_log_integrity") - @severity.setter - def severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "severity", value) + @monitor_audit_log_integrity.setter + def monitor_audit_log_integrity(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitor_audit_log_integrity", value) @property - @pulumi.getter - def snippet(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "snippet") + @pulumi.getter(name="windowsServicesMonitoring") + def windows_services_monitoring(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "windows_services_monitoring") - @snippet.setter - def snippet(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "snippet", value) + @windows_services_monitoring.setter + def windows_services_monitoring(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "windows_services_monitoring", value) @pulumi.input_type -class HostAssurancePolicyForbiddenLabelArgs: +class ContainerRuntimePolicyTripwireArgs: def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + serverless_app: Optional[pulumi.Input[str]] = None, + user_id: Optional[pulumi.Input[str]] = None, + user_password: Optional[pulumi.Input[str]] = None): + if apply_ons is not None: + pulumi.set(__self__, "apply_ons", apply_ons) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if serverless_app is not None: + pulumi.set(__self__, "serverless_app", serverless_app) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + if user_password is not None: + pulumi.set(__self__, "user_password", user_password) @property - @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") + @pulumi.getter(name="applyOns") + def apply_ons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "apply_ons") - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) + @apply_ons.setter + def apply_ons(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "apply_ons", value) @property @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + @property + @pulumi.getter(name="serverlessApp") + def serverless_app(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "serverless_app") -@pulumi.input_type -class HostAssurancePolicyPackagesBlackListArgs: - def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + @serverless_app.setter + def serverless_app(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "serverless_app", value) @property - @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") + @pulumi.getter(name="userId") + def user_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "user_id") - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + @user_id.setter + def user_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "user_id", value) @property - @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + @pulumi.getter(name="userPassword") + def user_password(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "user_password") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @user_password.setter + def user_password(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "user_password", value) + + +@pulumi.input_type +class ContainerRuntimePolicyWhitelistedOsUsersArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + group_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + user_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_white_lists is not None: + pulumi.set(__self__, "group_white_lists", group_white_lists) + if user_white_lists is not None: + pulumi.set(__self__, "user_white_lists", user_white_lists) @property @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + @pulumi.getter(name="groupWhiteLists") + def group_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "group_white_lists") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @group_white_lists.setter + def group_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "group_white_lists", value) @property - @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") + @pulumi.getter(name="userWhiteLists") + def user_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "user_white_lists") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) + @user_white_lists.setter + def user_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "user_white_lists", value) + + +@pulumi.input_type +class EnforcerGroupsCommandArgs: + def __init__(__self__, *, + default: Optional[pulumi.Input[str]] = None, + kubernetes: Optional[pulumi.Input[str]] = None, + swarm: Optional[pulumi.Input[str]] = None, + windows: Optional[pulumi.Input[str]] = None): + if default is not None: + pulumi.set(__self__, "default", default) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if swarm is not None: + pulumi.set(__self__, "swarm", swarm) + if windows is not None: + pulumi.set(__self__, "windows", windows) @property @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + def default(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @default.setter + def default(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default", value) @property @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") + def kubernetes(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kubernetes") - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) + @kubernetes.setter + def kubernetes(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kubernetes", value) @property @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") + def swarm(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "swarm") - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) + @swarm.setter + def swarm(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "swarm", value) @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") + @pulumi.getter + def windows(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "windows") - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) + @windows.setter + def windows(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "windows", value) @pulumi.input_type -class HostAssurancePolicyPackagesWhiteListArgs: +class EnforcerGroupsOrchestratorArgs: def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) - - @property - @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") - - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + master: Optional[pulumi.Input[bool]] = None, + namespace: Optional[pulumi.Input[str]] = None, + service_account: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] namespace: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + :param pulumi.Input[str] service_account: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + """ + if master is not None: + pulumi.set(__self__, "master", master) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if service_account is not None: + pulumi.set(__self__, "service_account", service_account) + if type is not None: + pulumi.set(__self__, "type", type) @property @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + def master(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "master") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @master.setter + def master(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "master", value) @property @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") + def namespace(self) -> Optional[pulumi.Input[str]]: + """ + May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + """ + return pulumi.get(self, "namespace") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) + @namespace.setter + def namespace(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "namespace", value) @property - @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + @pulumi.getter(name="serviceAccount") + def service_account(self) -> Optional[pulumi.Input[str]]: + """ + May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + """ + return pulumi.get(self, "service_account") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @service_account.setter + def service_account(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_account", value) @property @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) - - @property - @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") - - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) - - @property - @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") - - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) - - @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") - - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) - - -@pulumi.input_type -class HostAssurancePolicyRequiredLabelArgs: - def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") - - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) - - @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") - - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) - - -@pulumi.input_type -class HostAssurancePolicyScopeArgs: - def __init__(__self__, *, - expression: Optional[pulumi.Input[str]] = None, - variables: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeVariableArgs']]]] = None): - if expression is not None: - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) - - @property - @pulumi.getter - def expression(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "expression") - - @expression.setter - def expression(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "expression", value) - - @property - @pulumi.getter - def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeVariableArgs']]]]: - return pulumi.get(self, "variables") - - @variables.setter - def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeVariableArgs']]]]): - pulumi.set(self, "variables", value) - - -@pulumi.input_type -class HostAssurancePolicyScopeVariableArgs: - def __init__(__self__, *, - attribute: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def attribute(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "attribute") - - @attribute.setter - def attribute(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "attribute", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) - - @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") - - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) @pulumi.input_type -class HostAssurancePolicyTrustedBaseImageArgs: - def __init__(__self__, *, - imagename: Optional[pulumi.Input[str]] = None, - registry: Optional[pulumi.Input[str]] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) - - @property - @pulumi.getter - def imagename(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "imagename") - - @imagename.setter - def imagename(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "imagename", value) - - @property - @pulumi.getter - def registry(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "registry") - - @registry.setter - def registry(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "registry", value) - - -@pulumi.input_type -class HostRuntimePolicyFileIntegrityMonitoringArgs: +class FirewallPolicyInboundNetworkArgs: def __init__(__self__, *, - excluded_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitor_attributes: Optional[pulumi.Input[bool]] = None, - monitor_create: Optional[pulumi.Input[bool]] = None, - monitor_delete: Optional[pulumi.Input[bool]] = None, - monitor_modify: Optional[pulumi.Input[bool]] = None, - monitor_read: Optional[pulumi.Input[bool]] = None, - monitored_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitored_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitored_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - """ - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_paths: List of paths to be excluded from being monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_processes: List of processes to be excluded from being monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_users: List of users to be excluded from being monitored. - :param pulumi.Input[bool] monitor_attributes: If true, add attributes operations will be monitored. - :param pulumi.Input[bool] monitor_create: If true, create operations will be monitored. - :param pulumi.Input[bool] monitor_delete: If true, deletion operations will be monitored. - :param pulumi.Input[bool] monitor_modify: If true, modification operations will be monitored. - :param pulumi.Input[bool] monitor_read: If true, read operations will be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_paths: List of paths to be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_processes: List of processes to be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_users: List of users to be monitored. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if monitor_attributes is not None: - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - if monitor_create is not None: - pulumi.set(__self__, "monitor_create", monitor_create) - if monitor_delete is not None: - pulumi.set(__self__, "monitor_delete", monitor_delete) - if monitor_modify is not None: - pulumi.set(__self__, "monitor_modify", monitor_modify) - if monitor_read is not None: - pulumi.set(__self__, "monitor_read", monitor_read) - if monitored_paths is not None: - pulumi.set(__self__, "monitored_paths", monitored_paths) - if monitored_processes is not None: - pulumi.set(__self__, "monitored_processes", monitored_processes) - if monitored_users is not None: - pulumi.set(__self__, "monitored_users", monitored_users) - - @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + allow: pulumi.Input[bool], + port_range: pulumi.Input[str], + resource_type: pulumi.Input[str], + resource: Optional[pulumi.Input[str]] = None): """ - List of paths to be excluded from being monitored. + :param pulumi.Input[bool] allow: Indicates whether the specified resources are allowed to pass in data or requests. + :param pulumi.Input[str] port_range: Range of ports affected by firewall. + :param pulumi.Input[str] resource_type: Type of the resource + :param pulumi.Input[str] resource: Information of the resource. """ - return pulumi.get(self, "excluded_paths") - - @excluded_paths.setter - def excluded_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_paths", value) + pulumi.set(__self__, "allow", allow) + pulumi.set(__self__, "port_range", port_range) + pulumi.set(__self__, "resource_type", resource_type) + if resource is not None: + pulumi.set(__self__, "resource", resource) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def allow(self) -> pulumi.Input[bool]: """ - List of processes to be excluded from being monitored. + Indicates whether the specified resources are allowed to pass in data or requests. """ - return pulumi.get(self, "excluded_processes") + return pulumi.get(self, "allow") - @excluded_processes.setter - def excluded_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_processes", value) + @allow.setter + def allow(self, value: pulumi.Input[bool]): + pulumi.set(self, "allow", value) @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="portRange") + def port_range(self) -> pulumi.Input[str]: """ - List of users to be excluded from being monitored. + Range of ports affected by firewall. """ - return pulumi.get(self, "excluded_users") + return pulumi.get(self, "port_range") - @excluded_users.setter - def excluded_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_users", value) + @port_range.setter + def port_range(self, value: pulumi.Input[str]): + pulumi.set(self, "port_range", value) @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter(name="resourceType") + def resource_type(self) -> pulumi.Input[str]: """ - If true, add attributes operations will be monitored. + Type of the resource """ - return pulumi.get(self, "monitor_attributes") + return pulumi.get(self, "resource_type") - @monitor_attributes.setter - def monitor_attributes(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_attributes", value) + @resource_type.setter + def resource_type(self, value: pulumi.Input[str]): + pulumi.set(self, "resource_type", value) @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def resource(self) -> Optional[pulumi.Input[str]]: """ - If true, create operations will be monitored. + Information of the resource. """ - return pulumi.get(self, "monitor_create") - - @monitor_create.setter - def monitor_create(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_create", value) + return pulumi.get(self, "resource") - @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> Optional[pulumi.Input[bool]]: - """ - If true, deletion operations will be monitored. - """ - return pulumi.get(self, "monitor_delete") + @resource.setter + def resource(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource", value) - @monitor_delete.setter - def monitor_delete(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_delete", value) - @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> Optional[pulumi.Input[bool]]: +@pulumi.input_type +class FirewallPolicyOutboundNetworkArgs: + def __init__(__self__, *, + allow: pulumi.Input[bool], + port_range: pulumi.Input[str], + resource_type: pulumi.Input[str], + resource: Optional[pulumi.Input[str]] = None): """ - If true, modification operations will be monitored. + :param pulumi.Input[bool] allow: Indicates whether the specified resources are allowed to receive data or requests. + :param pulumi.Input[str] port_range: Range of ports affected by firewall. + :param pulumi.Input[str] resource_type: Type of the resource. + :param pulumi.Input[str] resource: Information of the resource. """ - return pulumi.get(self, "monitor_modify") - - @monitor_modify.setter - def monitor_modify(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_modify", value) + pulumi.set(__self__, "allow", allow) + pulumi.set(__self__, "port_range", port_range) + pulumi.set(__self__, "resource_type", resource_type) + if resource is not None: + pulumi.set(__self__, "resource", resource) @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def allow(self) -> pulumi.Input[bool]: """ - If true, read operations will be monitored. + Indicates whether the specified resources are allowed to receive data or requests. """ - return pulumi.get(self, "monitor_read") + return pulumi.get(self, "allow") - @monitor_read.setter - def monitor_read(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_read", value) + @allow.setter + def allow(self, value: pulumi.Input[bool]): + pulumi.set(self, "allow", value) @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="portRange") + def port_range(self) -> pulumi.Input[str]: """ - List of paths to be monitored. + Range of ports affected by firewall. """ - return pulumi.get(self, "monitored_paths") + return pulumi.get(self, "port_range") - @monitored_paths.setter - def monitored_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_paths", value) + @port_range.setter + def port_range(self, value: pulumi.Input[str]): + pulumi.set(self, "port_range", value) @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="resourceType") + def resource_type(self) -> pulumi.Input[str]: """ - List of processes to be monitored. + Type of the resource. """ - return pulumi.get(self, "monitored_processes") + return pulumi.get(self, "resource_type") - @monitored_processes.setter - def monitored_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_processes", value) + @resource_type.setter + def resource_type(self, value: pulumi.Input[str]): + pulumi.set(self, "resource_type", value) @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def resource(self) -> Optional[pulumi.Input[str]]: """ - List of users to be monitored. + Information of the resource. """ - return pulumi.get(self, "monitored_users") + return pulumi.get(self, "resource") - @monitored_users.setter - def monitored_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_users", value) + @resource.setter + def resource(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource", value) @pulumi.input_type -class HostRuntimePolicyMalwareScanOptionsArgs: +class FunctionAssurancePolicyAutoScanTimeArgs: def __init__(__self__, *, - action: Optional[pulumi.Input[str]] = None, - enabled: Optional[pulumi.Input[bool]] = None, - exclude_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exclude_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - """ - :param pulumi.Input[str] action: Set Action, Defaults to 'Alert' when empty - :param pulumi.Input[bool] enabled: Defines if enabled or not - :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_directories: List of registry paths to be excluded from being protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_processes: List of registry processes to be excluded from being protected. - """ - if action is not None: - pulumi.set(__self__, "action", action) - if enabled is not None: - pulumi.set(__self__, "enabled", enabled) - if exclude_directories is not None: - pulumi.set(__self__, "exclude_directories", exclude_directories) - if exclude_processes is not None: - pulumi.set(__self__, "exclude_processes", exclude_processes) + iteration: Optional[pulumi.Input[int]] = None, + iteration_type: Optional[pulumi.Input[str]] = None, + time: Optional[pulumi.Input[str]] = None, + week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) @property @pulumi.getter - def action(self) -> Optional[pulumi.Input[str]]: - """ - Set Action, Defaults to 'Alert' when empty - """ - return pulumi.get(self, "action") + def iteration(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "iteration") - @action.setter - def action(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "action", value) + @iteration.setter + def iteration(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "iteration", value) @property - @pulumi.getter - def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Defines if enabled or not - """ - return pulumi.get(self, "enabled") + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "iteration_type") - @enabled.setter - def enabled(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enabled", value) + @iteration_type.setter + def iteration_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "iteration_type", value) @property - @pulumi.getter(name="excludeDirectories") - def exclude_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry paths to be excluded from being protected. - """ - return pulumi.get(self, "exclude_directories") + @pulumi.getter + def time(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "time") - @exclude_directories.setter - def exclude_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exclude_directories", value) + @time.setter + def time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "time", value) @property - @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry processes to be excluded from being protected. - """ - return pulumi.get(self, "exclude_processes") + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "week_days") - @exclude_processes.setter - def exclude_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exclude_processes", value) + @week_days.setter + def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "week_days", value) @pulumi.input_type -class HostRuntimePolicyScopeVariableArgs: +class FunctionAssurancePolicyCustomCheckArgs: def __init__(__self__, *, - attribute: pulumi.Input[str], - value: pulumi.Input[str], - name: Optional[pulumi.Input[str]] = None): + author: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, + last_modified: Optional[pulumi.Input[int]] = None, + name: Optional[pulumi.Input[str]] = None, + path: Optional[pulumi.Input[str]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[str]] = None, + severity: Optional[pulumi.Input[str]] = None, + snippet: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[str] attribute: Class of supported scope. - :param pulumi.Input[str] value: Value assigned to the attribute. - :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[str] author: Name of user account that created the policy. """ - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) if name is not None: pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) @property @pulumi.getter - def attribute(self) -> pulumi.Input[str]: + def author(self) -> Optional[pulumi.Input[str]]: """ - Class of supported scope. + Name of user account that created the policy. """ - return pulumi.get(self, "attribute") + return pulumi.get(self, "author") - @attribute.setter - def attribute(self, value: pulumi.Input[str]): - pulumi.set(self, "attribute", value) + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) @property @pulumi.getter - def value(self) -> pulumi.Input[str]: - """ - Value assigned to the attribute. - """ - return pulumi.get(self, "value") + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") - @value.setter - def value(self, value: pulumi.Input[str]): - pulumi.set(self, "value", value) + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def engine(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "engine") + + @engine.setter + def engine(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "engine", value) + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "last_modified") + + @last_modified.setter + def last_modified(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "last_modified", value) @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - Name assigned to the attribute. - """ return pulumi.get(self, "name") @name.setter def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) - -@pulumi.input_type -class HostRuntimePolicyWindowsRegistryMonitoringArgs: - def __init__(__self__, *, - excluded_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitor_attributes: Optional[pulumi.Input[bool]] = None, - monitor_create: Optional[pulumi.Input[bool]] = None, - monitor_delete: Optional[pulumi.Input[bool]] = None, - monitor_modify: Optional[pulumi.Input[bool]] = None, - monitor_read: Optional[pulumi.Input[bool]] = None, - monitored_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitored_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - monitored_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - """ - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_paths: List of paths to be excluded from being monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_processes: List of registry processes to be excluded from being monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_users: List of registry users to be excluded from being monitored. - :param pulumi.Input[bool] monitor_attributes: If true, add attributes operations will be monitored. - :param pulumi.Input[bool] monitor_create: If true, create operations will be monitored. - :param pulumi.Input[bool] monitor_delete: If true, deletion operations will be monitored. - :param pulumi.Input[bool] monitor_modify: If true, modification operations will be monitored. - :param pulumi.Input[bool] monitor_read: If true, read operations will be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_paths: List of paths to be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_processes: List of registry processes to be monitored. - :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_users: List of registry users to be monitored. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if monitor_attributes is not None: - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - if monitor_create is not None: - pulumi.set(__self__, "monitor_create", monitor_create) - if monitor_delete is not None: - pulumi.set(__self__, "monitor_delete", monitor_delete) - if monitor_modify is not None: - pulumi.set(__self__, "monitor_modify", monitor_modify) - if monitor_read is not None: - pulumi.set(__self__, "monitor_read", monitor_read) - if monitored_paths is not None: - pulumi.set(__self__, "monitored_paths", monitored_paths) - if monitored_processes is not None: - pulumi.set(__self__, "monitored_processes", monitored_processes) - if monitored_users is not None: - pulumi.set(__self__, "monitored_users", monitored_users) - @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of paths to be excluded from being monitored. - """ - return pulumi.get(self, "excluded_paths") + @pulumi.getter + def path(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "path") - @excluded_paths.setter - def excluded_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_paths", value) + @path.setter + def path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "path", value) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry processes to be excluded from being monitored. - """ - return pulumi.get(self, "excluded_processes") + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") - @excluded_processes.setter - def excluded_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_processes", value) + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry users to be excluded from being monitored. - """ - return pulumi.get(self, "excluded_users") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "script_id") - @excluded_users.setter - def excluded_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_users", value) + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "script_id", value) @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> Optional[pulumi.Input[bool]]: - """ - If true, add attributes operations will be monitored. - """ - return pulumi.get(self, "monitor_attributes") + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") - @monitor_attributes.setter - def monitor_attributes(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_attributes", value) + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> Optional[pulumi.Input[bool]]: - """ - If true, create operations will be monitored. - """ - return pulumi.get(self, "monitor_create") + @pulumi.getter + def snippet(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "snippet") - @monitor_create.setter - def monitor_create(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_create", value) + @snippet.setter + def snippet(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "snippet", value) - @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> Optional[pulumi.Input[bool]]: - """ - If true, deletion operations will be monitored. - """ - return pulumi.get(self, "monitor_delete") - @monitor_delete.setter - def monitor_delete(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_delete", value) +@pulumi.input_type +class FunctionAssurancePolicyForbiddenLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> Optional[pulumi.Input[bool]]: - """ - If true, modification operations will be monitored. - """ - return pulumi.get(self, "monitor_modify") + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") - @monitor_modify.setter - def monitor_modify(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_modify", value) + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> Optional[pulumi.Input[bool]]: - """ - If true, read operations will be monitored. - """ - return pulumi.get(self, "monitor_read") - - @monitor_read.setter - def monitor_read(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "monitor_read", value) + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") - @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of paths to be monitored. - """ - return pulumi.get(self, "monitored_paths") + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) - @monitored_paths.setter - def monitored_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_paths", value) - @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry processes to be monitored. - """ - return pulumi.get(self, "monitored_processes") - - @monitored_processes.setter - def monitored_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_processes", value) +@pulumi.input_type +class FunctionAssurancePolicyKubernetesControlArgs: + def __init__(__self__, *, + avd_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + kind: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + ootb: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[int]] = None, + severity: Optional[pulumi.Input[str]] = None): + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry users to be monitored. - """ - return pulumi.get(self, "monitored_users") + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "avd_id") - @monitored_users.setter - def monitored_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "monitored_users", value) + @avd_id.setter + def avd_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "avd_id", value) + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") -@pulumi.input_type -class HostRuntimePolicyWindowsRegistryProtectionArgs: - def __init__(__self__, *, - excluded_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - excluded_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - protected_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - protected_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - protected_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - """ - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_paths: List of registry paths to be excluded from being protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_processes: List of registry processes to be excluded from being protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_users: List of registry paths to be users from being protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] protected_paths: List of registry paths to be protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] protected_processes: List of registry processes to be protected. - :param pulumi.Input[Sequence[pulumi.Input[str]]] protected_users: List of registry users to be protected. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if protected_paths is not None: - pulumi.set(__self__, "protected_paths", protected_paths) - if protected_processes is not None: - pulumi.set(__self__, "protected_processes", protected_processes) - if protected_users is not None: - pulumi.set(__self__, "protected_users", protected_users) + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry paths to be excluded from being protected. - """ - return pulumi.get(self, "excluded_paths") + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @excluded_paths.setter - def excluded_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_paths", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry processes to be excluded from being protected. - """ - return pulumi.get(self, "excluded_processes") + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") - @excluded_processes.setter - def excluded_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_processes", value) + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry paths to be users from being protected. - """ - return pulumi.get(self, "excluded_users") + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") - @excluded_users.setter - def excluded_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "excluded_users", value) + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) @property - @pulumi.getter(name="protectedPaths") - def protected_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry paths to be protected. - """ - return pulumi.get(self, "protected_paths") + @pulumi.getter + def ootb(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ootb") - @protected_paths.setter - def protected_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "protected_paths", value) + @ootb.setter + def ootb(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ootb", value) @property - @pulumi.getter(name="protectedProcesses") - def protected_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry processes to be protected. - """ - return pulumi.get(self, "protected_processes") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "script_id") - @protected_processes.setter - def protected_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "protected_processes", value) + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "script_id", value) @property - @pulumi.getter(name="protectedUsers") - def protected_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of registry users to be protected. - """ - return pulumi.get(self, "protected_users") + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") - @protected_users.setter - def protected_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "protected_users", value) + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) @pulumi.input_type -class ImageAssuranceChecksPerformedArgs: +class FunctionAssurancePolicyPackagesBlackListArgs: def __init__(__self__, *, - assurance_type: Optional[pulumi.Input[str]] = None, - blocking: Optional[pulumi.Input[bool]] = None, - control: Optional[pulumi.Input[str]] = None, - dta_skipped: Optional[pulumi.Input[bool]] = None, - dta_skipped_reason: Optional[pulumi.Input[str]] = None, - failed: Optional[pulumi.Input[bool]] = None, - policy_name: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[bool] dta_skipped: If DTA was skipped. - :param pulumi.Input[str] dta_skipped_reason: The reason why DTA was skipped. - """ - if assurance_type is not None: - pulumi.set(__self__, "assurance_type", assurance_type) - if blocking is not None: - pulumi.set(__self__, "blocking", blocking) - if control is not None: - pulumi.set(__self__, "control", control) - if dta_skipped is not None: - pulumi.set(__self__, "dta_skipped", dta_skipped) - if dta_skipped_reason is not None: - pulumi.set(__self__, "dta_skipped_reason", dta_skipped_reason) - if failed is not None: - pulumi.set(__self__, "failed", failed) - if policy_name is not None: - pulumi.set(__self__, "policy_name", policy_name) - - @property - @pulumi.getter(name="assuranceType") - def assurance_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "assurance_type") - - @assurance_type.setter - def assurance_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "assurance_type", value) + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property @pulumi.getter - def blocking(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "blocking") + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") - @blocking.setter - def blocking(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "blocking", value) + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) @property @pulumi.getter - def control(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "control") - - @control.setter - def control(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "control", value) - - @property - @pulumi.getter(name="dtaSkipped") - def dta_skipped(self) -> Optional[pulumi.Input[bool]]: - """ - If DTA was skipped. - """ - return pulumi.get(self, "dta_skipped") + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") - @dta_skipped.setter - def dta_skipped(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "dta_skipped", value) + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) @property - @pulumi.getter(name="dtaSkippedReason") - def dta_skipped_reason(self) -> Optional[pulumi.Input[str]]: - """ - The reason why DTA was skipped. - """ - return pulumi.get(self, "dta_skipped_reason") + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") - @dta_skipped_reason.setter - def dta_skipped_reason(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "dta_skipped_reason", value) + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) @property @pulumi.getter - def failed(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "failed") + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") - @failed.setter - def failed(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "failed", value) + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) @property - @pulumi.getter(name="policyName") - def policy_name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "policy_name") - - @policy_name.setter - def policy_name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "policy_name", value) - + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") -@pulumi.input_type -class ImageAssurancePolicyAutoScanTimeArgs: - def __init__(__self__, *, - iteration: Optional[pulumi.Input[int]] = None, - iteration_type: Optional[pulumi.Input[str]] = None, - time: Optional[pulumi.Input[str]] = None, - week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) @property @pulumi.getter - def iteration(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "iteration") + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") - @iteration.setter - def iteration(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "iteration", value) + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "iteration_type") + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") - @iteration_type.setter - def iteration_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "iteration_type", value) + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) @property @pulumi.getter - def time(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "time") + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") - @time.setter - def time(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "time", value) + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "week_days") + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") - @week_days.setter - def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "week_days", value) + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) @pulumi.input_type -class ImageAssurancePolicyCustomCheckArgs: - def __init__(__self__, *, - author: Optional[pulumi.Input[str]] = None, - description: Optional[pulumi.Input[str]] = None, - engine: Optional[pulumi.Input[str]] = None, - last_modified: Optional[pulumi.Input[int]] = None, - name: Optional[pulumi.Input[str]] = None, - path: Optional[pulumi.Input[str]] = None, - read_only: Optional[pulumi.Input[bool]] = None, - script_id: Optional[pulumi.Input[str]] = None, - severity: Optional[pulumi.Input[str]] = None, - snippet: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] author: Name of user account that created the policy. - """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) - - @property - @pulumi.getter - def author(self) -> Optional[pulumi.Input[str]]: - """ - Name of user account that created the policy. - """ - return pulumi.get(self, "author") - - @author.setter - def author(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "author", value) - - @property - @pulumi.getter - def description(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "description") - - @description.setter - def description(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "description", value) - - @property - @pulumi.getter - def engine(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "engine") - - @engine.setter - def engine(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "engine", value) - - @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "last_modified") - - @last_modified.setter - def last_modified(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "last_modified", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) - - @property - @pulumi.getter - def path(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "path") - - @path.setter - def path(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "path", value) - - @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "read_only") - - @read_only.setter - def read_only(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "read_only", value) - - @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "script_id") - - @script_id.setter - def script_id(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "script_id", value) - - @property - @pulumi.getter - def severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "severity") - - @severity.setter - def severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "severity", value) - - @property - @pulumi.getter - def snippet(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "snippet") - - @snippet.setter - def snippet(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "snippet", value) - - -@pulumi.input_type -class ImageAssurancePolicyForbiddenLabelArgs: - def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") - - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) - - @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") - - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) - - -@pulumi.input_type -class ImageAssurancePolicyPackagesBlackListArgs: +class FunctionAssurancePolicyPackagesWhiteListArgs: def __init__(__self__, *, arch: Optional[pulumi.Input[str]] = None, display: Optional[pulumi.Input[str]] = None, @@ -3927,152 +4018,92 @@ def version_range(self, value: Optional[pulumi.Input[str]]): @pulumi.input_type -class ImageAssurancePolicyPackagesWhiteListArgs: +class FunctionAssurancePolicyPolicySettingsArgs: def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + enforce: Optional[pulumi.Input[bool]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + warn: Optional[pulumi.Input[bool]] = None, + warning_message: Optional[pulumi.Input[str]] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) @property @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) @property - @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) @property @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") + def warn(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "warn") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) + @warn.setter + def warn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "warn", value) @property - @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "warning_message") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @warning_message.setter + def warning_message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warning_message", value) - @property - @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) +@pulumi.input_type +class FunctionAssurancePolicyRequiredLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) @property @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") - - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") - @property - @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") - - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) - - @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") - - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) - - -@pulumi.input_type -class ImageAssurancePolicyRequiredLabelArgs: - def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") - - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) - - @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "value") - - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) @pulumi.input_type -class ImageAssurancePolicyScopeArgs: +class FunctionAssurancePolicyScopeArgs: def __init__(__self__, *, expression: Optional[pulumi.Input[str]] = None, - variables: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeVariableArgs']]]] = None): + variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeVariableArgs']]]] = None): if expression is not None: pulumi.set(__self__, "expression", expression) if variables is not None: @@ -4089,16 +4120,16 @@ def expression(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter - def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeVariableArgs']]]]: + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeVariableArgs']]]]: return pulumi.get(self, "variables") @variables.setter - def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeVariableArgs']]]]): + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeVariableArgs']]]]): pulumi.set(self, "variables", value) @pulumi.input_type -class ImageAssurancePolicyScopeVariableArgs: +class FunctionAssurancePolicyScopeVariableArgs: def __init__(__self__, *, attribute: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, @@ -4139,7 +4170,7 @@ def value(self, value: Optional[pulumi.Input[str]]): @pulumi.input_type -class ImageAssurancePolicyTrustedBaseImageArgs: +class FunctionAssurancePolicyTrustedBaseImageArgs: def __init__(__self__, *, imagename: Optional[pulumi.Input[str]] = None, registry: Optional[pulumi.Input[str]] = None): @@ -4168,169 +4199,5468 @@ def registry(self, value: Optional[pulumi.Input[str]]): @pulumi.input_type -class ImageHistoryArgs: +class FunctionRuntimePolicyAllowedExecutableArgs: def __init__(__self__, *, - comment: Optional[pulumi.Input[str]] = None, - created: Optional[pulumi.Input[str]] = None, - created_by: Optional[pulumi.Input[str]] = None, - id: Optional[pulumi.Input[str]] = None, - size: Optional[pulumi.Input[int]] = None): + allow_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allow_root_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + separate_executables: Optional[pulumi.Input[bool]] = None): """ - :param pulumi.Input[str] comment: The image creation comment. - :param pulumi.Input[str] created: The date and time when the image was registered. - :param pulumi.Input[str] id: The ID of this resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allow_executables: List of allowed executables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allow_root_executables: List of allowed root executables. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. + :param pulumi.Input[bool] separate_executables: Whether to treat executables separately. """ - if comment is not None: - pulumi.set(__self__, "comment", comment) - if created is not None: - pulumi.set(__self__, "created", created) - if created_by is not None: - pulumi.set(__self__, "created_by", created_by) - if id is not None: - pulumi.set(__self__, "id", id) - if size is not None: - pulumi.set(__self__, "size", size) + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) @property - @pulumi.getter - def comment(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The image creation comment. + List of allowed executables. """ - return pulumi.get(self, "comment") + return pulumi.get(self, "allow_executables") - @comment.setter - def comment(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "comment", value) + @allow_executables.setter + def allow_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allow_executables", value) + + @property + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of allowed root executables. + """ + return pulumi.get(self, "allow_root_executables") + + @allow_root_executables.setter + def allow_root_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allow_root_executables", value) @property @pulumi.getter - def created(self) -> Optional[pulumi.Input[str]]: + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - The date and time when the image was registered. + Whether allowed executables configuration is enabled. """ - return pulumi.get(self, "created") + return pulumi.get(self, "enabled") - @created.setter - def created(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "created", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="createdBy") - def created_by(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "created_by") + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to treat executables separately. + """ + return pulumi.get(self, "separate_executables") - @created_by.setter - def created_by(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "created_by", value) + @separate_executables.setter + def separate_executables(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "separate_executables", value) + + +@pulumi.input_type +class FunctionRuntimePolicyAllowedRegistryArgs: + def __init__(__self__, *, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of allowed registries. + :param pulumi.Input[bool] enabled: Whether allowed registries are enabled. + """ + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowed_registries", value) @property @pulumi.getter - def id(self) -> Optional[pulumi.Input[str]]: + def enabled(self) -> Optional[pulumi.Input[bool]]: """ - The ID of this resource. + Whether allowed registries are enabled. """ - return pulumi.get(self, "id") + return pulumi.get(self, "enabled") - @id.setter - def id(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "id", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class FunctionRuntimePolicyAuditingArgs: + def __init__(__self__, *, + audit_all_network: Optional[pulumi.Input[bool]] = None, + audit_all_processes: Optional[pulumi.Input[bool]] = None, + audit_failed_login: Optional[pulumi.Input[bool]] = None, + audit_os_user_activity: Optional[pulumi.Input[bool]] = None, + audit_process_cmdline: Optional[pulumi.Input[bool]] = None, + audit_success_login: Optional[pulumi.Input[bool]] = None, + audit_user_account_management: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_all_network") + + @audit_all_network.setter + def audit_all_network(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_all_network", value) + + @property + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_all_processes") + + @audit_all_processes.setter + def audit_all_processes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_all_processes", value) + + @property + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_failed_login") + + @audit_failed_login.setter + def audit_failed_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_failed_login", value) + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_os_user_activity") + + @audit_os_user_activity.setter + def audit_os_user_activity(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_os_user_activity", value) + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_process_cmdline") + + @audit_process_cmdline.setter + def audit_process_cmdline(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_process_cmdline", value) + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_success_login") + + @audit_success_login.setter + def audit_success_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_success_login", value) + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_user_account_management") + + @audit_user_account_management.setter + def audit_user_account_management(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_user_account_management", value) @property @pulumi.getter - def size(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "size") + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @size.setter - def size(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "size", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @pulumi.input_type -class ImageVulnerabilityArgs: +class FunctionRuntimePolicyBlacklistedOsUsersArgs: def __init__(__self__, *, - ack_author: Optional[pulumi.Input[str]] = None, - ack_comment: Optional[pulumi.Input[str]] = None, - ack_expiration_configured_at: Optional[pulumi.Input[str]] = None, - ack_expiration_configured_by: Optional[pulumi.Input[str]] = None, - ack_expiration_days: Optional[pulumi.Input[int]] = None, - ack_scope: Optional[pulumi.Input[str]] = None, - acknowledge_date: Optional[pulumi.Input[str]] = None, - ancestor_pkg: Optional[pulumi.Input[str]] = None, - aqua_score: Optional[pulumi.Input[float]] = None, - aqua_score_classification: Optional[pulumi.Input[str]] = None, - aqua_scoring_system: Optional[pulumi.Input[str]] = None, - aqua_severity: Optional[pulumi.Input[str]] = None, - aqua_severity_classification: Optional[pulumi.Input[str]] = None, - aqua_vectors: Optional[pulumi.Input[str]] = None, - audit_events_count: Optional[pulumi.Input[int]] = None, - block_events_count: Optional[pulumi.Input[int]] = None, - classification: Optional[pulumi.Input[str]] = None, - description: Optional[pulumi.Input[str]] = None, - digest: Optional[pulumi.Input[str]] = None, - exploit_reference: Optional[pulumi.Input[str]] = None, - exploit_type: Optional[pulumi.Input[str]] = None, - first_found_date: Optional[pulumi.Input[str]] = None, - fix_version: Optional[pulumi.Input[str]] = None, - image_name: Optional[pulumi.Input[str]] = None, - last_found_date: Optional[pulumi.Input[str]] = None, - modification_date: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - nvd_cvss2_score: Optional[pulumi.Input[float]] = None, - nvd_cvss2_vectors: Optional[pulumi.Input[str]] = None, - nvd_cvss3_score: Optional[pulumi.Input[float]] = None, - nvd_cvss3_severity: Optional[pulumi.Input[str]] = None, - nvd_cvss3_vectors: Optional[pulumi.Input[str]] = None, - nvd_severity: Optional[pulumi.Input[str]] = None, - nvd_url: Optional[pulumi.Input[str]] = None, - os: Optional[pulumi.Input[str]] = None, - os_version: Optional[pulumi.Input[str]] = None, - permission: Optional[pulumi.Input[str]] = None, - publish_date: Optional[pulumi.Input[str]] = None, - registry: Optional[pulumi.Input[str]] = None, - repository: Optional[pulumi.Input[str]] = None, - resource_architecture: Optional[pulumi.Input[str]] = None, - resource_cpe: Optional[pulumi.Input[str]] = None, - resource_format: Optional[pulumi.Input[str]] = None, - resource_hash: Optional[pulumi.Input[str]] = None, - resource_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - resource_name: Optional[pulumi.Input[str]] = None, - resource_path: Optional[pulumi.Input[str]] = None, - resource_type: Optional[pulumi.Input[str]] = None, - resource_version: Optional[pulumi.Input[str]] = None, - severity_classification: Optional[pulumi.Input[str]] = None, - solution: Optional[pulumi.Input[str]] = None, - temporal_vector: Optional[pulumi.Input[str]] = None, - v_patch_applied_by: Optional[pulumi.Input[str]] = None, - v_patch_applied_on: Optional[pulumi.Input[str]] = None, - v_patch_enforced_by: Optional[pulumi.Input[str]] = None, - v_patch_enforced_on: Optional[pulumi.Input[str]] = None, - v_patch_policy_enforce: Optional[pulumi.Input[bool]] = None, - v_patch_policy_name: Optional[pulumi.Input[str]] = None, - v_patch_reverted_by: Optional[pulumi.Input[str]] = None, - v_patch_reverted_on: Optional[pulumi.Input[str]] = None, - v_patch_status: Optional[pulumi.Input[str]] = None, - vendor_cvss2_score: Optional[pulumi.Input[float]] = None, - vendor_cvss2_vectors: Optional[pulumi.Input[str]] = None, - vendor_severity: Optional[pulumi.Input[str]] = None, - vendor_statement: Optional[pulumi.Input[str]] = None, - vendor_url: Optional[pulumi.Input[str]] = None): + enabled: Optional[pulumi.Input[bool]] = None, + group_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + user_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_black_lists is not None: + pulumi.set(__self__, "group_black_lists", group_black_lists) + if user_black_lists is not None: + pulumi.set(__self__, "user_black_lists", user_black_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="groupBlackLists") + def group_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "group_black_lists") + + @group_black_lists.setter + def group_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "group_black_lists", value) + + @property + @pulumi.getter(name="userBlackLists") + def user_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "user_black_lists") + + @user_black_lists.setter + def user_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "user_black_lists", value) + + +@pulumi.input_type +class FunctionRuntimePolicyBypassScopeArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeArgs']]]] = None): """ - :param pulumi.Input[str] digest: The content digest of the image. - :param pulumi.Input[str] name: The name of the image. - :param pulumi.Input[str] os: The operating system detected in the image - :param pulumi.Input[str] os_version: The version of the OS detected in the image. - :param pulumi.Input[str] permission: Permission of the image. - :param pulumi.Input[str] registry: The name of the registry where the image is stored. - :param pulumi.Input[str] repository: The name of the image's repository. + :param pulumi.Input[bool] enabled: Whether bypassing the scope is enabled. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeArgs']]] scopes: Scope configuration. """ - if ack_author is not None: - pulumi.set(__self__, "ack_author", ack_author) - if ack_comment is not None: - pulumi.set(__self__, "ack_comment", ack_comment) - if ack_expiration_configured_at is not None: - pulumi.set(__self__, "ack_expiration_configured_at", ack_expiration_configured_at) - if ack_expiration_configured_by is not None: + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether bypassing the scope is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeArgs']]]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + +@pulumi.input_type +class FunctionRuntimePolicyBypassScopeScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeVariableArgs']]]] = None): + """ + :param pulumi.Input[str] expression: Scope expression. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeVariableArgs']]] variables: List of variables in the scope. + """ + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeVariableArgs']]]]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class FunctionRuntimePolicyBypassScopeScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] attribute: Variable attribute. + :param pulumi.Input[str] value: Variable value. + """ + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[pulumi.Input[str]]: + """ + Variable attribute. + """ + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + """ + Variable value. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class FunctionRuntimePolicyContainerExecArgs: + def __init__(__self__, *, + block_container_exec: Optional[pulumi.Input[bool]] = None, + container_exec_proc_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + reverse_shell_ip_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") + + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) + + @property + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "container_exec_proc_white_lists") + + @container_exec_proc_white_lists.setter + def container_exec_proc_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "container_exec_proc_white_lists", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) + + +@pulumi.input_type +class FunctionRuntimePolicyDriftPreventionArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exec_lockdown: Optional[pulumi.Input[bool]] = None, + exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + image_lockdown: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[bool] enabled: Whether drift prevention is enabled. + :param pulumi.Input[bool] exec_lockdown: Whether to lockdown execution drift. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param pulumi.Input[bool] image_lockdown: Whether to lockdown image drift. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to lockdown execution drift. + """ + return pulumi.get(self, "exec_lockdown") + + @exec_lockdown.setter + def exec_lockdown(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "exec_lockdown", value) + + @property + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of items in the execution lockdown white list. + """ + return pulumi.get(self, "exec_lockdown_white_lists") + + @exec_lockdown_white_lists.setter + def exec_lockdown_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exec_lockdown_white_lists", value) + + @property + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to lockdown image drift. + """ + return pulumi.get(self, "image_lockdown") + + @image_lockdown.setter + def image_lockdown(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "image_lockdown", value) + + +@pulumi.input_type +class FunctionRuntimePolicyExecutableBlacklistArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: Whether the executable blacklist is enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] executables: List of blacklisted executables. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether the executable blacklist is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of blacklisted executables. + """ + return pulumi.get(self, "executables") + + @executables.setter + def executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "executables", value) + + +@pulumi.input_type +class FunctionRuntimePolicyFailedKubernetesChecksArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + failed_checks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if failed_checks is not None: + pulumi.set(__self__, "failed_checks", failed_checks) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="failedChecks") + def failed_checks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "failed_checks") + + @failed_checks.setter + def failed_checks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "failed_checks", value) + + +@pulumi.input_type +class FunctionRuntimePolicyFileBlockArgs: + def __init__(__self__, *, + block_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_block_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + filename_block_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_files_processes") + + @block_files_processes.setter + def block_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_files_processes", value) + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_files_users") + + @block_files_users.setter + def block_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_files_users", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files") + + @exceptional_block_files.setter + def exceptional_block_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @exceptional_block_files_processes.setter + def exceptional_block_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files_users") + + @exceptional_block_files_users.setter + def exceptional_block_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files_users", value) + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "filename_block_lists") + + @filename_block_lists.setter + def filename_block_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "filename_block_lists", value) + + +@pulumi.input_type +class FunctionRuntimePolicyFileIntegrityMonitoringArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files_attributes: Optional[pulumi.Input[bool]] = None, + monitored_files_create: Optional[pulumi.Input[bool]] = None, + monitored_files_delete: Optional[pulumi.Input[bool]] = None, + monitored_files_modify: Optional[pulumi.Input[bool]] = None, + monitored_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files_read: Optional[pulumi.Input[bool]] = None, + monitored_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: If true, file integrity monitoring is enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files: List of paths to be monitored. + :param pulumi.Input[bool] monitored_files_attributes: Whether to monitor file attribute operations. + :param pulumi.Input[bool] monitored_files_create: Whether to monitor file create operations. + :param pulumi.Input[bool] monitored_files_delete: Whether to monitor file delete operations. + :param pulumi.Input[bool] monitored_files_modify: Whether to monitor file modify operations. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files_processes: List of processes associated with monitored files. + :param pulumi.Input[bool] monitored_files_read: Whether to monitor file read operations. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") + + @exceptional_monitored_files.setter + def exceptional_monitored_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files", value) + + @property + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") + + @exceptional_monitored_files_processes.setter + def exceptional_monitored_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files_processes", value) + + @property + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") + + @exceptional_monitored_files_users.setter + def exceptional_monitored_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files_users", value) + + @property + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") + + @monitored_files.setter + def monitored_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files", value) + + @property + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") + + @monitored_files_attributes.setter + def monitored_files_attributes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_attributes", value) + + @property + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") + + @monitored_files_create.setter + def monitored_files_create(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_create", value) + + @property + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") + + @monitored_files_delete.setter + def monitored_files_delete(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_delete", value) + + @property + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") + + @monitored_files_modify.setter + def monitored_files_modify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_modify", value) + + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") + + @monitored_files_processes.setter + def monitored_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files_processes", value) + + @property + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") + + @monitored_files_read.setter + def monitored_files_read(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_read", value) + + @property + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") + + @monitored_files_users.setter + def monitored_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files_users", value) + + +@pulumi.input_type +class FunctionRuntimePolicyLimitContainerPrivilegeArgs: + def __init__(__self__, *, + block_add_capabilities: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + ipcmode: Optional[pulumi.Input[bool]] = None, + netmode: Optional[pulumi.Input[bool]] = None, + pidmode: Optional[pulumi.Input[bool]] = None, + prevent_low_port_binding: Optional[pulumi.Input[bool]] = None, + prevent_root_user: Optional[pulumi.Input[bool]] = None, + privileged: Optional[pulumi.Input[bool]] = None, + use_host_user: Optional[pulumi.Input[bool]] = None, + usermode: Optional[pulumi.Input[bool]] = None, + utsmode: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[bool] block_add_capabilities: Whether to block adding capabilities. + :param pulumi.Input[bool] enabled: Whether container privilege limitations are enabled. + :param pulumi.Input[bool] ipcmode: Whether to limit IPC-related capabilities. + :param pulumi.Input[bool] netmode: Whether to limit network-related capabilities. + :param pulumi.Input[bool] pidmode: Whether to limit process-related capabilities. + :param pulumi.Input[bool] prevent_low_port_binding: Whether to prevent low port binding. + :param pulumi.Input[bool] prevent_root_user: Whether to prevent the use of the root user. + :param pulumi.Input[bool] privileged: Whether the container is run in privileged mode. + :param pulumi.Input[bool] use_host_user: Whether to use the host user. + :param pulumi.Input[bool] usermode: Whether to limit user-related capabilities. + :param pulumi.Input[bool] utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) + + @property + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") + + @block_add_capabilities.setter + def block_add_capabilities(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_add_capabilities", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def ipcmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") + + @ipcmode.setter + def ipcmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ipcmode", value) + + @property + @pulumi.getter + def netmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") + + @netmode.setter + def netmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "netmode", value) + + @property + @pulumi.getter + def pidmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") + + @pidmode.setter + def pidmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "pidmode", value) + + @property + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") + + @prevent_low_port_binding.setter + def prevent_low_port_binding(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "prevent_low_port_binding", value) + + @property + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") + + @prevent_root_user.setter + def prevent_root_user(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "prevent_root_user", value) + + @property + @pulumi.getter + def privileged(self) -> Optional[pulumi.Input[bool]]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") + + @privileged.setter + def privileged(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "privileged", value) + + @property + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") + + @use_host_user.setter + def use_host_user(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "use_host_user", value) + + @property + @pulumi.getter + def usermode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") + + @usermode.setter + def usermode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "usermode", value) + + @property + @pulumi.getter + def utsmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") + + @utsmode.setter + def utsmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "utsmode", value) + + +@pulumi.input_type +class FunctionRuntimePolicyLinuxCapabilitiesArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + remove_linux_capabilities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if remove_linux_capabilities is not None: + pulumi.set(__self__, "remove_linux_capabilities", remove_linux_capabilities) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="removeLinuxCapabilities") + def remove_linux_capabilities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "remove_linux_capabilities") + + @remove_linux_capabilities.setter + def remove_linux_capabilities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "remove_linux_capabilities", value) + + +@pulumi.input_type +class FunctionRuntimePolicyMalwareScanOptionsArgs: + def __init__(__self__, *, + action: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exclude_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + include_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[str] action: Set Action, Defaults to 'Alert' when empty + :param pulumi.Input[bool] enabled: Defines if enabled or not + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_directories: List of registry paths to be excluded from being protected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_processes: List of registry processes to be excluded from being protected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) + + @property + @pulumi.getter + def action(self) -> Optional[pulumi.Input[str]]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") + + @action.setter + def action(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "action", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") + + @exclude_directories.setter + def exclude_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_directories", value) + + @property + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") + + @exclude_processes.setter + def exclude_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_processes", value) + + @property + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") + + @include_directories.setter + def include_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "include_directories", value) + + +@pulumi.input_type +class FunctionRuntimePolicyPackageBlockArgs: + def __init__(__self__, *, + block_packages_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_packages_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_block_packages_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_packages_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_packages_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + + @property + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_packages_processes") + + @block_packages_processes.setter + def block_packages_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_packages_processes", value) + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_packages_users") + + @block_packages_users.setter + def block_packages_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_packages_users", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_files") + + @exceptional_block_packages_files.setter + def exceptional_block_packages_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_files", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_processes") + + @exceptional_block_packages_processes.setter + def exceptional_block_packages_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_users") + + @exceptional_block_packages_users.setter + def exceptional_block_packages_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_users", value) + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "packages_black_lists") + + @packages_black_lists.setter + def packages_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "packages_black_lists", value) + + +@pulumi.input_type +class FunctionRuntimePolicyPortBlockArgs: + def __init__(__self__, *, + block_inbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_inbound_ports") + + @block_inbound_ports.setter + def block_inbound_ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_inbound_ports", value) + + @property + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_outbound_ports") + + @block_outbound_ports.setter + def block_outbound_ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_outbound_ports", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class FunctionRuntimePolicyReadonlyFilesArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_readonly_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files") + + @exceptional_readonly_files.setter + def exceptional_readonly_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files", value) + + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files_processes") + + @exceptional_readonly_files_processes.setter + def exceptional_readonly_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files_processes", value) + + @property + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files_users") + + @exceptional_readonly_files_users.setter + def exceptional_readonly_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files_users", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files_processes") + + @readonly_files_processes.setter + def readonly_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files_processes", value) + + @property + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files_users") + + @readonly_files_users.setter + def readonly_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files_users", value) + + +@pulumi.input_type +class FunctionRuntimePolicyReadonlyRegistryArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_readonly_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_registry_paths is not None: + pulumi.set(__self__, "exceptional_readonly_registry_paths", exceptional_readonly_registry_paths) + if exceptional_readonly_registry_processes is not None: + pulumi.set(__self__, "exceptional_readonly_registry_processes", exceptional_readonly_registry_processes) + if exceptional_readonly_registry_users is not None: + pulumi.set(__self__, "exceptional_readonly_registry_users", exceptional_readonly_registry_users) + if readonly_registry_paths is not None: + pulumi.set(__self__, "readonly_registry_paths", readonly_registry_paths) + if readonly_registry_processes is not None: + pulumi.set(__self__, "readonly_registry_processes", readonly_registry_processes) + if readonly_registry_users is not None: + pulumi.set(__self__, "readonly_registry_users", readonly_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryPaths") + def exceptional_readonly_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_paths") + + @exceptional_readonly_registry_paths.setter + def exceptional_readonly_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_paths", value) + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryProcesses") + def exceptional_readonly_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_processes") + + @exceptional_readonly_registry_processes.setter + def exceptional_readonly_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_processes", value) + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryUsers") + def exceptional_readonly_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_users") + + @exceptional_readonly_registry_users.setter + def exceptional_readonly_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_users", value) + + @property + @pulumi.getter(name="readonlyRegistryPaths") + def readonly_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_paths") + + @readonly_registry_paths.setter + def readonly_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_paths", value) + + @property + @pulumi.getter(name="readonlyRegistryProcesses") + def readonly_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_processes") + + @readonly_registry_processes.setter + def readonly_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_processes", value) + + @property + @pulumi.getter(name="readonlyRegistryUsers") + def readonly_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_users") + + @readonly_registry_users.setter + def readonly_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_users", value) + + +@pulumi.input_type +class FunctionRuntimePolicyRegistryAccessMonitoringArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_attributes: Optional[pulumi.Input[bool]] = None, + monitored_registry_create: Optional[pulumi.Input[bool]] = None, + monitored_registry_delete: Optional[pulumi.Input[bool]] = None, + monitored_registry_modify: Optional[pulumi.Input[bool]] = None, + monitored_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_read: Optional[pulumi.Input[bool]] = None, + monitored_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_registry_paths is not None: + pulumi.set(__self__, "exceptional_monitored_registry_paths", exceptional_monitored_registry_paths) + if exceptional_monitored_registry_processes is not None: + pulumi.set(__self__, "exceptional_monitored_registry_processes", exceptional_monitored_registry_processes) + if exceptional_monitored_registry_users is not None: + pulumi.set(__self__, "exceptional_monitored_registry_users", exceptional_monitored_registry_users) + if monitored_registry_attributes is not None: + pulumi.set(__self__, "monitored_registry_attributes", monitored_registry_attributes) + if monitored_registry_create is not None: + pulumi.set(__self__, "monitored_registry_create", monitored_registry_create) + if monitored_registry_delete is not None: + pulumi.set(__self__, "monitored_registry_delete", monitored_registry_delete) + if monitored_registry_modify is not None: + pulumi.set(__self__, "monitored_registry_modify", monitored_registry_modify) + if monitored_registry_paths is not None: + pulumi.set(__self__, "monitored_registry_paths", monitored_registry_paths) + if monitored_registry_processes is not None: + pulumi.set(__self__, "monitored_registry_processes", monitored_registry_processes) + if monitored_registry_read is not None: + pulumi.set(__self__, "monitored_registry_read", monitored_registry_read) + if monitored_registry_users is not None: + pulumi.set(__self__, "monitored_registry_users", monitored_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryPaths") + def exceptional_monitored_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_paths") + + @exceptional_monitored_registry_paths.setter + def exceptional_monitored_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_paths", value) + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryProcesses") + def exceptional_monitored_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_processes") + + @exceptional_monitored_registry_processes.setter + def exceptional_monitored_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_processes", value) + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryUsers") + def exceptional_monitored_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_users") + + @exceptional_monitored_registry_users.setter + def exceptional_monitored_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_users", value) + + @property + @pulumi.getter(name="monitoredRegistryAttributes") + def monitored_registry_attributes(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_attributes") + + @monitored_registry_attributes.setter + def monitored_registry_attributes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_attributes", value) + + @property + @pulumi.getter(name="monitoredRegistryCreate") + def monitored_registry_create(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_create") + + @monitored_registry_create.setter + def monitored_registry_create(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_create", value) + + @property + @pulumi.getter(name="monitoredRegistryDelete") + def monitored_registry_delete(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_delete") + + @monitored_registry_delete.setter + def monitored_registry_delete(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_delete", value) + + @property + @pulumi.getter(name="monitoredRegistryModify") + def monitored_registry_modify(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_modify") + + @monitored_registry_modify.setter + def monitored_registry_modify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_modify", value) + + @property + @pulumi.getter(name="monitoredRegistryPaths") + def monitored_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_paths") + + @monitored_registry_paths.setter + def monitored_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_paths", value) + + @property + @pulumi.getter(name="monitoredRegistryProcesses") + def monitored_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_processes") + + @monitored_registry_processes.setter + def monitored_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_processes", value) + + @property + @pulumi.getter(name="monitoredRegistryRead") + def monitored_registry_read(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_read") + + @monitored_registry_read.setter + def monitored_registry_read(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_read", value) + + @property + @pulumi.getter(name="monitoredRegistryUsers") + def monitored_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_users") + + @monitored_registry_users.setter + def monitored_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_users", value) + + +@pulumi.input_type +class FunctionRuntimePolicyRestrictedVolumeArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: Whether restricted volumes are enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") + + @volumes.setter + def volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "volumes", value) + + +@pulumi.input_type +class FunctionRuntimePolicyReverseShellArgs: + def __init__(__self__, *, + block_reverse_shell: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + reverse_shell_ip_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + reverse_shell_proc_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_reverse_shell is not None: + pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + if reverse_shell_proc_white_lists is not None: + pulumi.set(__self__, "reverse_shell_proc_white_lists", reverse_shell_proc_white_lists) + + @property + @pulumi.getter(name="blockReverseShell") + def block_reverse_shell(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_reverse_shell") + + @block_reverse_shell.setter + def block_reverse_shell(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_reverse_shell", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) + + @property + @pulumi.getter(name="reverseShellProcWhiteLists") + def reverse_shell_proc_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_proc_white_lists") + + @reverse_shell_proc_white_lists.setter + def reverse_shell_proc_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_proc_white_lists", value) + + +@pulumi.input_type +class FunctionRuntimePolicyScopeArgs: + def __init__(__self__, *, + expression: pulumi.Input[str], + variables: pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]): + """ + :param pulumi.Input[str] expression: Scope expression. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]] variables: List of variables in the scope. + """ + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> pulumi.Input[str]: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: pulumi.Input[str]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class FunctionRuntimePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: pulumi.Input[str], + value: pulumi.Input[str], + name: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] attribute: Class of supported scope. + :param pulumi.Input[str] value: Value assigned to the attribute. + :param pulumi.Input[str] name: Name assigned to the attribute. + """ + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def attribute(self) -> pulumi.Input[str]: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: pulumi.Input[str]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def value(self) -> pulumi.Input[str]: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: pulumi.Input[str]): + pulumi.set(self, "value", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class FunctionRuntimePolicySystemIntegrityProtectionArgs: + def __init__(__self__, *, + audit_systemtime_change: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + monitor_audit_log_integrity: Optional[pulumi.Input[bool]] = None, + windows_services_monitoring: Optional[pulumi.Input[bool]] = None): + if audit_systemtime_change is not None: + pulumi.set(__self__, "audit_systemtime_change", audit_systemtime_change) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if monitor_audit_log_integrity is not None: + pulumi.set(__self__, "monitor_audit_log_integrity", monitor_audit_log_integrity) + if windows_services_monitoring is not None: + pulumi.set(__self__, "windows_services_monitoring", windows_services_monitoring) + + @property + @pulumi.getter(name="auditSystemtimeChange") + def audit_systemtime_change(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_systemtime_change") + + @audit_systemtime_change.setter + def audit_systemtime_change(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_systemtime_change", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="monitorAuditLogIntegrity") + def monitor_audit_log_integrity(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitor_audit_log_integrity") + + @monitor_audit_log_integrity.setter + def monitor_audit_log_integrity(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitor_audit_log_integrity", value) + + @property + @pulumi.getter(name="windowsServicesMonitoring") + def windows_services_monitoring(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "windows_services_monitoring") + + @windows_services_monitoring.setter + def windows_services_monitoring(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "windows_services_monitoring", value) + + +@pulumi.input_type +class FunctionRuntimePolicyTripwireArgs: + def __init__(__self__, *, + apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + serverless_app: Optional[pulumi.Input[str]] = None, + user_id: Optional[pulumi.Input[str]] = None, + user_password: Optional[pulumi.Input[str]] = None): + if apply_ons is not None: + pulumi.set(__self__, "apply_ons", apply_ons) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if serverless_app is not None: + pulumi.set(__self__, "serverless_app", serverless_app) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + if user_password is not None: + pulumi.set(__self__, "user_password", user_password) + + @property + @pulumi.getter(name="applyOns") + def apply_ons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "apply_ons") + + @apply_ons.setter + def apply_ons(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "apply_ons", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="serverlessApp") + def serverless_app(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "serverless_app") + + @serverless_app.setter + def serverless_app(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "serverless_app", value) + + @property + @pulumi.getter(name="userId") + def user_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "user_id") + + @user_id.setter + def user_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "user_id", value) + + @property + @pulumi.getter(name="userPassword") + def user_password(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "user_password") + + @user_password.setter + def user_password(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "user_password", value) + + +@pulumi.input_type +class FunctionRuntimePolicyWhitelistedOsUsersArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + group_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + user_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_white_lists is not None: + pulumi.set(__self__, "group_white_lists", group_white_lists) + if user_white_lists is not None: + pulumi.set(__self__, "user_white_lists", user_white_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="groupWhiteLists") + def group_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "group_white_lists") + + @group_white_lists.setter + def group_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "group_white_lists", value) + + @property + @pulumi.getter(name="userWhiteLists") + def user_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "user_white_lists") + + @user_white_lists.setter + def user_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "user_white_lists", value) + + +@pulumi.input_type +class HostAssurancePolicyAutoScanTimeArgs: + def __init__(__self__, *, + iteration: Optional[pulumi.Input[int]] = None, + iteration_type: Optional[pulumi.Input[str]] = None, + time: Optional[pulumi.Input[str]] = None, + week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "iteration") + + @iteration.setter + def iteration(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "iteration", value) + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "iteration_type") + + @iteration_type.setter + def iteration_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "iteration_type", value) + + @property + @pulumi.getter + def time(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "time") + + @time.setter + def time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "time", value) + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "week_days") + + @week_days.setter + def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "week_days", value) + + +@pulumi.input_type +class HostAssurancePolicyCustomCheckArgs: + def __init__(__self__, *, + author: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, + last_modified: Optional[pulumi.Input[int]] = None, + name: Optional[pulumi.Input[str]] = None, + path: Optional[pulumi.Input[str]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[str]] = None, + severity: Optional[pulumi.Input[str]] = None, + snippet: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] author: Name of user account that created the policy. + """ + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def engine(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "engine") + + @engine.setter + def engine(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "engine", value) + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "last_modified") + + @last_modified.setter + def last_modified(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "last_modified", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def path(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "path") + + @path.setter + def path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") + + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "script_id") + + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "script_id", value) + + @property + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") + + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) + + @property + @pulumi.getter + def snippet(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "snippet") + + @snippet.setter + def snippet(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "snippet", value) + + +@pulumi.input_type +class HostAssurancePolicyForbiddenLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class HostAssurancePolicyPackagesBlackListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") + + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) + + @property + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") + + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) + + @property + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") + + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) + + @property + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") + + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") + + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") + + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class HostAssurancePolicyPackagesWhiteListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") + + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) + + @property + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") + + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) + + @property + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") + + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) + + @property + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") + + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") + + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") + + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class HostAssurancePolicyPolicySettingsArgs: + def __init__(__self__, *, + enforce: Optional[pulumi.Input[bool]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + warn: Optional[pulumi.Input[bool]] = None, + warning_message: Optional[pulumi.Input[str]] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter + def warn(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "warn") + + @warn.setter + def warn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "warn", value) + + @property + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "warning_message") + + @warning_message.setter + def warning_message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warning_message", value) + + +@pulumi.input_type +class HostAssurancePolicyRequiredLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class HostAssurancePolicyScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeVariableArgs']]]] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeVariableArgs']]]]: + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class HostAssurancePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class HostAssurancePolicyTrustedBaseImageArgs: + def __init__(__self__, *, + imagename: Optional[pulumi.Input[str]] = None, + registry: Optional[pulumi.Input[str]] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) + + @property + @pulumi.getter + def imagename(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "imagename") + + @imagename.setter + def imagename(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "imagename", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + +@pulumi.input_type +class HostRuntimePolicyAllowedExecutableArgs: + def __init__(__self__, *, + allow_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allow_root_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + separate_executables: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] allow_executables: List of allowed executables. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allow_root_executables: List of allowed root executables. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. + :param pulumi.Input[bool] separate_executables: Whether to treat executables separately. + """ + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) + + @property + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of allowed executables. + """ + return pulumi.get(self, "allow_executables") + + @allow_executables.setter + def allow_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allow_executables", value) + + @property + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of allowed root executables. + """ + return pulumi.get(self, "allow_root_executables") + + @allow_root_executables.setter + def allow_root_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allow_root_executables", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to treat executables separately. + """ + return pulumi.get(self, "separate_executables") + + @separate_executables.setter + def separate_executables(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "separate_executables", value) + + +@pulumi.input_type +class HostRuntimePolicyAllowedRegistryArgs: + def __init__(__self__, *, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of allowed registries. + :param pulumi.Input[bool] enabled: Whether allowed registries are enabled. + """ + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowed_registries", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether allowed registries are enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class HostRuntimePolicyAuditingArgs: + def __init__(__self__, *, + audit_all_network: Optional[pulumi.Input[bool]] = None, + audit_all_processes: Optional[pulumi.Input[bool]] = None, + audit_failed_login: Optional[pulumi.Input[bool]] = None, + audit_os_user_activity: Optional[pulumi.Input[bool]] = None, + audit_process_cmdline: Optional[pulumi.Input[bool]] = None, + audit_success_login: Optional[pulumi.Input[bool]] = None, + audit_user_account_management: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_all_network") + + @audit_all_network.setter + def audit_all_network(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_all_network", value) + + @property + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_all_processes") + + @audit_all_processes.setter + def audit_all_processes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_all_processes", value) + + @property + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_failed_login") + + @audit_failed_login.setter + def audit_failed_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_failed_login", value) + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_os_user_activity") + + @audit_os_user_activity.setter + def audit_os_user_activity(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_os_user_activity", value) + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_process_cmdline") + + @audit_process_cmdline.setter + def audit_process_cmdline(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_process_cmdline", value) + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_success_login") + + @audit_success_login.setter + def audit_success_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_success_login", value) + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_user_account_management") + + @audit_user_account_management.setter + def audit_user_account_management(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_user_account_management", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class HostRuntimePolicyBlacklistedOsUsersArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + group_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + user_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_black_lists is not None: + pulumi.set(__self__, "group_black_lists", group_black_lists) + if user_black_lists is not None: + pulumi.set(__self__, "user_black_lists", user_black_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="groupBlackLists") + def group_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "group_black_lists") + + @group_black_lists.setter + def group_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "group_black_lists", value) + + @property + @pulumi.getter(name="userBlackLists") + def user_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "user_black_lists") + + @user_black_lists.setter + def user_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "user_black_lists", value) + + +@pulumi.input_type +class HostRuntimePolicyBypassScopeArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeArgs']]]] = None): + """ + :param pulumi.Input[bool] enabled: Whether bypassing the scope is enabled. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeArgs']]] scopes: Scope configuration. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether bypassing the scope is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeArgs']]]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + +@pulumi.input_type +class HostRuntimePolicyBypassScopeScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeVariableArgs']]]] = None): + """ + :param pulumi.Input[str] expression: Scope expression. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeVariableArgs']]] variables: List of variables in the scope. + """ + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeVariableArgs']]]]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class HostRuntimePolicyBypassScopeScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] attribute: Variable attribute. + :param pulumi.Input[str] value: Variable value. + """ + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[pulumi.Input[str]]: + """ + Variable attribute. + """ + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + """ + Variable value. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class HostRuntimePolicyContainerExecArgs: + def __init__(__self__, *, + block_container_exec: Optional[pulumi.Input[bool]] = None, + container_exec_proc_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + reverse_shell_ip_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") + + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) + + @property + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "container_exec_proc_white_lists") + + @container_exec_proc_white_lists.setter + def container_exec_proc_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "container_exec_proc_white_lists", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) + + +@pulumi.input_type +class HostRuntimePolicyDriftPreventionArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exec_lockdown: Optional[pulumi.Input[bool]] = None, + exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + image_lockdown: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[bool] enabled: Whether drift prevention is enabled. + :param pulumi.Input[bool] exec_lockdown: Whether to lockdown execution drift. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param pulumi.Input[bool] image_lockdown: Whether to lockdown image drift. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to lockdown execution drift. + """ + return pulumi.get(self, "exec_lockdown") + + @exec_lockdown.setter + def exec_lockdown(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "exec_lockdown", value) + + @property + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of items in the execution lockdown white list. + """ + return pulumi.get(self, "exec_lockdown_white_lists") + + @exec_lockdown_white_lists.setter + def exec_lockdown_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exec_lockdown_white_lists", value) + + @property + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to lockdown image drift. + """ + return pulumi.get(self, "image_lockdown") + + @image_lockdown.setter + def image_lockdown(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "image_lockdown", value) + + +@pulumi.input_type +class HostRuntimePolicyExecutableBlacklistArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: Whether the executable blacklist is enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] executables: List of blacklisted executables. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether the executable blacklist is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of blacklisted executables. + """ + return pulumi.get(self, "executables") + + @executables.setter + def executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "executables", value) + + +@pulumi.input_type +class HostRuntimePolicyFailedKubernetesChecksArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + failed_checks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if failed_checks is not None: + pulumi.set(__self__, "failed_checks", failed_checks) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="failedChecks") + def failed_checks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "failed_checks") + + @failed_checks.setter + def failed_checks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "failed_checks", value) + + +@pulumi.input_type +class HostRuntimePolicyFileBlockArgs: + def __init__(__self__, *, + block_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_block_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + filename_block_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_files_processes") + + @block_files_processes.setter + def block_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_files_processes", value) + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_files_users") + + @block_files_users.setter + def block_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_files_users", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files") + + @exceptional_block_files.setter + def exceptional_block_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @exceptional_block_files_processes.setter + def exceptional_block_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_files_users") + + @exceptional_block_files_users.setter + def exceptional_block_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_files_users", value) + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "filename_block_lists") + + @filename_block_lists.setter + def filename_block_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "filename_block_lists", value) + + +@pulumi.input_type +class HostRuntimePolicyFileIntegrityMonitoringArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files_attributes: Optional[pulumi.Input[bool]] = None, + monitored_files_create: Optional[pulumi.Input[bool]] = None, + monitored_files_delete: Optional[pulumi.Input[bool]] = None, + monitored_files_modify: Optional[pulumi.Input[bool]] = None, + monitored_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_files_read: Optional[pulumi.Input[bool]] = None, + monitored_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: If true, file integrity monitoring is enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files: List of paths to be monitored. + :param pulumi.Input[bool] monitored_files_attributes: Whether to monitor file attribute operations. + :param pulumi.Input[bool] monitored_files_create: Whether to monitor file create operations. + :param pulumi.Input[bool] monitored_files_delete: Whether to monitor file delete operations. + :param pulumi.Input[bool] monitored_files_modify: Whether to monitor file modify operations. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files_processes: List of processes associated with monitored files. + :param pulumi.Input[bool] monitored_files_read: Whether to monitor file read operations. + :param pulumi.Input[Sequence[pulumi.Input[str]]] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") + + @exceptional_monitored_files.setter + def exceptional_monitored_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files", value) + + @property + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") + + @exceptional_monitored_files_processes.setter + def exceptional_monitored_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files_processes", value) + + @property + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") + + @exceptional_monitored_files_users.setter + def exceptional_monitored_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_files_users", value) + + @property + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") + + @monitored_files.setter + def monitored_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files", value) + + @property + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") + + @monitored_files_attributes.setter + def monitored_files_attributes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_attributes", value) + + @property + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") + + @monitored_files_create.setter + def monitored_files_create(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_create", value) + + @property + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") + + @monitored_files_delete.setter + def monitored_files_delete(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_delete", value) + + @property + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") + + @monitored_files_modify.setter + def monitored_files_modify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_modify", value) + + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") + + @monitored_files_processes.setter + def monitored_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files_processes", value) + + @property + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") + + @monitored_files_read.setter + def monitored_files_read(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_files_read", value) + + @property + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") + + @monitored_files_users.setter + def monitored_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_files_users", value) + + +@pulumi.input_type +class HostRuntimePolicyLimitContainerPrivilegeArgs: + def __init__(__self__, *, + block_add_capabilities: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + ipcmode: Optional[pulumi.Input[bool]] = None, + netmode: Optional[pulumi.Input[bool]] = None, + pidmode: Optional[pulumi.Input[bool]] = None, + prevent_low_port_binding: Optional[pulumi.Input[bool]] = None, + prevent_root_user: Optional[pulumi.Input[bool]] = None, + privileged: Optional[pulumi.Input[bool]] = None, + use_host_user: Optional[pulumi.Input[bool]] = None, + usermode: Optional[pulumi.Input[bool]] = None, + utsmode: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[bool] block_add_capabilities: Whether to block adding capabilities. + :param pulumi.Input[bool] enabled: Whether container privilege limitations are enabled. + :param pulumi.Input[bool] ipcmode: Whether to limit IPC-related capabilities. + :param pulumi.Input[bool] netmode: Whether to limit network-related capabilities. + :param pulumi.Input[bool] pidmode: Whether to limit process-related capabilities. + :param pulumi.Input[bool] prevent_low_port_binding: Whether to prevent low port binding. + :param pulumi.Input[bool] prevent_root_user: Whether to prevent the use of the root user. + :param pulumi.Input[bool] privileged: Whether the container is run in privileged mode. + :param pulumi.Input[bool] use_host_user: Whether to use the host user. + :param pulumi.Input[bool] usermode: Whether to limit user-related capabilities. + :param pulumi.Input[bool] utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) + + @property + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") + + @block_add_capabilities.setter + def block_add_capabilities(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_add_capabilities", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def ipcmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") + + @ipcmode.setter + def ipcmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ipcmode", value) + + @property + @pulumi.getter + def netmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") + + @netmode.setter + def netmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "netmode", value) + + @property + @pulumi.getter + def pidmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") + + @pidmode.setter + def pidmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "pidmode", value) + + @property + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") + + @prevent_low_port_binding.setter + def prevent_low_port_binding(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "prevent_low_port_binding", value) + + @property + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") + + @prevent_root_user.setter + def prevent_root_user(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "prevent_root_user", value) + + @property + @pulumi.getter + def privileged(self) -> Optional[pulumi.Input[bool]]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") + + @privileged.setter + def privileged(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "privileged", value) + + @property + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") + + @use_host_user.setter + def use_host_user(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "use_host_user", value) + + @property + @pulumi.getter + def usermode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") + + @usermode.setter + def usermode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "usermode", value) + + @property + @pulumi.getter + def utsmode(self) -> Optional[pulumi.Input[bool]]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") + + @utsmode.setter + def utsmode(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "utsmode", value) + + +@pulumi.input_type +class HostRuntimePolicyLinuxCapabilitiesArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + remove_linux_capabilities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if remove_linux_capabilities is not None: + pulumi.set(__self__, "remove_linux_capabilities", remove_linux_capabilities) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="removeLinuxCapabilities") + def remove_linux_capabilities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "remove_linux_capabilities") + + @remove_linux_capabilities.setter + def remove_linux_capabilities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "remove_linux_capabilities", value) + + +@pulumi.input_type +class HostRuntimePolicyMalwareScanOptionsArgs: + def __init__(__self__, *, + action: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exclude_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + include_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[str] action: Set Action, Defaults to 'Alert' when empty + :param pulumi.Input[bool] enabled: Defines if enabled or not + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_directories: List of registry paths to be excluded from being protected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_processes: List of registry processes to be excluded from being protected. + :param pulumi.Input[Sequence[pulumi.Input[str]]] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) + + @property + @pulumi.getter + def action(self) -> Optional[pulumi.Input[str]]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") + + @action.setter + def action(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "action", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") + + @exclude_directories.setter + def exclude_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_directories", value) + + @property + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") + + @exclude_processes.setter + def exclude_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_processes", value) + + @property + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") + + @include_directories.setter + def include_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "include_directories", value) + + +@pulumi.input_type +class HostRuntimePolicyPackageBlockArgs: + def __init__(__self__, *, + block_packages_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_packages_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_block_packages_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_packages_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_block_packages_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + + @property + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_packages_processes") + + @block_packages_processes.setter + def block_packages_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_packages_processes", value) + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_packages_users") + + @block_packages_users.setter + def block_packages_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_packages_users", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_files") + + @exceptional_block_packages_files.setter + def exceptional_block_packages_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_files", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_processes") + + @exceptional_block_packages_processes.setter + def exceptional_block_packages_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_block_packages_users") + + @exceptional_block_packages_users.setter + def exceptional_block_packages_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_block_packages_users", value) + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "packages_black_lists") + + @packages_black_lists.setter + def packages_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "packages_black_lists", value) + + +@pulumi.input_type +class HostRuntimePolicyPortBlockArgs: + def __init__(__self__, *, + block_inbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + block_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_inbound_ports") + + @block_inbound_ports.setter + def block_inbound_ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_inbound_ports", value) + + @property + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "block_outbound_ports") + + @block_outbound_ports.setter + def block_outbound_ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "block_outbound_ports", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class HostRuntimePolicyReadonlyFilesArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_readonly_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_files_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files") + + @exceptional_readonly_files.setter + def exceptional_readonly_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files", value) + + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files_processes") + + @exceptional_readonly_files_processes.setter + def exceptional_readonly_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files_processes", value) + + @property + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_files_users") + + @exceptional_readonly_files_users.setter + def exceptional_readonly_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_files_users", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files_processes") + + @readonly_files_processes.setter + def readonly_files_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files_processes", value) + + @property + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_files_users") + + @readonly_files_users.setter + def readonly_files_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_files_users", value) + + +@pulumi.input_type +class HostRuntimePolicyReadonlyRegistryArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_readonly_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_readonly_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + readonly_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_registry_paths is not None: + pulumi.set(__self__, "exceptional_readonly_registry_paths", exceptional_readonly_registry_paths) + if exceptional_readonly_registry_processes is not None: + pulumi.set(__self__, "exceptional_readonly_registry_processes", exceptional_readonly_registry_processes) + if exceptional_readonly_registry_users is not None: + pulumi.set(__self__, "exceptional_readonly_registry_users", exceptional_readonly_registry_users) + if readonly_registry_paths is not None: + pulumi.set(__self__, "readonly_registry_paths", readonly_registry_paths) + if readonly_registry_processes is not None: + pulumi.set(__self__, "readonly_registry_processes", readonly_registry_processes) + if readonly_registry_users is not None: + pulumi.set(__self__, "readonly_registry_users", readonly_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryPaths") + def exceptional_readonly_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_paths") + + @exceptional_readonly_registry_paths.setter + def exceptional_readonly_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_paths", value) + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryProcesses") + def exceptional_readonly_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_processes") + + @exceptional_readonly_registry_processes.setter + def exceptional_readonly_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_processes", value) + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryUsers") + def exceptional_readonly_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_readonly_registry_users") + + @exceptional_readonly_registry_users.setter + def exceptional_readonly_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_readonly_registry_users", value) + + @property + @pulumi.getter(name="readonlyRegistryPaths") + def readonly_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_paths") + + @readonly_registry_paths.setter + def readonly_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_paths", value) + + @property + @pulumi.getter(name="readonlyRegistryProcesses") + def readonly_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_processes") + + @readonly_registry_processes.setter + def readonly_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_processes", value) + + @property + @pulumi.getter(name="readonlyRegistryUsers") + def readonly_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "readonly_registry_users") + + @readonly_registry_users.setter + def readonly_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "readonly_registry_users", value) + + +@pulumi.input_type +class HostRuntimePolicyRegistryAccessMonitoringArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exceptional_monitored_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_attributes: Optional[pulumi.Input[bool]] = None, + monitored_registry_create: Optional[pulumi.Input[bool]] = None, + monitored_registry_delete: Optional[pulumi.Input[bool]] = None, + monitored_registry_modify: Optional[pulumi.Input[bool]] = None, + monitored_registry_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + monitored_registry_read: Optional[pulumi.Input[bool]] = None, + monitored_registry_users: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_registry_paths is not None: + pulumi.set(__self__, "exceptional_monitored_registry_paths", exceptional_monitored_registry_paths) + if exceptional_monitored_registry_processes is not None: + pulumi.set(__self__, "exceptional_monitored_registry_processes", exceptional_monitored_registry_processes) + if exceptional_monitored_registry_users is not None: + pulumi.set(__self__, "exceptional_monitored_registry_users", exceptional_monitored_registry_users) + if monitored_registry_attributes is not None: + pulumi.set(__self__, "monitored_registry_attributes", monitored_registry_attributes) + if monitored_registry_create is not None: + pulumi.set(__self__, "monitored_registry_create", monitored_registry_create) + if monitored_registry_delete is not None: + pulumi.set(__self__, "monitored_registry_delete", monitored_registry_delete) + if monitored_registry_modify is not None: + pulumi.set(__self__, "monitored_registry_modify", monitored_registry_modify) + if monitored_registry_paths is not None: + pulumi.set(__self__, "monitored_registry_paths", monitored_registry_paths) + if monitored_registry_processes is not None: + pulumi.set(__self__, "monitored_registry_processes", monitored_registry_processes) + if monitored_registry_read is not None: + pulumi.set(__self__, "monitored_registry_read", monitored_registry_read) + if monitored_registry_users is not None: + pulumi.set(__self__, "monitored_registry_users", monitored_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryPaths") + def exceptional_monitored_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_paths") + + @exceptional_monitored_registry_paths.setter + def exceptional_monitored_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_paths", value) + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryProcesses") + def exceptional_monitored_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_processes") + + @exceptional_monitored_registry_processes.setter + def exceptional_monitored_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_processes", value) + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryUsers") + def exceptional_monitored_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_registry_users") + + @exceptional_monitored_registry_users.setter + def exceptional_monitored_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_registry_users", value) + + @property + @pulumi.getter(name="monitoredRegistryAttributes") + def monitored_registry_attributes(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_attributes") + + @monitored_registry_attributes.setter + def monitored_registry_attributes(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_attributes", value) + + @property + @pulumi.getter(name="monitoredRegistryCreate") + def monitored_registry_create(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_create") + + @monitored_registry_create.setter + def monitored_registry_create(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_create", value) + + @property + @pulumi.getter(name="monitoredRegistryDelete") + def monitored_registry_delete(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_delete") + + @monitored_registry_delete.setter + def monitored_registry_delete(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_delete", value) + + @property + @pulumi.getter(name="monitoredRegistryModify") + def monitored_registry_modify(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_modify") + + @monitored_registry_modify.setter + def monitored_registry_modify(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_modify", value) + + @property + @pulumi.getter(name="monitoredRegistryPaths") + def monitored_registry_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_paths") + + @monitored_registry_paths.setter + def monitored_registry_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_paths", value) + + @property + @pulumi.getter(name="monitoredRegistryProcesses") + def monitored_registry_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_processes") + + @monitored_registry_processes.setter + def monitored_registry_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_processes", value) + + @property + @pulumi.getter(name="monitoredRegistryRead") + def monitored_registry_read(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitored_registry_read") + + @monitored_registry_read.setter + def monitored_registry_read(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitored_registry_read", value) + + @property + @pulumi.getter(name="monitoredRegistryUsers") + def monitored_registry_users(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_registry_users") + + @monitored_registry_users.setter + def monitored_registry_users(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_registry_users", value) + + +@pulumi.input_type +class HostRuntimePolicyRestrictedVolumeArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] enabled: Whether restricted volumes are enabled. + :param pulumi.Input[Sequence[pulumi.Input[str]]] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") + + @volumes.setter + def volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "volumes", value) + + +@pulumi.input_type +class HostRuntimePolicyReverseShellArgs: + def __init__(__self__, *, + block_reverse_shell: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + reverse_shell_ip_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + reverse_shell_proc_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if block_reverse_shell is not None: + pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + if reverse_shell_proc_white_lists is not None: + pulumi.set(__self__, "reverse_shell_proc_white_lists", reverse_shell_proc_white_lists) + + @property + @pulumi.getter(name="blockReverseShell") + def block_reverse_shell(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_reverse_shell") + + @block_reverse_shell.setter + def block_reverse_shell(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_reverse_shell", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) + + @property + @pulumi.getter(name="reverseShellProcWhiteLists") + def reverse_shell_proc_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "reverse_shell_proc_white_lists") + + @reverse_shell_proc_white_lists.setter + def reverse_shell_proc_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "reverse_shell_proc_white_lists", value) + + +@pulumi.input_type +class HostRuntimePolicyScopeArgs: + def __init__(__self__, *, + expression: pulumi.Input[str], + variables: pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]]): + """ + :param pulumi.Input[str] expression: Scope expression. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]] variables: List of variables in the scope. + """ + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> pulumi.Input[str]: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: pulumi.Input[str]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class HostRuntimePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: pulumi.Input[str], + value: pulumi.Input[str], + name: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] attribute: Class of supported scope. + :param pulumi.Input[str] value: Value assigned to the attribute. + :param pulumi.Input[str] name: Name assigned to the attribute. + """ + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def attribute(self) -> pulumi.Input[str]: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: pulumi.Input[str]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def value(self) -> pulumi.Input[str]: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: pulumi.Input[str]): + pulumi.set(self, "value", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class HostRuntimePolicySystemIntegrityProtectionArgs: + def __init__(__self__, *, + audit_systemtime_change: Optional[pulumi.Input[bool]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + monitor_audit_log_integrity: Optional[pulumi.Input[bool]] = None, + windows_services_monitoring: Optional[pulumi.Input[bool]] = None): + if audit_systemtime_change is not None: + pulumi.set(__self__, "audit_systemtime_change", audit_systemtime_change) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if monitor_audit_log_integrity is not None: + pulumi.set(__self__, "monitor_audit_log_integrity", monitor_audit_log_integrity) + if windows_services_monitoring is not None: + pulumi.set(__self__, "windows_services_monitoring", windows_services_monitoring) + + @property + @pulumi.getter(name="auditSystemtimeChange") + def audit_systemtime_change(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "audit_systemtime_change") + + @audit_systemtime_change.setter + def audit_systemtime_change(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_systemtime_change", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="monitorAuditLogIntegrity") + def monitor_audit_log_integrity(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "monitor_audit_log_integrity") + + @monitor_audit_log_integrity.setter + def monitor_audit_log_integrity(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "monitor_audit_log_integrity", value) + + @property + @pulumi.getter(name="windowsServicesMonitoring") + def windows_services_monitoring(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "windows_services_monitoring") + + @windows_services_monitoring.setter + def windows_services_monitoring(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "windows_services_monitoring", value) + + +@pulumi.input_type +class HostRuntimePolicyTripwireArgs: + def __init__(__self__, *, + apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + serverless_app: Optional[pulumi.Input[str]] = None, + user_id: Optional[pulumi.Input[str]] = None, + user_password: Optional[pulumi.Input[str]] = None): + if apply_ons is not None: + pulumi.set(__self__, "apply_ons", apply_ons) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if serverless_app is not None: + pulumi.set(__self__, "serverless_app", serverless_app) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + if user_password is not None: + pulumi.set(__self__, "user_password", user_password) + + @property + @pulumi.getter(name="applyOns") + def apply_ons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "apply_ons") + + @apply_ons.setter + def apply_ons(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "apply_ons", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="serverlessApp") + def serverless_app(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "serverless_app") + + @serverless_app.setter + def serverless_app(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "serverless_app", value) + + @property + @pulumi.getter(name="userId") + def user_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "user_id") + + @user_id.setter + def user_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "user_id", value) + + @property + @pulumi.getter(name="userPassword") + def user_password(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "user_password") + + @user_password.setter + def user_password(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "user_password", value) + + +@pulumi.input_type +class HostRuntimePolicyWhitelistedOsUsersArgs: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + group_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + user_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_white_lists is not None: + pulumi.set(__self__, "group_white_lists", group_white_lists) + if user_white_lists is not None: + pulumi.set(__self__, "user_white_lists", user_white_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="groupWhiteLists") + def group_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "group_white_lists") + + @group_white_lists.setter + def group_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "group_white_lists", value) + + @property + @pulumi.getter(name="userWhiteLists") + def user_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "user_white_lists") + + @user_white_lists.setter + def user_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "user_white_lists", value) + + +@pulumi.input_type +class ImageAssuranceChecksPerformedArgs: + def __init__(__self__, *, + assurance_type: Optional[pulumi.Input[str]] = None, + blocking: Optional[pulumi.Input[bool]] = None, + control: Optional[pulumi.Input[str]] = None, + dta_skipped: Optional[pulumi.Input[bool]] = None, + dta_skipped_reason: Optional[pulumi.Input[str]] = None, + failed: Optional[pulumi.Input[bool]] = None, + policy_name: Optional[pulumi.Input[str]] = None): + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) + if blocking is not None: + pulumi.set(__self__, "blocking", blocking) + if control is not None: + pulumi.set(__self__, "control", control) + if dta_skipped is not None: + pulumi.set(__self__, "dta_skipped", dta_skipped) + if dta_skipped_reason is not None: + pulumi.set(__self__, "dta_skipped_reason", dta_skipped_reason) + if failed is not None: + pulumi.set(__self__, "failed", failed) + if policy_name is not None: + pulumi.set(__self__, "policy_name", policy_name) + + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + + @property + @pulumi.getter + def blocking(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "blocking") + + @blocking.setter + def blocking(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "blocking", value) + + @property + @pulumi.getter + def control(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "control") + + @control.setter + def control(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "control", value) + + @property + @pulumi.getter(name="dtaSkipped") + def dta_skipped(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "dta_skipped") + + @dta_skipped.setter + def dta_skipped(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "dta_skipped", value) + + @property + @pulumi.getter(name="dtaSkippedReason") + def dta_skipped_reason(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "dta_skipped_reason") + + @dta_skipped_reason.setter + def dta_skipped_reason(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "dta_skipped_reason", value) + + @property + @pulumi.getter + def failed(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "failed") + + @failed.setter + def failed(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "failed", value) + + @property + @pulumi.getter(name="policyName") + def policy_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "policy_name") + + @policy_name.setter + def policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "policy_name", value) + + +@pulumi.input_type +class ImageAssurancePolicyAutoScanTimeArgs: + def __init__(__self__, *, + iteration: Optional[pulumi.Input[int]] = None, + iteration_type: Optional[pulumi.Input[str]] = None, + time: Optional[pulumi.Input[str]] = None, + week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "iteration") + + @iteration.setter + def iteration(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "iteration", value) + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "iteration_type") + + @iteration_type.setter + def iteration_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "iteration_type", value) + + @property + @pulumi.getter + def time(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "time") + + @time.setter + def time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "time", value) + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "week_days") + + @week_days.setter + def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "week_days", value) + + +@pulumi.input_type +class ImageAssurancePolicyCustomCheckArgs: + def __init__(__self__, *, + author: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, + last_modified: Optional[pulumi.Input[int]] = None, + name: Optional[pulumi.Input[str]] = None, + path: Optional[pulumi.Input[str]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[str]] = None, + severity: Optional[pulumi.Input[str]] = None, + snippet: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] author: Name of user account that created the policy. + """ + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def engine(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "engine") + + @engine.setter + def engine(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "engine", value) + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "last_modified") + + @last_modified.setter + def last_modified(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "last_modified", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def path(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "path") + + @path.setter + def path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") + + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "script_id") + + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "script_id", value) + + @property + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") + + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) + + @property + @pulumi.getter + def snippet(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "snippet") + + @snippet.setter + def snippet(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "snippet", value) + + +@pulumi.input_type +class ImageAssurancePolicyForbiddenLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class ImageAssurancePolicyKubernetesControlsArgs: + def __init__(__self__, *, + avd_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + kind: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + ootb: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[int]] = None, + severity: Optional[pulumi.Input[str]] = None): + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + + @property + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "avd_id") + + @avd_id.setter + def avd_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "avd_id", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def ootb(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ootb") + + @ootb.setter + def ootb(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ootb", value) + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "script_id") + + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "script_id", value) + + @property + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") + + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) + + +@pulumi.input_type +class ImageAssurancePolicyPackagesBlackListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") + + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) + + @property + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") + + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) + + @property + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") + + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) + + @property + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") + + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") + + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") + + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class ImageAssurancePolicyPackagesWhiteListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") + + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) + + @property + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") + + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) + + @property + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") + + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) + + @property + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") + + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") + + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") + + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class ImageAssurancePolicyPolicySettingsArgs: + def __init__(__self__, *, + enforce: Optional[pulumi.Input[bool]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + warn: Optional[pulumi.Input[bool]] = None, + warning_message: Optional[pulumi.Input[str]] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter + def warn(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "warn") + + @warn.setter + def warn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "warn", value) + + @property + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "warning_message") + + @warning_message.setter + def warning_message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warning_message", value) + + +@pulumi.input_type +class ImageAssurancePolicyRequiredLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class ImageAssurancePolicyScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeVariableArgs']]]] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeVariableArgs']]]]: + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class ImageAssurancePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class ImageAssurancePolicyTrustedBaseImageArgs: + def __init__(__self__, *, + imagename: Optional[pulumi.Input[str]] = None, + registry: Optional[pulumi.Input[str]] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) + + @property + @pulumi.getter + def imagename(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "imagename") + + @imagename.setter + def imagename(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "imagename", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + +@pulumi.input_type +class ImageHistoryArgs: + def __init__(__self__, *, + comment: Optional[pulumi.Input[str]] = None, + created: Optional[pulumi.Input[str]] = None, + created_by: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + size: Optional[pulumi.Input[int]] = None): + if comment is not None: + pulumi.set(__self__, "comment", comment) + if created is not None: + pulumi.set(__self__, "created", created) + if created_by is not None: + pulumi.set(__self__, "created_by", created_by) + if id is not None: + pulumi.set(__self__, "id", id) + if size is not None: + pulumi.set(__self__, "size", size) + + @property + @pulumi.getter + def comment(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "comment") + + @comment.setter + def comment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "comment", value) + + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter(name="createdBy") + def created_by(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created_by") + + @created_by.setter + def created_by(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created_by", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def size(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "size") + + @size.setter + def size(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "size", value) + + +@pulumi.input_type +class ImageVulnerabilityArgs: + def __init__(__self__, *, + ack_author: Optional[pulumi.Input[str]] = None, + ack_comment: Optional[pulumi.Input[str]] = None, + ack_expiration_configured_at: Optional[pulumi.Input[str]] = None, + ack_expiration_configured_by: Optional[pulumi.Input[str]] = None, + ack_expiration_days: Optional[pulumi.Input[int]] = None, + ack_scope: Optional[pulumi.Input[str]] = None, + acknowledge_date: Optional[pulumi.Input[str]] = None, + ancestor_pkg: Optional[pulumi.Input[str]] = None, + aqua_score: Optional[pulumi.Input[float]] = None, + aqua_score_classification: Optional[pulumi.Input[str]] = None, + aqua_scoring_system: Optional[pulumi.Input[str]] = None, + aqua_severity: Optional[pulumi.Input[str]] = None, + aqua_severity_classification: Optional[pulumi.Input[str]] = None, + aqua_vectors: Optional[pulumi.Input[str]] = None, + audit_events_count: Optional[pulumi.Input[int]] = None, + block_events_count: Optional[pulumi.Input[int]] = None, + classification: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + digest: Optional[pulumi.Input[str]] = None, + exploit_reference: Optional[pulumi.Input[str]] = None, + exploit_type: Optional[pulumi.Input[str]] = None, + first_found_date: Optional[pulumi.Input[str]] = None, + fix_version: Optional[pulumi.Input[str]] = None, + image_name: Optional[pulumi.Input[str]] = None, + last_found_date: Optional[pulumi.Input[str]] = None, + modification_date: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + nvd_cvss2_score: Optional[pulumi.Input[float]] = None, + nvd_cvss2_vectors: Optional[pulumi.Input[str]] = None, + nvd_cvss3_score: Optional[pulumi.Input[float]] = None, + nvd_cvss3_severity: Optional[pulumi.Input[str]] = None, + nvd_cvss3_vectors: Optional[pulumi.Input[str]] = None, + nvd_severity: Optional[pulumi.Input[str]] = None, + nvd_url: Optional[pulumi.Input[str]] = None, + os: Optional[pulumi.Input[str]] = None, + os_version: Optional[pulumi.Input[str]] = None, + permission: Optional[pulumi.Input[str]] = None, + publish_date: Optional[pulumi.Input[str]] = None, + registry: Optional[pulumi.Input[str]] = None, + repository: Optional[pulumi.Input[str]] = None, + resource_architecture: Optional[pulumi.Input[str]] = None, + resource_cpe: Optional[pulumi.Input[str]] = None, + resource_format: Optional[pulumi.Input[str]] = None, + resource_hash: Optional[pulumi.Input[str]] = None, + resource_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_path: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + resource_version: Optional[pulumi.Input[str]] = None, + severity_classification: Optional[pulumi.Input[str]] = None, + solution: Optional[pulumi.Input[str]] = None, + temporal_vector: Optional[pulumi.Input[str]] = None, + v_patch_applied_by: Optional[pulumi.Input[str]] = None, + v_patch_applied_on: Optional[pulumi.Input[str]] = None, + v_patch_enforced_by: Optional[pulumi.Input[str]] = None, + v_patch_enforced_on: Optional[pulumi.Input[str]] = None, + v_patch_policy_enforce: Optional[pulumi.Input[bool]] = None, + v_patch_policy_name: Optional[pulumi.Input[str]] = None, + v_patch_reverted_by: Optional[pulumi.Input[str]] = None, + v_patch_reverted_on: Optional[pulumi.Input[str]] = None, + v_patch_status: Optional[pulumi.Input[str]] = None, + vendor_cvss2_score: Optional[pulumi.Input[float]] = None, + vendor_cvss2_vectors: Optional[pulumi.Input[str]] = None, + vendor_severity: Optional[pulumi.Input[str]] = None, + vendor_statement: Optional[pulumi.Input[str]] = None, + vendor_url: Optional[pulumi.Input[str]] = None): + if ack_author is not None: + pulumi.set(__self__, "ack_author", ack_author) + if ack_comment is not None: + pulumi.set(__self__, "ack_comment", ack_comment) + if ack_expiration_configured_at is not None: + pulumi.set(__self__, "ack_expiration_configured_at", ack_expiration_configured_at) + if ack_expiration_configured_by is not None: pulumi.set(__self__, "ack_expiration_configured_by", ack_expiration_configured_by) if ack_expiration_days is not None: pulumi.set(__self__, "ack_expiration_days", ack_expiration_days) @@ -4360,346 +9690,2153 @@ def __init__(__self__, *, pulumi.set(__self__, "classification", classification) if description is not None: pulumi.set(__self__, "description", description) - if digest is not None: - pulumi.set(__self__, "digest", digest) - if exploit_reference is not None: - pulumi.set(__self__, "exploit_reference", exploit_reference) - if exploit_type is not None: - pulumi.set(__self__, "exploit_type", exploit_type) - if first_found_date is not None: - pulumi.set(__self__, "first_found_date", first_found_date) - if fix_version is not None: - pulumi.set(__self__, "fix_version", fix_version) - if image_name is not None: - pulumi.set(__self__, "image_name", image_name) - if last_found_date is not None: - pulumi.set(__self__, "last_found_date", last_found_date) - if modification_date is not None: - pulumi.set(__self__, "modification_date", modification_date) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if exploit_reference is not None: + pulumi.set(__self__, "exploit_reference", exploit_reference) + if exploit_type is not None: + pulumi.set(__self__, "exploit_type", exploit_type) + if first_found_date is not None: + pulumi.set(__self__, "first_found_date", first_found_date) + if fix_version is not None: + pulumi.set(__self__, "fix_version", fix_version) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if last_found_date is not None: + pulumi.set(__self__, "last_found_date", last_found_date) + if modification_date is not None: + pulumi.set(__self__, "modification_date", modification_date) + if name is not None: + pulumi.set(__self__, "name", name) + if nvd_cvss2_score is not None: + pulumi.set(__self__, "nvd_cvss2_score", nvd_cvss2_score) + if nvd_cvss2_vectors is not None: + pulumi.set(__self__, "nvd_cvss2_vectors", nvd_cvss2_vectors) + if nvd_cvss3_score is not None: + pulumi.set(__self__, "nvd_cvss3_score", nvd_cvss3_score) + if nvd_cvss3_severity is not None: + pulumi.set(__self__, "nvd_cvss3_severity", nvd_cvss3_severity) + if nvd_cvss3_vectors is not None: + pulumi.set(__self__, "nvd_cvss3_vectors", nvd_cvss3_vectors) + if nvd_severity is not None: + pulumi.set(__self__, "nvd_severity", nvd_severity) + if nvd_url is not None: + pulumi.set(__self__, "nvd_url", nvd_url) + if os is not None: + pulumi.set(__self__, "os", os) + if os_version is not None: + pulumi.set(__self__, "os_version", os_version) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if publish_date is not None: + pulumi.set(__self__, "publish_date", publish_date) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if repository is not None: + pulumi.set(__self__, "repository", repository) + if resource_architecture is not None: + pulumi.set(__self__, "resource_architecture", resource_architecture) + if resource_cpe is not None: + pulumi.set(__self__, "resource_cpe", resource_cpe) + if resource_format is not None: + pulumi.set(__self__, "resource_format", resource_format) + if resource_hash is not None: + pulumi.set(__self__, "resource_hash", resource_hash) + if resource_licenses is not None: + pulumi.set(__self__, "resource_licenses", resource_licenses) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_path is not None: + pulumi.set(__self__, "resource_path", resource_path) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if resource_version is not None: + pulumi.set(__self__, "resource_version", resource_version) + if severity_classification is not None: + pulumi.set(__self__, "severity_classification", severity_classification) + if solution is not None: + pulumi.set(__self__, "solution", solution) + if temporal_vector is not None: + pulumi.set(__self__, "temporal_vector", temporal_vector) + if v_patch_applied_by is not None: + pulumi.set(__self__, "v_patch_applied_by", v_patch_applied_by) + if v_patch_applied_on is not None: + pulumi.set(__self__, "v_patch_applied_on", v_patch_applied_on) + if v_patch_enforced_by is not None: + pulumi.set(__self__, "v_patch_enforced_by", v_patch_enforced_by) + if v_patch_enforced_on is not None: + pulumi.set(__self__, "v_patch_enforced_on", v_patch_enforced_on) + if v_patch_policy_enforce is not None: + pulumi.set(__self__, "v_patch_policy_enforce", v_patch_policy_enforce) + if v_patch_policy_name is not None: + pulumi.set(__self__, "v_patch_policy_name", v_patch_policy_name) + if v_patch_reverted_by is not None: + pulumi.set(__self__, "v_patch_reverted_by", v_patch_reverted_by) + if v_patch_reverted_on is not None: + pulumi.set(__self__, "v_patch_reverted_on", v_patch_reverted_on) + if v_patch_status is not None: + pulumi.set(__self__, "v_patch_status", v_patch_status) + if vendor_cvss2_score is not None: + pulumi.set(__self__, "vendor_cvss2_score", vendor_cvss2_score) + if vendor_cvss2_vectors is not None: + pulumi.set(__self__, "vendor_cvss2_vectors", vendor_cvss2_vectors) + if vendor_severity is not None: + pulumi.set(__self__, "vendor_severity", vendor_severity) + if vendor_statement is not None: + pulumi.set(__self__, "vendor_statement", vendor_statement) + if vendor_url is not None: + pulumi.set(__self__, "vendor_url", vendor_url) + + @property + @pulumi.getter(name="ackAuthor") + def ack_author(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ack_author") + + @ack_author.setter + def ack_author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ack_author", value) + + @property + @pulumi.getter(name="ackComment") + def ack_comment(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ack_comment") + + @ack_comment.setter + def ack_comment(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ack_comment", value) + + @property + @pulumi.getter(name="ackExpirationConfiguredAt") + def ack_expiration_configured_at(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ack_expiration_configured_at") + + @ack_expiration_configured_at.setter + def ack_expiration_configured_at(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ack_expiration_configured_at", value) + + @property + @pulumi.getter(name="ackExpirationConfiguredBy") + def ack_expiration_configured_by(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ack_expiration_configured_by") + + @ack_expiration_configured_by.setter + def ack_expiration_configured_by(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ack_expiration_configured_by", value) + + @property + @pulumi.getter(name="ackExpirationDays") + def ack_expiration_days(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ack_expiration_days") + + @ack_expiration_days.setter + def ack_expiration_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ack_expiration_days", value) + + @property + @pulumi.getter(name="ackScope") + def ack_scope(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ack_scope") + + @ack_scope.setter + def ack_scope(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ack_scope", value) + + @property + @pulumi.getter(name="acknowledgeDate") + def acknowledge_date(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "acknowledge_date") + + @acknowledge_date.setter + def acknowledge_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "acknowledge_date", value) + + @property + @pulumi.getter(name="ancestorPkg") + def ancestor_pkg(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ancestor_pkg") + + @ancestor_pkg.setter + def ancestor_pkg(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ancestor_pkg", value) + + @property + @pulumi.getter(name="aquaScore") + def aqua_score(self) -> Optional[pulumi.Input[float]]: + return pulumi.get(self, "aqua_score") + + @aqua_score.setter + def aqua_score(self, value: Optional[pulumi.Input[float]]): + pulumi.set(self, "aqua_score", value) + + @property + @pulumi.getter(name="aquaScoreClassification") + def aqua_score_classification(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "aqua_score_classification") + + @aqua_score_classification.setter + def aqua_score_classification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "aqua_score_classification", value) + + @property + @pulumi.getter(name="aquaScoringSystem") + def aqua_scoring_system(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "aqua_scoring_system") + + @aqua_scoring_system.setter + def aqua_scoring_system(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "aqua_scoring_system", value) + + @property + @pulumi.getter(name="aquaSeverity") + def aqua_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "aqua_severity") + + @aqua_severity.setter + def aqua_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "aqua_severity", value) + + @property + @pulumi.getter(name="aquaSeverityClassification") + def aqua_severity_classification(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "aqua_severity_classification") + + @aqua_severity_classification.setter + def aqua_severity_classification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "aqua_severity_classification", value) + + @property + @pulumi.getter(name="aquaVectors") + def aqua_vectors(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "aqua_vectors") + + @aqua_vectors.setter + def aqua_vectors(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "aqua_vectors", value) + + @property + @pulumi.getter(name="auditEventsCount") + def audit_events_count(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "audit_events_count") + + @audit_events_count.setter + def audit_events_count(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "audit_events_count", value) + + @property + @pulumi.getter(name="blockEventsCount") + def block_events_count(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "block_events_count") + + @block_events_count.setter + def block_events_count(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "block_events_count", value) + + @property + @pulumi.getter + def classification(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "classification") + + @classification.setter + def classification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "classification", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="exploitReference") + def exploit_reference(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "exploit_reference") + + @exploit_reference.setter + def exploit_reference(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exploit_reference", value) + + @property + @pulumi.getter(name="exploitType") + def exploit_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "exploit_type") + + @exploit_type.setter + def exploit_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exploit_type", value) + + @property + @pulumi.getter(name="firstFoundDate") + def first_found_date(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "first_found_date") + + @first_found_date.setter + def first_found_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "first_found_date", value) + + @property + @pulumi.getter(name="fixVersion") + def fix_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "fix_version") + + @fix_version.setter + def fix_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "fix_version", value) + + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="lastFoundDate") + def last_found_date(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "last_found_date") + + @last_found_date.setter + def last_found_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "last_found_date", value) + + @property + @pulumi.getter(name="modificationDate") + def modification_date(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "modification_date") + + @modification_date.setter + def modification_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "modification_date", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="nvdCvss2Score") + def nvd_cvss2_score(self) -> Optional[pulumi.Input[float]]: + return pulumi.get(self, "nvd_cvss2_score") + + @nvd_cvss2_score.setter + def nvd_cvss2_score(self, value: Optional[pulumi.Input[float]]): + pulumi.set(self, "nvd_cvss2_score", value) + + @property + @pulumi.getter(name="nvdCvss2Vectors") + def nvd_cvss2_vectors(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "nvd_cvss2_vectors") + + @nvd_cvss2_vectors.setter + def nvd_cvss2_vectors(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "nvd_cvss2_vectors", value) + + @property + @pulumi.getter(name="nvdCvss3Score") + def nvd_cvss3_score(self) -> Optional[pulumi.Input[float]]: + return pulumi.get(self, "nvd_cvss3_score") + + @nvd_cvss3_score.setter + def nvd_cvss3_score(self, value: Optional[pulumi.Input[float]]): + pulumi.set(self, "nvd_cvss3_score", value) + + @property + @pulumi.getter(name="nvdCvss3Severity") + def nvd_cvss3_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "nvd_cvss3_severity") + + @nvd_cvss3_severity.setter + def nvd_cvss3_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "nvd_cvss3_severity", value) + + @property + @pulumi.getter(name="nvdCvss3Vectors") + def nvd_cvss3_vectors(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "nvd_cvss3_vectors") + + @nvd_cvss3_vectors.setter + def nvd_cvss3_vectors(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "nvd_cvss3_vectors", value) + + @property + @pulumi.getter(name="nvdSeverity") + def nvd_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "nvd_severity") + + @nvd_severity.setter + def nvd_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "nvd_severity", value) + + @property + @pulumi.getter(name="nvdUrl") + def nvd_url(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "nvd_url") + + @nvd_url.setter + def nvd_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "nvd_url", value) + + @property + @pulumi.getter + def os(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "os") + + @os.setter + def os(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "os", value) + + @property + @pulumi.getter(name="osVersion") + def os_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "os_version") + + @os_version.setter + def os_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "os_version", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="publishDate") + def publish_date(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "publish_date") + + @publish_date.setter + def publish_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "publish_date", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter + def repository(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repository") + + @repository.setter + def repository(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repository", value) + + @property + @pulumi.getter(name="resourceArchitecture") + def resource_architecture(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_architecture") + + @resource_architecture.setter + def resource_architecture(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_architecture", value) + + @property + @pulumi.getter(name="resourceCpe") + def resource_cpe(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_cpe") + + @resource_cpe.setter + def resource_cpe(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_cpe", value) + + @property + @pulumi.getter(name="resourceFormat") + def resource_format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_format") + + @resource_format.setter + def resource_format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_format", value) + + @property + @pulumi.getter(name="resourceHash") + def resource_hash(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_hash") + + @resource_hash.setter + def resource_hash(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_hash", value) + + @property + @pulumi.getter(name="resourceLicenses") + def resource_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "resource_licenses") + + @resource_licenses.setter + def resource_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "resource_licenses", value) + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") + + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) + + @property + @pulumi.getter(name="resourcePath") + def resource_path(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_path") + + @resource_path.setter + def resource_path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_path", value) + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") + + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) + + @property + @pulumi.getter(name="resourceVersion") + def resource_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_version") + + @resource_version.setter + def resource_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_version", value) + + @property + @pulumi.getter(name="severityClassification") + def severity_classification(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity_classification") + + @severity_classification.setter + def severity_classification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity_classification", value) + + @property + @pulumi.getter + def solution(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "solution") + + @solution.setter + def solution(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "solution", value) + + @property + @pulumi.getter(name="temporalVector") + def temporal_vector(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "temporal_vector") + + @temporal_vector.setter + def temporal_vector(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "temporal_vector", value) + + @property + @pulumi.getter(name="vPatchAppliedBy") + def v_patch_applied_by(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_applied_by") + + @v_patch_applied_by.setter + def v_patch_applied_by(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_applied_by", value) + + @property + @pulumi.getter(name="vPatchAppliedOn") + def v_patch_applied_on(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_applied_on") + + @v_patch_applied_on.setter + def v_patch_applied_on(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_applied_on", value) + + @property + @pulumi.getter(name="vPatchEnforcedBy") + def v_patch_enforced_by(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_enforced_by") + + @v_patch_enforced_by.setter + def v_patch_enforced_by(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_enforced_by", value) + + @property + @pulumi.getter(name="vPatchEnforcedOn") + def v_patch_enforced_on(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_enforced_on") + + @v_patch_enforced_on.setter + def v_patch_enforced_on(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_enforced_on", value) + + @property + @pulumi.getter(name="vPatchPolicyEnforce") + def v_patch_policy_enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "v_patch_policy_enforce") + + @v_patch_policy_enforce.setter + def v_patch_policy_enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "v_patch_policy_enforce", value) + + @property + @pulumi.getter(name="vPatchPolicyName") + def v_patch_policy_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_policy_name") + + @v_patch_policy_name.setter + def v_patch_policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_policy_name", value) + + @property + @pulumi.getter(name="vPatchRevertedBy") + def v_patch_reverted_by(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_reverted_by") + + @v_patch_reverted_by.setter + def v_patch_reverted_by(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_reverted_by", value) + + @property + @pulumi.getter(name="vPatchRevertedOn") + def v_patch_reverted_on(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_reverted_on") + + @v_patch_reverted_on.setter + def v_patch_reverted_on(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_reverted_on", value) + + @property + @pulumi.getter(name="vPatchStatus") + def v_patch_status(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "v_patch_status") + + @v_patch_status.setter + def v_patch_status(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "v_patch_status", value) + + @property + @pulumi.getter(name="vendorCvss2Score") + def vendor_cvss2_score(self) -> Optional[pulumi.Input[float]]: + return pulumi.get(self, "vendor_cvss2_score") + + @vendor_cvss2_score.setter + def vendor_cvss2_score(self, value: Optional[pulumi.Input[float]]): + pulumi.set(self, "vendor_cvss2_score", value) + + @property + @pulumi.getter(name="vendorCvss2Vectors") + def vendor_cvss2_vectors(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vendor_cvss2_vectors") + + @vendor_cvss2_vectors.setter + def vendor_cvss2_vectors(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vendor_cvss2_vectors", value) + + @property + @pulumi.getter(name="vendorSeverity") + def vendor_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vendor_severity") + + @vendor_severity.setter + def vendor_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vendor_severity", value) + + @property + @pulumi.getter(name="vendorStatement") + def vendor_statement(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vendor_statement") + + @vendor_statement.setter + def vendor_statement(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vendor_statement", value) + + @property + @pulumi.getter(name="vendorUrl") + def vendor_url(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vendor_url") + + @vendor_url.setter + def vendor_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vendor_url", value) + + +@pulumi.input_type +class IntegrationRegistryOptionArgs: + def __init__(__self__, *, + option: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if option is not None: + pulumi.set(__self__, "option", option) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def option(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "option") + + @option.setter + def option(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "option", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class IntegrationRegistryWebhookArgs: + def __init__(__self__, *, + auth_token: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + un_quarantine: Optional[pulumi.Input[bool]] = None, + url: Optional[pulumi.Input[str]] = None): + if auth_token is not None: + pulumi.set(__self__, "auth_token", auth_token) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if un_quarantine is not None: + pulumi.set(__self__, "un_quarantine", un_quarantine) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="authToken") + def auth_token(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "auth_token") + + @auth_token.setter + def auth_token(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "auth_token", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="unQuarantine") + def un_quarantine(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "un_quarantine") + + @un_quarantine.setter + def un_quarantine(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "un_quarantine", value) + + @property + @pulumi.getter + def url(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "url") + + @url.setter + def url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "url", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyAutoScanTimeArgs: + def __init__(__self__, *, + iteration: Optional[pulumi.Input[int]] = None, + iteration_type: Optional[pulumi.Input[str]] = None, + time: Optional[pulumi.Input[str]] = None, + week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "iteration") + + @iteration.setter + def iteration(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "iteration", value) + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "iteration_type") + + @iteration_type.setter + def iteration_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "iteration_type", value) + + @property + @pulumi.getter + def time(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "time") + + @time.setter + def time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "time", value) + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "week_days") + + @week_days.setter + def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "week_days", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyCustomCheckArgs: + def __init__(__self__, *, + author: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, + last_modified: Optional[pulumi.Input[int]] = None, + name: Optional[pulumi.Input[str]] = None, + path: Optional[pulumi.Input[str]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[str]] = None, + severity: Optional[pulumi.Input[str]] = None, + snippet: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] author: Name of user account that created the policy. + """ + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def engine(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "engine") + + @engine.setter + def engine(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "engine", value) + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "last_modified") + + @last_modified.setter + def last_modified(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "last_modified", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def path(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "path") + + @path.setter + def path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "path", value) + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") + + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "script_id") + + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "script_id", value) + + @property + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") + + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) + + @property + @pulumi.getter + def snippet(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "snippet") + + @snippet.setter + def snippet(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "snippet", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyForbiddenLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyKubernetesControlArgs: + def __init__(__self__, *, + avd_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + kind: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + ootb: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[int]] = None, + severity: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] avd_id: AVD ID. + :param pulumi.Input[str] description: Description of the control. + :param pulumi.Input[bool] enabled: Is the control enabled? + :param pulumi.Input[str] kind: Kind of the control. + :param pulumi.Input[str] name: Name of the control. + :param pulumi.Input[bool] ootb: Out-of-the-box status of the control. + :param pulumi.Input[int] script_id: Script ID. + :param pulumi.Input[str] severity: Severity of the control. + """ + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + + @property + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[pulumi.Input[str]]: + """ + AVD ID. + """ + return pulumi.get(self, "avd_id") + + @avd_id.setter + def avd_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "avd_id", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + Description of the control. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Is the control enabled? + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[str]]: + """ + Kind of the control. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the control. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def ootb(self) -> Optional[pulumi.Input[bool]]: + """ + Out-of-the-box status of the control. + """ + return pulumi.get(self, "ootb") + + @ootb.setter + def ootb(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ootb", value) + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[int]]: + """ + Script ID. + """ + return pulumi.get(self, "script_id") + + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "script_id", value) + + @property + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + """ + Severity of the control. + """ + return pulumi.get(self, "severity") + + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyPackagesBlackListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") + + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) + + @property + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") + + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) + + @property + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") + + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) + + @property + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") + + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") + + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") + + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyPackagesWhiteListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") + + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) + + @property + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") + + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) + + @property + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") + + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) + + @property + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") + + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") + + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") + + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyPolicySettingsArgs: + def __init__(__self__, *, + enforce: Optional[pulumi.Input[bool]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + warn: Optional[pulumi.Input[bool]] = None, + warning_message: Optional[pulumi.Input[str]] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter + def warn(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "warn") + + @warn.setter + def warn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "warn", value) + + @property + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "warning_message") + + @warning_message.setter + def warning_message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warning_message", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyRequiredLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") + + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeVariableArgs']]]] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeVariableArgs']]]]: + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class KubernetesAssurancePolicyTrustedBaseImageArgs: + def __init__(__self__, *, + imagename: Optional[pulumi.Input[str]] = None, + registry: Optional[pulumi.Input[str]] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) + + @property + @pulumi.getter + def imagename(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "imagename") + + @imagename.setter + def imagename(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "imagename", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + +@pulumi.input_type +class RoleMappingLdapArgs: + def __init__(__self__, *, + role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + """ + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) + + @property + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") + + @role_mapping.setter + def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + pulumi.set(self, "role_mapping", value) + + +@pulumi.input_type +class RoleMappingOauth2Args: + def __init__(__self__, *, + role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + """ + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) + + @property + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") + + @role_mapping.setter + def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + pulumi.set(self, "role_mapping", value) + + +@pulumi.input_type +class RoleMappingOpenidArgs: + def __init__(__self__, *, + role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + """ + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) + + @property + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") + + @role_mapping.setter + def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + pulumi.set(self, "role_mapping", value) + + +@pulumi.input_type +class RoleMappingSamlArgs: + def __init__(__self__, *, + role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + """ + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) + + @property + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") + + @role_mapping.setter + def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + pulumi.set(self, "role_mapping", value) + + +@pulumi.input_type +class ServiceScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] attribute: Class of supported scope. + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[str] value: Value assigned to the attribute. + """ + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) if name is not None: pulumi.set(__self__, "name", name) - if nvd_cvss2_score is not None: - pulumi.set(__self__, "nvd_cvss2_score", nvd_cvss2_score) - if nvd_cvss2_vectors is not None: - pulumi.set(__self__, "nvd_cvss2_vectors", nvd_cvss2_vectors) - if nvd_cvss3_score is not None: - pulumi.set(__self__, "nvd_cvss3_score", nvd_cvss3_score) - if nvd_cvss3_severity is not None: - pulumi.set(__self__, "nvd_cvss3_severity", nvd_cvss3_severity) - if nvd_cvss3_vectors is not None: - pulumi.set(__self__, "nvd_cvss3_vectors", nvd_cvss3_vectors) - if nvd_severity is not None: - pulumi.set(__self__, "nvd_severity", nvd_severity) - if nvd_url is not None: - pulumi.set(__self__, "nvd_url", nvd_url) - if os is not None: - pulumi.set(__self__, "os", os) - if os_version is not None: - pulumi.set(__self__, "os_version", os_version) - if permission is not None: - pulumi.set(__self__, "permission", permission) - if publish_date is not None: - pulumi.set(__self__, "publish_date", publish_date) - if registry is not None: - pulumi.set(__self__, "registry", registry) - if repository is not None: - pulumi.set(__self__, "repository", repository) - if resource_architecture is not None: - pulumi.set(__self__, "resource_architecture", resource_architecture) - if resource_cpe is not None: - pulumi.set(__self__, "resource_cpe", resource_cpe) - if resource_format is not None: - pulumi.set(__self__, "resource_format", resource_format) - if resource_hash is not None: - pulumi.set(__self__, "resource_hash", resource_hash) - if resource_licenses is not None: - pulumi.set(__self__, "resource_licenses", resource_licenses) - if resource_name is not None: - pulumi.set(__self__, "resource_name", resource_name) - if resource_path is not None: - pulumi.set(__self__, "resource_path", resource_path) - if resource_type is not None: - pulumi.set(__self__, "resource_type", resource_type) - if resource_version is not None: - pulumi.set(__self__, "resource_version", resource_version) - if severity_classification is not None: - pulumi.set(__self__, "severity_classification", severity_classification) - if solution is not None: - pulumi.set(__self__, "solution", solution) - if temporal_vector is not None: - pulumi.set(__self__, "temporal_vector", temporal_vector) - if v_patch_applied_by is not None: - pulumi.set(__self__, "v_patch_applied_by", v_patch_applied_by) - if v_patch_applied_on is not None: - pulumi.set(__self__, "v_patch_applied_on", v_patch_applied_on) - if v_patch_enforced_by is not None: - pulumi.set(__self__, "v_patch_enforced_by", v_patch_enforced_by) - if v_patch_enforced_on is not None: - pulumi.set(__self__, "v_patch_enforced_on", v_patch_enforced_on) - if v_patch_policy_enforce is not None: - pulumi.set(__self__, "v_patch_policy_enforce", v_patch_policy_enforce) - if v_patch_policy_name is not None: - pulumi.set(__self__, "v_patch_policy_name", v_patch_policy_name) - if v_patch_reverted_by is not None: - pulumi.set(__self__, "v_patch_reverted_by", v_patch_reverted_by) - if v_patch_reverted_on is not None: - pulumi.set(__self__, "v_patch_reverted_on", v_patch_reverted_on) - if v_patch_status is not None: - pulumi.set(__self__, "v_patch_status", v_patch_status) - if vendor_cvss2_score is not None: - pulumi.set(__self__, "vendor_cvss2_score", vendor_cvss2_score) - if vendor_cvss2_vectors is not None: - pulumi.set(__self__, "vendor_cvss2_vectors", vendor_cvss2_vectors) - if vendor_severity is not None: - pulumi.set(__self__, "vendor_severity", vendor_severity) - if vendor_statement is not None: - pulumi.set(__self__, "vendor_statement", vendor_statement) - if vendor_url is not None: - pulumi.set(__self__, "vendor_url", vendor_url) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[pulumi.Input[str]]: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") + + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class UserSaasGroupArgs: + def __init__(__self__, *, + group_admin: Optional[pulumi.Input[bool]] = None, + name: Optional[pulumi.Input[str]] = None): + if group_admin is not None: + pulumi.set(__self__, "group_admin", group_admin) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter(name="groupAdmin") + def group_admin(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "group_admin") + + @group_admin.setter + def group_admin(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "group_admin", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + +@pulumi.input_type +class UserSaasLoginArgs: + def __init__(__self__, *, + created: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[int]] = None, + ip_address: Optional[pulumi.Input[str]] = None, + user_id: Optional[pulumi.Input[int]] = None): + if created is not None: + pulumi.set(__self__, "created", created) + if id is not None: + pulumi.set(__self__, "id", id) + if ip_address is not None: + pulumi.set(__self__, "ip_address", ip_address) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="ipAddress") + def ip_address(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "ip_address") + + @ip_address.setter + def ip_address(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ip_address", value) + + @property + @pulumi.getter(name="userId") + def user_id(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "user_id") + + @user_id.setter + def user_id(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "user_id", value) + + +@pulumi.input_type +class VmwareAssurancePolicyAutoScanTimeArgs: + def __init__(__self__, *, + iteration: Optional[pulumi.Input[int]] = None, + iteration_type: Optional[pulumi.Input[str]] = None, + time: Optional[pulumi.Input[str]] = None, + week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "iteration") + + @iteration.setter + def iteration(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "iteration", value) + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "iteration_type") + + @iteration_type.setter + def iteration_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "iteration_type", value) @property - @pulumi.getter(name="ackAuthor") - def ack_author(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ack_author") + @pulumi.getter + def time(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "time") - @ack_author.setter - def ack_author(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ack_author", value) + @time.setter + def time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "time", value) @property - @pulumi.getter(name="ackComment") - def ack_comment(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ack_comment") + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "week_days") - @ack_comment.setter - def ack_comment(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ack_comment", value) + @week_days.setter + def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "week_days", value) + + +@pulumi.input_type +class VmwareAssurancePolicyCustomCheckArgs: + def __init__(__self__, *, + author: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, + last_modified: Optional[pulumi.Input[int]] = None, + name: Optional[pulumi.Input[str]] = None, + path: Optional[pulumi.Input[str]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[str]] = None, + severity: Optional[pulumi.Input[str]] = None, + snippet: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] author: Name of user account that created the policy. + """ + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) @property - @pulumi.getter(name="ackExpirationConfiguredAt") - def ack_expiration_configured_at(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ack_expiration_configured_at") + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") - @ack_expiration_configured_at.setter - def ack_expiration_configured_at(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ack_expiration_configured_at", value) + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) @property - @pulumi.getter(name="ackExpirationConfiguredBy") - def ack_expiration_configured_by(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ack_expiration_configured_by") + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") - @ack_expiration_configured_by.setter - def ack_expiration_configured_by(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ack_expiration_configured_by", value) + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) @property - @pulumi.getter(name="ackExpirationDays") - def ack_expiration_days(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "ack_expiration_days") + @pulumi.getter + def engine(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "engine") - @ack_expiration_days.setter - def ack_expiration_days(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "ack_expiration_days", value) + @engine.setter + def engine(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "engine", value) @property - @pulumi.getter(name="ackScope") - def ack_scope(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ack_scope") + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "last_modified") - @ack_scope.setter - def ack_scope(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ack_scope", value) + @last_modified.setter + def last_modified(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "last_modified", value) @property - @pulumi.getter(name="acknowledgeDate") - def acknowledge_date(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "acknowledge_date") + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") - @acknowledge_date.setter - def acknowledge_date(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "acknowledge_date", value) + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) @property - @pulumi.getter(name="ancestorPkg") - def ancestor_pkg(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ancestor_pkg") + @pulumi.getter + def path(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "path") - @ancestor_pkg.setter - def ancestor_pkg(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ancestor_pkg", value) + @path.setter + def path(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "path", value) @property - @pulumi.getter(name="aquaScore") - def aqua_score(self) -> Optional[pulumi.Input[float]]: - return pulumi.get(self, "aqua_score") + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") - @aqua_score.setter - def aqua_score(self, value: Optional[pulumi.Input[float]]): - pulumi.set(self, "aqua_score", value) + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) @property - @pulumi.getter(name="aquaScoreClassification") - def aqua_score_classification(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "aqua_score_classification") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "script_id") - @aqua_score_classification.setter - def aqua_score_classification(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "aqua_score_classification", value) + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "script_id", value) @property - @pulumi.getter(name="aquaScoringSystem") - def aqua_scoring_system(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "aqua_scoring_system") + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") - @aqua_scoring_system.setter - def aqua_scoring_system(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "aqua_scoring_system", value) + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) @property - @pulumi.getter(name="aquaSeverity") - def aqua_severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "aqua_severity") + @pulumi.getter + def snippet(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "snippet") - @aqua_severity.setter - def aqua_severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "aqua_severity", value) + @snippet.setter + def snippet(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "snippet", value) + + +@pulumi.input_type +class VmwareAssurancePolicyForbiddenLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="aquaSeverityClassification") - def aqua_severity_classification(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "aqua_severity_classification") + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") - @aqua_severity_classification.setter - def aqua_severity_classification(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "aqua_severity_classification", value) + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) @property - @pulumi.getter(name="aquaVectors") - def aqua_vectors(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "aqua_vectors") + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") - @aqua_vectors.setter - def aqua_vectors(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "aqua_vectors", value) + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class VmwareAssurancePolicyKubernetesControlArgs: + def __init__(__self__, *, + avd_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + kind: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + ootb: Optional[pulumi.Input[bool]] = None, + script_id: Optional[pulumi.Input[int]] = None, + severity: Optional[pulumi.Input[str]] = None): + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) @property - @pulumi.getter(name="auditEventsCount") - def audit_events_count(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "audit_events_count") + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "avd_id") - @audit_events_count.setter - def audit_events_count(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "audit_events_count", value) + @avd_id.setter + def avd_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "avd_id", value) @property - @pulumi.getter(name="blockEventsCount") - def block_events_count(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "block_events_count") + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") - @block_events_count.setter - def block_events_count(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "block_events_count", value) + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) @property @pulumi.getter - def classification(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "classification") + def kind(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "kind") - @classification.setter - def classification(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "classification", value) + @kind.setter + def kind(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kind", value) @property @pulumi.getter - def description(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "description") + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") - @description.setter - def description(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "description", value) + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) @property @pulumi.getter - def digest(self) -> Optional[pulumi.Input[str]]: - """ - The content digest of the image. - """ - return pulumi.get(self, "digest") + def ootb(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ootb") - @digest.setter - def digest(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "digest", value) + @ootb.setter + def ootb(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ootb", value) @property - @pulumi.getter(name="exploitReference") - def exploit_reference(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "exploit_reference") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "script_id") - @exploit_reference.setter - def exploit_reference(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "exploit_reference", value) + @script_id.setter + def script_id(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "script_id", value) @property - @pulumi.getter(name="exploitType") - def exploit_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "exploit_type") + @pulumi.getter + def severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "severity") - @exploit_type.setter - def exploit_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "exploit_type", value) + @severity.setter + def severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "severity", value) + + +@pulumi.input_type +class VmwareAssurancePolicyPackagesBlackListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property - @pulumi.getter(name="firstFoundDate") - def first_found_date(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "first_found_date") + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") - @first_found_date.setter - def first_found_date(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "first_found_date", value) + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) @property - @pulumi.getter(name="fixVersion") - def fix_version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "fix_version") + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") - @fix_version.setter - def fix_version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "fix_version", value) + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) @property - @pulumi.getter(name="imageName") - def image_name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "image_name") + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") - @image_name.setter - def image_name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "image_name", value) + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) @property - @pulumi.getter(name="lastFoundDate") - def last_found_date(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "last_found_date") + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") - @last_found_date.setter - def last_found_date(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "last_found_date", value) + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) @property - @pulumi.getter(name="modificationDate") - def modification_date(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "modification_date") + @pulumi.getter + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") - @modification_date.setter - def modification_date(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "modification_date", value) + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: - """ - The name of the image. - """ return pulumi.get(self, "name") @name.setter @@ -4707,2058 +11844,2719 @@ def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) @property - @pulumi.getter(name="nvdCvss2Score") - def nvd_cvss2_score(self) -> Optional[pulumi.Input[float]]: - return pulumi.get(self, "nvd_cvss2_score") + @pulumi.getter + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") - @nvd_cvss2_score.setter - def nvd_cvss2_score(self, value: Optional[pulumi.Input[float]]): - pulumi.set(self, "nvd_cvss2_score", value) + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) @property - @pulumi.getter(name="nvdCvss2Vectors") - def nvd_cvss2_vectors(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "nvd_cvss2_vectors") + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") - @nvd_cvss2_vectors.setter - def nvd_cvss2_vectors(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "nvd_cvss2_vectors", value) + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) @property - @pulumi.getter(name="nvdCvss3Score") - def nvd_cvss3_score(self) -> Optional[pulumi.Input[float]]: - return pulumi.get(self, "nvd_cvss3_score") + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") - @nvd_cvss3_score.setter - def nvd_cvss3_score(self, value: Optional[pulumi.Input[float]]): - pulumi.set(self, "nvd_cvss3_score", value) + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) - @property - @pulumi.getter(name="nvdCvss3Severity") - def nvd_cvss3_severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "nvd_cvss3_severity") - @nvd_cvss3_severity.setter - def nvd_cvss3_severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "nvd_cvss3_severity", value) +@pulumi.input_type +class VmwareAssurancePolicyPackagesWhiteListArgs: + def __init__(__self__, *, + arch: Optional[pulumi.Input[str]] = None, + display: Optional[pulumi.Input[str]] = None, + epoch: Optional[pulumi.Input[str]] = None, + format: Optional[pulumi.Input[str]] = None, + license: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + release: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + version_range: Optional[pulumi.Input[str]] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property - @pulumi.getter(name="nvdCvss3Vectors") - def nvd_cvss3_vectors(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "nvd_cvss3_vectors") + @pulumi.getter + def arch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "arch") - @nvd_cvss3_vectors.setter - def nvd_cvss3_vectors(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "nvd_cvss3_vectors", value) + @arch.setter + def arch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "arch", value) @property - @pulumi.getter(name="nvdSeverity") - def nvd_severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "nvd_severity") + @pulumi.getter + def display(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "display") - @nvd_severity.setter - def nvd_severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "nvd_severity", value) + @display.setter + def display(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display", value) @property - @pulumi.getter(name="nvdUrl") - def nvd_url(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "nvd_url") + @pulumi.getter + def epoch(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "epoch") - @nvd_url.setter - def nvd_url(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "nvd_url", value) + @epoch.setter + def epoch(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "epoch", value) + + @property + @pulumi.getter + def format(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "format") + + @format.setter + def format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "format", value) @property @pulumi.getter - def os(self) -> Optional[pulumi.Input[str]]: - """ - The operating system detected in the image - """ - return pulumi.get(self, "os") + def license(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "license") - @os.setter - def os(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "os", value) + @license.setter + def license(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "license", value) @property - @pulumi.getter(name="osVersion") - def os_version(self) -> Optional[pulumi.Input[str]]: - """ - The version of the OS detected in the image. - """ - return pulumi.get(self, "os_version") + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") - @os_version.setter - def os_version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "os_version", value) + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) @property @pulumi.getter - def permission(self) -> Optional[pulumi.Input[str]]: - """ - Permission of the image. - """ - return pulumi.get(self, "permission") + def release(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "release") - @permission.setter - def permission(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "permission", value) + @release.setter + def release(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "release", value) @property - @pulumi.getter(name="publishDate") - def publish_date(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "publish_date") + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") - @publish_date.setter - def publish_date(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "publish_date", value) + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) @property - @pulumi.getter - def registry(self) -> Optional[pulumi.Input[str]]: - """ - The name of the registry where the image is stored. - """ - return pulumi.get(self, "registry") + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version_range") - @registry.setter - def registry(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "registry", value) + @version_range.setter + def version_range(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version_range", value) + + +@pulumi.input_type +class VmwareAssurancePolicyPolicySettingsArgs: + def __init__(__self__, *, + enforce: Optional[pulumi.Input[bool]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + warn: Optional[pulumi.Input[bool]] = None, + warning_message: Optional[pulumi.Input[str]] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) @property @pulumi.getter - def repository(self) -> Optional[pulumi.Input[str]]: - """ - The name of the image's repository. - """ - return pulumi.get(self, "repository") + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") - @repository.setter - def repository(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "repository", value) + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) @property - @pulumi.getter(name="resourceArchitecture") - def resource_architecture(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_architecture") + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") - @resource_architecture.setter - def resource_architecture(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_architecture", value) + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) @property - @pulumi.getter(name="resourceCpe") - def resource_cpe(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_cpe") + @pulumi.getter + def warn(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "warn") - @resource_cpe.setter - def resource_cpe(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_cpe", value) + @warn.setter + def warn(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "warn", value) @property - @pulumi.getter(name="resourceFormat") - def resource_format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_format") + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "warning_message") - @resource_format.setter - def resource_format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_format", value) + @warning_message.setter + def warning_message(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "warning_message", value) - @property - @pulumi.getter(name="resourceHash") - def resource_hash(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_hash") - @resource_hash.setter - def resource_hash(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_hash", value) +@pulumi.input_type +class VmwareAssurancePolicyRequiredLabelArgs: + def __init__(__self__, *, + key: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="resourceLicenses") - def resource_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "resource_licenses") + @pulumi.getter + def key(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "key") - @resource_licenses.setter - def resource_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "resource_licenses", value) + @key.setter + def key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "key", value) @property - @pulumi.getter(name="resourceName") - def resource_name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_name") + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") - @resource_name.setter - def resource_name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_name", value) + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) - @property - @pulumi.getter(name="resourcePath") - def resource_path(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_path") - @resource_path.setter - def resource_path(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_path", value) +@pulumi.input_type +class VmwareAssurancePolicyScopeArgs: + def __init__(__self__, *, + expression: Optional[pulumi.Input[str]] = None, + variables: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeVariableArgs']]]] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_type") + @pulumi.getter + def expression(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "expression") - @resource_type.setter - def resource_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_type", value) + @expression.setter + def expression(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expression", value) @property - @pulumi.getter(name="resourceVersion") - def resource_version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "resource_version") + @pulumi.getter + def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeVariableArgs']]]]: + return pulumi.get(self, "variables") - @resource_version.setter - def resource_version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "resource_version", value) + @variables.setter + def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeVariableArgs']]]]): + pulumi.set(self, "variables", value) - @property - @pulumi.getter(name="severityClassification") - def severity_classification(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "severity_classification") - @severity_classification.setter - def severity_classification(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "severity_classification", value) +@pulumi.input_type +class VmwareAssurancePolicyScopeVariableArgs: + def __init__(__self__, *, + attribute: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input[str]] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def solution(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "solution") + def attribute(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "attribute") - @solution.setter - def solution(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "solution", value) + @attribute.setter + def attribute(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "attribute", value) @property - @pulumi.getter(name="temporalVector") - def temporal_vector(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "temporal_vector") + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") - @temporal_vector.setter - def temporal_vector(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "temporal_vector", value) + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) @property - @pulumi.getter(name="vPatchAppliedBy") - def v_patch_applied_by(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_applied_by") + @pulumi.getter + def value(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "value") - @v_patch_applied_by.setter - def v_patch_applied_by(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_applied_by", value) + @value.setter + def value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class VmwareAssurancePolicyTrustedBaseImageArgs: + def __init__(__self__, *, + imagename: Optional[pulumi.Input[str]] = None, + registry: Optional[pulumi.Input[str]] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) @property - @pulumi.getter(name="vPatchAppliedOn") - def v_patch_applied_on(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_applied_on") + @pulumi.getter + def imagename(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "imagename") - @v_patch_applied_on.setter - def v_patch_applied_on(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_applied_on", value) + @imagename.setter + def imagename(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "imagename", value) @property - @pulumi.getter(name="vPatchEnforcedBy") - def v_patch_enforced_by(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_enforced_by") + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) - @v_patch_enforced_by.setter - def v_patch_enforced_by(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_enforced_by", value) + +@pulumi.input_type +class GetApplicationScopeCategoryArgs: + def __init__(__self__, *, + artifacts: Optional[Sequence['GetApplicationScopeCategoryArtifactArgs']] = None, + entity_scopes: Optional[Sequence['GetApplicationScopeCategoryEntityScopeArgs']] = None, + infrastructures: Optional[Sequence['GetApplicationScopeCategoryInfrastructureArgs']] = None, + workloads: Optional[Sequence['GetApplicationScopeCategoryWorkloadArgs']] = None): + if artifacts is not None: + pulumi.set(__self__, "artifacts", artifacts) + if entity_scopes is not None: + pulumi.set(__self__, "entity_scopes", entity_scopes) + if infrastructures is not None: + pulumi.set(__self__, "infrastructures", infrastructures) + if workloads is not None: + pulumi.set(__self__, "workloads", workloads) @property - @pulumi.getter(name="vPatchEnforcedOn") - def v_patch_enforced_on(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_enforced_on") + @pulumi.getter + def artifacts(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactArgs']]: + return pulumi.get(self, "artifacts") - @v_patch_enforced_on.setter - def v_patch_enforced_on(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_enforced_on", value) + @artifacts.setter + def artifacts(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactArgs']]): + pulumi.set(self, "artifacts", value) @property - @pulumi.getter(name="vPatchPolicyEnforce") - def v_patch_policy_enforce(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "v_patch_policy_enforce") + @pulumi.getter(name="entityScopes") + def entity_scopes(self) -> Optional[Sequence['GetApplicationScopeCategoryEntityScopeArgs']]: + return pulumi.get(self, "entity_scopes") - @v_patch_policy_enforce.setter - def v_patch_policy_enforce(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "v_patch_policy_enforce", value) + @entity_scopes.setter + def entity_scopes(self, value: Optional[Sequence['GetApplicationScopeCategoryEntityScopeArgs']]): + pulumi.set(self, "entity_scopes", value) @property - @pulumi.getter(name="vPatchPolicyName") - def v_patch_policy_name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_policy_name") + @pulumi.getter + def infrastructures(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureArgs']]: + return pulumi.get(self, "infrastructures") - @v_patch_policy_name.setter - def v_patch_policy_name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_policy_name", value) + @infrastructures.setter + def infrastructures(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureArgs']]): + pulumi.set(self, "infrastructures", value) @property - @pulumi.getter(name="vPatchRevertedBy") - def v_patch_reverted_by(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_reverted_by") + @pulumi.getter + def workloads(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadArgs']]: + return pulumi.get(self, "workloads") - @v_patch_reverted_by.setter - def v_patch_reverted_by(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_reverted_by", value) + @workloads.setter + def workloads(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadArgs']]): + pulumi.set(self, "workloads", value) - @property - @pulumi.getter(name="vPatchRevertedOn") - def v_patch_reverted_on(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_reverted_on") - @v_patch_reverted_on.setter - def v_patch_reverted_on(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_reverted_on", value) +@pulumi.input_type +class GetApplicationScopeCategoryArtifactArgs: + def __init__(__self__, *, + cfs: Optional[Sequence['GetApplicationScopeCategoryArtifactCfArgs']] = None, + functions: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionArgs']] = None, + images: Optional[Sequence['GetApplicationScopeCategoryArtifactImageArgs']] = None): + if cfs is not None: + pulumi.set(__self__, "cfs", cfs) + if functions is not None: + pulumi.set(__self__, "functions", functions) + if images is not None: + pulumi.set(__self__, "images", images) @property - @pulumi.getter(name="vPatchStatus") - def v_patch_status(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "v_patch_status") + @pulumi.getter + def cfs(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactCfArgs']]: + return pulumi.get(self, "cfs") - @v_patch_status.setter - def v_patch_status(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "v_patch_status", value) + @cfs.setter + def cfs(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactCfArgs']]): + pulumi.set(self, "cfs", value) @property - @pulumi.getter(name="vendorCvss2Score") - def vendor_cvss2_score(self) -> Optional[pulumi.Input[float]]: - return pulumi.get(self, "vendor_cvss2_score") + @pulumi.getter + def functions(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionArgs']]: + return pulumi.get(self, "functions") - @vendor_cvss2_score.setter - def vendor_cvss2_score(self, value: Optional[pulumi.Input[float]]): - pulumi.set(self, "vendor_cvss2_score", value) + @functions.setter + def functions(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionArgs']]): + pulumi.set(self, "functions", value) @property - @pulumi.getter(name="vendorCvss2Vectors") - def vendor_cvss2_vectors(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "vendor_cvss2_vectors") + @pulumi.getter + def images(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactImageArgs']]: + return pulumi.get(self, "images") - @vendor_cvss2_vectors.setter - def vendor_cvss2_vectors(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "vendor_cvss2_vectors", value) + @images.setter + def images(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactImageArgs']]): + pulumi.set(self, "images", value) - @property - @pulumi.getter(name="vendorSeverity") - def vendor_severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "vendor_severity") - @vendor_severity.setter - def vendor_severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "vendor_severity", value) +@pulumi.input_type +class GetApplicationScopeCategoryArtifactCfArgs: + def __init__(__self__, *, + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryArtifactCfVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property - @pulumi.getter(name="vendorStatement") - def vendor_statement(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "vendor_statement") + @pulumi.getter + def expression(self) -> str: + return pulumi.get(self, "expression") - @vendor_statement.setter - def vendor_statement(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "vendor_statement", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property - @pulumi.getter(name="vendorUrl") - def vendor_url(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "vendor_url") + @pulumi.getter + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactCfVariableArgs']]: + return pulumi.get(self, "variables") - @vendor_url.setter - def vendor_url(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "vendor_url", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactCfVariableArgs']]): + pulumi.set(self, "variables", value) @pulumi.input_type -class IntegrationRegistryOptionArgs: +class GetApplicationScopeCategoryArtifactCfVariableArgs: def __init__(__self__, *, - option: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if option is not None: - pulumi.set(__self__, "option", option) + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def option(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "option") + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @option.setter - def option(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "option", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: + def value(self) -> Optional[str]: return pulumi.get(self, "value") @value.setter - def value(self, value: Optional[pulumi.Input[str]]): + def value(self, value: Optional[str]): pulumi.set(self, "value", value) @pulumi.input_type -class IntegrationRegistryWebhookArgs: +class GetApplicationScopeCategoryArtifactFunctionArgs: def __init__(__self__, *, - auth_token: Optional[pulumi.Input[str]] = None, - enabled: Optional[pulumi.Input[bool]] = None, - un_quarantine: Optional[pulumi.Input[bool]] = None, - url: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] url: The URL, address or region of the registry - """ - if auth_token is not None: - pulumi.set(__self__, "auth_token", auth_token) - if enabled is not None: - pulumi.set(__self__, "enabled", enabled) - if un_quarantine is not None: - pulumi.set(__self__, "un_quarantine", un_quarantine) - if url is not None: - pulumi.set(__self__, "url", url) + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property - @pulumi.getter(name="authToken") - def auth_token(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "auth_token") + @pulumi.getter + def expression(self) -> str: + return pulumi.get(self, "expression") - @auth_token.setter - def auth_token(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "auth_token", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property @pulumi.getter - def enabled(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "enabled") + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionVariableArgs']]: + return pulumi.get(self, "variables") - @enabled.setter - def enabled(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enabled", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionVariableArgs']]): + pulumi.set(self, "variables", value) + + +@pulumi.input_type +class GetApplicationScopeCategoryArtifactFunctionVariableArgs: + def __init__(__self__, *, + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="unQuarantine") - def un_quarantine(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "un_quarantine") + @pulumi.getter + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @un_quarantine.setter - def un_quarantine(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "un_quarantine", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def url(self) -> Optional[pulumi.Input[str]]: - """ - The URL, address or region of the registry - """ - return pulumi.get(self, "url") + def value(self) -> Optional[str]: + return pulumi.get(self, "value") - @url.setter - def url(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "url", value) + @value.setter + def value(self, value: Optional[str]): + pulumi.set(self, "value", value) @pulumi.input_type -class KubernetesAssurancePolicyAutoScanTimeArgs: +class GetApplicationScopeCategoryArtifactImageArgs: def __init__(__self__, *, - iteration: Optional[pulumi.Input[int]] = None, - iteration_type: Optional[pulumi.Input[str]] = None, - time: Optional[pulumi.Input[str]] = None, - week_days: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryArtifactImageVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def iteration(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "iteration") + def expression(self) -> str: + return pulumi.get(self, "expression") - @iteration.setter - def iteration(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "iteration", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "iteration_type") + @pulumi.getter + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactImageVariableArgs']]: + return pulumi.get(self, "variables") + + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactImageVariableArgs']]): + pulumi.set(self, "variables", value) - @iteration_type.setter - def iteration_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "iteration_type", value) + +@pulumi.input_type +class GetApplicationScopeCategoryArtifactImageVariableArgs: + def __init__(__self__, *, + attribute: Optional[str] = None, + value: Optional[str] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def time(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "time") + def attribute(self) -> Optional[str]: + return pulumi.get(self, "attribute") - @time.setter - def time(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "time", value) + @attribute.setter + def attribute(self, value: Optional[str]): + pulumi.set(self, "attribute", value) @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "week_days") + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") - @week_days.setter - def week_days(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "week_days", value) + @value.setter + def value(self, value: Optional[str]): + pulumi.set(self, "value", value) @pulumi.input_type -class KubernetesAssurancePolicyCustomCheckArgs: +class GetApplicationScopeCategoryEntityScopeArgs: def __init__(__self__, *, - author: Optional[pulumi.Input[str]] = None, - description: Optional[pulumi.Input[str]] = None, - engine: Optional[pulumi.Input[str]] = None, - last_modified: Optional[pulumi.Input[int]] = None, - name: Optional[pulumi.Input[str]] = None, - path: Optional[pulumi.Input[str]] = None, - read_only: Optional[pulumi.Input[bool]] = None, - script_id: Optional[pulumi.Input[str]] = None, - severity: Optional[pulumi.Input[str]] = None, - snippet: Optional[pulumi.Input[str]] = None): - """ - :param pulumi.Input[str] author: Name of user account that created the policy. - """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryEntityScopeVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def author(self) -> Optional[pulumi.Input[str]]: - """ - Name of user account that created the policy. - """ - return pulumi.get(self, "author") + def expression(self) -> str: + return pulumi.get(self, "expression") - @author.setter - def author(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "author", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property @pulumi.getter - def description(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "description") + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryEntityScopeVariableArgs']]: + return pulumi.get(self, "variables") - @description.setter - def description(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "description", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryEntityScopeVariableArgs']]): + pulumi.set(self, "variables", value) - @property - @pulumi.getter - def engine(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "engine") - @engine.setter - def engine(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "engine", value) +@pulumi.input_type +class GetApplicationScopeCategoryEntityScopeVariableArgs: + def __init__(__self__, *, + attribute: str, + value: str): + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "last_modified") + @pulumi.getter + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @last_modified.setter - def last_modified(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "last_modified", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") + def value(self) -> str: + return pulumi.get(self, "value") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @value.setter + def value(self, value: str): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class GetApplicationScopeCategoryInfrastructureArgs: + def __init__(__self__, *, + kubernetes: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteArgs']] = None, + os: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOArgs']] = None): + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if os is not None: + pulumi.set(__self__, "os", os) @property @pulumi.getter - def path(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "path") + def kubernetes(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteArgs']]: + return pulumi.get(self, "kubernetes") - @path.setter - def path(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "path", value) + @kubernetes.setter + def kubernetes(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteArgs']]): + pulumi.set(self, "kubernetes", value) @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "read_only") + @pulumi.getter + def os(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureOArgs']]: + return pulumi.get(self, "os") - @read_only.setter - def read_only(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "read_only", value) + @os.setter + def os(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOArgs']]): + pulumi.set(self, "os", value) - @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "script_id") - @script_id.setter - def script_id(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "script_id", value) +@pulumi.input_type +class GetApplicationScopeCategoryInfrastructureKuberneteArgs: + def __init__(__self__, *, + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def severity(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "severity") + def expression(self) -> str: + return pulumi.get(self, "expression") - @severity.setter - def severity(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "severity", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property @pulumi.getter - def snippet(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "snippet") + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs']]: + return pulumi.get(self, "variables") - @snippet.setter - def snippet(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "snippet", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs']]): + pulumi.set(self, "variables", value) @pulumi.input_type -class KubernetesAssurancePolicyForbiddenLabelArgs: +class GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs: def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: + def value(self) -> Optional[str]: return pulumi.get(self, "value") @value.setter - def value(self, value: Optional[pulumi.Input[str]]): + def value(self, value: Optional[str]): pulumi.set(self, "value", value) @pulumi.input_type -class KubernetesAssurancePolicyPackagesBlackListArgs: +class GetApplicationScopeCategoryInfrastructureOArgs: def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") + def expression(self) -> str: + return pulumi.get(self, "expression") - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureOVariableArgs']]: + return pulumi.get(self, "variables") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOVariableArgs']]): + pulumi.set(self, "variables", value) - @property - @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) +@pulumi.input_type +class GetApplicationScopeCategoryInfrastructureOVariableArgs: + def __init__(__self__, *, + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") + def value(self) -> Optional[str]: + return pulumi.get(self, "value") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) + @value.setter + def value(self, value: Optional[str]): + pulumi.set(self, "value", value) - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) +@pulumi.input_type +class GetApplicationScopeCategoryWorkloadArgs: + def __init__(__self__, *, + cfs: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfArgs']] = None, + kubernetes: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteArgs']] = None, + os: Optional[Sequence['GetApplicationScopeCategoryWorkloadOArgs']] = None): + if cfs is not None: + pulumi.set(__self__, "cfs", cfs) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if os is not None: + pulumi.set(__self__, "os", os) @property @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") + def cfs(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadCfArgs']]: + return pulumi.get(self, "cfs") - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) + @cfs.setter + def cfs(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfArgs']]): + pulumi.set(self, "cfs", value) @property @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") + def kubernetes(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteArgs']]: + return pulumi.get(self, "kubernetes") - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) + @kubernetes.setter + def kubernetes(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteArgs']]): + pulumi.set(self, "kubernetes", value) @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") + @pulumi.getter + def os(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadOArgs']]: + return pulumi.get(self, "os") - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) + @os.setter + def os(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadOArgs']]): + pulumi.set(self, "os", value) @pulumi.input_type -class KubernetesAssurancePolicyPackagesWhiteListArgs: +class GetApplicationScopeCategoryWorkloadCfArgs: def __init__(__self__, *, - arch: Optional[pulumi.Input[str]] = None, - display: Optional[pulumi.Input[str]] = None, - epoch: Optional[pulumi.Input[str]] = None, - format: Optional[pulumi.Input[str]] = None, - license: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - release: Optional[pulumi.Input[str]] = None, - version: Optional[pulumi.Input[str]] = None, - version_range: Optional[pulumi.Input[str]] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def arch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "arch") + def expression(self) -> str: + return pulumi.get(self, "expression") - @arch.setter - def arch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "arch", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property @pulumi.getter - def display(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "display") + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadCfVariableArgs']]: + return pulumi.get(self, "variables") - @display.setter - def display(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "display", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfVariableArgs']]): + pulumi.set(self, "variables", value) - @property - @pulumi.getter - def epoch(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "epoch") - @epoch.setter - def epoch(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "epoch", value) +@pulumi.input_type +class GetApplicationScopeCategoryWorkloadCfVariableArgs: + def __init__(__self__, *, + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def format(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "format") + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @format.setter - def format(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "format", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def license(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "license") + def value(self) -> Optional[str]: + return pulumi.get(self, "value") - @license.setter - def license(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "license", value) + @value.setter + def value(self, value: Optional[str]): + pulumi.set(self, "value", value) - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) +@pulumi.input_type +class GetApplicationScopeCategoryWorkloadKuberneteArgs: + def __init__(__self__, *, + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def release(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "release") + def expression(self) -> str: + return pulumi.get(self, "expression") - @release.setter - def release(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "release", value) + @expression.setter + def expression(self, value: str): + pulumi.set(self, "expression", value) @property @pulumi.getter - def version(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version") - - @version.setter - def version(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version", value) - - @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "version_range") + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteVariableArgs']]: + return pulumi.get(self, "variables") - @version_range.setter - def version_range(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "version_range", value) + @variables.setter + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteVariableArgs']]): + pulumi.set(self, "variables", value) @pulumi.input_type -class KubernetesAssurancePolicyRequiredLabelArgs: +class GetApplicationScopeCategoryWorkloadKuberneteVariableArgs: def __init__(__self__, *, - key: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if key is not None: - pulumi.set(__self__, "key", key) + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def key(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "key") + def attribute(self) -> str: + return pulumi.get(self, "attribute") - @key.setter - def key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "key", value) + @attribute.setter + def attribute(self, value: str): + pulumi.set(self, "attribute", value) @property @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: + def value(self) -> Optional[str]: return pulumi.get(self, "value") @value.setter - def value(self, value: Optional[pulumi.Input[str]]): + def value(self, value: Optional[str]): pulumi.set(self, "value", value) @pulumi.input_type -class KubernetesAssurancePolicyScopeArgs: +class GetApplicationScopeCategoryWorkloadOArgs: def __init__(__self__, *, - expression: Optional[pulumi.Input[str]] = None, - variables: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeVariableArgs']]]] = None): - if expression is not None: - pulumi.set(__self__, "expression", expression) + expression: str, + variables: Optional[Sequence['GetApplicationScopeCategoryWorkloadOVariableArgs']] = None): + pulumi.set(__self__, "expression", expression) if variables is not None: pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def expression(self) -> Optional[pulumi.Input[str]]: + def expression(self) -> str: return pulumi.get(self, "expression") @expression.setter - def expression(self, value: Optional[pulumi.Input[str]]): + def expression(self, value: str): pulumi.set(self, "expression", value) @property @pulumi.getter - def variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeVariableArgs']]]]: + def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadOVariableArgs']]: return pulumi.get(self, "variables") @variables.setter - def variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeVariableArgs']]]]): + def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadOVariableArgs']]): pulumi.set(self, "variables", value) @pulumi.input_type -class KubernetesAssurancePolicyScopeVariableArgs: +class GetApplicationScopeCategoryWorkloadOVariableArgs: def __init__(__self__, *, - attribute: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) + attribute: str, + value: Optional[str] = None): + pulumi.set(__self__, "attribute", attribute) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def attribute(self) -> Optional[pulumi.Input[str]]: + def attribute(self) -> str: return pulumi.get(self, "attribute") @attribute.setter - def attribute(self, value: Optional[pulumi.Input[str]]): + def attribute(self, value: str): pulumi.set(self, "attribute", value) @property @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) - - @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: + def value(self) -> Optional[str]: return pulumi.get(self, "value") @value.setter - def value(self, value: Optional[pulumi.Input[str]]): + def value(self, value: Optional[str]): pulumi.set(self, "value", value) @pulumi.input_type -class KubernetesAssurancePolicyTrustedBaseImageArgs: +class GetContainerRuntimePolicyAllowedExecutableArgs: def __init__(__self__, *, - imagename: Optional[pulumi.Input[str]] = None, - registry: Optional[pulumi.Input[str]] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) + allow_executables: Optional[Sequence[str]] = None, + allow_root_executables: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + separate_executables: Optional[bool] = None): + """ + :param Sequence[str] allow_executables: List of allowed executables. + :param Sequence[str] allow_root_executables: List of allowed root executables. + :param bool enabled: Whether allowed executables configuration is enabled. + :param bool separate_executables: Whether to treat executables separately. + """ + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) @property - @pulumi.getter - def imagename(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "imagename") + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed executables. + """ + return pulumi.get(self, "allow_executables") - @imagename.setter - def imagename(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "imagename", value) + @allow_executables.setter + def allow_executables(self, value: Optional[Sequence[str]]): + pulumi.set(self, "allow_executables", value) + + @property + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed root executables. + """ + return pulumi.get(self, "allow_root_executables") + + @allow_root_executables.setter + def allow_root_executables(self, value: Optional[Sequence[str]]): + pulumi.set(self, "allow_root_executables", value) @property @pulumi.getter - def registry(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "registry") + def enabled(self) -> Optional[bool]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") - @registry.setter - def registry(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "registry", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[bool]: + """ + Whether to treat executables separately. + """ + return pulumi.get(self, "separate_executables") + + @separate_executables.setter + def separate_executables(self, value: Optional[bool]): + pulumi.set(self, "separate_executables", value) @pulumi.input_type -class RoleMappingLdapArgs: +class GetContainerRuntimePolicyAllowedRegistryArgs: def __init__(__self__, *, - role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + allowed_registries: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): """ - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua + :param Sequence[str] allowed_registries: List of allowed registries. + :param bool enabled: Whether allowed registries are enabled. """ - pulumi.set(__self__, "role_mapping", role_mapping) + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[Sequence[str]]: """ - Role Mapping is used to define the IdP role that the user will assume in Aqua + List of allowed registries. """ - return pulumi.get(self, "role_mapping") + return pulumi.get(self, "allowed_registries") - @role_mapping.setter - def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): - pulumi.set(self, "role_mapping", value) + @allowed_registries.setter + def allowed_registries(self, value: Optional[Sequence[str]]): + pulumi.set(self, "allowed_registries", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether allowed registries are enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @pulumi.input_type -class RoleMappingOauth2Args: +class GetContainerRuntimePolicyAuditingArgs: def __init__(__self__, *, - role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): - """ - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - pulumi.set(__self__, "role_mapping", role_mapping) + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") + + @audit_all_network.setter + def audit_all_network(self, value: Optional[bool]): + pulumi.set(self, "audit_all_network", value) + + @property + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") + + @audit_all_processes.setter + def audit_all_processes(self, value: Optional[bool]): + pulumi.set(self, "audit_all_processes", value) + + @property + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") + + @audit_failed_login.setter + def audit_failed_login(self, value: Optional[bool]): + pulumi.set(self, "audit_failed_login", value) + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") + + @audit_os_user_activity.setter + def audit_os_user_activity(self, value: Optional[bool]): + pulumi.set(self, "audit_os_user_activity", value) + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") + + @audit_process_cmdline.setter + def audit_process_cmdline(self, value: Optional[bool]): + pulumi.set(self, "audit_process_cmdline", value) + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") + + @audit_success_login.setter + def audit_success_login(self, value: Optional[bool]): + pulumi.set(self, "audit_success_login", value) + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") + + @audit_user_account_management.setter + def audit_user_account_management(self, value: Optional[bool]): + pulumi.set(self, "audit_user_account_management", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class GetContainerRuntimePolicyContainerExecArgs: + def __init__(__self__, *, + block_container_exec: Optional[bool] = None, + container_exec_proc_white_lists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[bool]: + return pulumi.get(self, "block_container_exec") + + @block_container_exec.setter + def block_container_exec(self, value: Optional[bool]): + pulumi.set(self, "block_container_exec", value) + + @property + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "container_exec_proc_white_lists") + + @container_exec_proc_white_lists.setter + def container_exec_proc_white_lists(self, value: Optional[Sequence[str]]): + pulumi.set(self, "container_exec_proc_white_lists", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @reverse_shell_ip_white_lists.setter + def reverse_shell_ip_white_lists(self, value: Optional[Sequence[str]]): + pulumi.set(self, "reverse_shell_ip_white_lists", value) + + +@pulumi.input_type +class GetContainerRuntimePolicyFileBlockArgs: + def __init__(__self__, *, + block_files_processes: Optional[Sequence[str]] = None, + block_files_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_files: Optional[Sequence[str]] = None, + exceptional_block_files_processes: Optional[Sequence[str]] = None, + exceptional_block_files_users: Optional[Sequence[str]] = None, + filename_block_lists: Optional[Sequence[str]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_processes") + + @block_files_processes.setter + def block_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "block_files_processes", value) + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_users") + + @block_files_users.setter + def block_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "block_files_users", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files") + + @exceptional_block_files.setter + def exceptional_block_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_block_files", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @exceptional_block_files_processes.setter + def exceptional_block_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_block_files_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_users") + + @exceptional_block_files_users.setter + def exceptional_block_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_block_files_users", value) @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: - """ - Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - return pulumi.get(self, "role_mapping") + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "filename_block_lists") - @role_mapping.setter - def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): - pulumi.set(self, "role_mapping", value) + @filename_block_lists.setter + def filename_block_lists(self, value: Optional[Sequence[str]]): + pulumi.set(self, "filename_block_lists", value) @pulumi.input_type -class RoleMappingOpenidArgs: +class GetContainerRuntimePolicyFileIntegrityMonitoringArgs: def __init__(__self__, *, - role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): - """ - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. """ - pulumi.set(__self__, "role_mapping", role_mapping) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + @pulumi.getter + def enabled(self) -> Optional[bool]: """ - Role Mapping is used to define the IdP role that the user will assume in Aqua + If true, file integrity monitoring is enabled. """ - return pulumi.get(self, "role_mapping") - - @role_mapping.setter - def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): - pulumi.set(self, "role_mapping", value) + return pulumi.get(self, "enabled") + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) -@pulumi.input_type -class RoleMappingSamlArgs: - def __init__(__self__, *, - role_mapping: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + @property + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: """ - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua + List of paths to be excluded from monitoring. """ - pulumi.set(__self__, "role_mapping", role_mapping) + return pulumi.get(self, "exceptional_monitored_files") + + @exceptional_monitored_files.setter + def exceptional_monitored_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_monitored_files", value) @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: """ - Role Mapping is used to define the IdP role that the user will assume in Aqua + List of processes to be excluded from monitoring. """ - return pulumi.get(self, "role_mapping") - - @role_mapping.setter - def role_mapping(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): - pulumi.set(self, "role_mapping", value) + return pulumi.get(self, "exceptional_monitored_files_processes") + @exceptional_monitored_files_processes.setter + def exceptional_monitored_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_monitored_files_processes", value) -@pulumi.input_type -class ServiceScopeVariableArgs: - def __init__(__self__, *, - attribute: Optional[pulumi.Input[str]] = None, - name: Optional[pulumi.Input[str]] = None, - value: Optional[pulumi.Input[str]] = None): + @property + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: """ - :param pulumi.Input[str] attribute: Class of supported scope. - :param pulumi.Input[str] name: Name assigned to the attribute. - :param pulumi.Input[str] value: Value assigned to the attribute. + List of users to be excluded from monitoring. """ - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) - if value is not None: - pulumi.set(__self__, "value", value) + return pulumi.get(self, "exceptional_monitored_files_users") + + @exceptional_monitored_files_users.setter + def exceptional_monitored_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_monitored_files_users", value) @property - @pulumi.getter - def attribute(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: """ - Class of supported scope. + List of paths to be monitored. """ - return pulumi.get(self, "attribute") + return pulumi.get(self, "monitored_files") - @attribute.setter - def attribute(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "attribute", value) + @monitored_files.setter + def monitored_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "monitored_files", value) @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: """ - Name assigned to the attribute. + Whether to monitor file attribute operations. """ - return pulumi.get(self, "name") + return pulumi.get(self, "monitored_files_attributes") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @monitored_files_attributes.setter + def monitored_files_attributes(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_attributes", value) @property - @pulumi.getter - def value(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: """ - Value assigned to the attribute. + Whether to monitor file create operations. """ - return pulumi.get(self, "value") - - @value.setter - def value(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "value", value) - + return pulumi.get(self, "monitored_files_create") -@pulumi.input_type -class UserSaasGroupArgs: - def __init__(__self__, *, - group_admin: Optional[pulumi.Input[bool]] = None, - name: Optional[pulumi.Input[str]] = None): - if group_admin is not None: - pulumi.set(__self__, "group_admin", group_admin) - if name is not None: - pulumi.set(__self__, "name", name) + @monitored_files_create.setter + def monitored_files_create(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_create", value) @property - @pulumi.getter(name="groupAdmin") - def group_admin(self) -> Optional[pulumi.Input[bool]]: - return pulumi.get(self, "group_admin") + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") - @group_admin.setter - def group_admin(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "group_admin", value) + @monitored_files_delete.setter + def monitored_files_delete(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_delete", value) @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "name") - - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) - - -@pulumi.input_type -class UserSaasLoginArgs: - def __init__(__self__, *, - created: Optional[pulumi.Input[str]] = None, - id: Optional[pulumi.Input[int]] = None, - ip_address: Optional[pulumi.Input[str]] = None, - user_id: Optional[pulumi.Input[int]] = None): + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: """ - :param pulumi.Input[int] id: The ID of this resource. + Whether to monitor file modify operations. """ - if created is not None: - pulumi.set(__self__, "created", created) - if id is not None: - pulumi.set(__self__, "id", id) - if ip_address is not None: - pulumi.set(__self__, "ip_address", ip_address) - if user_id is not None: - pulumi.set(__self__, "user_id", user_id) - - @property - @pulumi.getter - def created(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "created") + return pulumi.get(self, "monitored_files_modify") - @created.setter - def created(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "created", value) + @monitored_files_modify.setter + def monitored_files_modify(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_modify", value) @property - @pulumi.getter - def id(self) -> Optional[pulumi.Input[int]]: + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: """ - The ID of this resource. + List of processes associated with monitored files. """ - return pulumi.get(self, "id") + return pulumi.get(self, "monitored_files_processes") - @id.setter - def id(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "id", value) + @monitored_files_processes.setter + def monitored_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "monitored_files_processes", value) @property - @pulumi.getter(name="ipAddress") - def ip_address(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "ip_address") + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") - @ip_address.setter - def ip_address(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "ip_address", value) + @monitored_files_read.setter + def monitored_files_read(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_read", value) @property - @pulumi.getter(name="userId") - def user_id(self) -> Optional[pulumi.Input[int]]: - return pulumi.get(self, "user_id") + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") - @user_id.setter - def user_id(self, value: Optional[pulumi.Input[int]]): - pulumi.set(self, "user_id", value) + @monitored_files_users.setter + def monitored_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "monitored_files_users", value) @pulumi.input_type -class GetApplicationScopeCategoryArgs: +class GetContainerRuntimePolicyLimitContainerPrivilegeArgs: def __init__(__self__, *, - artifacts: Optional[Sequence['GetApplicationScopeCategoryArtifactArgs']] = None, - entity_scopes: Optional[Sequence['GetApplicationScopeCategoryEntityScopeArgs']] = None, - infrastructures: Optional[Sequence['GetApplicationScopeCategoryInfrastructureArgs']] = None, - workloads: Optional[Sequence['GetApplicationScopeCategoryWorkloadArgs']] = None): - if artifacts is not None: - pulumi.set(__self__, "artifacts", artifacts) - if entity_scopes is not None: - pulumi.set(__self__, "entity_scopes", entity_scopes) - if infrastructures is not None: - pulumi.set(__self__, "infrastructures", infrastructures) - if workloads is not None: - pulumi.set(__self__, "workloads", workloads) - - @property - @pulumi.getter - def artifacts(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactArgs']]: - return pulumi.get(self, "artifacts") - - @artifacts.setter - def artifacts(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactArgs']]): - pulumi.set(self, "artifacts", value) + block_add_capabilities: Optional[bool] = None, + enabled: Optional[bool] = None, + ipcmode: Optional[bool] = None, + netmode: Optional[bool] = None, + pidmode: Optional[bool] = None, + prevent_low_port_binding: Optional[bool] = None, + prevent_root_user: Optional[bool] = None, + privileged: Optional[bool] = None, + use_host_user: Optional[bool] = None, + usermode: Optional[bool] = None, + utsmode: Optional[bool] = None): + """ + :param bool block_add_capabilities: Whether to block adding capabilities. + :param bool enabled: Whether container privilege limitations are enabled. + :param bool ipcmode: Whether to limit IPC-related capabilities. + :param bool netmode: Whether to limit network-related capabilities. + :param bool pidmode: Whether to limit process-related capabilities. + :param bool prevent_low_port_binding: Whether to prevent low port binding. + :param bool prevent_root_user: Whether to prevent the use of the root user. + :param bool privileged: Whether the container is run in privileged mode. + :param bool use_host_user: Whether to use the host user. + :param bool usermode: Whether to limit user-related capabilities. + :param bool utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) @property - @pulumi.getter(name="entityScopes") - def entity_scopes(self) -> Optional[Sequence['GetApplicationScopeCategoryEntityScopeArgs']]: - return pulumi.get(self, "entity_scopes") + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[bool]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") - @entity_scopes.setter - def entity_scopes(self, value: Optional[Sequence['GetApplicationScopeCategoryEntityScopeArgs']]): - pulumi.set(self, "entity_scopes", value) + @block_add_capabilities.setter + def block_add_capabilities(self, value: Optional[bool]): + pulumi.set(self, "block_add_capabilities", value) @property @pulumi.getter - def infrastructures(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureArgs']]: - return pulumi.get(self, "infrastructures") + def enabled(self) -> Optional[bool]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") - @infrastructures.setter - def infrastructures(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureArgs']]): - pulumi.set(self, "infrastructures", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property @pulumi.getter - def workloads(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadArgs']]: - return pulumi.get(self, "workloads") - - @workloads.setter - def workloads(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadArgs']]): - pulumi.set(self, "workloads", value) - + def ipcmode(self) -> Optional[bool]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") -@pulumi.input_type -class GetApplicationScopeCategoryArtifactArgs: - def __init__(__self__, *, - cfs: Optional[Sequence['GetApplicationScopeCategoryArtifactCfArgs']] = None, - functions: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionArgs']] = None, - images: Optional[Sequence['GetApplicationScopeCategoryArtifactImageArgs']] = None): - if cfs is not None: - pulumi.set(__self__, "cfs", cfs) - if functions is not None: - pulumi.set(__self__, "functions", functions) - if images is not None: - pulumi.set(__self__, "images", images) + @ipcmode.setter + def ipcmode(self, value: Optional[bool]): + pulumi.set(self, "ipcmode", value) @property @pulumi.getter - def cfs(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactCfArgs']]: - return pulumi.get(self, "cfs") + def netmode(self) -> Optional[bool]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") - @cfs.setter - def cfs(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactCfArgs']]): - pulumi.set(self, "cfs", value) + @netmode.setter + def netmode(self, value: Optional[bool]): + pulumi.set(self, "netmode", value) @property @pulumi.getter - def functions(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionArgs']]: - return pulumi.get(self, "functions") + def pidmode(self) -> Optional[bool]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") - @functions.setter - def functions(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionArgs']]): - pulumi.set(self, "functions", value) + @pidmode.setter + def pidmode(self, value: Optional[bool]): + pulumi.set(self, "pidmode", value) @property - @pulumi.getter - def images(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactImageArgs']]: - return pulumi.get(self, "images") - - @images.setter - def images(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactImageArgs']]): - pulumi.set(self, "images", value) - + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[bool]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") -@pulumi.input_type -class GetApplicationScopeCategoryArtifactCfArgs: - def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryArtifactCfVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @prevent_low_port_binding.setter + def prevent_low_port_binding(self, value: Optional[bool]): + pulumi.set(self, "prevent_low_port_binding", value) @property - @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[bool]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @prevent_root_user.setter + def prevent_root_user(self, value: Optional[bool]): + pulumi.set(self, "prevent_root_user", value) @property @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactCfVariableArgs']]: - return pulumi.get(self, "variables") + def privileged(self) -> Optional[bool]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactCfVariableArgs']]): - pulumi.set(self, "variables", value) + @privileged.setter + def privileged(self, value: Optional[bool]): + pulumi.set(self, "privileged", value) + @property + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[bool]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") -@pulumi.input_type -class GetApplicationScopeCategoryArtifactCfVariableArgs: - def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + @use_host_user.setter + def use_host_user(self, value: Optional[bool]): + pulumi.set(self, "use_host_user", value) @property @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + def usermode(self) -> Optional[bool]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @usermode.setter + def usermode(self, value: Optional[bool]): + pulumi.set(self, "usermode", value) @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def utsmode(self) -> Optional[bool]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @utsmode.setter + def utsmode(self, value: Optional[bool]): + pulumi.set(self, "utsmode", value) @pulumi.input_type -class GetApplicationScopeCategoryArtifactFunctionArgs: +class GetContainerRuntimePolicyMalwareScanOptionArgs: def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): + """ + :param str action: Set Action, Defaults to 'Alert' when empty + :param bool enabled: Defines if enabled or not + :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. + :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) @property @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + def action(self) -> Optional[str]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @action.setter + def action(self, value: Optional[str]): + pulumi.set(self, "action", value) @property @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionVariableArgs']]: - return pulumi.get(self, "variables") + def enabled(self) -> Optional[bool]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactFunctionVariableArgs']]): - pulumi.set(self, "variables", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) + @property + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") -@pulumi.input_type -class GetApplicationScopeCategoryArtifactFunctionVariableArgs: - def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + @exclude_directories.setter + def exclude_directories(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exclude_directories", value) @property - @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[Sequence[str]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @exclude_processes.setter + def exclude_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exclude_processes", value) @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @include_directories.setter + def include_directories(self, value: Optional[Sequence[str]]): + pulumi.set(self, "include_directories", value) @pulumi.input_type -class GetApplicationScopeCategoryArtifactImageArgs: +class GetContainerRuntimePolicyPortBlockArgs: def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryArtifactImageVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + block_inbound_ports: Optional[Sequence[str]] = None, + block_outbound_ports: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_inbound_ports") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @block_inbound_ports.setter + def block_inbound_ports(self, value: Optional[Sequence[str]]): + pulumi.set(self, "block_inbound_ports", value) + + @property + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_outbound_ports") + + @block_outbound_ports.setter + def block_outbound_ports(self, value: Optional[Sequence[str]]): + pulumi.set(self, "block_outbound_ports", value) @property @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryArtifactImageVariableArgs']]: - return pulumi.get(self, "variables") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryArtifactImageVariableArgs']]): - pulumi.set(self, "variables", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @pulumi.input_type -class GetApplicationScopeCategoryArtifactImageVariableArgs: +class GetContainerRuntimePolicyReadonlyFilesArgs: def __init__(__self__, *, - attribute: Optional[str] = None, - value: Optional[str] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + enabled: Optional[bool] = None, + exceptional_readonly_files: Optional[Sequence[str]] = None, + exceptional_readonly_files_processes: Optional[Sequence[str]] = None, + exceptional_readonly_files_users: Optional[Sequence[str]] = None, + readonly_files: Optional[Sequence[str]] = None, + readonly_files_processes: Optional[Sequence[str]] = None, + readonly_files_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) @property @pulumi.getter - def attribute(self) -> Optional[str]: - return pulumi.get(self, "attribute") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") - @attribute.setter - def attribute(self, value: Optional[str]): - pulumi.set(self, "attribute", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @exceptional_readonly_files.setter + def exceptional_readonly_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_readonly_files", value) + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_processes") -@pulumi.input_type -class GetApplicationScopeCategoryEntityScopeArgs: - def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryEntityScopeVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @exceptional_readonly_files_processes.setter + def exceptional_readonly_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_readonly_files_processes", value) @property - @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_users") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @exceptional_readonly_files_users.setter + def exceptional_readonly_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_readonly_files_users", value) @property - @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryEntityScopeVariableArgs']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryEntityScopeVariableArgs']]): - pulumi.set(self, "variables", value) + @readonly_files.setter + def readonly_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_processes") + + @readonly_files_processes.setter + def readonly_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "readonly_files_processes", value) + + @property + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_users") + + @readonly_files_users.setter + def readonly_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "readonly_files_users", value) @pulumi.input_type -class GetApplicationScopeCategoryEntityScopeVariableArgs: +class GetContainerRuntimePolicyRestrictedVolumeArgs: def __init__(__self__, *, - attribute: str, - value: str): - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) + enabled: Optional[bool] = None, + volumes: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether restricted volumes are enabled. + :param Sequence[str] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) @property @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + def enabled(self) -> Optional[bool]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property @pulumi.getter - def value(self) -> str: - return pulumi.get(self, "value") + def volumes(self) -> Optional[Sequence[str]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") - @value.setter - def value(self, value: str): - pulumi.set(self, "value", value) + @volumes.setter + def volumes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "volumes", value) @pulumi.input_type -class GetApplicationScopeCategoryInfrastructureArgs: +class GetFirewallPolicyOutboundNetworkArgs: def __init__(__self__, *, - kubernetes: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteArgs']] = None, - os: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOArgs']] = None): - if kubernetes is not None: - pulumi.set(__self__, "kubernetes", kubernetes) - if os is not None: - pulumi.set(__self__, "os", os) - - @property - @pulumi.getter - def kubernetes(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteArgs']]: - return pulumi.get(self, "kubernetes") - - @kubernetes.setter - def kubernetes(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteArgs']]): - pulumi.set(self, "kubernetes", value) + allow: bool, + port_range: str, + resource: str, + resource_type: str): + """ + :param bool allow: Indicates whether the specified resources are allowed to receive data or requests. + :param str port_range: Range of ports affected by firewall. + :param str resource: Information of the resource. + :param str resource_type: Type of the resource. + """ + pulumi.set(__self__, "allow", allow) + pulumi.set(__self__, "port_range", port_range) + pulumi.set(__self__, "resource", resource) + pulumi.set(__self__, "resource_type", resource_type) @property @pulumi.getter - def os(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureOArgs']]: - return pulumi.get(self, "os") + def allow(self) -> bool: + """ + Indicates whether the specified resources are allowed to receive data or requests. + """ + return pulumi.get(self, "allow") - @os.setter - def os(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOArgs']]): - pulumi.set(self, "os", value) + @allow.setter + def allow(self, value: bool): + pulumi.set(self, "allow", value) + @property + @pulumi.getter(name="portRange") + def port_range(self) -> str: + """ + Range of ports affected by firewall. + """ + return pulumi.get(self, "port_range") -@pulumi.input_type -class GetApplicationScopeCategoryInfrastructureKuberneteArgs: - def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @port_range.setter + def port_range(self, value: str): + pulumi.set(self, "port_range", value) @property @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + def resource(self) -> str: + """ + Information of the resource. + """ + return pulumi.get(self, "resource") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @resource.setter + def resource(self, value: str): + pulumi.set(self, "resource", value) @property - @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="resourceType") + def resource_type(self) -> str: + """ + Type of the resource. + """ + return pulumi.get(self, "resource_type") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs']]): - pulumi.set(self, "variables", value) + @resource_type.setter + def resource_type(self, value: str): + pulumi.set(self, "resource_type", value) @pulumi.input_type -class GetApplicationScopeCategoryInfrastructureKuberneteVariableArgs: +class GetFunctionRuntimePolicyDriftPreventionArgs: def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + enabled: Optional[bool] = None, + exec_lockdown: Optional[bool] = None, + exec_lockdown_white_lists: Optional[Sequence[str]] = None, + image_lockdown: Optional[bool] = None): + """ + :param bool enabled: Whether drift prevention is enabled. + :param bool exec_lockdown: Whether to lockdown execution drift. + :param Sequence[str] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param bool image_lockdown: Whether to lockdown image drift. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) @property @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + def enabled(self) -> Optional[bool]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") - - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) - + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown execution drift. + """ + return pulumi.get(self, "exec_lockdown") -@pulumi.input_type -class GetApplicationScopeCategoryInfrastructureOArgs: - def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @exec_lockdown.setter + def exec_lockdown(self, value: Optional[bool]): + pulumi.set(self, "exec_lockdown", value) @property - @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[Sequence[str]]: + """ + List of items in the execution lockdown white list. + """ + return pulumi.get(self, "exec_lockdown_white_lists") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @exec_lockdown_white_lists.setter + def exec_lockdown_white_lists(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exec_lockdown_white_lists", value) @property - @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryInfrastructureOVariableArgs']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown image drift. + """ + return pulumi.get(self, "image_lockdown") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryInfrastructureOVariableArgs']]): - pulumi.set(self, "variables", value) + @image_lockdown.setter + def image_lockdown(self, value: Optional[bool]): + pulumi.set(self, "image_lockdown", value) @pulumi.input_type -class GetApplicationScopeCategoryInfrastructureOVariableArgs: +class GetFunctionRuntimePolicyExecutableBlacklistArgs: def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + enabled: Optional[bool] = None, + executables: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether the executable blacklist is enabled. + :param Sequence[str] executables: List of blacklisted executables. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) @property @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + def enabled(self) -> Optional[bool]: + """ + Whether the executable blacklist is enabled. + """ + return pulumi.get(self, "enabled") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def executables(self) -> Optional[Sequence[str]]: + """ + List of blacklisted executables. + """ + return pulumi.get(self, "executables") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @executables.setter + def executables(self, value: Optional[Sequence[str]]): + pulumi.set(self, "executables", value) @pulumi.input_type -class GetApplicationScopeCategoryWorkloadArgs: +class GetHostRuntimePolicyAuditingArgs: def __init__(__self__, *, - cfs: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfArgs']] = None, - kubernetes: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteArgs']] = None, - os: Optional[Sequence['GetApplicationScopeCategoryWorkloadOArgs']] = None): - if cfs is not None: - pulumi.set(__self__, "cfs", cfs) - if kubernetes is not None: - pulumi.set(__self__, "kubernetes", kubernetes) - if os is not None: - pulumi.set(__self__, "os", os) + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter - def cfs(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadCfArgs']]: - return pulumi.get(self, "cfs") + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") - @cfs.setter - def cfs(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfArgs']]): - pulumi.set(self, "cfs", value) + @audit_all_network.setter + def audit_all_network(self, value: Optional[bool]): + pulumi.set(self, "audit_all_network", value) @property - @pulumi.getter - def kubernetes(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteArgs']]: - return pulumi.get(self, "kubernetes") + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") - @kubernetes.setter - def kubernetes(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteArgs']]): - pulumi.set(self, "kubernetes", value) + @audit_all_processes.setter + def audit_all_processes(self, value: Optional[bool]): + pulumi.set(self, "audit_all_processes", value) @property - @pulumi.getter - def os(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadOArgs']]: - return pulumi.get(self, "os") - - @os.setter - def os(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadOArgs']]): - pulumi.set(self, "os", value) + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") - -@pulumi.input_type -class GetApplicationScopeCategoryWorkloadCfArgs: - def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @audit_failed_login.setter + def audit_failed_login(self, value: Optional[bool]): + pulumi.set(self, "audit_failed_login", value) @property - @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @audit_os_user_activity.setter + def audit_os_user_activity(self, value: Optional[bool]): + pulumi.set(self, "audit_os_user_activity", value) @property - @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadCfVariableArgs']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadCfVariableArgs']]): - pulumi.set(self, "variables", value) + @audit_process_cmdline.setter + def audit_process_cmdline(self, value: Optional[bool]): + pulumi.set(self, "audit_process_cmdline", value) + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") -@pulumi.input_type -class GetApplicationScopeCategoryWorkloadCfVariableArgs: - def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + @audit_success_login.setter + def audit_success_login(self, value: Optional[bool]): + pulumi.set(self, "audit_success_login", value) @property - @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @audit_user_account_management.setter + def audit_user_account_management(self, value: Optional[bool]): + pulumi.set(self, "audit_user_account_management", value) @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @pulumi.input_type -class GetApplicationScopeCategoryWorkloadKuberneteArgs: +class GetHostRuntimePolicyFileIntegrityMonitoringArgs: def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) @property @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + def enabled(self) -> Optional[bool]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteVariableArgs']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") + + @exceptional_monitored_files.setter + def exceptional_monitored_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_monitored_files", value) - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadKuberneteVariableArgs']]): - pulumi.set(self, "variables", value) + @property + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") + @exceptional_monitored_files_processes.setter + def exceptional_monitored_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_monitored_files_processes", value) -@pulumi.input_type -class GetApplicationScopeCategoryWorkloadKuberneteVariableArgs: - def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + @property + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") + + @exceptional_monitored_files_users.setter + def exceptional_monitored_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_monitored_files_users", value) @property - @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @monitored_files.setter + def monitored_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "monitored_files", value) @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @monitored_files_attributes.setter + def monitored_files_attributes(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_attributes", value) + @property + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") -@pulumi.input_type -class GetApplicationScopeCategoryWorkloadOArgs: - def __init__(__self__, *, - expression: str, - variables: Optional[Sequence['GetApplicationScopeCategoryWorkloadOVariableArgs']] = None): - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @monitored_files_create.setter + def monitored_files_create(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_create", value) @property - @pulumi.getter - def expression(self) -> str: - return pulumi.get(self, "expression") + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") - @expression.setter - def expression(self, value: str): - pulumi.set(self, "expression", value) + @monitored_files_delete.setter + def monitored_files_delete(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_delete", value) @property - @pulumi.getter - def variables(self) -> Optional[Sequence['GetApplicationScopeCategoryWorkloadOVariableArgs']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") - @variables.setter - def variables(self, value: Optional[Sequence['GetApplicationScopeCategoryWorkloadOVariableArgs']]): - pulumi.set(self, "variables", value) + @monitored_files_modify.setter + def monitored_files_modify(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_modify", value) + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") -@pulumi.input_type -class GetApplicationScopeCategoryWorkloadOVariableArgs: - def __init__(__self__, *, - attribute: str, - value: Optional[str] = None): - pulumi.set(__self__, "attribute", attribute) - if value is not None: - pulumi.set(__self__, "value", value) + @monitored_files_processes.setter + def monitored_files_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "monitored_files_processes", value) @property - @pulumi.getter - def attribute(self) -> str: - return pulumi.get(self, "attribute") + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") - @attribute.setter - def attribute(self, value: str): - pulumi.set(self, "attribute", value) + @monitored_files_read.setter + def monitored_files_read(self, value: Optional[bool]): + pulumi.set(self, "monitored_files_read", value) @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") - @value.setter - def value(self, value: Optional[str]): - pulumi.set(self, "value", value) + @monitored_files_users.setter + def monitored_files_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "monitored_files_users", value) @pulumi.input_type -class GetContainerRuntimePolicyMalwareScanOptionArgs: +class GetHostRuntimePolicyMalwareScanOptionArgs: def __init__(__self__, *, - action: str, - enabled: bool, - exclude_directories: Sequence[str], - exclude_processes: Sequence[str]): + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): """ :param str action: Set Action, Defaults to 'Alert' when empty :param bool enabled: Defines if enabled or not :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. """ - pulumi.set(__self__, "action", action) - pulumi.set(__self__, "enabled", enabled) - pulumi.set(__self__, "exclude_directories", exclude_directories) - pulumi.set(__self__, "exclude_processes", exclude_processes) + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) @property @pulumi.getter - def action(self) -> str: + def action(self) -> Optional[str]: """ Set Action, Defaults to 'Alert' when empty """ return pulumi.get(self, "action") @action.setter - def action(self, value: str): + def action(self, value: Optional[str]): pulumi.set(self, "action", value) @property @pulumi.getter - def enabled(self) -> bool: + def enabled(self) -> Optional[bool]: """ Defines if enabled or not """ return pulumi.get(self, "enabled") @enabled.setter - def enabled(self, value: bool): + def enabled(self, value: Optional[bool]): pulumi.set(self, "enabled", value) @property @pulumi.getter(name="excludeDirectories") - def exclude_directories(self) -> Sequence[str]: + def exclude_directories(self) -> Optional[Sequence[str]]: """ List of registry paths to be excluded from being protected. """ return pulumi.get(self, "exclude_directories") @exclude_directories.setter - def exclude_directories(self, value: Sequence[str]): + def exclude_directories(self, value: Optional[Sequence[str]]): pulumi.set(self, "exclude_directories", value) @property @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Sequence[str]: + def exclude_processes(self) -> Optional[Sequence[str]]: """ List of registry processes to be excluded from being protected. """ return pulumi.get(self, "exclude_processes") @exclude_processes.setter - def exclude_processes(self, value: Sequence[str]): + def exclude_processes(self, value: Optional[Sequence[str]]): pulumi.set(self, "exclude_processes", value) + @property + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") + + @include_directories.setter + def include_directories(self, value: Optional[Sequence[str]]): + pulumi.set(self, "include_directories", value) + @pulumi.input_type -class GetFirewallPolicyOutboundNetworkArgs: +class GetHostRuntimePolicyPackageBlockArgs: def __init__(__self__, *, - allow: bool, - port_range: str, - resource: str, - resource_type: str): - """ - :param bool allow: Indicates whether the specified resources are allowed to receive data or requests. - :param str port_range: Range of ports affected by firewall. - :param str resource: Information of the resource. - :param str resource_type: Type of the resource. - """ - pulumi.set(__self__, "allow", allow) - pulumi.set(__self__, "port_range", port_range) - pulumi.set(__self__, "resource", resource) - pulumi.set(__self__, "resource_type", resource_type) + block_packages_processes: Optional[Sequence[str]] = None, + block_packages_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_packages_files: Optional[Sequence[str]] = None, + exceptional_block_packages_processes: Optional[Sequence[str]] = None, + exceptional_block_packages_users: Optional[Sequence[str]] = None, + packages_black_lists: Optional[Sequence[str]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + + @property + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_processes") + + @block_packages_processes.setter + def block_packages_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "block_packages_processes", value) + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_users") + + @block_packages_users.setter + def block_packages_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "block_packages_users", value) @property @pulumi.getter - def allow(self) -> bool: - """ - Indicates whether the specified resources are allowed to receive data or requests. - """ - return pulumi.get(self, "allow") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") - @allow.setter - def allow(self, value: bool): - pulumi.set(self, "allow", value) + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) @property - @pulumi.getter(name="portRange") - def port_range(self) -> str: - """ - Range of ports affected by firewall. - """ - return pulumi.get(self, "port_range") + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_files") - @port_range.setter - def port_range(self, value: str): - pulumi.set(self, "port_range", value) + @exceptional_block_packages_files.setter + def exceptional_block_packages_files(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_block_packages_files", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_processes") + + @exceptional_block_packages_processes.setter + def exceptional_block_packages_processes(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_block_packages_processes", value) + + @property + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_users") + + @exceptional_block_packages_users.setter + def exceptional_block_packages_users(self, value: Optional[Sequence[str]]): + pulumi.set(self, "exceptional_block_packages_users", value) + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "packages_black_lists") + + @packages_black_lists.setter + def packages_black_lists(self, value: Optional[Sequence[str]]): + pulumi.set(self, "packages_black_lists", value) + + +@pulumi.input_type +class GetIntegrationRegistriesOptionArgs: + def __init__(__self__, *, + option: Optional[str] = None, + value: Optional[str] = None): + if option is not None: + pulumi.set(__self__, "option", option) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def resource(self) -> str: - """ - Information of the resource. - """ - return pulumi.get(self, "resource") + def option(self) -> Optional[str]: + return pulumi.get(self, "option") - @resource.setter - def resource(self, value: str): - pulumi.set(self, "resource", value) + @option.setter + def option(self, value: Optional[str]): + pulumi.set(self, "option", value) @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> str: - """ - Type of the resource. - """ - return pulumi.get(self, "resource_type") + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") - @resource_type.setter - def resource_type(self, value: str): - pulumi.set(self, "resource_type", value) + @value.setter + def value(self, value: Optional[str]): + pulumi.set(self, "value", value) + + +@pulumi.input_type +class GetIntegrationRegistriesWebhookArgs: + def __init__(__self__, *, + auth_token: Optional[str] = None, + enabled: Optional[bool] = None, + un_quarantine: Optional[bool] = None, + url: Optional[str] = None): + if auth_token is not None: + pulumi.set(__self__, "auth_token", auth_token) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if un_quarantine is not None: + pulumi.set(__self__, "un_quarantine", un_quarantine) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="authToken") + def auth_token(self) -> Optional[str]: + return pulumi.get(self, "auth_token") + + @auth_token.setter + def auth_token(self, value: Optional[str]): + pulumi.set(self, "auth_token", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[bool]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter(name="unQuarantine") + def un_quarantine(self) -> Optional[bool]: + return pulumi.get(self, "un_quarantine") + + @un_quarantine.setter + def un_quarantine(self, value: Optional[bool]): + pulumi.set(self, "un_quarantine", value) + + @property + @pulumi.getter + def url(self) -> Optional[str]: + return pulumi.get(self, "url") + + @url.setter + def url(self, value: Optional[str]): + pulumi.set(self, "url", value) @pulumi.input_type @@ -6797,9 +14595,6 @@ def __init__(__self__, *, enabled: Optional[bool] = None, un_quarantine: Optional[bool] = None, url: Optional[str] = None): - """ - :param str url: The URL, address or region of the registry - """ if auth_token is not None: pulumi.set(__self__, "auth_token", auth_token) if enabled is not None: @@ -6839,9 +14634,6 @@ def un_quarantine(self, value: Optional[bool]): @property @pulumi.getter def url(self) -> Optional[str]: - """ - The URL, address or region of the registry - """ return pulumi.get(self, "url") @url.setter diff --git a/sdk/python/pulumiverse_aquasec/_utilities.py b/sdk/python/pulumiverse_aquasec/_utilities.py index dc36f0ff..417d697e 100644 --- a/sdk/python/pulumiverse_aquasec/_utilities.py +++ b/sdk/python/pulumiverse_aquasec/_utilities.py @@ -3,6 +3,7 @@ # *** Do not edit by hand unless you're certain you know what you are doing! *** +import asyncio import importlib.util import inspect import json @@ -13,6 +14,7 @@ import pulumi import pulumi.runtime +from pulumi.runtime.sync_await import _sync_await from semver import VersionInfo as SemverVersion from parver import Version as PEP440Version @@ -246,5 +248,44 @@ def lifted_func(*args, opts=None, **kwargs): return (lambda _: lifted_func) + +def call_plain( + tok: str, + props: pulumi.Inputs, + res: typing.Optional[pulumi.Resource] = None, + typ: typing.Optional[type] = None, +) -> typing.Any: + """ + Wraps pulumi.runtime.plain to force the output and return it plainly. + """ + + output = pulumi.runtime.call(tok, props, res, typ) + + # Ingoring deps silently. They are typically non-empty, r.f() calls include r as a dependency. + result, known, secret, _ = _sync_await(asyncio.ensure_future(_await_output(output))) + + problem = None + if not known: + problem = ' an unknown value' + elif secret: + problem = ' a secret value' + + if problem: + raise AssertionError( + f"Plain resource method '{tok}' incorrectly returned {problem}. " + + "This is an error in the provider, please report this to the provider developer." + ) + + return result + + +async def _await_output(o: pulumi.Output[typing.Any]) -> typing.Tuple[object, bool, bool, set]: + return ( + await o._future, + await o._is_known, + await o._is_secret, + await o._resources, + ) + def get_plugin_download_url(): return "github://api.github.com/pulumiverse/pulumi-aquasec" diff --git a/sdk/python/pulumiverse_aquasec/config/__init__.pyi b/sdk/python/pulumiverse_aquasec/config/__init__.pyi index c6f812a6..29711bc6 100644 --- a/sdk/python/pulumiverse_aquasec/config/__init__.pyi +++ b/sdk/python/pulumiverse_aquasec/config/__init__.pyi @@ -38,7 +38,7 @@ This is the user id that should be used to make the connection. Can alternativel environment variable. """ -verifyTls: Optional[bool] +verifyTls: bool """ If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can alternatively be sourced from the `AQUA_TLS_VERIFY` environment variable. diff --git a/sdk/python/pulumiverse_aquasec/config/vars.py b/sdk/python/pulumiverse_aquasec/config/vars.py index 74d160c9..7d97f471 100644 --- a/sdk/python/pulumiverse_aquasec/config/vars.py +++ b/sdk/python/pulumiverse_aquasec/config/vars.py @@ -20,7 +20,7 @@ def aqua_url(self) -> Optional[str]: """ This is the base URL of your Aqua instance. Can alternatively be sourced from the `AQUA_URL` environment variable. """ - return __config__.get('aquaUrl') + return __config__.get('aquaUrl') or _utilities.get_env('AQUA_URL') @property def ca_certificate_path(self) -> Optional[str]: @@ -28,7 +28,7 @@ def ca_certificate_path(self) -> Optional[str]: This is the file path for server CA certificates if they are not available on the host OS. Can alternatively be sourced from the `AQUA_CA_CERT_PATH` environment variable. """ - return __config__.get('caCertificatePath') + return __config__.get('caCertificatePath') or _utilities.get_env('AQUA_CA_CERT_PATH') @property def config_path(self) -> Optional[str]: @@ -36,7 +36,7 @@ def config_path(self) -> Optional[str]: This is the file path for Aqua provider configuration. The default configuration path is `~/.aqua/tf.config`. Can alternatively be sourced from the `AQUA_CONFIG` environment variable. """ - return __config__.get('configPath') + return __config__.get('configPath') or _utilities.get_env('AQUA_CONFIG') @property def password(self) -> Optional[str]: @@ -44,7 +44,7 @@ def password(self) -> Optional[str]: This is the password that should be used to make the connection. Can alternatively be sourced from the `AQUA_PASSWORD` environment variable. """ - return __config__.get('password') + return __config__.get('password') or _utilities.get_env('AQUA_PASSWORD') @property def username(self) -> Optional[str]: @@ -52,13 +52,13 @@ def username(self) -> Optional[str]: This is the user id that should be used to make the connection. Can alternatively be sourced from the `AQUA_USER` environment variable. """ - return __config__.get('username') + return __config__.get('username') or _utilities.get_env('AQUA_USER') @property - def verify_tls(self) -> Optional[bool]: + def verify_tls(self) -> bool: """ If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can alternatively be sourced from the `AQUA_TLS_VERIFY` environment variable. """ - return __config__.get_bool('verifyTls') + return __config__.get_bool('verifyTls') or (_utilities.get_env_bool('AQUA_TLS_VERIFY') or True) diff --git a/sdk/python/pulumiverse_aquasec/container_runtime_policy.py b/sdk/python/pulumiverse_aquasec/container_runtime_policy.py index 78f7f8e1..d525205f 100644 --- a/sdk/python/pulumiverse_aquasec/container_runtime_policy.py +++ b/sdk/python/pulumiverse_aquasec/container_runtime_policy.py @@ -16,25 +16,27 @@ @pulumi.input_type class ContainerRuntimePolicyArgs: def __init__(__self__, *, - allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, audit_all_network_activity: Optional[pulumi.Input[bool]] = None, audit_all_processes_activity: Optional[pulumi.Input[bool]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input['ContainerRuntimePolicyAuditingArgs']] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input['ContainerRuntimePolicyBlacklistedOsUsersArgs']] = None, block_access_host_network: Optional[pulumi.Input[bool]] = None, block_adding_capabilities: Optional[pulumi.Input[bool]] = None, block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, block_fileless_exec: Optional[pulumi.Input[bool]] = None, block_low_port_binding: Optional[pulumi.Input[bool]] = None, - block_non_compliant_images: Optional[pulumi.Input[bool]] = None, block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, block_privileged_containers: Optional[pulumi.Input[bool]] = None, - block_reverse_shell: Optional[pulumi.Input[bool]] = None, block_root_user: Optional[pulumi.Input[bool]] = None, - block_unregistered_images: Optional[pulumi.Input[bool]] = None, block_use_ipc_namespace: Optional[pulumi.Input[bool]] = None, block_use_pid_namespace: Optional[pulumi.Input[bool]] = None, block_use_user_namespace: Optional[pulumi.Input[bool]] = None, @@ -46,49 +48,86 @@ def __init__(__self__, *, blocked_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_packages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]]] = None, + container_exec: Optional[pulumi.Input['ContainerRuntimePolicyContainerExecArgs']] = None, container_exec_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_drift_prevention: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, enable_fork_guard: Optional[pulumi.Input[bool]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, - enable_port_scan_detection: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, - exceptional_readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input['ContainerRuntimePolicyFailedKubernetesChecksArgs']] = None, + file_block: Optional[pulumi.Input['ContainerRuntimePolicyFileBlockArgs']] = None, file_integrity_monitoring: Optional[pulumi.Input['ContainerRuntimePolicyFileIntegrityMonitoringArgs']] = None, fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]] = None, limit_new_privileges: Optional[pulumi.Input[bool]] = None, + linux_capabilities: Optional[pulumi.Input['ContainerRuntimePolicyLinuxCapabilitiesArgs']] = None, malware_scan_options: Optional[pulumi.Input['ContainerRuntimePolicyMalwareScanOptionsArgs']] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, - readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input['ContainerRuntimePolicyPackageBlockArgs']] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input['ContainerRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyFilesArgs']] = None, + readonly_registry: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyRegistryArgs']] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input['ContainerRuntimePolicyRegistryAccessMonitoringArgs']] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]]] = None, + reverse_shell: Optional[pulumi.Input['ContainerRuntimePolicyReverseShellArgs']] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, - scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]] = None): + scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]]] = None, + system_integrity_protection: Optional[pulumi.Input['ContainerRuntimePolicySystemIntegrityProtectionArgs']] = None, + tripwire: Optional[pulumi.Input['ContainerRuntimePolicyTripwireArgs']] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input['ContainerRuntimePolicyWhitelistedOsUsersArgs']] = None): """ The set of arguments for constructing a ContainerRuntimePolicy resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_executables: List of executables that are allowed for the user. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of registries that allowed for running containers. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. :param pulumi.Input[bool] audit_all_network_activity: If true, all network activity will be audited. :param pulumi.Input[bool] audit_all_processes_activity: If true, all process activity will be audited. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. + :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_access_host_network: If true, prevent containers from running with access to host network. :param pulumi.Input[bool] block_adding_capabilities: If true, prevent containers from running with adding capabilities with `--cap-add` privilege. :param pulumi.Input[bool] block_container_exec: If true, exec into a container is prevented. :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[bool] block_fileless_exec: Detect and prevent running in-memory execution :param pulumi.Input[bool] block_low_port_binding: If true, prevent containers from running with the capability to bind in port lower than 1024. - :param pulumi.Input[bool] block_non_compliant_images: If true, running non-compliant image in the container is prevented. :param pulumi.Input[bool] block_non_compliant_workloads: If true, running containers in non-compliant pods is prevented. :param pulumi.Input[bool] block_non_k8s_containers: If true, running non-kubernetes containers is prevented. :param pulumi.Input[bool] block_privileged_containers: If true, prevent containers from running with privileged container capability. - :param pulumi.Input[bool] block_reverse_shell: If true, reverse shell is prevented. :param pulumi.Input[bool] block_root_user: If true, prevent containers from running with root user. - :param pulumi.Input[bool] block_unregistered_images: If true, running images in the container that are not registered in Aqua is prevented. :param pulumi.Input[bool] block_use_ipc_namespace: If true, prevent containers from running with the privilege to use the IPC namespace. :param pulumi.Input[bool] block_use_pid_namespace: If true, prevent containers from running with the privilege to use the PID namespace. :param pulumi.Input[bool] block_use_user_namespace: If true, prevent containers from running with the privilege to use the user namespace. @@ -100,28 +139,27 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_outbound_ports: List of blocked outbound ports. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_packages: Prevent containers from reading, writing, or executing all files in the list of packages. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_volumes: List of volumes that are prevented from being mounted in the containers. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] container_exec_allowed_processes: List of processes that will be allowed. :param pulumi.Input[str] description: The description of the container runtime policy - :param pulumi.Input[bool] enable_drift_prevention: If true, executables that are not in the original image is prevented from running. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]] drift_preventions: Drift prevention configuration. :param pulumi.Input[bool] enable_fork_guard: If true, fork bombs are prevented in the containers. - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enable_port_scan_detection: If true, detects port scanning behavior in the container. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_readonly_files_and_directories: List of files and directories to be excluded from the read-only list. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: Specify processes that will be allowed + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input['ContainerRuntimePolicyFileIntegrityMonitoringArgs'] file_integrity_monitoring: Configuration for file integrity monitoring. :param pulumi.Input[int] fork_guard_process_limit: Process limit for the fork guard. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]] limit_container_privileges: Container privileges configuration. :param pulumi.Input[bool] limit_new_privileges: If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) :param pulumi.Input['ContainerRuntimePolicyMalwareScanOptionsArgs'] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. - :param pulumi.Input[str] name: Name of the container runtime policy - :param pulumi.Input[Sequence[pulumi.Input[str]]] readonly_files_and_directories: List of files and directories to be restricted as read-only - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_ips: List of IPs/ CIDRs that will be allowed - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_processes: List of processes that will be allowed + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]] scopes: Scope configuration. """ if allowed_executables is not None: pulumi.set(__self__, "allowed_executables", allowed_executables) @@ -133,8 +171,16 @@ def __init__(__self__, *, pulumi.set(__self__, "audit_all_network_activity", audit_all_network_activity) if audit_all_processes_activity is not None: pulumi.set(__self__, "audit_all_processes_activity", audit_all_processes_activity) + if audit_brute_force_login is not None: + pulumi.set(__self__, "audit_brute_force_login", audit_brute_force_login) if audit_full_command_arguments is not None: pulumi.set(__self__, "audit_full_command_arguments", audit_full_command_arguments) + if auditing is not None: + pulumi.set(__self__, "auditing", auditing) + if author is not None: + pulumi.set(__self__, "author", author) + if blacklisted_os_users is not None: + pulumi.set(__self__, "blacklisted_os_users", blacklisted_os_users) if block_access_host_network is not None: pulumi.set(__self__, "block_access_host_network", block_access_host_network) if block_adding_capabilities is not None: @@ -143,24 +189,20 @@ def __init__(__self__, *, pulumi.set(__self__, "block_container_exec", block_container_exec) if block_cryptocurrency_mining is not None: pulumi.set(__self__, "block_cryptocurrency_mining", block_cryptocurrency_mining) + if block_disallowed_images is not None: + pulumi.set(__self__, "block_disallowed_images", block_disallowed_images) if block_fileless_exec is not None: pulumi.set(__self__, "block_fileless_exec", block_fileless_exec) if block_low_port_binding is not None: pulumi.set(__self__, "block_low_port_binding", block_low_port_binding) - if block_non_compliant_images is not None: - pulumi.set(__self__, "block_non_compliant_images", block_non_compliant_images) if block_non_compliant_workloads is not None: pulumi.set(__self__, "block_non_compliant_workloads", block_non_compliant_workloads) if block_non_k8s_containers is not None: pulumi.set(__self__, "block_non_k8s_containers", block_non_k8s_containers) if block_privileged_containers is not None: pulumi.set(__self__, "block_privileged_containers", block_privileged_containers) - if block_reverse_shell is not None: - pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) if block_root_user is not None: pulumi.set(__self__, "block_root_user", block_root_user) - if block_unregistered_images is not None: - pulumi.set(__self__, "block_unregistered_images", block_unregistered_images) if block_use_ipc_namespace is not None: pulumi.set(__self__, "block_use_ipc_namespace", block_use_ipc_namespace) if block_use_pid_namespace is not None: @@ -183,73 +225,149 @@ def __init__(__self__, *, pulumi.set(__self__, "blocked_packages", blocked_packages) if blocked_volumes is not None: pulumi.set(__self__, "blocked_volumes", blocked_volumes) + if bypass_scopes is not None: + pulumi.set(__self__, "bypass_scopes", bypass_scopes) + if container_exec is not None: + pulumi.set(__self__, "container_exec", container_exec) if container_exec_allowed_processes is not None: pulumi.set(__self__, "container_exec_allowed_processes", container_exec_allowed_processes) + if created is not None: + pulumi.set(__self__, "created", created) + if cve is not None: + pulumi.set(__self__, "cve", cve) + if default_security_profile is not None: + pulumi.set(__self__, "default_security_profile", default_security_profile) if description is not None: pulumi.set(__self__, "description", description) - if enable_drift_prevention is not None: - pulumi.set(__self__, "enable_drift_prevention", enable_drift_prevention) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if drift_preventions is not None: + pulumi.set(__self__, "drift_preventions", drift_preventions) + if enable_crypto_mining_dns is not None: + pulumi.set(__self__, "enable_crypto_mining_dns", enable_crypto_mining_dns) if enable_fork_guard is not None: pulumi.set(__self__, "enable_fork_guard", enable_fork_guard) - if enable_ip_reputation_security is not None: - pulumi.set(__self__, "enable_ip_reputation_security", enable_ip_reputation_security) - if enable_port_scan_detection is not None: - pulumi.set(__self__, "enable_port_scan_detection", enable_port_scan_detection) + if enable_ip_reputation is not None: + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) + if enable_port_scan_protection is not None: + pulumi.set(__self__, "enable_port_scan_protection", enable_port_scan_protection) if enabled is not None: pulumi.set(__self__, "enabled", enabled) if enforce is not None: pulumi.set(__self__, "enforce", enforce) if enforce_after_days is not None: pulumi.set(__self__, "enforce_after_days", enforce_after_days) - if exceptional_readonly_files_and_directories is not None: - pulumi.set(__self__, "exceptional_readonly_files_and_directories", exceptional_readonly_files_and_directories) - if exec_lockdown_white_lists is not None: - pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if enforce_scheduler_added_on is not None: + pulumi.set(__self__, "enforce_scheduler_added_on", enforce_scheduler_added_on) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if executable_blacklists is not None: + pulumi.set(__self__, "executable_blacklists", executable_blacklists) + if failed_kubernetes_checks is not None: + pulumi.set(__self__, "failed_kubernetes_checks", failed_kubernetes_checks) + if file_block is not None: + pulumi.set(__self__, "file_block", file_block) if file_integrity_monitoring is not None: pulumi.set(__self__, "file_integrity_monitoring", file_integrity_monitoring) if fork_guard_process_limit is not None: pulumi.set(__self__, "fork_guard_process_limit", fork_guard_process_limit) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if is_auto_generated is not None: + pulumi.set(__self__, "is_auto_generated", is_auto_generated) + if is_ootb_policy is not None: + pulumi.set(__self__, "is_ootb_policy", is_ootb_policy) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if limit_container_privileges is not None: + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) if limit_new_privileges is not None: pulumi.set(__self__, "limit_new_privileges", limit_new_privileges) + if linux_capabilities is not None: + pulumi.set(__self__, "linux_capabilities", linux_capabilities) if malware_scan_options is not None: pulumi.set(__self__, "malware_scan_options", malware_scan_options) if monitor_system_time_changes is not None: pulumi.set(__self__, "monitor_system_time_changes", monitor_system_time_changes) if name is not None: pulumi.set(__self__, "name", name) - if readonly_files_and_directories is not None: - pulumi.set(__self__, "readonly_files_and_directories", readonly_files_and_directories) - if reverse_shell_allowed_ips is not None: - pulumi.set(__self__, "reverse_shell_allowed_ips", reverse_shell_allowed_ips) - if reverse_shell_allowed_processes is not None: - pulumi.set(__self__, "reverse_shell_allowed_processes", reverse_shell_allowed_processes) + if no_new_privileges is not None: + pulumi.set(__self__, "no_new_privileges", no_new_privileges) + if only_registered_images is not None: + pulumi.set(__self__, "only_registered_images", only_registered_images) + if package_block is not None: + pulumi.set(__self__, "package_block", package_block) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if port_block is not None: + pulumi.set(__self__, "port_block", port_block) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_registry is not None: + pulumi.set(__self__, "readonly_registry", readonly_registry) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if registry_access_monitoring is not None: + pulumi.set(__self__, "registry_access_monitoring", registry_access_monitoring) + if repo_name is not None: + pulumi.set(__self__, "repo_name", repo_name) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if restricted_volumes is not None: + pulumi.set(__self__, "restricted_volumes", restricted_volumes) + if reverse_shell is not None: + pulumi.set(__self__, "reverse_shell", reverse_shell) + if runtime_mode is not None: + pulumi.set(__self__, "runtime_mode", runtime_mode) + if runtime_type is not None: + pulumi.set(__self__, "runtime_type", runtime_type) if scope_expression is not None: pulumi.set(__self__, "scope_expression", scope_expression) if scope_variables is not None: pulumi.set(__self__, "scope_variables", scope_variables) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if system_integrity_protection is not None: + pulumi.set(__self__, "system_integrity_protection", system_integrity_protection) + if tripwire is not None: + pulumi.set(__self__, "tripwire", tripwire) + if type is not None: + pulumi.set(__self__, "type", type) + if updated is not None: + pulumi.set(__self__, "updated", updated) + if version is not None: + pulumi.set(__self__, "version", version) + if vpatch_version is not None: + pulumi.set(__self__, "vpatch_version", vpatch_version) + if whitelisted_os_users is not None: + pulumi.set(__self__, "whitelisted_os_users", whitelisted_os_users) @property @pulumi.getter(name="allowedExecutables") - def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]]]: """ - List of executables that are allowed for the user. + Allowed executables configuration. """ return pulumi.get(self, "allowed_executables") @allowed_executables.setter - def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]]]): pulumi.set(self, "allowed_executables", value) @property @pulumi.getter(name="allowedRegistries") - def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]]]: """ - List of registries that allowed for running containers. + List of allowed registries. """ return pulumi.get(self, "allowed_registries") @allowed_registries.setter - def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]]]): pulumi.set(self, "allowed_registries", value) @property @@ -288,6 +406,18 @@ def audit_all_processes_activity(self) -> Optional[pulumi.Input[bool]]: def audit_all_processes_activity(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_all_processes_activity", value) + @property + @pulumi.getter(name="auditBruteForceLogin") + def audit_brute_force_login(self) -> Optional[pulumi.Input[bool]]: + """ + Detects brute force login attempts + """ + return pulumi.get(self, "audit_brute_force_login") + + @audit_brute_force_login.setter + def audit_brute_force_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_brute_force_login", value) + @property @pulumi.getter(name="auditFullCommandArguments") def audit_full_command_arguments(self) -> Optional[pulumi.Input[bool]]: @@ -300,6 +430,36 @@ def audit_full_command_arguments(self) -> Optional[pulumi.Input[bool]]: def audit_full_command_arguments(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_full_command_arguments", value) + @property + @pulumi.getter + def auditing(self) -> Optional[pulumi.Input['ContainerRuntimePolicyAuditingArgs']]: + return pulumi.get(self, "auditing") + + @auditing.setter + def auditing(self, value: Optional[pulumi.Input['ContainerRuntimePolicyAuditingArgs']]): + pulumi.set(self, "auditing", value) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Username of the account that created the service. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> Optional[pulumi.Input['ContainerRuntimePolicyBlacklistedOsUsersArgs']]: + return pulumi.get(self, "blacklisted_os_users") + + @blacklisted_os_users.setter + def blacklisted_os_users(self, value: Optional[pulumi.Input['ContainerRuntimePolicyBlacklistedOsUsersArgs']]): + pulumi.set(self, "blacklisted_os_users", value) + @property @pulumi.getter(name="blockAccessHostNetwork") def block_access_host_network(self) -> Optional[pulumi.Input[bool]]: @@ -348,6 +508,15 @@ def block_cryptocurrency_mining(self) -> Optional[pulumi.Input[bool]]: def block_cryptocurrency_mining(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_cryptocurrency_mining", value) + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @block_disallowed_images.setter + def block_disallowed_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_disallowed_images", value) + @property @pulumi.getter(name="blockFilelessExec") def block_fileless_exec(self) -> Optional[pulumi.Input[bool]]: @@ -372,18 +541,6 @@ def block_low_port_binding(self) -> Optional[pulumi.Input[bool]]: def block_low_port_binding(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_low_port_binding", value) - @property - @pulumi.getter(name="blockNonCompliantImages") - def block_non_compliant_images(self) -> Optional[pulumi.Input[bool]]: - """ - If true, running non-compliant image in the container is prevented. - """ - return pulumi.get(self, "block_non_compliant_images") - - @block_non_compliant_images.setter - def block_non_compliant_images(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_non_compliant_images", value) - @property @pulumi.getter(name="blockNonCompliantWorkloads") def block_non_compliant_workloads(self) -> Optional[pulumi.Input[bool]]: @@ -420,18 +577,6 @@ def block_privileged_containers(self) -> Optional[pulumi.Input[bool]]: def block_privileged_containers(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_privileged_containers", value) - @property - @pulumi.getter(name="blockReverseShell") - def block_reverse_shell(self) -> Optional[pulumi.Input[bool]]: - """ - If true, reverse shell is prevented. - """ - return pulumi.get(self, "block_reverse_shell") - - @block_reverse_shell.setter - def block_reverse_shell(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_reverse_shell", value) - @property @pulumi.getter(name="blockRootUser") def block_root_user(self) -> Optional[pulumi.Input[bool]]: @@ -444,18 +589,6 @@ def block_root_user(self) -> Optional[pulumi.Input[bool]]: def block_root_user(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_root_user", value) - @property - @pulumi.getter(name="blockUnregisteredImages") - def block_unregistered_images(self) -> Optional[pulumi.Input[bool]]: - """ - If true, running images in the container that are not registered in Aqua is prevented. - """ - return pulumi.get(self, "block_unregistered_images") - - @block_unregistered_images.setter - def block_unregistered_images(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_unregistered_images", value) - @property @pulumi.getter(name="blockUseIpcNamespace") def block_use_ipc_namespace(self) -> Optional[pulumi.Input[bool]]: @@ -588,6 +721,27 @@ def blocked_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] def blocked_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "blocked_volumes", value) + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]]]: + """ + Bypass scope configuration. + """ + return pulumi.get(self, "bypass_scopes") + + @bypass_scopes.setter + def bypass_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]]]): + pulumi.set(self, "bypass_scopes", value) + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional[pulumi.Input['ContainerRuntimePolicyContainerExecArgs']]: + return pulumi.get(self, "container_exec") + + @container_exec.setter + def container_exec(self, value: Optional[pulumi.Input['ContainerRuntimePolicyContainerExecArgs']]): + pulumi.set(self, "container_exec", value) + @property @pulumi.getter(name="containerExecAllowedProcesses") def container_exec_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -600,6 +754,33 @@ def container_exec_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pul def container_exec_allowed_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "container_exec_allowed_processes", value) + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def cve(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "cve") + + @cve.setter + def cve(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cve", value) + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default_security_profile") + + @default_security_profile.setter + def default_security_profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default_security_profile", value) + @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: @@ -613,16 +794,34 @@ def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) @property - @pulumi.getter(name="enableDriftPrevention") - def enable_drift_prevention(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]]]: """ - If true, executables that are not in the original image is prevented from running. + Drift prevention configuration. """ - return pulumi.get(self, "enable_drift_prevention") + return pulumi.get(self, "drift_preventions") - @enable_drift_prevention.setter - def enable_drift_prevention(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_drift_prevention", value) + @drift_preventions.setter + def drift_preventions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]]]): + pulumi.set(self, "drift_preventions", value) + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @enable_crypto_mining_dns.setter + def enable_crypto_mining_dns(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_crypto_mining_dns", value) @property @pulumi.getter(name="enableForkGuard") @@ -637,34 +836,28 @@ def enable_fork_guard(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enable_fork_guard", value) @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> Optional[pulumi.Input[bool]]: - """ - If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - """ - return pulumi.get(self, "enable_ip_reputation_security") + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_ip_reputation") - @enable_ip_reputation_security.setter - def enable_ip_reputation_security(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_ip_reputation_security", value) + @enable_ip_reputation.setter + def enable_ip_reputation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_ip_reputation", value) @property - @pulumi.getter(name="enablePortScanDetection") - def enable_port_scan_detection(self) -> Optional[pulumi.Input[bool]]: - """ - If true, detects port scanning behavior in the container. - """ - return pulumi.get(self, "enable_port_scan_detection") + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_port_scan_protection") - @enable_port_scan_detection.setter - def enable_port_scan_detection(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_port_scan_detection", value) + @enable_port_scan_protection.setter + def enable_port_scan_protection(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_port_scan_protection", value) @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -697,28 +890,55 @@ def enforce_after_days(self, value: Optional[pulumi.Input[int]]): pulumi.set(self, "enforce_after_days", value) @property - @pulumi.getter(name="exceptionalReadonlyFilesAndDirectories") - def exceptional_readonly_files_and_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @enforce_scheduler_added_on.setter + def enforce_scheduler_added_on(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_scheduler_added_on", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of files and directories to be excluded from the read-only list. + List of excluded application scopes. """ - return pulumi.get(self, "exceptional_readonly_files_and_directories") + return pulumi.get(self, "exclude_application_scopes") - @exceptional_readonly_files_and_directories.setter - def exceptional_readonly_files_and_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exceptional_readonly_files_and_directories", value) + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) @property - @pulumi.getter(name="execLockdownWhiteLists") - def exec_lockdown_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]]]: """ - Specify processes that will be allowed + Executable blacklist configuration. """ - return pulumi.get(self, "exec_lockdown_white_lists") + return pulumi.get(self, "executable_blacklists") + + @executable_blacklists.setter + def executable_blacklists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]]]): + pulumi.set(self, "executable_blacklists", value) - @exec_lockdown_white_lists.setter - def exec_lockdown_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exec_lockdown_white_lists", value) + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> Optional[pulumi.Input['ContainerRuntimePolicyFailedKubernetesChecksArgs']]: + return pulumi.get(self, "failed_kubernetes_checks") + + @failed_kubernetes_checks.setter + def failed_kubernetes_checks(self, value: Optional[pulumi.Input['ContainerRuntimePolicyFailedKubernetesChecksArgs']]): + pulumi.set(self, "failed_kubernetes_checks", value) + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional[pulumi.Input['ContainerRuntimePolicyFileBlockArgs']]: + return pulumi.get(self, "file_block") + + @file_block.setter + def file_block(self, value: Optional[pulumi.Input['ContainerRuntimePolicyFileBlockArgs']]): + pulumi.set(self, "file_block", value) @property @pulumi.getter(name="fileIntegrityMonitoring") @@ -744,6 +964,63 @@ def fork_guard_process_limit(self) -> Optional[pulumi.Input[int]]: def fork_guard_process_limit(self, value: Optional[pulumi.Input[int]]): pulumi.set(self, "fork_guard_process_limit", value) + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_auto_generated") + + @is_auto_generated.setter + def is_auto_generated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_auto_generated", value) + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @is_ootb_policy.setter + def is_ootb_policy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ootb_policy", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @limit_container_privileges.setter + def limit_container_privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]): + pulumi.set(self, "limit_container_privileges", value) + @property @pulumi.getter(name="limitNewPrivileges") def limit_new_privileges(self) -> Optional[pulumi.Input[bool]]: @@ -756,6 +1033,15 @@ def limit_new_privileges(self) -> Optional[pulumi.Input[bool]]: def limit_new_privileges(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "limit_new_privileges", value) + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> Optional[pulumi.Input['ContainerRuntimePolicyLinuxCapabilitiesArgs']]: + return pulumi.get(self, "linux_capabilities") + + @linux_capabilities.setter + def linux_capabilities(self, value: Optional[pulumi.Input['ContainerRuntimePolicyLinuxCapabilitiesArgs']]): + pulumi.set(self, "linux_capabilities", value) + @property @pulumi.getter(name="malwareScanOptions") def malware_scan_options(self) -> Optional[pulumi.Input['ContainerRuntimePolicyMalwareScanOptionsArgs']]: @@ -784,7 +1070,7 @@ def monitor_system_time_changes(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Name of the container runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -793,40 +1079,151 @@ def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) @property - @pulumi.getter(name="readonlyFilesAndDirectories") - def readonly_files_and_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of files and directories to be restricted as read-only - """ - return pulumi.get(self, "readonly_files_and_directories") + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "no_new_privileges") - @readonly_files_and_directories.setter - def readonly_files_and_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "readonly_files_and_directories", value) + @no_new_privileges.setter + def no_new_privileges(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "no_new_privileges", value) @property - @pulumi.getter(name="reverseShellAllowedIps") - def reverse_shell_allowed_ips(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of IPs/ CIDRs that will be allowed - """ - return pulumi.get(self, "reverse_shell_allowed_ips") + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "only_registered_images") + + @only_registered_images.setter + def only_registered_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_registered_images", value) + + @property + @pulumi.getter(name="packageBlock") + def package_block(self) -> Optional[pulumi.Input['ContainerRuntimePolicyPackageBlockArgs']]: + return pulumi.get(self, "package_block") + + @package_block.setter + def package_block(self, value: Optional[pulumi.Input['ContainerRuntimePolicyPackageBlockArgs']]): + pulumi.set(self, "package_block", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) - @reverse_shell_allowed_ips.setter - def reverse_shell_allowed_ips(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "reverse_shell_allowed_ips", value) + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional[pulumi.Input['ContainerRuntimePolicyPortBlockArgs']]: + return pulumi.get(self, "port_block") + + @port_block.setter + def port_block(self, value: Optional[pulumi.Input['ContainerRuntimePolicyPortBlockArgs']]): + pulumi.set(self, "port_block", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input['ContainerRuntimePolicyReadonlyFilesArgs']]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyFilesArgs']]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> Optional[pulumi.Input['ContainerRuntimePolicyReadonlyRegistryArgs']]: + return pulumi.get(self, "readonly_registry") + + @readonly_registry.setter + def readonly_registry(self, value: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyRegistryArgs']]): + pulumi.set(self, "readonly_registry", value) @property - @pulumi.getter(name="reverseShellAllowedProcesses") - def reverse_shell_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> Optional[pulumi.Input['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]: + return pulumi.get(self, "registry_access_monitoring") + + @registry_access_monitoring.setter + def registry_access_monitoring(self, value: Optional[pulumi.Input['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]): + pulumi.set(self, "registry_access_monitoring", value) + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repo_name") + + @repo_name.setter + def repo_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repo_name", value) + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") + + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") + + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]]]: """ - List of processes that will be allowed + Restricted volumes configuration. """ - return pulumi.get(self, "reverse_shell_allowed_processes") + return pulumi.get(self, "restricted_volumes") - @reverse_shell_allowed_processes.setter - def reverse_shell_allowed_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "reverse_shell_allowed_processes", value) + @restricted_volumes.setter + def restricted_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]]]): + pulumi.set(self, "restricted_volumes", value) + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> Optional[pulumi.Input['ContainerRuntimePolicyReverseShellArgs']]: + return pulumi.get(self, "reverse_shell") + + @reverse_shell.setter + def reverse_shell(self, value: Optional[pulumi.Input['ContainerRuntimePolicyReverseShellArgs']]): + pulumi.set(self, "reverse_shell", value) + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "runtime_mode") + + @runtime_mode.setter + def runtime_mode(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "runtime_mode", value) + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "runtime_type") + + @runtime_type.setter + def runtime_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "runtime_type", value) @property @pulumi.getter(name="scopeExpression") @@ -852,30 +1249,106 @@ def scope_variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['Contai def scope_variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]]): pulumi.set(self, "scope_variables", value) + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + @property + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> Optional[pulumi.Input['ContainerRuntimePolicySystemIntegrityProtectionArgs']]: + return pulumi.get(self, "system_integrity_protection") + + @system_integrity_protection.setter + def system_integrity_protection(self, value: Optional[pulumi.Input['ContainerRuntimePolicySystemIntegrityProtectionArgs']]): + pulumi.set(self, "system_integrity_protection", value) + + @property + @pulumi.getter + def tripwire(self) -> Optional[pulumi.Input['ContainerRuntimePolicyTripwireArgs']]: + return pulumi.get(self, "tripwire") + + @tripwire.setter + def tripwire(self, value: Optional[pulumi.Input['ContainerRuntimePolicyTripwireArgs']]): + pulumi.set(self, "tripwire", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def updated(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "updated") + + @updated.setter + def updated(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vpatch_version") + + @vpatch_version.setter + def vpatch_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vpatch_version", value) + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> Optional[pulumi.Input['ContainerRuntimePolicyWhitelistedOsUsersArgs']]: + return pulumi.get(self, "whitelisted_os_users") + + @whitelisted_os_users.setter + def whitelisted_os_users(self, value: Optional[pulumi.Input['ContainerRuntimePolicyWhitelistedOsUsersArgs']]): + pulumi.set(self, "whitelisted_os_users", value) + @pulumi.input_type class _ContainerRuntimePolicyState: def __init__(__self__, *, - allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, audit_all_network_activity: Optional[pulumi.Input[bool]] = None, audit_all_processes_activity: Optional[pulumi.Input[bool]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input['ContainerRuntimePolicyAuditingArgs']] = None, author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input['ContainerRuntimePolicyBlacklistedOsUsersArgs']] = None, block_access_host_network: Optional[pulumi.Input[bool]] = None, block_adding_capabilities: Optional[pulumi.Input[bool]] = None, block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, block_fileless_exec: Optional[pulumi.Input[bool]] = None, block_low_port_binding: Optional[pulumi.Input[bool]] = None, - block_non_compliant_images: Optional[pulumi.Input[bool]] = None, block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, block_privileged_containers: Optional[pulumi.Input[bool]] = None, - block_reverse_shell: Optional[pulumi.Input[bool]] = None, block_root_user: Optional[pulumi.Input[bool]] = None, - block_unregistered_images: Optional[pulumi.Input[bool]] = None, block_use_ipc_namespace: Optional[pulumi.Input[bool]] = None, block_use_pid_namespace: Optional[pulumi.Input[bool]] = None, block_use_user_namespace: Optional[pulumi.Input[bool]] = None, @@ -887,35 +1360,74 @@ def __init__(__self__, *, blocked_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_packages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]]] = None, + container_exec: Optional[pulumi.Input['ContainerRuntimePolicyContainerExecArgs']] = None, container_exec_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_drift_prevention: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, enable_fork_guard: Optional[pulumi.Input[bool]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, - enable_port_scan_detection: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, - exceptional_readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input['ContainerRuntimePolicyFailedKubernetesChecksArgs']] = None, + file_block: Optional[pulumi.Input['ContainerRuntimePolicyFileBlockArgs']] = None, file_integrity_monitoring: Optional[pulumi.Input['ContainerRuntimePolicyFileIntegrityMonitoringArgs']] = None, fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]] = None, limit_new_privileges: Optional[pulumi.Input[bool]] = None, + linux_capabilities: Optional[pulumi.Input['ContainerRuntimePolicyLinuxCapabilitiesArgs']] = None, malware_scan_options: Optional[pulumi.Input['ContainerRuntimePolicyMalwareScanOptionsArgs']] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, - readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input['ContainerRuntimePolicyPackageBlockArgs']] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input['ContainerRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyFilesArgs']] = None, + readonly_registry: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyRegistryArgs']] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input['ContainerRuntimePolicyRegistryAccessMonitoringArgs']] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]]] = None, + reverse_shell: Optional[pulumi.Input['ContainerRuntimePolicyReverseShellArgs']] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, - scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]] = None): + scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]]] = None, + system_integrity_protection: Optional[pulumi.Input['ContainerRuntimePolicySystemIntegrityProtectionArgs']] = None, + tripwire: Optional[pulumi.Input['ContainerRuntimePolicyTripwireArgs']] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input['ContainerRuntimePolicyWhitelistedOsUsersArgs']] = None): """ Input properties used for looking up and filtering ContainerRuntimePolicy resources. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_executables: List of executables that are allowed for the user. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of registries that allowed for running containers. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. :param pulumi.Input[bool] audit_all_network_activity: If true, all network activity will be audited. :param pulumi.Input[bool] audit_all_processes_activity: If true, all process activity will be audited. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_access_host_network: If true, prevent containers from running with access to host network. @@ -924,13 +1436,10 @@ def __init__(__self__, *, :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[bool] block_fileless_exec: Detect and prevent running in-memory execution :param pulumi.Input[bool] block_low_port_binding: If true, prevent containers from running with the capability to bind in port lower than 1024. - :param pulumi.Input[bool] block_non_compliant_images: If true, running non-compliant image in the container is prevented. :param pulumi.Input[bool] block_non_compliant_workloads: If true, running containers in non-compliant pods is prevented. :param pulumi.Input[bool] block_non_k8s_containers: If true, running non-kubernetes containers is prevented. :param pulumi.Input[bool] block_privileged_containers: If true, prevent containers from running with privileged container capability. - :param pulumi.Input[bool] block_reverse_shell: If true, reverse shell is prevented. :param pulumi.Input[bool] block_root_user: If true, prevent containers from running with root user. - :param pulumi.Input[bool] block_unregistered_images: If true, running images in the container that are not registered in Aqua is prevented. :param pulumi.Input[bool] block_use_ipc_namespace: If true, prevent containers from running with the privilege to use the IPC namespace. :param pulumi.Input[bool] block_use_pid_namespace: If true, prevent containers from running with the privilege to use the PID namespace. :param pulumi.Input[bool] block_use_user_namespace: If true, prevent containers from running with the privilege to use the user namespace. @@ -942,28 +1451,27 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_outbound_ports: List of blocked outbound ports. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_packages: Prevent containers from reading, writing, or executing all files in the list of packages. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_volumes: List of volumes that are prevented from being mounted in the containers. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] container_exec_allowed_processes: List of processes that will be allowed. :param pulumi.Input[str] description: The description of the container runtime policy - :param pulumi.Input[bool] enable_drift_prevention: If true, executables that are not in the original image is prevented from running. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]] drift_preventions: Drift prevention configuration. :param pulumi.Input[bool] enable_fork_guard: If true, fork bombs are prevented in the containers. - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enable_port_scan_detection: If true, detects port scanning behavior in the container. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_readonly_files_and_directories: List of files and directories to be excluded from the read-only list. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: Specify processes that will be allowed + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input['ContainerRuntimePolicyFileIntegrityMonitoringArgs'] file_integrity_monitoring: Configuration for file integrity monitoring. :param pulumi.Input[int] fork_guard_process_limit: Process limit for the fork guard. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]] limit_container_privileges: Container privileges configuration. :param pulumi.Input[bool] limit_new_privileges: If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) :param pulumi.Input['ContainerRuntimePolicyMalwareScanOptionsArgs'] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. - :param pulumi.Input[str] name: Name of the container runtime policy - :param pulumi.Input[Sequence[pulumi.Input[str]]] readonly_files_and_directories: List of files and directories to be restricted as read-only - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_ips: List of IPs/ CIDRs that will be allowed - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_processes: List of processes that will be allowed + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]] scopes: Scope configuration. """ if allowed_executables is not None: pulumi.set(__self__, "allowed_executables", allowed_executables) @@ -975,10 +1483,16 @@ def __init__(__self__, *, pulumi.set(__self__, "audit_all_network_activity", audit_all_network_activity) if audit_all_processes_activity is not None: pulumi.set(__self__, "audit_all_processes_activity", audit_all_processes_activity) + if audit_brute_force_login is not None: + pulumi.set(__self__, "audit_brute_force_login", audit_brute_force_login) if audit_full_command_arguments is not None: pulumi.set(__self__, "audit_full_command_arguments", audit_full_command_arguments) + if auditing is not None: + pulumi.set(__self__, "auditing", auditing) if author is not None: pulumi.set(__self__, "author", author) + if blacklisted_os_users is not None: + pulumi.set(__self__, "blacklisted_os_users", blacklisted_os_users) if block_access_host_network is not None: pulumi.set(__self__, "block_access_host_network", block_access_host_network) if block_adding_capabilities is not None: @@ -987,24 +1501,20 @@ def __init__(__self__, *, pulumi.set(__self__, "block_container_exec", block_container_exec) if block_cryptocurrency_mining is not None: pulumi.set(__self__, "block_cryptocurrency_mining", block_cryptocurrency_mining) + if block_disallowed_images is not None: + pulumi.set(__self__, "block_disallowed_images", block_disallowed_images) if block_fileless_exec is not None: pulumi.set(__self__, "block_fileless_exec", block_fileless_exec) if block_low_port_binding is not None: pulumi.set(__self__, "block_low_port_binding", block_low_port_binding) - if block_non_compliant_images is not None: - pulumi.set(__self__, "block_non_compliant_images", block_non_compliant_images) if block_non_compliant_workloads is not None: pulumi.set(__self__, "block_non_compliant_workloads", block_non_compliant_workloads) if block_non_k8s_containers is not None: pulumi.set(__self__, "block_non_k8s_containers", block_non_k8s_containers) if block_privileged_containers is not None: pulumi.set(__self__, "block_privileged_containers", block_privileged_containers) - if block_reverse_shell is not None: - pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) if block_root_user is not None: pulumi.set(__self__, "block_root_user", block_root_user) - if block_unregistered_images is not None: - pulumi.set(__self__, "block_unregistered_images", block_unregistered_images) if block_use_ipc_namespace is not None: pulumi.set(__self__, "block_use_ipc_namespace", block_use_ipc_namespace) if block_use_pid_namespace is not None: @@ -1027,73 +1537,149 @@ def __init__(__self__, *, pulumi.set(__self__, "blocked_packages", blocked_packages) if blocked_volumes is not None: pulumi.set(__self__, "blocked_volumes", blocked_volumes) + if bypass_scopes is not None: + pulumi.set(__self__, "bypass_scopes", bypass_scopes) + if container_exec is not None: + pulumi.set(__self__, "container_exec", container_exec) if container_exec_allowed_processes is not None: pulumi.set(__self__, "container_exec_allowed_processes", container_exec_allowed_processes) + if created is not None: + pulumi.set(__self__, "created", created) + if cve is not None: + pulumi.set(__self__, "cve", cve) + if default_security_profile is not None: + pulumi.set(__self__, "default_security_profile", default_security_profile) if description is not None: pulumi.set(__self__, "description", description) - if enable_drift_prevention is not None: - pulumi.set(__self__, "enable_drift_prevention", enable_drift_prevention) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if drift_preventions is not None: + pulumi.set(__self__, "drift_preventions", drift_preventions) + if enable_crypto_mining_dns is not None: + pulumi.set(__self__, "enable_crypto_mining_dns", enable_crypto_mining_dns) if enable_fork_guard is not None: pulumi.set(__self__, "enable_fork_guard", enable_fork_guard) - if enable_ip_reputation_security is not None: - pulumi.set(__self__, "enable_ip_reputation_security", enable_ip_reputation_security) - if enable_port_scan_detection is not None: - pulumi.set(__self__, "enable_port_scan_detection", enable_port_scan_detection) + if enable_ip_reputation is not None: + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) + if enable_port_scan_protection is not None: + pulumi.set(__self__, "enable_port_scan_protection", enable_port_scan_protection) if enabled is not None: pulumi.set(__self__, "enabled", enabled) if enforce is not None: pulumi.set(__self__, "enforce", enforce) if enforce_after_days is not None: pulumi.set(__self__, "enforce_after_days", enforce_after_days) - if exceptional_readonly_files_and_directories is not None: - pulumi.set(__self__, "exceptional_readonly_files_and_directories", exceptional_readonly_files_and_directories) - if exec_lockdown_white_lists is not None: - pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if enforce_scheduler_added_on is not None: + pulumi.set(__self__, "enforce_scheduler_added_on", enforce_scheduler_added_on) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if executable_blacklists is not None: + pulumi.set(__self__, "executable_blacklists", executable_blacklists) + if failed_kubernetes_checks is not None: + pulumi.set(__self__, "failed_kubernetes_checks", failed_kubernetes_checks) + if file_block is not None: + pulumi.set(__self__, "file_block", file_block) if file_integrity_monitoring is not None: pulumi.set(__self__, "file_integrity_monitoring", file_integrity_monitoring) if fork_guard_process_limit is not None: pulumi.set(__self__, "fork_guard_process_limit", fork_guard_process_limit) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if is_auto_generated is not None: + pulumi.set(__self__, "is_auto_generated", is_auto_generated) + if is_ootb_policy is not None: + pulumi.set(__self__, "is_ootb_policy", is_ootb_policy) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if limit_container_privileges is not None: + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) if limit_new_privileges is not None: pulumi.set(__self__, "limit_new_privileges", limit_new_privileges) + if linux_capabilities is not None: + pulumi.set(__self__, "linux_capabilities", linux_capabilities) if malware_scan_options is not None: pulumi.set(__self__, "malware_scan_options", malware_scan_options) if monitor_system_time_changes is not None: pulumi.set(__self__, "monitor_system_time_changes", monitor_system_time_changes) if name is not None: pulumi.set(__self__, "name", name) - if readonly_files_and_directories is not None: - pulumi.set(__self__, "readonly_files_and_directories", readonly_files_and_directories) - if reverse_shell_allowed_ips is not None: - pulumi.set(__self__, "reverse_shell_allowed_ips", reverse_shell_allowed_ips) - if reverse_shell_allowed_processes is not None: - pulumi.set(__self__, "reverse_shell_allowed_processes", reverse_shell_allowed_processes) + if no_new_privileges is not None: + pulumi.set(__self__, "no_new_privileges", no_new_privileges) + if only_registered_images is not None: + pulumi.set(__self__, "only_registered_images", only_registered_images) + if package_block is not None: + pulumi.set(__self__, "package_block", package_block) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if port_block is not None: + pulumi.set(__self__, "port_block", port_block) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_registry is not None: + pulumi.set(__self__, "readonly_registry", readonly_registry) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if registry_access_monitoring is not None: + pulumi.set(__self__, "registry_access_monitoring", registry_access_monitoring) + if repo_name is not None: + pulumi.set(__self__, "repo_name", repo_name) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if restricted_volumes is not None: + pulumi.set(__self__, "restricted_volumes", restricted_volumes) + if reverse_shell is not None: + pulumi.set(__self__, "reverse_shell", reverse_shell) + if runtime_mode is not None: + pulumi.set(__self__, "runtime_mode", runtime_mode) + if runtime_type is not None: + pulumi.set(__self__, "runtime_type", runtime_type) if scope_expression is not None: pulumi.set(__self__, "scope_expression", scope_expression) if scope_variables is not None: pulumi.set(__self__, "scope_variables", scope_variables) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if system_integrity_protection is not None: + pulumi.set(__self__, "system_integrity_protection", system_integrity_protection) + if tripwire is not None: + pulumi.set(__self__, "tripwire", tripwire) + if type is not None: + pulumi.set(__self__, "type", type) + if updated is not None: + pulumi.set(__self__, "updated", updated) + if version is not None: + pulumi.set(__self__, "version", version) + if vpatch_version is not None: + pulumi.set(__self__, "vpatch_version", vpatch_version) + if whitelisted_os_users is not None: + pulumi.set(__self__, "whitelisted_os_users", whitelisted_os_users) @property @pulumi.getter(name="allowedExecutables") - def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]]]: """ - List of executables that are allowed for the user. + Allowed executables configuration. """ return pulumi.get(self, "allowed_executables") @allowed_executables.setter - def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedExecutableArgs']]]]): pulumi.set(self, "allowed_executables", value) @property @pulumi.getter(name="allowedRegistries") - def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]]]: """ - List of registries that allowed for running containers. + List of allowed registries. """ return pulumi.get(self, "allowed_registries") @allowed_registries.setter - def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyAllowedRegistryArgs']]]]): pulumi.set(self, "allowed_registries", value) @property @@ -1132,6 +1718,18 @@ def audit_all_processes_activity(self) -> Optional[pulumi.Input[bool]]: def audit_all_processes_activity(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_all_processes_activity", value) + @property + @pulumi.getter(name="auditBruteForceLogin") + def audit_brute_force_login(self) -> Optional[pulumi.Input[bool]]: + """ + Detects brute force login attempts + """ + return pulumi.get(self, "audit_brute_force_login") + + @audit_brute_force_login.setter + def audit_brute_force_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_brute_force_login", value) + @property @pulumi.getter(name="auditFullCommandArguments") def audit_full_command_arguments(self) -> Optional[pulumi.Input[bool]]: @@ -1144,6 +1742,15 @@ def audit_full_command_arguments(self) -> Optional[pulumi.Input[bool]]: def audit_full_command_arguments(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_full_command_arguments", value) + @property + @pulumi.getter + def auditing(self) -> Optional[pulumi.Input['ContainerRuntimePolicyAuditingArgs']]: + return pulumi.get(self, "auditing") + + @auditing.setter + def auditing(self, value: Optional[pulumi.Input['ContainerRuntimePolicyAuditingArgs']]): + pulumi.set(self, "auditing", value) + @property @pulumi.getter def author(self) -> Optional[pulumi.Input[str]]: @@ -1156,6 +1763,15 @@ def author(self) -> Optional[pulumi.Input[str]]: def author(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "author", value) + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> Optional[pulumi.Input['ContainerRuntimePolicyBlacklistedOsUsersArgs']]: + return pulumi.get(self, "blacklisted_os_users") + + @blacklisted_os_users.setter + def blacklisted_os_users(self, value: Optional[pulumi.Input['ContainerRuntimePolicyBlacklistedOsUsersArgs']]): + pulumi.set(self, "blacklisted_os_users", value) + @property @pulumi.getter(name="blockAccessHostNetwork") def block_access_host_network(self) -> Optional[pulumi.Input[bool]]: @@ -1204,6 +1820,15 @@ def block_cryptocurrency_mining(self) -> Optional[pulumi.Input[bool]]: def block_cryptocurrency_mining(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_cryptocurrency_mining", value) + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @block_disallowed_images.setter + def block_disallowed_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_disallowed_images", value) + @property @pulumi.getter(name="blockFilelessExec") def block_fileless_exec(self) -> Optional[pulumi.Input[bool]]: @@ -1228,18 +1853,6 @@ def block_low_port_binding(self) -> Optional[pulumi.Input[bool]]: def block_low_port_binding(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_low_port_binding", value) - @property - @pulumi.getter(name="blockNonCompliantImages") - def block_non_compliant_images(self) -> Optional[pulumi.Input[bool]]: - """ - If true, running non-compliant image in the container is prevented. - """ - return pulumi.get(self, "block_non_compliant_images") - - @block_non_compliant_images.setter - def block_non_compliant_images(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_non_compliant_images", value) - @property @pulumi.getter(name="blockNonCompliantWorkloads") def block_non_compliant_workloads(self) -> Optional[pulumi.Input[bool]]: @@ -1276,18 +1889,6 @@ def block_privileged_containers(self) -> Optional[pulumi.Input[bool]]: def block_privileged_containers(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_privileged_containers", value) - @property - @pulumi.getter(name="blockReverseShell") - def block_reverse_shell(self) -> Optional[pulumi.Input[bool]]: - """ - If true, reverse shell is prevented. - """ - return pulumi.get(self, "block_reverse_shell") - - @block_reverse_shell.setter - def block_reverse_shell(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_reverse_shell", value) - @property @pulumi.getter(name="blockRootUser") def block_root_user(self) -> Optional[pulumi.Input[bool]]: @@ -1300,18 +1901,6 @@ def block_root_user(self) -> Optional[pulumi.Input[bool]]: def block_root_user(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_root_user", value) - @property - @pulumi.getter(name="blockUnregisteredImages") - def block_unregistered_images(self) -> Optional[pulumi.Input[bool]]: - """ - If true, running images in the container that are not registered in Aqua is prevented. - """ - return pulumi.get(self, "block_unregistered_images") - - @block_unregistered_images.setter - def block_unregistered_images(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_unregistered_images", value) - @property @pulumi.getter(name="blockUseIpcNamespace") def block_use_ipc_namespace(self) -> Optional[pulumi.Input[bool]]: @@ -1444,6 +2033,27 @@ def blocked_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] def blocked_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "blocked_volumes", value) + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]]]: + """ + Bypass scope configuration. + """ + return pulumi.get(self, "bypass_scopes") + + @bypass_scopes.setter + def bypass_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyBypassScopeArgs']]]]): + pulumi.set(self, "bypass_scopes", value) + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional[pulumi.Input['ContainerRuntimePolicyContainerExecArgs']]: + return pulumi.get(self, "container_exec") + + @container_exec.setter + def container_exec(self, value: Optional[pulumi.Input['ContainerRuntimePolicyContainerExecArgs']]): + pulumi.set(self, "container_exec", value) + @property @pulumi.getter(name="containerExecAllowedProcesses") def container_exec_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1456,6 +2066,33 @@ def container_exec_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pul def container_exec_allowed_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "container_exec_allowed_processes", value) + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def cve(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "cve") + + @cve.setter + def cve(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cve", value) + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default_security_profile") + + @default_security_profile.setter + def default_security_profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default_security_profile", value) + @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: @@ -1469,16 +2106,34 @@ def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) @property - @pulumi.getter(name="enableDriftPrevention") - def enable_drift_prevention(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]]]: """ - If true, executables that are not in the original image is prevented from running. + Drift prevention configuration. """ - return pulumi.get(self, "enable_drift_prevention") + return pulumi.get(self, "drift_preventions") - @enable_drift_prevention.setter - def enable_drift_prevention(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_drift_prevention", value) + @drift_preventions.setter + def drift_preventions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyDriftPreventionArgs']]]]): + pulumi.set(self, "drift_preventions", value) + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @enable_crypto_mining_dns.setter + def enable_crypto_mining_dns(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_crypto_mining_dns", value) @property @pulumi.getter(name="enableForkGuard") @@ -1493,34 +2148,28 @@ def enable_fork_guard(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enable_fork_guard", value) @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> Optional[pulumi.Input[bool]]: - """ - If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - """ - return pulumi.get(self, "enable_ip_reputation_security") + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_ip_reputation") - @enable_ip_reputation_security.setter - def enable_ip_reputation_security(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_ip_reputation_security", value) + @enable_ip_reputation.setter + def enable_ip_reputation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_ip_reputation", value) @property - @pulumi.getter(name="enablePortScanDetection") - def enable_port_scan_detection(self) -> Optional[pulumi.Input[bool]]: - """ - If true, detects port scanning behavior in the container. - """ - return pulumi.get(self, "enable_port_scan_detection") + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_port_scan_protection") - @enable_port_scan_detection.setter - def enable_port_scan_detection(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_port_scan_detection", value) + @enable_port_scan_protection.setter + def enable_port_scan_protection(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_port_scan_protection", value) @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -1553,28 +2202,55 @@ def enforce_after_days(self, value: Optional[pulumi.Input[int]]): pulumi.set(self, "enforce_after_days", value) @property - @pulumi.getter(name="exceptionalReadonlyFilesAndDirectories") - def exceptional_readonly_files_and_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @enforce_scheduler_added_on.setter + def enforce_scheduler_added_on(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_scheduler_added_on", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of files and directories to be excluded from the read-only list. + List of excluded application scopes. """ - return pulumi.get(self, "exceptional_readonly_files_and_directories") + return pulumi.get(self, "exclude_application_scopes") - @exceptional_readonly_files_and_directories.setter - def exceptional_readonly_files_and_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exceptional_readonly_files_and_directories", value) + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) @property - @pulumi.getter(name="execLockdownWhiteLists") - def exec_lockdown_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]]]: """ - Specify processes that will be allowed + Executable blacklist configuration. """ - return pulumi.get(self, "exec_lockdown_white_lists") + return pulumi.get(self, "executable_blacklists") + + @executable_blacklists.setter + def executable_blacklists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyExecutableBlacklistArgs']]]]): + pulumi.set(self, "executable_blacklists", value) + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> Optional[pulumi.Input['ContainerRuntimePolicyFailedKubernetesChecksArgs']]: + return pulumi.get(self, "failed_kubernetes_checks") + + @failed_kubernetes_checks.setter + def failed_kubernetes_checks(self, value: Optional[pulumi.Input['ContainerRuntimePolicyFailedKubernetesChecksArgs']]): + pulumi.set(self, "failed_kubernetes_checks", value) + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional[pulumi.Input['ContainerRuntimePolicyFileBlockArgs']]: + return pulumi.get(self, "file_block") - @exec_lockdown_white_lists.setter - def exec_lockdown_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "exec_lockdown_white_lists", value) + @file_block.setter + def file_block(self, value: Optional[pulumi.Input['ContainerRuntimePolicyFileBlockArgs']]): + pulumi.set(self, "file_block", value) @property @pulumi.getter(name="fileIntegrityMonitoring") @@ -1600,6 +2276,63 @@ def fork_guard_process_limit(self) -> Optional[pulumi.Input[int]]: def fork_guard_process_limit(self, value: Optional[pulumi.Input[int]]): pulumi.set(self, "fork_guard_process_limit", value) + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_auto_generated") + + @is_auto_generated.setter + def is_auto_generated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_auto_generated", value) + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @is_ootb_policy.setter + def is_ootb_policy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ootb_policy", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @limit_container_privileges.setter + def limit_container_privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]): + pulumi.set(self, "limit_container_privileges", value) + @property @pulumi.getter(name="limitNewPrivileges") def limit_new_privileges(self) -> Optional[pulumi.Input[bool]]: @@ -1612,6 +2345,15 @@ def limit_new_privileges(self) -> Optional[pulumi.Input[bool]]: def limit_new_privileges(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "limit_new_privileges", value) + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> Optional[pulumi.Input['ContainerRuntimePolicyLinuxCapabilitiesArgs']]: + return pulumi.get(self, "linux_capabilities") + + @linux_capabilities.setter + def linux_capabilities(self, value: Optional[pulumi.Input['ContainerRuntimePolicyLinuxCapabilitiesArgs']]): + pulumi.set(self, "linux_capabilities", value) + @property @pulumi.getter(name="malwareScanOptions") def malware_scan_options(self) -> Optional[pulumi.Input['ContainerRuntimePolicyMalwareScanOptionsArgs']]: @@ -1640,7 +2382,7 @@ def monitor_system_time_changes(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Name of the container runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -1649,40 +2391,151 @@ def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) @property - @pulumi.getter(name="readonlyFilesAndDirectories") - def readonly_files_and_directories(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of files and directories to be restricted as read-only - """ - return pulumi.get(self, "readonly_files_and_directories") + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "no_new_privileges") - @readonly_files_and_directories.setter - def readonly_files_and_directories(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "readonly_files_and_directories", value) + @no_new_privileges.setter + def no_new_privileges(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "no_new_privileges", value) @property - @pulumi.getter(name="reverseShellAllowedIps") - def reverse_shell_allowed_ips(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of IPs/ CIDRs that will be allowed - """ - return pulumi.get(self, "reverse_shell_allowed_ips") + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "only_registered_images") + + @only_registered_images.setter + def only_registered_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_registered_images", value) + + @property + @pulumi.getter(name="packageBlock") + def package_block(self) -> Optional[pulumi.Input['ContainerRuntimePolicyPackageBlockArgs']]: + return pulumi.get(self, "package_block") + + @package_block.setter + def package_block(self, value: Optional[pulumi.Input['ContainerRuntimePolicyPackageBlockArgs']]): + pulumi.set(self, "package_block", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional[pulumi.Input['ContainerRuntimePolicyPortBlockArgs']]: + return pulumi.get(self, "port_block") - @reverse_shell_allowed_ips.setter - def reverse_shell_allowed_ips(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "reverse_shell_allowed_ips", value) + @port_block.setter + def port_block(self, value: Optional[pulumi.Input['ContainerRuntimePolicyPortBlockArgs']]): + pulumi.set(self, "port_block", value) @property - @pulumi.getter(name="reverseShellAllowedProcesses") - def reverse_shell_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input['ContainerRuntimePolicyReadonlyFilesArgs']]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyFilesArgs']]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> Optional[pulumi.Input['ContainerRuntimePolicyReadonlyRegistryArgs']]: + return pulumi.get(self, "readonly_registry") + + @readonly_registry.setter + def readonly_registry(self, value: Optional[pulumi.Input['ContainerRuntimePolicyReadonlyRegistryArgs']]): + pulumi.set(self, "readonly_registry", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> Optional[pulumi.Input['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]: + return pulumi.get(self, "registry_access_monitoring") + + @registry_access_monitoring.setter + def registry_access_monitoring(self, value: Optional[pulumi.Input['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]): + pulumi.set(self, "registry_access_monitoring", value) + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repo_name") + + @repo_name.setter + def repo_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repo_name", value) + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") + + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") + + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]]]: """ - List of processes that will be allowed + Restricted volumes configuration. """ - return pulumi.get(self, "reverse_shell_allowed_processes") + return pulumi.get(self, "restricted_volumes") + + @restricted_volumes.setter + def restricted_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyRestrictedVolumeArgs']]]]): + pulumi.set(self, "restricted_volumes", value) + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> Optional[pulumi.Input['ContainerRuntimePolicyReverseShellArgs']]: + return pulumi.get(self, "reverse_shell") + + @reverse_shell.setter + def reverse_shell(self, value: Optional[pulumi.Input['ContainerRuntimePolicyReverseShellArgs']]): + pulumi.set(self, "reverse_shell", value) - @reverse_shell_allowed_processes.setter - def reverse_shell_allowed_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "reverse_shell_allowed_processes", value) + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "runtime_mode") + + @runtime_mode.setter + def runtime_mode(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "runtime_mode", value) + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "runtime_type") + + @runtime_type.setter + def runtime_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "runtime_type", value) @property @pulumi.getter(name="scopeExpression") @@ -1708,31 +2561,108 @@ def scope_variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['Contai def scope_variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeVariableArgs']]]]): pulumi.set(self, "scope_variables", value) + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ContainerRuntimePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + @property + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> Optional[pulumi.Input['ContainerRuntimePolicySystemIntegrityProtectionArgs']]: + return pulumi.get(self, "system_integrity_protection") + + @system_integrity_protection.setter + def system_integrity_protection(self, value: Optional[pulumi.Input['ContainerRuntimePolicySystemIntegrityProtectionArgs']]): + pulumi.set(self, "system_integrity_protection", value) + + @property + @pulumi.getter + def tripwire(self) -> Optional[pulumi.Input['ContainerRuntimePolicyTripwireArgs']]: + return pulumi.get(self, "tripwire") + + @tripwire.setter + def tripwire(self, value: Optional[pulumi.Input['ContainerRuntimePolicyTripwireArgs']]): + pulumi.set(self, "tripwire", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def updated(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "updated") + + @updated.setter + def updated(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vpatch_version") + + @vpatch_version.setter + def vpatch_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vpatch_version", value) + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> Optional[pulumi.Input['ContainerRuntimePolicyWhitelistedOsUsersArgs']]: + return pulumi.get(self, "whitelisted_os_users") + + @whitelisted_os_users.setter + def whitelisted_os_users(self, value: Optional[pulumi.Input['ContainerRuntimePolicyWhitelistedOsUsersArgs']]): + pulumi.set(self, "whitelisted_os_users", value) + class ContainerRuntimePolicy(pulumi.CustomResource): @overload def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, - allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, audit_all_network_activity: Optional[pulumi.Input[bool]] = None, audit_all_processes_activity: Optional[pulumi.Input[bool]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAuditingArgs']]] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBlacklistedOsUsersArgs']]] = None, block_access_host_network: Optional[pulumi.Input[bool]] = None, block_adding_capabilities: Optional[pulumi.Input[bool]] = None, block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, block_fileless_exec: Optional[pulumi.Input[bool]] = None, block_low_port_binding: Optional[pulumi.Input[bool]] = None, - block_non_compliant_images: Optional[pulumi.Input[bool]] = None, block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, block_privileged_containers: Optional[pulumi.Input[bool]] = None, - block_reverse_shell: Optional[pulumi.Input[bool]] = None, block_root_user: Optional[pulumi.Input[bool]] = None, - block_unregistered_images: Optional[pulumi.Input[bool]] = None, block_use_ipc_namespace: Optional[pulumi.Input[bool]] = None, block_use_pid_namespace: Optional[pulumi.Input[bool]] = None, block_use_user_namespace: Optional[pulumi.Input[bool]] = None, @@ -1744,176 +2674,89 @@ def __init__(__self__, blocked_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_packages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyContainerExecArgs']]] = None, container_exec_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_drift_prevention: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, enable_fork_guard: Optional[pulumi.Input[bool]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, - enable_port_scan_detection: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, - exceptional_readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileBlockArgs']]] = None, file_integrity_monitoring: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileIntegrityMonitoringArgs']]] = None, fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, limit_new_privileges: Optional[pulumi.Input[bool]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLinuxCapabilitiesArgs']]] = None, malware_scan_options: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyMalwareScanOptionsArgs']]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, - readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyPackageBlockArgs']]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeVariableArgs']]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyWhitelistedOsUsersArgs']]] = None, __props__=None): """ - ## Example Usage - - ```python - import pulumi - import pulumiverse_aquasec as aquasec - - container_runtime_policy = aquasec.ContainerRuntimePolicy("containerRuntimePolicy", - allowed_executables=[ - "exe", - "bin", - ], - allowed_registries=[ - "registry1", - "registry2", - ], - application_scopes=["Global"], - audit_all_network_activity=True, - audit_all_processes_activity=True, - audit_full_command_arguments=True, - block_access_host_network=True, - block_adding_capabilities=True, - block_container_exec=True, - block_cryptocurrency_mining=True, - block_fileless_exec=True, - block_low_port_binding=True, - block_non_compliant_images=True, - block_non_compliant_workloads=True, - block_non_k8s_containers=True, - block_privileged_containers=True, - block_reverse_shell=True, - block_root_user=True, - block_unregistered_images=True, - block_use_ipc_namespace=True, - block_use_pid_namespace=True, - block_use_user_namespace=True, - block_use_uts_namespace=True, - blocked_capabilities=[ - "AUDIT_CONTROL", - "AUDIT_WRITE", - ], - blocked_executables=[ - "exe1", - "exe2", - ], - blocked_files=[ - "test1", - "test2", - ], - blocked_inbound_ports=[ - "80", - "8080", - ], - blocked_outbound_ports=[ - "90", - "9090", - ], - blocked_packages=[ - "pkg", - "pkg2", - ], - blocked_volumes=[ - "blocked", - "vol", - ], - container_exec_allowed_processes=[ - "proc1", - "proc2", - ], - description="container_runtime_policy", - enable_drift_prevention=True, - enable_fork_guard=True, - enable_ip_reputation_security=True, - enable_port_scan_detection=True, - enabled=True, - enforce=False, - exceptional_readonly_files_and_directories=[ - "readonly2", - "/dir2/", - ], - file_integrity_monitoring=aquasec.ContainerRuntimePolicyFileIntegrityMonitoringArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - monitor_attributes=True, - monitor_create=True, - monitor_delete=True, - monitor_modify=True, - monitor_read=True, - monitored_paths=["paths"], - monitored_processes=["process"], - monitored_users=["user"], - ), - fork_guard_process_limit=13, - limit_new_privileges=True, - malware_scan_options=aquasec.ContainerRuntimePolicyMalwareScanOptionsArgs( - action="alert", - enabled=True, - ), - monitor_system_time_changes=True, - readonly_files_and_directories=[ - "readonly", - "/dir/", - ], - reverse_shell_allowed_ips=[ - "ip1", - "ip2", - ], - reverse_shell_allowed_processes=[ - "proc1", - "proc2", - ], - scope_expression="v1 || v2", - scope_variables=[ - aquasec.ContainerRuntimePolicyScopeVariableArgs( - attribute="kubernetes.cluster", - value="default", - ), - aquasec.ContainerRuntimePolicyScopeVariableArgs( - attribute="kubernetes.label", - name="app", - value="aqua", - ), - ]) - ``` - + Create a ContainerRuntimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_executables: List of executables that are allowed for the user. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of registries that allowed for running containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedExecutableArgs']]]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedRegistryArgs']]]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. :param pulumi.Input[bool] audit_all_network_activity: If true, all network activity will be audited. :param pulumi.Input[bool] audit_all_processes_activity: If true, all process activity will be audited. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. + :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_access_host_network: If true, prevent containers from running with access to host network. :param pulumi.Input[bool] block_adding_capabilities: If true, prevent containers from running with adding capabilities with `--cap-add` privilege. :param pulumi.Input[bool] block_container_exec: If true, exec into a container is prevented. :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[bool] block_fileless_exec: Detect and prevent running in-memory execution :param pulumi.Input[bool] block_low_port_binding: If true, prevent containers from running with the capability to bind in port lower than 1024. - :param pulumi.Input[bool] block_non_compliant_images: If true, running non-compliant image in the container is prevented. :param pulumi.Input[bool] block_non_compliant_workloads: If true, running containers in non-compliant pods is prevented. :param pulumi.Input[bool] block_non_k8s_containers: If true, running non-kubernetes containers is prevented. :param pulumi.Input[bool] block_privileged_containers: If true, prevent containers from running with privileged container capability. - :param pulumi.Input[bool] block_reverse_shell: If true, reverse shell is prevented. :param pulumi.Input[bool] block_root_user: If true, prevent containers from running with root user. - :param pulumi.Input[bool] block_unregistered_images: If true, running images in the container that are not registered in Aqua is prevented. :param pulumi.Input[bool] block_use_ipc_namespace: If true, prevent containers from running with the privilege to use the IPC namespace. :param pulumi.Input[bool] block_use_pid_namespace: If true, prevent containers from running with the privilege to use the PID namespace. :param pulumi.Input[bool] block_use_user_namespace: If true, prevent containers from running with the privilege to use the user namespace. @@ -1925,28 +2768,27 @@ def __init__(__self__, :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_outbound_ports: List of blocked outbound ports. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_packages: Prevent containers from reading, writing, or executing all files in the list of packages. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_volumes: List of volumes that are prevented from being mounted in the containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBypassScopeArgs']]]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] container_exec_allowed_processes: List of processes that will be allowed. :param pulumi.Input[str] description: The description of the container runtime policy - :param pulumi.Input[bool] enable_drift_prevention: If true, executables that are not in the original image is prevented from running. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyDriftPreventionArgs']]]] drift_preventions: Drift prevention configuration. :param pulumi.Input[bool] enable_fork_guard: If true, fork bombs are prevented in the containers. - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enable_port_scan_detection: If true, detects port scanning behavior in the container. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_readonly_files_and_directories: List of files and directories to be excluded from the read-only list. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: Specify processes that will be allowed + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyExecutableBlacklistArgs']]]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitoring: Configuration for file integrity monitoring. :param pulumi.Input[int] fork_guard_process_limit: Process limit for the fork guard. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]] limit_container_privileges: Container privileges configuration. :param pulumi.Input[bool] limit_new_privileges: If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) :param pulumi.Input[pulumi.InputType['ContainerRuntimePolicyMalwareScanOptionsArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. - :param pulumi.Input[str] name: Name of the container runtime policy - :param pulumi.Input[Sequence[pulumi.Input[str]]] readonly_files_and_directories: List of files and directories to be restricted as read-only - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_ips: List of IPs/ CIDRs that will be allowed - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_processes: List of processes that will be allowed + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRestrictedVolumeArgs']]]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeVariableArgs']]]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeArgs']]]] scopes: Scope configuration. """ ... @overload @@ -1955,131 +2797,7 @@ def __init__(__self__, args: Optional[ContainerRuntimePolicyArgs] = None, opts: Optional[pulumi.ResourceOptions] = None): """ - ## Example Usage - - ```python - import pulumi - import pulumiverse_aquasec as aquasec - - container_runtime_policy = aquasec.ContainerRuntimePolicy("containerRuntimePolicy", - allowed_executables=[ - "exe", - "bin", - ], - allowed_registries=[ - "registry1", - "registry2", - ], - application_scopes=["Global"], - audit_all_network_activity=True, - audit_all_processes_activity=True, - audit_full_command_arguments=True, - block_access_host_network=True, - block_adding_capabilities=True, - block_container_exec=True, - block_cryptocurrency_mining=True, - block_fileless_exec=True, - block_low_port_binding=True, - block_non_compliant_images=True, - block_non_compliant_workloads=True, - block_non_k8s_containers=True, - block_privileged_containers=True, - block_reverse_shell=True, - block_root_user=True, - block_unregistered_images=True, - block_use_ipc_namespace=True, - block_use_pid_namespace=True, - block_use_user_namespace=True, - block_use_uts_namespace=True, - blocked_capabilities=[ - "AUDIT_CONTROL", - "AUDIT_WRITE", - ], - blocked_executables=[ - "exe1", - "exe2", - ], - blocked_files=[ - "test1", - "test2", - ], - blocked_inbound_ports=[ - "80", - "8080", - ], - blocked_outbound_ports=[ - "90", - "9090", - ], - blocked_packages=[ - "pkg", - "pkg2", - ], - blocked_volumes=[ - "blocked", - "vol", - ], - container_exec_allowed_processes=[ - "proc1", - "proc2", - ], - description="container_runtime_policy", - enable_drift_prevention=True, - enable_fork_guard=True, - enable_ip_reputation_security=True, - enable_port_scan_detection=True, - enabled=True, - enforce=False, - exceptional_readonly_files_and_directories=[ - "readonly2", - "/dir2/", - ], - file_integrity_monitoring=aquasec.ContainerRuntimePolicyFileIntegrityMonitoringArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - monitor_attributes=True, - monitor_create=True, - monitor_delete=True, - monitor_modify=True, - monitor_read=True, - monitored_paths=["paths"], - monitored_processes=["process"], - monitored_users=["user"], - ), - fork_guard_process_limit=13, - limit_new_privileges=True, - malware_scan_options=aquasec.ContainerRuntimePolicyMalwareScanOptionsArgs( - action="alert", - enabled=True, - ), - monitor_system_time_changes=True, - readonly_files_and_directories=[ - "readonly", - "/dir/", - ], - reverse_shell_allowed_ips=[ - "ip1", - "ip2", - ], - reverse_shell_allowed_processes=[ - "proc1", - "proc2", - ], - scope_expression="v1 || v2", - scope_variables=[ - aquasec.ContainerRuntimePolicyScopeVariableArgs( - attribute="kubernetes.cluster", - value="default", - ), - aquasec.ContainerRuntimePolicyScopeVariableArgs( - attribute="kubernetes.label", - name="app", - value="aqua", - ), - ]) - ``` - + Create a ContainerRuntimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param ContainerRuntimePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -2095,25 +2813,27 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, - allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, audit_all_network_activity: Optional[pulumi.Input[bool]] = None, audit_all_processes_activity: Optional[pulumi.Input[bool]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAuditingArgs']]] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBlacklistedOsUsersArgs']]] = None, block_access_host_network: Optional[pulumi.Input[bool]] = None, block_adding_capabilities: Optional[pulumi.Input[bool]] = None, block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, block_fileless_exec: Optional[pulumi.Input[bool]] = None, block_low_port_binding: Optional[pulumi.Input[bool]] = None, - block_non_compliant_images: Optional[pulumi.Input[bool]] = None, block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, block_privileged_containers: Optional[pulumi.Input[bool]] = None, - block_reverse_shell: Optional[pulumi.Input[bool]] = None, block_root_user: Optional[pulumi.Input[bool]] = None, - block_unregistered_images: Optional[pulumi.Input[bool]] = None, block_use_ipc_namespace: Optional[pulumi.Input[bool]] = None, block_use_pid_namespace: Optional[pulumi.Input[bool]] = None, block_use_user_namespace: Optional[pulumi.Input[bool]] = None, @@ -2125,28 +2845,66 @@ def _internal_init(__self__, blocked_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_packages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyContainerExecArgs']]] = None, container_exec_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_drift_prevention: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, enable_fork_guard: Optional[pulumi.Input[bool]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, - enable_port_scan_detection: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, - exceptional_readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileBlockArgs']]] = None, file_integrity_monitoring: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileIntegrityMonitoringArgs']]] = None, fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, limit_new_privileges: Optional[pulumi.Input[bool]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLinuxCapabilitiesArgs']]] = None, malware_scan_options: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyMalwareScanOptionsArgs']]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, - readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyPackageBlockArgs']]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeVariableArgs']]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyWhitelistedOsUsersArgs']]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -2161,20 +2919,22 @@ def _internal_init(__self__, __props__.__dict__["application_scopes"] = application_scopes __props__.__dict__["audit_all_network_activity"] = audit_all_network_activity __props__.__dict__["audit_all_processes_activity"] = audit_all_processes_activity + __props__.__dict__["audit_brute_force_login"] = audit_brute_force_login __props__.__dict__["audit_full_command_arguments"] = audit_full_command_arguments + __props__.__dict__["auditing"] = auditing + __props__.__dict__["author"] = author + __props__.__dict__["blacklisted_os_users"] = blacklisted_os_users __props__.__dict__["block_access_host_network"] = block_access_host_network __props__.__dict__["block_adding_capabilities"] = block_adding_capabilities __props__.__dict__["block_container_exec"] = block_container_exec __props__.__dict__["block_cryptocurrency_mining"] = block_cryptocurrency_mining + __props__.__dict__["block_disallowed_images"] = block_disallowed_images __props__.__dict__["block_fileless_exec"] = block_fileless_exec __props__.__dict__["block_low_port_binding"] = block_low_port_binding - __props__.__dict__["block_non_compliant_images"] = block_non_compliant_images __props__.__dict__["block_non_compliant_workloads"] = block_non_compliant_workloads __props__.__dict__["block_non_k8s_containers"] = block_non_k8s_containers __props__.__dict__["block_privileged_containers"] = block_privileged_containers - __props__.__dict__["block_reverse_shell"] = block_reverse_shell __props__.__dict__["block_root_user"] = block_root_user - __props__.__dict__["block_unregistered_images"] = block_unregistered_images __props__.__dict__["block_use_ipc_namespace"] = block_use_ipc_namespace __props__.__dict__["block_use_pid_namespace"] = block_use_pid_namespace __props__.__dict__["block_use_user_namespace"] = block_use_user_namespace @@ -2186,29 +2946,66 @@ def _internal_init(__self__, __props__.__dict__["blocked_outbound_ports"] = blocked_outbound_ports __props__.__dict__["blocked_packages"] = blocked_packages __props__.__dict__["blocked_volumes"] = blocked_volumes + __props__.__dict__["bypass_scopes"] = bypass_scopes + __props__.__dict__["container_exec"] = container_exec __props__.__dict__["container_exec_allowed_processes"] = container_exec_allowed_processes + __props__.__dict__["created"] = created + __props__.__dict__["cve"] = cve + __props__.__dict__["default_security_profile"] = default_security_profile __props__.__dict__["description"] = description - __props__.__dict__["enable_drift_prevention"] = enable_drift_prevention + __props__.__dict__["digest"] = digest + __props__.__dict__["drift_preventions"] = drift_preventions + __props__.__dict__["enable_crypto_mining_dns"] = enable_crypto_mining_dns __props__.__dict__["enable_fork_guard"] = enable_fork_guard - __props__.__dict__["enable_ip_reputation_security"] = enable_ip_reputation_security - __props__.__dict__["enable_port_scan_detection"] = enable_port_scan_detection + __props__.__dict__["enable_ip_reputation"] = enable_ip_reputation + __props__.__dict__["enable_port_scan_protection"] = enable_port_scan_protection __props__.__dict__["enabled"] = enabled __props__.__dict__["enforce"] = enforce __props__.__dict__["enforce_after_days"] = enforce_after_days - __props__.__dict__["exceptional_readonly_files_and_directories"] = exceptional_readonly_files_and_directories - __props__.__dict__["exec_lockdown_white_lists"] = exec_lockdown_white_lists + __props__.__dict__["enforce_scheduler_added_on"] = enforce_scheduler_added_on + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["executable_blacklists"] = executable_blacklists + __props__.__dict__["failed_kubernetes_checks"] = failed_kubernetes_checks + __props__.__dict__["file_block"] = file_block __props__.__dict__["file_integrity_monitoring"] = file_integrity_monitoring __props__.__dict__["fork_guard_process_limit"] = fork_guard_process_limit + __props__.__dict__["image_name"] = image_name + __props__.__dict__["is_audit_checked"] = is_audit_checked + __props__.__dict__["is_auto_generated"] = is_auto_generated + __props__.__dict__["is_ootb_policy"] = is_ootb_policy + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["limit_container_privileges"] = limit_container_privileges __props__.__dict__["limit_new_privileges"] = limit_new_privileges + __props__.__dict__["linux_capabilities"] = linux_capabilities __props__.__dict__["malware_scan_options"] = malware_scan_options __props__.__dict__["monitor_system_time_changes"] = monitor_system_time_changes __props__.__dict__["name"] = name - __props__.__dict__["readonly_files_and_directories"] = readonly_files_and_directories - __props__.__dict__["reverse_shell_allowed_ips"] = reverse_shell_allowed_ips - __props__.__dict__["reverse_shell_allowed_processes"] = reverse_shell_allowed_processes + __props__.__dict__["no_new_privileges"] = no_new_privileges + __props__.__dict__["only_registered_images"] = only_registered_images + __props__.__dict__["package_block"] = package_block + __props__.__dict__["permission"] = permission + __props__.__dict__["port_block"] = port_block + __props__.__dict__["readonly_files"] = readonly_files + __props__.__dict__["readonly_registry"] = readonly_registry + __props__.__dict__["registry"] = registry + __props__.__dict__["registry_access_monitoring"] = registry_access_monitoring + __props__.__dict__["repo_name"] = repo_name + __props__.__dict__["resource_name"] = resource_name_ + __props__.__dict__["resource_type"] = resource_type + __props__.__dict__["restricted_volumes"] = restricted_volumes + __props__.__dict__["reverse_shell"] = reverse_shell + __props__.__dict__["runtime_mode"] = runtime_mode + __props__.__dict__["runtime_type"] = runtime_type __props__.__dict__["scope_expression"] = scope_expression __props__.__dict__["scope_variables"] = scope_variables - __props__.__dict__["author"] = None + __props__.__dict__["scopes"] = scopes + __props__.__dict__["system_integrity_protection"] = system_integrity_protection + __props__.__dict__["tripwire"] = tripwire + __props__.__dict__["type"] = type + __props__.__dict__["updated"] = updated + __props__.__dict__["version"] = version + __props__.__dict__["vpatch_version"] = vpatch_version + __props__.__dict__["whitelisted_os_users"] = whitelisted_os_users super(ContainerRuntimePolicy, __self__).__init__( 'aquasec:index/containerRuntimePolicy:ContainerRuntimePolicy', resource_name, @@ -2219,26 +3016,27 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, - allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, audit_all_network_activity: Optional[pulumi.Input[bool]] = None, audit_all_processes_activity: Optional[pulumi.Input[bool]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAuditingArgs']]] = None, author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBlacklistedOsUsersArgs']]] = None, block_access_host_network: Optional[pulumi.Input[bool]] = None, block_adding_capabilities: Optional[pulumi.Input[bool]] = None, block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, block_fileless_exec: Optional[pulumi.Input[bool]] = None, block_low_port_binding: Optional[pulumi.Input[bool]] = None, - block_non_compliant_images: Optional[pulumi.Input[bool]] = None, block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, block_privileged_containers: Optional[pulumi.Input[bool]] = None, - block_reverse_shell: Optional[pulumi.Input[bool]] = None, block_root_user: Optional[pulumi.Input[bool]] = None, - block_unregistered_images: Optional[pulumi.Input[bool]] = None, block_use_ipc_namespace: Optional[pulumi.Input[bool]] = None, block_use_pid_namespace: Optional[pulumi.Input[bool]] = None, block_use_user_namespace: Optional[pulumi.Input[bool]] = None, @@ -2250,28 +3048,66 @@ def get(resource_name: str, blocked_outbound_ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_packages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, blocked_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyContainerExecArgs']]] = None, container_exec_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_drift_prevention: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, enable_fork_guard: Optional[pulumi.Input[bool]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, - enable_port_scan_detection: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, - exceptional_readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - exec_lockdown_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileBlockArgs']]] = None, file_integrity_monitoring: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileIntegrityMonitoringArgs']]] = None, fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, limit_new_privileges: Optional[pulumi.Input[bool]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLinuxCapabilitiesArgs']]] = None, malware_scan_options: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyMalwareScanOptionsArgs']]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, - readonly_files_and_directories: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - reverse_shell_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyPackageBlockArgs']]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, - scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeVariableArgs']]]]] = None) -> 'ContainerRuntimePolicy': + scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeVariableArgs']]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyWhitelistedOsUsersArgs']]] = None) -> 'ContainerRuntimePolicy': """ Get an existing ContainerRuntimePolicy resource's state with the given name, id, and optional extra properties used to qualify the lookup. @@ -2279,11 +3115,12 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_executables: List of executables that are allowed for the user. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_registries: List of registries that allowed for running containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedExecutableArgs']]]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyAllowedRegistryArgs']]]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. :param pulumi.Input[bool] audit_all_network_activity: If true, all network activity will be audited. :param pulumi.Input[bool] audit_all_processes_activity: If true, all process activity will be audited. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_access_host_network: If true, prevent containers from running with access to host network. @@ -2292,13 +3129,10 @@ def get(resource_name: str, :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[bool] block_fileless_exec: Detect and prevent running in-memory execution :param pulumi.Input[bool] block_low_port_binding: If true, prevent containers from running with the capability to bind in port lower than 1024. - :param pulumi.Input[bool] block_non_compliant_images: If true, running non-compliant image in the container is prevented. :param pulumi.Input[bool] block_non_compliant_workloads: If true, running containers in non-compliant pods is prevented. :param pulumi.Input[bool] block_non_k8s_containers: If true, running non-kubernetes containers is prevented. :param pulumi.Input[bool] block_privileged_containers: If true, prevent containers from running with privileged container capability. - :param pulumi.Input[bool] block_reverse_shell: If true, reverse shell is prevented. :param pulumi.Input[bool] block_root_user: If true, prevent containers from running with root user. - :param pulumi.Input[bool] block_unregistered_images: If true, running images in the container that are not registered in Aqua is prevented. :param pulumi.Input[bool] block_use_ipc_namespace: If true, prevent containers from running with the privilege to use the IPC namespace. :param pulumi.Input[bool] block_use_pid_namespace: If true, prevent containers from running with the privilege to use the PID namespace. :param pulumi.Input[bool] block_use_user_namespace: If true, prevent containers from running with the privilege to use the user namespace. @@ -2310,28 +3144,27 @@ def get(resource_name: str, :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_outbound_ports: List of blocked outbound ports. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_packages: Prevent containers from reading, writing, or executing all files in the list of packages. :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_volumes: List of volumes that are prevented from being mounted in the containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyBypassScopeArgs']]]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] container_exec_allowed_processes: List of processes that will be allowed. :param pulumi.Input[str] description: The description of the container runtime policy - :param pulumi.Input[bool] enable_drift_prevention: If true, executables that are not in the original image is prevented from running. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyDriftPreventionArgs']]]] drift_preventions: Drift prevention configuration. :param pulumi.Input[bool] enable_fork_guard: If true, fork bombs are prevented in the containers. - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enable_port_scan_detection: If true, detects port scanning behavior in the container. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exceptional_readonly_files_and_directories: List of files and directories to be excluded from the read-only list. - :param pulumi.Input[Sequence[pulumi.Input[str]]] exec_lockdown_white_lists: Specify processes that will be allowed + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyExecutableBlacklistArgs']]]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input[pulumi.InputType['ContainerRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitoring: Configuration for file integrity monitoring. :param pulumi.Input[int] fork_guard_process_limit: Process limit for the fork guard. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyLimitContainerPrivilegeArgs']]]] limit_container_privileges: Container privileges configuration. :param pulumi.Input[bool] limit_new_privileges: If true, prevents the container from obtaining new privileges at runtime. (only enabled in enforce mode) :param pulumi.Input[pulumi.InputType['ContainerRuntimePolicyMalwareScanOptionsArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. - :param pulumi.Input[str] name: Name of the container runtime policy - :param pulumi.Input[Sequence[pulumi.Input[str]]] readonly_files_and_directories: List of files and directories to be restricted as read-only - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_ips: List of IPs/ CIDRs that will be allowed - :param pulumi.Input[Sequence[pulumi.Input[str]]] reverse_shell_allowed_processes: List of processes that will be allowed + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyRestrictedVolumeArgs']]]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeVariableArgs']]]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ContainerRuntimePolicyScopeArgs']]]] scopes: Scope configuration. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -2342,21 +3175,22 @@ def get(resource_name: str, __props__.__dict__["application_scopes"] = application_scopes __props__.__dict__["audit_all_network_activity"] = audit_all_network_activity __props__.__dict__["audit_all_processes_activity"] = audit_all_processes_activity + __props__.__dict__["audit_brute_force_login"] = audit_brute_force_login __props__.__dict__["audit_full_command_arguments"] = audit_full_command_arguments + __props__.__dict__["auditing"] = auditing __props__.__dict__["author"] = author + __props__.__dict__["blacklisted_os_users"] = blacklisted_os_users __props__.__dict__["block_access_host_network"] = block_access_host_network __props__.__dict__["block_adding_capabilities"] = block_adding_capabilities __props__.__dict__["block_container_exec"] = block_container_exec __props__.__dict__["block_cryptocurrency_mining"] = block_cryptocurrency_mining + __props__.__dict__["block_disallowed_images"] = block_disallowed_images __props__.__dict__["block_fileless_exec"] = block_fileless_exec __props__.__dict__["block_low_port_binding"] = block_low_port_binding - __props__.__dict__["block_non_compliant_images"] = block_non_compliant_images __props__.__dict__["block_non_compliant_workloads"] = block_non_compliant_workloads __props__.__dict__["block_non_k8s_containers"] = block_non_k8s_containers __props__.__dict__["block_privileged_containers"] = block_privileged_containers - __props__.__dict__["block_reverse_shell"] = block_reverse_shell __props__.__dict__["block_root_user"] = block_root_user - __props__.__dict__["block_unregistered_images"] = block_unregistered_images __props__.__dict__["block_use_ipc_namespace"] = block_use_ipc_namespace __props__.__dict__["block_use_pid_namespace"] = block_use_pid_namespace __props__.__dict__["block_use_user_namespace"] = block_use_user_namespace @@ -2368,43 +3202,81 @@ def get(resource_name: str, __props__.__dict__["blocked_outbound_ports"] = blocked_outbound_ports __props__.__dict__["blocked_packages"] = blocked_packages __props__.__dict__["blocked_volumes"] = blocked_volumes + __props__.__dict__["bypass_scopes"] = bypass_scopes + __props__.__dict__["container_exec"] = container_exec __props__.__dict__["container_exec_allowed_processes"] = container_exec_allowed_processes + __props__.__dict__["created"] = created + __props__.__dict__["cve"] = cve + __props__.__dict__["default_security_profile"] = default_security_profile __props__.__dict__["description"] = description - __props__.__dict__["enable_drift_prevention"] = enable_drift_prevention + __props__.__dict__["digest"] = digest + __props__.__dict__["drift_preventions"] = drift_preventions + __props__.__dict__["enable_crypto_mining_dns"] = enable_crypto_mining_dns __props__.__dict__["enable_fork_guard"] = enable_fork_guard - __props__.__dict__["enable_ip_reputation_security"] = enable_ip_reputation_security - __props__.__dict__["enable_port_scan_detection"] = enable_port_scan_detection + __props__.__dict__["enable_ip_reputation"] = enable_ip_reputation + __props__.__dict__["enable_port_scan_protection"] = enable_port_scan_protection __props__.__dict__["enabled"] = enabled __props__.__dict__["enforce"] = enforce __props__.__dict__["enforce_after_days"] = enforce_after_days - __props__.__dict__["exceptional_readonly_files_and_directories"] = exceptional_readonly_files_and_directories - __props__.__dict__["exec_lockdown_white_lists"] = exec_lockdown_white_lists + __props__.__dict__["enforce_scheduler_added_on"] = enforce_scheduler_added_on + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["executable_blacklists"] = executable_blacklists + __props__.__dict__["failed_kubernetes_checks"] = failed_kubernetes_checks + __props__.__dict__["file_block"] = file_block __props__.__dict__["file_integrity_monitoring"] = file_integrity_monitoring __props__.__dict__["fork_guard_process_limit"] = fork_guard_process_limit + __props__.__dict__["image_name"] = image_name + __props__.__dict__["is_audit_checked"] = is_audit_checked + __props__.__dict__["is_auto_generated"] = is_auto_generated + __props__.__dict__["is_ootb_policy"] = is_ootb_policy + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["limit_container_privileges"] = limit_container_privileges __props__.__dict__["limit_new_privileges"] = limit_new_privileges + __props__.__dict__["linux_capabilities"] = linux_capabilities __props__.__dict__["malware_scan_options"] = malware_scan_options __props__.__dict__["monitor_system_time_changes"] = monitor_system_time_changes __props__.__dict__["name"] = name - __props__.__dict__["readonly_files_and_directories"] = readonly_files_and_directories - __props__.__dict__["reverse_shell_allowed_ips"] = reverse_shell_allowed_ips - __props__.__dict__["reverse_shell_allowed_processes"] = reverse_shell_allowed_processes + __props__.__dict__["no_new_privileges"] = no_new_privileges + __props__.__dict__["only_registered_images"] = only_registered_images + __props__.__dict__["package_block"] = package_block + __props__.__dict__["permission"] = permission + __props__.__dict__["port_block"] = port_block + __props__.__dict__["readonly_files"] = readonly_files + __props__.__dict__["readonly_registry"] = readonly_registry + __props__.__dict__["registry"] = registry + __props__.__dict__["registry_access_monitoring"] = registry_access_monitoring + __props__.__dict__["repo_name"] = repo_name + __props__.__dict__["resource_name"] = resource_name_ + __props__.__dict__["resource_type"] = resource_type + __props__.__dict__["restricted_volumes"] = restricted_volumes + __props__.__dict__["reverse_shell"] = reverse_shell + __props__.__dict__["runtime_mode"] = runtime_mode + __props__.__dict__["runtime_type"] = runtime_type __props__.__dict__["scope_expression"] = scope_expression __props__.__dict__["scope_variables"] = scope_variables + __props__.__dict__["scopes"] = scopes + __props__.__dict__["system_integrity_protection"] = system_integrity_protection + __props__.__dict__["tripwire"] = tripwire + __props__.__dict__["type"] = type + __props__.__dict__["updated"] = updated + __props__.__dict__["version"] = version + __props__.__dict__["vpatch_version"] = vpatch_version + __props__.__dict__["whitelisted_os_users"] = whitelisted_os_users return ContainerRuntimePolicy(resource_name, opts=opts, __props__=__props__) @property @pulumi.getter(name="allowedExecutables") - def allowed_executables(self) -> pulumi.Output[Optional[Sequence[str]]]: + def allowed_executables(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePolicyAllowedExecutable']]: """ - List of executables that are allowed for the user. + Allowed executables configuration. """ return pulumi.get(self, "allowed_executables") @property @pulumi.getter(name="allowedRegistries") - def allowed_registries(self) -> pulumi.Output[Optional[Sequence[str]]]: + def allowed_registries(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePolicyAllowedRegistry']]: """ - List of registries that allowed for running containers. + List of allowed registries. """ return pulumi.get(self, "allowed_registries") @@ -2432,6 +3304,14 @@ def audit_all_processes_activity(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "audit_all_processes_activity") + @property + @pulumi.getter(name="auditBruteForceLogin") + def audit_brute_force_login(self) -> pulumi.Output[Optional[bool]]: + """ + Detects brute force login attempts + """ + return pulumi.get(self, "audit_brute_force_login") + @property @pulumi.getter(name="auditFullCommandArguments") def audit_full_command_arguments(self) -> pulumi.Output[Optional[bool]]: @@ -2440,6 +3320,11 @@ def audit_full_command_arguments(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "audit_full_command_arguments") + @property + @pulumi.getter + def auditing(self) -> pulumi.Output['outputs.ContainerRuntimePolicyAuditing']: + return pulumi.get(self, "auditing") + @property @pulumi.getter def author(self) -> pulumi.Output[str]: @@ -2448,6 +3333,11 @@ def author(self) -> pulumi.Output[str]: """ return pulumi.get(self, "author") + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> pulumi.Output['outputs.ContainerRuntimePolicyBlacklistedOsUsers']: + return pulumi.get(self, "blacklisted_os_users") + @property @pulumi.getter(name="blockAccessHostNetwork") def block_access_host_network(self) -> pulumi.Output[Optional[bool]]: @@ -2480,6 +3370,11 @@ def block_cryptocurrency_mining(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "block_cryptocurrency_mining") + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_disallowed_images") + @property @pulumi.getter(name="blockFilelessExec") def block_fileless_exec(self) -> pulumi.Output[Optional[bool]]: @@ -2496,14 +3391,6 @@ def block_low_port_binding(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "block_low_port_binding") - @property - @pulumi.getter(name="blockNonCompliantImages") - def block_non_compliant_images(self) -> pulumi.Output[Optional[bool]]: - """ - If true, running non-compliant image in the container is prevented. - """ - return pulumi.get(self, "block_non_compliant_images") - @property @pulumi.getter(name="blockNonCompliantWorkloads") def block_non_compliant_workloads(self) -> pulumi.Output[Optional[bool]]: @@ -2528,14 +3415,6 @@ def block_privileged_containers(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "block_privileged_containers") - @property - @pulumi.getter(name="blockReverseShell") - def block_reverse_shell(self) -> pulumi.Output[Optional[bool]]: - """ - If true, reverse shell is prevented. - """ - return pulumi.get(self, "block_reverse_shell") - @property @pulumi.getter(name="blockRootUser") def block_root_user(self) -> pulumi.Output[Optional[bool]]: @@ -2544,14 +3423,6 @@ def block_root_user(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "block_root_user") - @property - @pulumi.getter(name="blockUnregisteredImages") - def block_unregistered_images(self) -> pulumi.Output[Optional[bool]]: - """ - If true, running images in the container that are not registered in Aqua is prevented. - """ - return pulumi.get(self, "block_unregistered_images") - @property @pulumi.getter(name="blockUseIpcNamespace") def block_use_ipc_namespace(self) -> pulumi.Output[Optional[bool]]: @@ -2640,6 +3511,19 @@ def blocked_volumes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "blocked_volumes") + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> pulumi.Output[Optional[Sequence['outputs.ContainerRuntimePolicyBypassScope']]]: + """ + Bypass scope configuration. + """ + return pulumi.get(self, "bypass_scopes") + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> pulumi.Output['outputs.ContainerRuntimePolicyContainerExec']: + return pulumi.get(self, "container_exec") + @property @pulumi.getter(name="containerExecAllowedProcesses") def container_exec_allowed_processes(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2648,6 +3532,21 @@ def container_exec_allowed_processes(self) -> pulumi.Output[Optional[Sequence[st """ return pulumi.get(self, "container_exec_allowed_processes") + @property + @pulumi.getter + def created(self) -> pulumi.Output[str]: + return pulumi.get(self, "created") + + @property + @pulumi.getter + def cve(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "cve") + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "default_security_profile") + @property @pulumi.getter def description(self) -> pulumi.Output[Optional[str]]: @@ -2657,12 +3556,22 @@ def description(self) -> pulumi.Output[Optional[str]]: return pulumi.get(self, "description") @property - @pulumi.getter(name="enableDriftPrevention") - def enable_drift_prevention(self) -> pulumi.Output[Optional[bool]]: + @pulumi.getter + def digest(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "digest") + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePolicyDriftPrevention']]: """ - If true, executables that are not in the original image is prevented from running. + Drift prevention configuration. """ - return pulumi.get(self, "enable_drift_prevention") + return pulumi.get(self, "drift_preventions") + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") @property @pulumi.getter(name="enableForkGuard") @@ -2673,26 +3582,20 @@ def enable_fork_guard(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "enable_fork_guard") @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> pulumi.Output[Optional[bool]]: - """ - If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - """ - return pulumi.get(self, "enable_ip_reputation_security") + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_ip_reputation") @property - @pulumi.getter(name="enablePortScanDetection") - def enable_port_scan_detection(self) -> pulumi.Output[Optional[bool]]: - """ - If true, detects port scanning behavior in the container. - """ - return pulumi.get(self, "enable_port_scan_detection") + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_port_scan_protection") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -2713,24 +3616,39 @@ def enforce_after_days(self) -> pulumi.Output[Optional[int]]: return pulumi.get(self, "enforce_after_days") @property - @pulumi.getter(name="exceptionalReadonlyFilesAndDirectories") - def exceptional_readonly_files_and_directories(self) -> pulumi.Output[Optional[Sequence[str]]]: + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> pulumi.Output[int]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - List of files and directories to be excluded from the read-only list. + List of excluded application scopes. """ - return pulumi.get(self, "exceptional_readonly_files_and_directories") + return pulumi.get(self, "exclude_application_scopes") @property - @pulumi.getter(name="execLockdownWhiteLists") - def exec_lockdown_white_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePolicyExecutableBlacklist']]: """ - Specify processes that will be allowed + Executable blacklist configuration. """ - return pulumi.get(self, "exec_lockdown_white_lists") + return pulumi.get(self, "executable_blacklists") + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> pulumi.Output['outputs.ContainerRuntimePolicyFailedKubernetesChecks']: + return pulumi.get(self, "failed_kubernetes_checks") + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> pulumi.Output['outputs.ContainerRuntimePolicyFileBlock']: + return pulumi.get(self, "file_block") @property @pulumi.getter(name="fileIntegrityMonitoring") - def file_integrity_monitoring(self) -> pulumi.Output[Optional['outputs.ContainerRuntimePolicyFileIntegrityMonitoring']]: + def file_integrity_monitoring(self) -> pulumi.Output['outputs.ContainerRuntimePolicyFileIntegrityMonitoring']: """ Configuration for file integrity monitoring. """ @@ -2744,6 +3662,39 @@ def fork_guard_process_limit(self) -> pulumi.Output[Optional[int]]: """ return pulumi.get(self, "fork_guard_process_limit") + @property + @pulumi.getter(name="imageName") + def image_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "image_name") + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_audit_checked") + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_auto_generated") + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[int]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePolicyLimitContainerPrivilege']]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + @property @pulumi.getter(name="limitNewPrivileges") def limit_new_privileges(self) -> pulumi.Output[Optional[bool]]: @@ -2752,9 +3703,14 @@ def limit_new_privileges(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "limit_new_privileges") + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> pulumi.Output['outputs.ContainerRuntimePolicyLinuxCapabilities']: + return pulumi.get(self, "linux_capabilities") + @property @pulumi.getter(name="malwareScanOptions") - def malware_scan_options(self) -> pulumi.Output[Optional['outputs.ContainerRuntimePolicyMalwareScanOptions']]: + def malware_scan_options(self) -> pulumi.Output['outputs.ContainerRuntimePolicyMalwareScanOptions']: """ Configuration for Real-Time Malware Protection. """ @@ -2772,33 +3728,92 @@ def monitor_system_time_changes(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Name of the container runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") @property - @pulumi.getter(name="readonlyFilesAndDirectories") - def readonly_files_and_directories(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - List of files and directories to be restricted as read-only - """ - return pulumi.get(self, "readonly_files_and_directories") + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "no_new_privileges") @property - @pulumi.getter(name="reverseShellAllowedIps") - def reverse_shell_allowed_ips(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - List of IPs/ CIDRs that will be allowed - """ - return pulumi.get(self, "reverse_shell_allowed_ips") + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "only_registered_images") + + @property + @pulumi.getter(name="packageBlock") + def package_block(self) -> pulumi.Output['outputs.ContainerRuntimePolicyPackageBlock']: + return pulumi.get(self, "package_block") + + @property + @pulumi.getter + def permission(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> pulumi.Output['outputs.ContainerRuntimePolicyPortBlock']: + return pulumi.get(self, "port_block") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> pulumi.Output['outputs.ContainerRuntimePolicyReadonlyFiles']: + return pulumi.get(self, "readonly_files") + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> pulumi.Output['outputs.ContainerRuntimePolicyReadonlyRegistry']: + return pulumi.get(self, "readonly_registry") + + @property + @pulumi.getter + def registry(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "registry") + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> pulumi.Output['outputs.ContainerRuntimePolicyRegistryAccessMonitoring']: + return pulumi.get(self, "registry_access_monitoring") + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "repo_name") + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "resource_name") + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "resource_type") @property - @pulumi.getter(name="reverseShellAllowedProcesses") - def reverse_shell_allowed_processes(self) -> pulumi.Output[Optional[Sequence[str]]]: + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePolicyRestrictedVolume']]: """ - List of processes that will be allowed + Restricted volumes configuration. """ - return pulumi.get(self, "reverse_shell_allowed_processes") + return pulumi.get(self, "restricted_volumes") + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> pulumi.Output['outputs.ContainerRuntimePolicyReverseShell']: + return pulumi.get(self, "reverse_shell") + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "runtime_mode") + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "runtime_type") @property @pulumi.getter(name="scopeExpression") @@ -2816,3 +3831,46 @@ def scope_variables(self) -> pulumi.Output[Sequence['outputs.ContainerRuntimePol """ return pulumi.get(self, "scope_variables") + @property + @pulumi.getter + def scopes(self) -> pulumi.Output[Optional[Sequence['outputs.ContainerRuntimePolicyScope']]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @property + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> pulumi.Output['outputs.ContainerRuntimePolicySystemIntegrityProtection']: + return pulumi.get(self, "system_integrity_protection") + + @property + @pulumi.getter + def tripwire(self) -> pulumi.Output['outputs.ContainerRuntimePolicyTripwire']: + return pulumi.get(self, "tripwire") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "type") + + @property + @pulumi.getter + def updated(self) -> pulumi.Output[str]: + return pulumi.get(self, "updated") + + @property + @pulumi.getter + def version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "vpatch_version") + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> pulumi.Output['outputs.ContainerRuntimePolicyWhitelistedOsUsers']: + return pulumi.get(self, "whitelisted_os_users") + diff --git a/sdk/python/pulumiverse_aquasec/function_assurance_policy.py b/sdk/python/pulumiverse_aquasec/function_assurance_policy.py index d40bb627..77663c5c 100644 --- a/sdk/python/pulumiverse_aquasec/function_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/function_assurance_policy.py @@ -17,8 +17,11 @@ class FunctionAssurancePolicyArgs: def __init__(__self__, *, application_scopes: pulumi.Input[Sequence[pulumi.Input[str]]], + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyAutoScanTimeArgs']]]] = None, @@ -30,6 +33,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -39,6 +43,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -50,17 +55,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -68,56 +82,69 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['FunctionAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a FunctionAssurancePolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -130,10 +157,16 @@ def __init__(__self__, *, :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. """ pulumi.set(__self__, "application_scopes", application_scopes) + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) + if author is not None: + pulumi.set(__self__, "author", author) if auto_scan_configured is not None: pulumi.set(__self__, "auto_scan_configured", auto_scan_configured) if auto_scan_enabled is not None: @@ -156,6 +189,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -174,6 +209,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -196,6 +233,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) if fail_cicd is not None: pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: @@ -206,18 +245,34 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) + if ignore_recently_published_vln_period is not None: + pulumi.set(__self__, "ignore_recently_published_vln_period", ignore_recently_published_vln_period) if ignore_risk_resources_enabled is not None: pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -232,6 +287,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -242,6 +299,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -252,10 +313,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -266,6 +333,10 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: @@ -280,6 +351,18 @@ def application_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: def application_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -292,6 +375,18 @@ def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def allowed_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "allowed_images", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -304,6 +399,18 @@ def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: def audit_on_failure(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_on_failure", value) + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + @property @pulumi.getter(name="autoScanConfigured") def auto_scan_configured(self) -> Optional[pulumi.Input[bool]]: @@ -371,7 +478,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -424,6 +531,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -437,7 +553,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -449,7 +565,7 @@ def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -461,7 +577,7 @@ def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -526,6 +642,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -541,6 +666,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -631,6 +759,15 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> Optional[pulumi.Input[bool]]: @@ -679,6 +816,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -688,6 +834,15 @@ def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: def ignore_recently_published_vln(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "ignore_recently_published_vln", value) + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @ignore_recently_published_vln_period.setter + def ignore_recently_published_vln_period(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ignore_recently_published_vln_period", value) + @property @pulumi.getter(name="ignoreRiskResourcesEnabled") def ignore_risk_resources_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -712,6 +867,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -727,12 +891,45 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -745,6 +942,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -781,9 +996,6 @@ def maximum_score_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="maximumScoreExcludeNoFix") def maximum_score_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates that policy should ignore cases that do not have a known fix. - """ return pulumi.get(self, "maximum_score_exclude_no_fix") @maximum_score_exclude_no_fix.setter @@ -820,6 +1032,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -836,7 +1057,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -877,6 +1098,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['FunctionAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['FunctionAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -925,6 +1164,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -934,6 +1182,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -946,6 +1203,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1003,6 +1269,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1031,8 +1315,10 @@ def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.input_type class _FunctionAssurancePolicyState: def __init__(__self__, *, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -1046,6 +1332,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -1055,6 +1342,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -1066,18 +1354,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -1085,57 +1381,69 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['FunctionAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): """ Input properties used for looking up and filtering FunctionAssurancePolicy resources. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -1147,10 +1455,14 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. """ + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) if author is not None: @@ -1177,6 +1489,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -1195,6 +1509,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -1217,6 +1533,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) if fail_cicd is not None: pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: @@ -1227,6 +1545,8 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) if ignore_recently_published_vln_period is not None: @@ -1235,12 +1555,24 @@ def __init__(__self__, *, pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -1255,6 +1587,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -1265,6 +1599,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -1275,10 +1613,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -1289,11 +1633,27 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1315,6 +1675,18 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -1406,7 +1778,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -1459,6 +1831,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1472,7 +1853,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -1484,7 +1865,7 @@ def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -1496,7 +1877,7 @@ def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -1561,6 +1942,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -1576,6 +1966,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -1666,6 +2059,15 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> Optional[pulumi.Input[bool]]: @@ -1714,6 +2116,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -1756,6 +2167,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1771,12 +2191,45 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyKubernetesControlArgs']]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1789,6 +2242,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -1825,9 +2296,6 @@ def maximum_score_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="maximumScoreExcludeNoFix") def maximum_score_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates that policy should ignore cases that do not have a known fix. - """ return pulumi.get(self, "maximum_score_exclude_no_fix") @maximum_score_exclude_no_fix.setter @@ -1864,6 +2332,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1880,7 +2357,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -1921,6 +2398,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['FunctionAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['FunctionAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -1969,6 +2464,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -1978,6 +2482,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -1990,6 +2503,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -2047,6 +2569,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -2077,9 +2617,12 @@ class FunctionAssurancePolicy(pulumi.CustomResource): def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2091,6 +2634,7 @@ def __init__(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2100,6 +2644,7 @@ def __init__(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2111,17 +2656,26 @@ def __init__(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2129,59 +2683,78 @@ def __init__(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): """ - Create a FunctionAssurancePolicy resource with the given unique name, props, and options. + Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: + Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. + Evaluating function risks based on scan results, according to Function Assurance Policies. + Checking function compliance with these policies. + For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. + Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyKubernetesControlArgs']]]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2200,7 +2773,13 @@ def __init__(__self__, args: FunctionAssurancePolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Create a FunctionAssurancePolicy resource with the given unique name, props, and options. + Aqua ensures function security for AWS Lambda, Microsoft Azure, and Google Cloud. This includes: + Scanning functions for vulnerabilities and sensitive data. AWS and Azure functions are also checked for excessive permissions. + Evaluating function risks based on scan results, according to Function Assurance Policies. + Checking function compliance with these policies. + For AWS and Azure, implementing security actions, such as blocking execution of risky functions or failing the CI/CD pipeline. + Providing comprehensive audits of all security risks, viewable in Aqua Server or a SIEM system. + :param str resource_name: The name of the resource. :param FunctionAssurancePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -2216,9 +2795,12 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2230,6 +2812,7 @@ def _internal_init(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2239,6 +2822,7 @@ def _internal_init(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2250,17 +2834,26 @@ def _internal_init(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2268,23 +2861,31 @@ def _internal_init(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): @@ -2296,11 +2897,14 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = FunctionAssurancePolicyArgs.__new__(FunctionAssurancePolicyArgs) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images if application_scopes is None and not opts.urn: raise TypeError("Missing required property 'application_scopes'") __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure + __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured __props__.__dict__["auto_scan_enabled"] = auto_scan_enabled __props__.__dict__["auto_scan_times"] = auto_scan_times @@ -2312,6 +2916,7 @@ def _internal_init(__self__, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2321,6 +2926,7 @@ def _internal_init(__self__, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2332,17 +2938,26 @@ def _internal_init(__self__, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln + __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2350,27 +2965,33 @@ def _internal_init(__self__, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled - __props__.__dict__["author"] = None - __props__.__dict__["ignore_recently_published_vln_period"] = None super(FunctionAssurancePolicy, __self__).__init__( 'aquasec:index/functionAssurancePolicy:FunctionAssurancePolicy', resource_name, @@ -2381,8 +3002,10 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -2396,6 +3019,7 @@ def get(resource_name: str, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2405,6 +3029,7 @@ def get(resource_name: str, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2416,18 +3041,26 @@ def get(resource_name: str, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2435,23 +3068,31 @@ def get(resource_name: str, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None) -> 'FunctionAssurancePolicy': """ @@ -2461,36 +3102,40 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyKubernetesControlArgs']]]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2506,8 +3151,10 @@ def get(resource_name: str, __props__ = _FunctionAssurancePolicyState.__new__(_FunctionAssurancePolicyState) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured @@ -2521,6 +3168,7 @@ def get(resource_name: str, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2530,6 +3178,7 @@ def get(resource_name: str, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2541,18 +3190,26 @@ def get(resource_name: str, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2560,27 +3217,43 @@ def get(resource_name: str, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled return FunctionAssurancePolicy(resource_name, opts=opts, __props__=__props__) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2594,6 +3267,14 @@ def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: def application_scopes(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "application_scopes") + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> pulumi.Output[str]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> pulumi.Output[Optional[bool]]: @@ -2653,7 +3334,7 @@ def blacklisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -2686,6 +3367,11 @@ def custom_checks_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "custom_checks_enabled") + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> pulumi.Output[str]: + return pulumi.get(self, "custom_severity") + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2695,7 +3381,7 @@ def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -2703,7 +3389,7 @@ def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -2711,7 +3397,7 @@ def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -2752,6 +3438,11 @@ def cvss_severity_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: def description(self) -> pulumi.Output[Optional[str]]: return pulumi.get(self, "description") + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "disallow_exploit_types") + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @@ -2763,6 +3454,9 @@ def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -2813,6 +3507,11 @@ def enforce_excessive_permissions(self) -> pulumi.Output[Optional[bool]]: def exceptional_monitored_malware_paths(self) -> pulumi.Output[Optional[Sequence[str]]]: return pulumi.get(self, "exceptional_monitored_malware_paths") + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "exclude_application_scopes") + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> pulumi.Output[Optional[bool]]: @@ -2841,6 +3540,11 @@ def force_microenforcer(self) -> pulumi.Output[Optional[bool]]: def function_integrity_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "function_integrity_enabled") + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> pulumi.Output[Optional[bool]]: @@ -2867,6 +3571,11 @@ def ignored_risk_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "ignored_risk_resources") + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "ignored_sensitive_resources") + @property @pulumi.getter def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2878,8 +3587,29 @@ def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> pulumi.Output[Optional[Sequence['outputs.FunctionAssurancePolicyKubernetesControl']]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_names") + @property @pulumi.getter def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2888,6 +3618,16 @@ def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "labels") + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[str]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "linux_cis_enabled") + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> pulumi.Output[Optional[str]]: @@ -2912,9 +3652,6 @@ def maximum_score_enabled(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="maximumScoreExcludeNoFix") def maximum_score_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates that policy should ignore cases that do not have a known fix. - """ return pulumi.get(self, "maximum_score_exclude_no_fix") @property @@ -2935,6 +3672,11 @@ def only_none_root_users(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "only_none_root_users") + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2947,7 +3689,7 @@ def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> pulumi.Output[Optional[Sequence['outputs.FunctionAssurancePolicyPackagesBlackList']]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -2972,6 +3714,16 @@ def packages_white_lists(self) -> pulumi.Output[Optional[Sequence['outputs.Funct def partial_results_image_fail(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "partial_results_image_fail") + @property + @pulumi.getter + def permission(self) -> pulumi.Output[str]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> pulumi.Output['outputs.FunctionAssurancePolicyPolicySettings']: + return pulumi.get(self, "policy_settings") + @property @pulumi.getter(name="readOnly") def read_only(self) -> pulumi.Output[Optional[bool]]: @@ -3000,11 +3752,21 @@ def required_labels(self) -> pulumi.Output[Optional[Sequence['outputs.FunctionAs def required_labels_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "required_labels_enabled") + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "scan_nfs_mounts") + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_process_memory") + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: @@ -3013,6 +3775,11 @@ def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "scan_sensitive_data") + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_windows_registry") + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -3050,6 +3817,16 @@ def trusted_base_images_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "trusted_base_images_enabled") + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> pulumi.Output[Optional[Sequence[int]]]: + return pulumi.get(self, "vulnerability_score_ranges") + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: diff --git a/sdk/python/pulumiverse_aquasec/function_runtime_policy.py b/sdk/python/pulumiverse_aquasec/function_runtime_policy.py index 99e42752..8d6041ec 100644 --- a/sdk/python/pulumiverse_aquasec/function_runtime_policy.py +++ b/sdk/python/pulumiverse_aquasec/function_runtime_policy.py @@ -16,55 +16,175 @@ @pulumi.input_type class FunctionRuntimePolicyArgs: def __init__(__self__, *, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_malicious_executables: Optional[pulumi.Input[bool]] = None, - block_malicious_executables_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_running_executables_in_tmp_folder: Optional[pulumi.Input[bool]] = None, - blocked_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input['FunctionRuntimePolicyAuditingArgs']] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input['FunctionRuntimePolicyBlacklistedOsUsersArgs']] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]]] = None, + container_exec: Optional[pulumi.Input['FunctionRuntimePolicyContainerExecArgs']] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input['FunctionRuntimePolicyFailedKubernetesChecksArgs']] = None, + file_block: Optional[pulumi.Input['FunctionRuntimePolicyFileBlockArgs']] = None, + file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, honeypot_access_key: Optional[pulumi.Input[str]] = None, honeypot_apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, honeypot_secret_key: Optional[pulumi.Input[str]] = None, honeypot_serverless_app_name: Optional[pulumi.Input[str]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]] = None, + linux_capabilities: Optional[pulumi.Input['FunctionRuntimePolicyLinuxCapabilitiesArgs']] = None, + malware_scan_options: Optional[pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs']] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input['FunctionRuntimePolicyPackageBlockArgs']] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input['FunctionRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyFilesArgs']] = None, + readonly_registry: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyRegistryArgs']] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input['FunctionRuntimePolicyRegistryAccessMonitoringArgs']] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]]] = None, + reverse_shell: Optional[pulumi.Input['FunctionRuntimePolicyReverseShellArgs']] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, - scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]] = None): + scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]]] = None, + system_integrity_protection: Optional[pulumi.Input['FunctionRuntimePolicySystemIntegrityProtectionArgs']] = None, + tripwire: Optional[pulumi.Input['FunctionRuntimePolicyTripwireArgs']] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input['FunctionRuntimePolicyWhitelistedOsUsersArgs']] = None): """ The set of arguments for constructing a FunctionRuntimePolicy resource. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. - :param pulumi.Input[bool] block_malicious_executables: If true, prevent creation of malicious executables in functions during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] block_malicious_executables_allowed_processes: List of processes that will be allowed - :param pulumi.Input[bool] block_running_executables_in_tmp_folder: If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_executables: List of executables that are prevented from running in containers. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts + :param pulumi.Input[str] author: Username of the account that created the service. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the function runtime policy - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). + :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]] executable_blacklists: Executable blacklist configuration. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]] file_integrity_monitorings: Configuration for file integrity monitoring. :param pulumi.Input[str] honeypot_access_key: Honeypot User ID (Access Key) :param pulumi.Input[Sequence[pulumi.Input[str]]] honeypot_apply_ons: List of options to apply the honeypot on (Environment Vairable, Layer, File) :param pulumi.Input[str] honeypot_secret_key: Honeypot User Password (Secret Key) :param pulumi.Input[str] honeypot_serverless_app_name: Serverless application name - :param pulumi.Input[str] name: Name of the function runtime policy + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]] limit_container_privileges: Container privileges configuration. + :param pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs'] malware_scan_options: Configuration for Real-Time Malware Protection. + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]] scopes: Scope configuration. """ + if allowed_executables is not None: + pulumi.set(__self__, "allowed_executables", allowed_executables) + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) - if block_malicious_executables is not None: - pulumi.set(__self__, "block_malicious_executables", block_malicious_executables) - if block_malicious_executables_allowed_processes is not None: - pulumi.set(__self__, "block_malicious_executables_allowed_processes", block_malicious_executables_allowed_processes) - if block_running_executables_in_tmp_folder is not None: - pulumi.set(__self__, "block_running_executables_in_tmp_folder", block_running_executables_in_tmp_folder) - if blocked_executables is not None: - pulumi.set(__self__, "blocked_executables", blocked_executables) + if audit_brute_force_login is not None: + pulumi.set(__self__, "audit_brute_force_login", audit_brute_force_login) + if auditing is not None: + pulumi.set(__self__, "auditing", auditing) + if author is not None: + pulumi.set(__self__, "author", author) + if blacklisted_os_users is not None: + pulumi.set(__self__, "blacklisted_os_users", blacklisted_os_users) + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if block_disallowed_images is not None: + pulumi.set(__self__, "block_disallowed_images", block_disallowed_images) + if block_fileless_exec is not None: + pulumi.set(__self__, "block_fileless_exec", block_fileless_exec) + if block_non_compliant_workloads is not None: + pulumi.set(__self__, "block_non_compliant_workloads", block_non_compliant_workloads) + if block_non_k8s_containers is not None: + pulumi.set(__self__, "block_non_k8s_containers", block_non_k8s_containers) + if bypass_scopes is not None: + pulumi.set(__self__, "bypass_scopes", bypass_scopes) + if container_exec is not None: + pulumi.set(__self__, "container_exec", container_exec) + if created is not None: + pulumi.set(__self__, "created", created) + if cve is not None: + pulumi.set(__self__, "cve", cve) + if default_security_profile is not None: + pulumi.set(__self__, "default_security_profile", default_security_profile) if description is not None: pulumi.set(__self__, "description", description) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if drift_preventions is not None: + pulumi.set(__self__, "drift_preventions", drift_preventions) + if enable_crypto_mining_dns is not None: + pulumi.set(__self__, "enable_crypto_mining_dns", enable_crypto_mining_dns) + if enable_fork_guard is not None: + pulumi.set(__self__, "enable_fork_guard", enable_fork_guard) + if enable_ip_reputation is not None: + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) + if enable_port_scan_protection is not None: + pulumi.set(__self__, "enable_port_scan_protection", enable_port_scan_protection) if enabled is not None: pulumi.set(__self__, "enabled", enabled) if enforce is not None: pulumi.set(__self__, "enforce", enforce) + if enforce_after_days is not None: + pulumi.set(__self__, "enforce_after_days", enforce_after_days) + if enforce_scheduler_added_on is not None: + pulumi.set(__self__, "enforce_scheduler_added_on", enforce_scheduler_added_on) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if executable_blacklists is not None: + pulumi.set(__self__, "executable_blacklists", executable_blacklists) + if failed_kubernetes_checks is not None: + pulumi.set(__self__, "failed_kubernetes_checks", failed_kubernetes_checks) + if file_block is not None: + pulumi.set(__self__, "file_block", file_block) + if file_integrity_monitorings is not None: + pulumi.set(__self__, "file_integrity_monitorings", file_integrity_monitorings) + if fork_guard_process_limit is not None: + pulumi.set(__self__, "fork_guard_process_limit", fork_guard_process_limit) if honeypot_access_key is not None: pulumi.set(__self__, "honeypot_access_key", honeypot_access_key) if honeypot_apply_ons is not None: @@ -73,12 +193,100 @@ def __init__(__self__, *, pulumi.set(__self__, "honeypot_secret_key", honeypot_secret_key) if honeypot_serverless_app_name is not None: pulumi.set(__self__, "honeypot_serverless_app_name", honeypot_serverless_app_name) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if is_auto_generated is not None: + pulumi.set(__self__, "is_auto_generated", is_auto_generated) + if is_ootb_policy is not None: + pulumi.set(__self__, "is_ootb_policy", is_ootb_policy) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if limit_container_privileges is not None: + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) + if linux_capabilities is not None: + pulumi.set(__self__, "linux_capabilities", linux_capabilities) + if malware_scan_options is not None: + pulumi.set(__self__, "malware_scan_options", malware_scan_options) if name is not None: pulumi.set(__self__, "name", name) + if no_new_privileges is not None: + pulumi.set(__self__, "no_new_privileges", no_new_privileges) + if only_registered_images is not None: + pulumi.set(__self__, "only_registered_images", only_registered_images) + if package_block is not None: + pulumi.set(__self__, "package_block", package_block) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if port_block is not None: + pulumi.set(__self__, "port_block", port_block) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_registry is not None: + pulumi.set(__self__, "readonly_registry", readonly_registry) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if registry_access_monitoring is not None: + pulumi.set(__self__, "registry_access_monitoring", registry_access_monitoring) + if repo_name is not None: + pulumi.set(__self__, "repo_name", repo_name) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if restricted_volumes is not None: + pulumi.set(__self__, "restricted_volumes", restricted_volumes) + if reverse_shell is not None: + pulumi.set(__self__, "reverse_shell", reverse_shell) + if runtime_mode is not None: + pulumi.set(__self__, "runtime_mode", runtime_mode) + if runtime_type is not None: + pulumi.set(__self__, "runtime_type", runtime_type) if scope_expression is not None: pulumi.set(__self__, "scope_expression", scope_expression) if scope_variables is not None: pulumi.set(__self__, "scope_variables", scope_variables) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if system_integrity_protection is not None: + pulumi.set(__self__, "system_integrity_protection", system_integrity_protection) + if tripwire is not None: + pulumi.set(__self__, "tripwire", tripwire) + if type is not None: + pulumi.set(__self__, "type", type) + if updated is not None: + pulumi.set(__self__, "updated", updated) + if version is not None: + pulumi.set(__self__, "version", version) + if vpatch_version is not None: + pulumi.set(__self__, "vpatch_version", vpatch_version) + if whitelisted_os_users is not None: + pulumi.set(__self__, "whitelisted_os_users", whitelisted_os_users) + + @property + @pulumi.getter(name="allowedExecutables") + def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]]]: + """ + Allowed executables configuration. + """ + return pulumi.get(self, "allowed_executables") + + @allowed_executables.setter + def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]]]): + pulumi.set(self, "allowed_executables", value) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]]]): + pulumi.set(self, "allowed_registries", value) @property @pulumi.getter(name="applicationScopes") @@ -93,52 +301,139 @@ def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[ pulumi.set(self, "application_scopes", value) @property - @pulumi.getter(name="blockMaliciousExecutables") - def block_malicious_executables(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter(name="auditBruteForceLogin") + def audit_brute_force_login(self) -> Optional[pulumi.Input[bool]]: """ - If true, prevent creation of malicious executables in functions during their runtime post invocation. + Detects brute force login attempts """ - return pulumi.get(self, "block_malicious_executables") + return pulumi.get(self, "audit_brute_force_login") - @block_malicious_executables.setter - def block_malicious_executables(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_malicious_executables", value) + @audit_brute_force_login.setter + def audit_brute_force_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_brute_force_login", value) @property - @pulumi.getter(name="blockMaliciousExecutablesAllowedProcesses") - def block_malicious_executables_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of processes that will be allowed - """ - return pulumi.get(self, "block_malicious_executables_allowed_processes") + @pulumi.getter + def auditing(self) -> Optional[pulumi.Input['FunctionRuntimePolicyAuditingArgs']]: + return pulumi.get(self, "auditing") - @block_malicious_executables_allowed_processes.setter - def block_malicious_executables_allowed_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "block_malicious_executables_allowed_processes", value) + @auditing.setter + def auditing(self, value: Optional[pulumi.Input['FunctionRuntimePolicyAuditingArgs']]): + pulumi.set(self, "auditing", value) @property - @pulumi.getter(name="blockRunningExecutablesInTmpFolder") - def block_running_executables_in_tmp_folder(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: """ - If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. + Username of the account that created the service. """ - return pulumi.get(self, "block_running_executables_in_tmp_folder") + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) - @block_running_executables_in_tmp_folder.setter - def block_running_executables_in_tmp_folder(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_running_executables_in_tmp_folder", value) + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> Optional[pulumi.Input['FunctionRuntimePolicyBlacklistedOsUsersArgs']]: + return pulumi.get(self, "blacklisted_os_users") + + @blacklisted_os_users.setter + def blacklisted_os_users(self, value: Optional[pulumi.Input['FunctionRuntimePolicyBlacklistedOsUsersArgs']]): + pulumi.set(self, "blacklisted_os_users", value) @property - @pulumi.getter(name="blockedExecutables") - def blocked_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") + + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) + + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @block_disallowed_images.setter + def block_disallowed_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_disallowed_images", value) + + @property + @pulumi.getter(name="blockFilelessExec") + def block_fileless_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_fileless_exec") + + @block_fileless_exec.setter + def block_fileless_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_fileless_exec", value) + + @property + @pulumi.getter(name="blockNonCompliantWorkloads") + def block_non_compliant_workloads(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_compliant_workloads") + + @block_non_compliant_workloads.setter + def block_non_compliant_workloads(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_compliant_workloads", value) + + @property + @pulumi.getter(name="blockNonK8sContainers") + def block_non_k8s_containers(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_k8s_containers") + + @block_non_k8s_containers.setter + def block_non_k8s_containers(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_k8s_containers", value) + + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]]]: """ - List of executables that are prevented from running in containers. + Bypass scope configuration. """ - return pulumi.get(self, "blocked_executables") + return pulumi.get(self, "bypass_scopes") + + @bypass_scopes.setter + def bypass_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]]]): + pulumi.set(self, "bypass_scopes", value) - @blocked_executables.setter - def blocked_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "blocked_executables", value) + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional[pulumi.Input['FunctionRuntimePolicyContainerExecArgs']]: + return pulumi.get(self, "container_exec") + + @container_exec.setter + def container_exec(self, value: Optional[pulumi.Input['FunctionRuntimePolicyContainerExecArgs']]): + pulumi.set(self, "container_exec", value) + + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def cve(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "cve") + + @cve.setter + def cve(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cve", value) + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default_security_profile") + + @default_security_profile.setter + def default_security_profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default_security_profile", value) @property @pulumi.getter @@ -152,11 +447,68 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]]]: + """ + Drift prevention configuration. + """ + return pulumi.get(self, "drift_preventions") + + @drift_preventions.setter + def drift_preventions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]]]): + pulumi.set(self, "drift_preventions", value) + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @enable_crypto_mining_dns.setter + def enable_crypto_mining_dns(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_crypto_mining_dns", value) + + @property + @pulumi.getter(name="enableForkGuard") + def enable_fork_guard(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_fork_guard") + + @enable_fork_guard.setter + def enable_fork_guard(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_fork_guard", value) + + @property + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_ip_reputation") + + @enable_ip_reputation.setter + def enable_ip_reputation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_ip_reputation", value) + + @property + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_port_scan_protection") + + @enable_port_scan_protection.setter + def enable_port_scan_protection(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_port_scan_protection", value) + @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -176,6 +528,90 @@ def enforce(self) -> Optional[pulumi.Input[bool]]: def enforce(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enforce", value) + @property + @pulumi.getter(name="enforceAfterDays") + def enforce_after_days(self) -> Optional[pulumi.Input[int]]: + """ + Indicates the number of days after which the runtime policy will be changed to enforce mode. + """ + return pulumi.get(self, "enforce_after_days") + + @enforce_after_days.setter + def enforce_after_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_after_days", value) + + @property + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @enforce_scheduler_added_on.setter + def enforce_scheduler_added_on(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_scheduler_added_on", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of excluded application scopes. + """ + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]]]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + + @executable_blacklists.setter + def executable_blacklists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]]]): + pulumi.set(self, "executable_blacklists", value) + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> Optional[pulumi.Input['FunctionRuntimePolicyFailedKubernetesChecksArgs']]: + return pulumi.get(self, "failed_kubernetes_checks") + + @failed_kubernetes_checks.setter + def failed_kubernetes_checks(self, value: Optional[pulumi.Input['FunctionRuntimePolicyFailedKubernetesChecksArgs']]): + pulumi.set(self, "failed_kubernetes_checks", value) + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional[pulumi.Input['FunctionRuntimePolicyFileBlockArgs']]: + return pulumi.get(self, "file_block") + + @file_block.setter + def file_block(self, value: Optional[pulumi.Input['FunctionRuntimePolicyFileBlockArgs']]): + pulumi.set(self, "file_block", value) + + @property + @pulumi.getter(name="fileIntegrityMonitorings") + def file_integrity_monitorings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]: + """ + Configuration for file integrity monitoring. + """ + return pulumi.get(self, "file_integrity_monitorings") + + @file_integrity_monitorings.setter + def file_integrity_monitorings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]): + pulumi.set(self, "file_integrity_monitorings", value) + + @property + @pulumi.getter(name="forkGuardProcessLimit") + def fork_guard_process_limit(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "fork_guard_process_limit") + + @fork_guard_process_limit.setter + def fork_guard_process_limit(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "fork_guard_process_limit", value) + @property @pulumi.getter(name="honeypotAccessKey") def honeypot_access_key(self) -> Optional[pulumi.Input[str]]: @@ -224,11 +660,89 @@ def honeypot_serverless_app_name(self) -> Optional[pulumi.Input[str]]: def honeypot_serverless_app_name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "honeypot_serverless_app_name", value) + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_auto_generated") + + @is_auto_generated.setter + def is_auto_generated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_auto_generated", value) + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @is_ootb_policy.setter + def is_ootb_policy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ootb_policy", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @limit_container_privileges.setter + def limit_container_privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]): + pulumi.set(self, "limit_container_privileges", value) + + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> Optional[pulumi.Input['FunctionRuntimePolicyLinuxCapabilitiesArgs']]: + return pulumi.get(self, "linux_capabilities") + + @linux_capabilities.setter + def linux_capabilities(self, value: Optional[pulumi.Input['FunctionRuntimePolicyLinuxCapabilitiesArgs']]): + pulumi.set(self, "linux_capabilities", value) + + @property + @pulumi.getter(name="malwareScanOptions") + def malware_scan_options(self) -> Optional[pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs']]: + """ + Configuration for Real-Time Malware Protection. + """ + return pulumi.get(self, "malware_scan_options") + + @malware_scan_options.setter + def malware_scan_options(self, value: Optional[pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs']]): + pulumi.set(self, "malware_scan_options", value) + @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Name of the function runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -236,6 +750,153 @@ def name(self) -> Optional[pulumi.Input[str]]: def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) + @property + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "no_new_privileges") + + @no_new_privileges.setter + def no_new_privileges(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "no_new_privileges", value) + + @property + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "only_registered_images") + + @only_registered_images.setter + def only_registered_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_registered_images", value) + + @property + @pulumi.getter(name="packageBlock") + def package_block(self) -> Optional[pulumi.Input['FunctionRuntimePolicyPackageBlockArgs']]: + return pulumi.get(self, "package_block") + + @package_block.setter + def package_block(self, value: Optional[pulumi.Input['FunctionRuntimePolicyPackageBlockArgs']]): + pulumi.set(self, "package_block", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional[pulumi.Input['FunctionRuntimePolicyPortBlockArgs']]: + return pulumi.get(self, "port_block") + + @port_block.setter + def port_block(self, value: Optional[pulumi.Input['FunctionRuntimePolicyPortBlockArgs']]): + pulumi.set(self, "port_block", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input['FunctionRuntimePolicyReadonlyFilesArgs']]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyFilesArgs']]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> Optional[pulumi.Input['FunctionRuntimePolicyReadonlyRegistryArgs']]: + return pulumi.get(self, "readonly_registry") + + @readonly_registry.setter + def readonly_registry(self, value: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyRegistryArgs']]): + pulumi.set(self, "readonly_registry", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> Optional[pulumi.Input['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]: + return pulumi.get(self, "registry_access_monitoring") + + @registry_access_monitoring.setter + def registry_access_monitoring(self, value: Optional[pulumi.Input['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]): + pulumi.set(self, "registry_access_monitoring", value) + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repo_name") + + @repo_name.setter + def repo_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repo_name", value) + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") + + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") + + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]]]: + """ + Restricted volumes configuration. + """ + return pulumi.get(self, "restricted_volumes") + + @restricted_volumes.setter + def restricted_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]]]): + pulumi.set(self, "restricted_volumes", value) + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> Optional[pulumi.Input['FunctionRuntimePolicyReverseShellArgs']]: + return pulumi.get(self, "reverse_shell") + + @reverse_shell.setter + def reverse_shell(self, value: Optional[pulumi.Input['FunctionRuntimePolicyReverseShellArgs']]): + pulumi.set(self, "reverse_shell", value) + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "runtime_mode") + + @runtime_mode.setter + def runtime_mode(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "runtime_mode", value) + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "runtime_type") + + @runtime_type.setter + def runtime_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "runtime_type", value) + @property @pulumi.getter(name="scopeExpression") def scope_expression(self) -> Optional[pulumi.Input[str]]: @@ -260,63 +921,254 @@ def scope_variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['Functi def scope_variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]]): pulumi.set(self, "scope_variables", value) + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + @property + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> Optional[pulumi.Input['FunctionRuntimePolicySystemIntegrityProtectionArgs']]: + return pulumi.get(self, "system_integrity_protection") + + @system_integrity_protection.setter + def system_integrity_protection(self, value: Optional[pulumi.Input['FunctionRuntimePolicySystemIntegrityProtectionArgs']]): + pulumi.set(self, "system_integrity_protection", value) + + @property + @pulumi.getter + def tripwire(self) -> Optional[pulumi.Input['FunctionRuntimePolicyTripwireArgs']]: + return pulumi.get(self, "tripwire") + + @tripwire.setter + def tripwire(self, value: Optional[pulumi.Input['FunctionRuntimePolicyTripwireArgs']]): + pulumi.set(self, "tripwire", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def updated(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "updated") + + @updated.setter + def updated(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vpatch_version") + + @vpatch_version.setter + def vpatch_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vpatch_version", value) + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> Optional[pulumi.Input['FunctionRuntimePolicyWhitelistedOsUsersArgs']]: + return pulumi.get(self, "whitelisted_os_users") + + @whitelisted_os_users.setter + def whitelisted_os_users(self, value: Optional[pulumi.Input['FunctionRuntimePolicyWhitelistedOsUsersArgs']]): + pulumi.set(self, "whitelisted_os_users", value) + @pulumi.input_type class _FunctionRuntimePolicyState: def __init__(__self__, *, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input['FunctionRuntimePolicyAuditingArgs']] = None, author: Optional[pulumi.Input[str]] = None, - block_malicious_executables: Optional[pulumi.Input[bool]] = None, - block_malicious_executables_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_running_executables_in_tmp_folder: Optional[pulumi.Input[bool]] = None, - blocked_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_os_users: Optional[pulumi.Input['FunctionRuntimePolicyBlacklistedOsUsersArgs']] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]]] = None, + container_exec: Optional[pulumi.Input['FunctionRuntimePolicyContainerExecArgs']] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input['FunctionRuntimePolicyFailedKubernetesChecksArgs']] = None, + file_block: Optional[pulumi.Input['FunctionRuntimePolicyFileBlockArgs']] = None, + file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, honeypot_access_key: Optional[pulumi.Input[str]] = None, honeypot_apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, honeypot_secret_key: Optional[pulumi.Input[str]] = None, honeypot_serverless_app_name: Optional[pulumi.Input[str]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]] = None, + linux_capabilities: Optional[pulumi.Input['FunctionRuntimePolicyLinuxCapabilitiesArgs']] = None, + malware_scan_options: Optional[pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs']] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input['FunctionRuntimePolicyPackageBlockArgs']] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input['FunctionRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyFilesArgs']] = None, + readonly_registry: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyRegistryArgs']] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input['FunctionRuntimePolicyRegistryAccessMonitoringArgs']] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]]] = None, + reverse_shell: Optional[pulumi.Input['FunctionRuntimePolicyReverseShellArgs']] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, - scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]] = None): + scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]]] = None, + system_integrity_protection: Optional[pulumi.Input['FunctionRuntimePolicySystemIntegrityProtectionArgs']] = None, + tripwire: Optional[pulumi.Input['FunctionRuntimePolicyTripwireArgs']] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input['FunctionRuntimePolicyWhitelistedOsUsersArgs']] = None): """ Input properties used for looking up and filtering FunctionRuntimePolicy resources. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[str] author: Username of the account that created the service. - :param pulumi.Input[bool] block_malicious_executables: If true, prevent creation of malicious executables in functions during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] block_malicious_executables_allowed_processes: List of processes that will be allowed - :param pulumi.Input[bool] block_running_executables_in_tmp_folder: If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_executables: List of executables that are prevented from running in containers. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the function runtime policy - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). + :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]] executable_blacklists: Executable blacklist configuration. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]] file_integrity_monitorings: Configuration for file integrity monitoring. :param pulumi.Input[str] honeypot_access_key: Honeypot User ID (Access Key) :param pulumi.Input[Sequence[pulumi.Input[str]]] honeypot_apply_ons: List of options to apply the honeypot on (Environment Vairable, Layer, File) :param pulumi.Input[str] honeypot_secret_key: Honeypot User Password (Secret Key) :param pulumi.Input[str] honeypot_serverless_app_name: Serverless application name - :param pulumi.Input[str] name: Name of the function runtime policy + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]] limit_container_privileges: Container privileges configuration. + :param pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs'] malware_scan_options: Configuration for Real-Time Malware Protection. + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]] scopes: Scope configuration. """ + if allowed_executables is not None: + pulumi.set(__self__, "allowed_executables", allowed_executables) + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) + if audit_brute_force_login is not None: + pulumi.set(__self__, "audit_brute_force_login", audit_brute_force_login) + if auditing is not None: + pulumi.set(__self__, "auditing", auditing) if author is not None: pulumi.set(__self__, "author", author) - if block_malicious_executables is not None: - pulumi.set(__self__, "block_malicious_executables", block_malicious_executables) - if block_malicious_executables_allowed_processes is not None: - pulumi.set(__self__, "block_malicious_executables_allowed_processes", block_malicious_executables_allowed_processes) - if block_running_executables_in_tmp_folder is not None: - pulumi.set(__self__, "block_running_executables_in_tmp_folder", block_running_executables_in_tmp_folder) - if blocked_executables is not None: - pulumi.set(__self__, "blocked_executables", blocked_executables) + if blacklisted_os_users is not None: + pulumi.set(__self__, "blacklisted_os_users", blacklisted_os_users) + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if block_disallowed_images is not None: + pulumi.set(__self__, "block_disallowed_images", block_disallowed_images) + if block_fileless_exec is not None: + pulumi.set(__self__, "block_fileless_exec", block_fileless_exec) + if block_non_compliant_workloads is not None: + pulumi.set(__self__, "block_non_compliant_workloads", block_non_compliant_workloads) + if block_non_k8s_containers is not None: + pulumi.set(__self__, "block_non_k8s_containers", block_non_k8s_containers) + if bypass_scopes is not None: + pulumi.set(__self__, "bypass_scopes", bypass_scopes) + if container_exec is not None: + pulumi.set(__self__, "container_exec", container_exec) + if created is not None: + pulumi.set(__self__, "created", created) + if cve is not None: + pulumi.set(__self__, "cve", cve) + if default_security_profile is not None: + pulumi.set(__self__, "default_security_profile", default_security_profile) if description is not None: pulumi.set(__self__, "description", description) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if drift_preventions is not None: + pulumi.set(__self__, "drift_preventions", drift_preventions) + if enable_crypto_mining_dns is not None: + pulumi.set(__self__, "enable_crypto_mining_dns", enable_crypto_mining_dns) + if enable_fork_guard is not None: + pulumi.set(__self__, "enable_fork_guard", enable_fork_guard) + if enable_ip_reputation is not None: + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) + if enable_port_scan_protection is not None: + pulumi.set(__self__, "enable_port_scan_protection", enable_port_scan_protection) if enabled is not None: pulumi.set(__self__, "enabled", enabled) if enforce is not None: pulumi.set(__self__, "enforce", enforce) + if enforce_after_days is not None: + pulumi.set(__self__, "enforce_after_days", enforce_after_days) + if enforce_scheduler_added_on is not None: + pulumi.set(__self__, "enforce_scheduler_added_on", enforce_scheduler_added_on) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if executable_blacklists is not None: + pulumi.set(__self__, "executable_blacklists", executable_blacklists) + if failed_kubernetes_checks is not None: + pulumi.set(__self__, "failed_kubernetes_checks", failed_kubernetes_checks) + if file_block is not None: + pulumi.set(__self__, "file_block", file_block) + if file_integrity_monitorings is not None: + pulumi.set(__self__, "file_integrity_monitorings", file_integrity_monitorings) + if fork_guard_process_limit is not None: + pulumi.set(__self__, "fork_guard_process_limit", fork_guard_process_limit) if honeypot_access_key is not None: pulumi.set(__self__, "honeypot_access_key", honeypot_access_key) if honeypot_apply_ons is not None: @@ -325,12 +1177,100 @@ def __init__(__self__, *, pulumi.set(__self__, "honeypot_secret_key", honeypot_secret_key) if honeypot_serverless_app_name is not None: pulumi.set(__self__, "honeypot_serverless_app_name", honeypot_serverless_app_name) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if is_auto_generated is not None: + pulumi.set(__self__, "is_auto_generated", is_auto_generated) + if is_ootb_policy is not None: + pulumi.set(__self__, "is_ootb_policy", is_ootb_policy) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if limit_container_privileges is not None: + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) + if linux_capabilities is not None: + pulumi.set(__self__, "linux_capabilities", linux_capabilities) + if malware_scan_options is not None: + pulumi.set(__self__, "malware_scan_options", malware_scan_options) if name is not None: pulumi.set(__self__, "name", name) + if no_new_privileges is not None: + pulumi.set(__self__, "no_new_privileges", no_new_privileges) + if only_registered_images is not None: + pulumi.set(__self__, "only_registered_images", only_registered_images) + if package_block is not None: + pulumi.set(__self__, "package_block", package_block) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if port_block is not None: + pulumi.set(__self__, "port_block", port_block) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_registry is not None: + pulumi.set(__self__, "readonly_registry", readonly_registry) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if registry_access_monitoring is not None: + pulumi.set(__self__, "registry_access_monitoring", registry_access_monitoring) + if repo_name is not None: + pulumi.set(__self__, "repo_name", repo_name) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if restricted_volumes is not None: + pulumi.set(__self__, "restricted_volumes", restricted_volumes) + if reverse_shell is not None: + pulumi.set(__self__, "reverse_shell", reverse_shell) + if runtime_mode is not None: + pulumi.set(__self__, "runtime_mode", runtime_mode) + if runtime_type is not None: + pulumi.set(__self__, "runtime_type", runtime_type) if scope_expression is not None: pulumi.set(__self__, "scope_expression", scope_expression) if scope_variables is not None: pulumi.set(__self__, "scope_variables", scope_variables) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if system_integrity_protection is not None: + pulumi.set(__self__, "system_integrity_protection", system_integrity_protection) + if tripwire is not None: + pulumi.set(__self__, "tripwire", tripwire) + if type is not None: + pulumi.set(__self__, "type", type) + if updated is not None: + pulumi.set(__self__, "updated", updated) + if version is not None: + pulumi.set(__self__, "version", version) + if vpatch_version is not None: + pulumi.set(__self__, "vpatch_version", vpatch_version) + if whitelisted_os_users is not None: + pulumi.set(__self__, "whitelisted_os_users", whitelisted_os_users) + + @property + @pulumi.getter(name="allowedExecutables") + def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]]]: + """ + Allowed executables configuration. + """ + return pulumi.get(self, "allowed_executables") + + @allowed_executables.setter + def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedExecutableArgs']]]]): + pulumi.set(self, "allowed_executables", value) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyAllowedRegistryArgs']]]]): + pulumi.set(self, "allowed_registries", value) @property @pulumi.getter(name="applicationScopes") @@ -344,6 +1284,27 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="auditBruteForceLogin") + def audit_brute_force_login(self) -> Optional[pulumi.Input[bool]]: + """ + Detects brute force login attempts + """ + return pulumi.get(self, "audit_brute_force_login") + + @audit_brute_force_login.setter + def audit_brute_force_login(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_brute_force_login", value) + + @property + @pulumi.getter + def auditing(self) -> Optional[pulumi.Input['FunctionRuntimePolicyAuditingArgs']]: + return pulumi.get(self, "auditing") + + @auditing.setter + def auditing(self, value: Optional[pulumi.Input['FunctionRuntimePolicyAuditingArgs']]): + pulumi.set(self, "auditing", value) + @property @pulumi.getter def author(self) -> Optional[pulumi.Input[str]]: @@ -357,52 +1318,106 @@ def author(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "author", value) @property - @pulumi.getter(name="blockMaliciousExecutables") - def block_malicious_executables(self) -> Optional[pulumi.Input[bool]]: - """ - If true, prevent creation of malicious executables in functions during their runtime post invocation. - """ - return pulumi.get(self, "block_malicious_executables") + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> Optional[pulumi.Input['FunctionRuntimePolicyBlacklistedOsUsersArgs']]: + return pulumi.get(self, "blacklisted_os_users") - @block_malicious_executables.setter - def block_malicious_executables(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_malicious_executables", value) + @blacklisted_os_users.setter + def blacklisted_os_users(self, value: Optional[pulumi.Input['FunctionRuntimePolicyBlacklistedOsUsersArgs']]): + pulumi.set(self, "blacklisted_os_users", value) @property - @pulumi.getter(name="blockMaliciousExecutablesAllowedProcesses") - def block_malicious_executables_allowed_processes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of processes that will be allowed - """ - return pulumi.get(self, "block_malicious_executables_allowed_processes") + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") - @block_malicious_executables_allowed_processes.setter - def block_malicious_executables_allowed_processes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "block_malicious_executables_allowed_processes", value) + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) @property - @pulumi.getter(name="blockRunningExecutablesInTmpFolder") - def block_running_executables_in_tmp_folder(self) -> Optional[pulumi.Input[bool]]: - """ - If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - """ - return pulumi.get(self, "block_running_executables_in_tmp_folder") + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @block_disallowed_images.setter + def block_disallowed_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_disallowed_images", value) + + @property + @pulumi.getter(name="blockFilelessExec") + def block_fileless_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_fileless_exec") + + @block_fileless_exec.setter + def block_fileless_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_fileless_exec", value) - @block_running_executables_in_tmp_folder.setter - def block_running_executables_in_tmp_folder(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "block_running_executables_in_tmp_folder", value) + @property + @pulumi.getter(name="blockNonCompliantWorkloads") + def block_non_compliant_workloads(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_compliant_workloads") + + @block_non_compliant_workloads.setter + def block_non_compliant_workloads(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_compliant_workloads", value) @property - @pulumi.getter(name="blockedExecutables") - def blocked_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter(name="blockNonK8sContainers") + def block_non_k8s_containers(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_k8s_containers") + + @block_non_k8s_containers.setter + def block_non_k8s_containers(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_k8s_containers", value) + + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]]]: """ - List of executables that are prevented from running in containers. + Bypass scope configuration. """ - return pulumi.get(self, "blocked_executables") + return pulumi.get(self, "bypass_scopes") - @blocked_executables.setter - def blocked_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "blocked_executables", value) + @bypass_scopes.setter + def bypass_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyBypassScopeArgs']]]]): + pulumi.set(self, "bypass_scopes", value) + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional[pulumi.Input['FunctionRuntimePolicyContainerExecArgs']]: + return pulumi.get(self, "container_exec") + + @container_exec.setter + def container_exec(self, value: Optional[pulumi.Input['FunctionRuntimePolicyContainerExecArgs']]): + pulumi.set(self, "container_exec", value) + + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def cve(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "cve") + + @cve.setter + def cve(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cve", value) + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default_security_profile") + + @default_security_profile.setter + def default_security_profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default_security_profile", value) @property @pulumi.getter @@ -418,87 +1433,453 @@ def description(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter - def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the runtime policy is enabled or not. - """ - return pulumi.get(self, "enabled") + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]]]: + """ + Drift prevention configuration. + """ + return pulumi.get(self, "drift_preventions") + + @drift_preventions.setter + def drift_preventions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyDriftPreventionArgs']]]]): + pulumi.set(self, "drift_preventions", value) + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @enable_crypto_mining_dns.setter + def enable_crypto_mining_dns(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_crypto_mining_dns", value) + + @property + @pulumi.getter(name="enableForkGuard") + def enable_fork_guard(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_fork_guard") + + @enable_fork_guard.setter + def enable_fork_guard(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_fork_guard", value) + + @property + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_ip_reputation") + + @enable_ip_reputation.setter + def enable_ip_reputation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_ip_reputation", value) + + @property + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_port_scan_protection") + + @enable_port_scan_protection.setter + def enable_port_scan_protection(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_port_scan_protection", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates that policy should effect container execution (not just for audit). + """ + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="enforceAfterDays") + def enforce_after_days(self) -> Optional[pulumi.Input[int]]: + """ + Indicates the number of days after which the runtime policy will be changed to enforce mode. + """ + return pulumi.get(self, "enforce_after_days") + + @enforce_after_days.setter + def enforce_after_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_after_days", value) + + @property + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @enforce_scheduler_added_on.setter + def enforce_scheduler_added_on(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_scheduler_added_on", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of excluded application scopes. + """ + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]]]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + + @executable_blacklists.setter + def executable_blacklists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyExecutableBlacklistArgs']]]]): + pulumi.set(self, "executable_blacklists", value) + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> Optional[pulumi.Input['FunctionRuntimePolicyFailedKubernetesChecksArgs']]: + return pulumi.get(self, "failed_kubernetes_checks") + + @failed_kubernetes_checks.setter + def failed_kubernetes_checks(self, value: Optional[pulumi.Input['FunctionRuntimePolicyFailedKubernetesChecksArgs']]): + pulumi.set(self, "failed_kubernetes_checks", value) + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional[pulumi.Input['FunctionRuntimePolicyFileBlockArgs']]: + return pulumi.get(self, "file_block") + + @file_block.setter + def file_block(self, value: Optional[pulumi.Input['FunctionRuntimePolicyFileBlockArgs']]): + pulumi.set(self, "file_block", value) + + @property + @pulumi.getter(name="fileIntegrityMonitorings") + def file_integrity_monitorings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]: + """ + Configuration for file integrity monitoring. + """ + return pulumi.get(self, "file_integrity_monitorings") + + @file_integrity_monitorings.setter + def file_integrity_monitorings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]): + pulumi.set(self, "file_integrity_monitorings", value) + + @property + @pulumi.getter(name="forkGuardProcessLimit") + def fork_guard_process_limit(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "fork_guard_process_limit") + + @fork_guard_process_limit.setter + def fork_guard_process_limit(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "fork_guard_process_limit", value) + + @property + @pulumi.getter(name="honeypotAccessKey") + def honeypot_access_key(self) -> Optional[pulumi.Input[str]]: + """ + Honeypot User ID (Access Key) + """ + return pulumi.get(self, "honeypot_access_key") + + @honeypot_access_key.setter + def honeypot_access_key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "honeypot_access_key", value) + + @property + @pulumi.getter(name="honeypotApplyOns") + def honeypot_apply_ons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of options to apply the honeypot on (Environment Vairable, Layer, File) + """ + return pulumi.get(self, "honeypot_apply_ons") + + @honeypot_apply_ons.setter + def honeypot_apply_ons(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "honeypot_apply_ons", value) + + @property + @pulumi.getter(name="honeypotSecretKey") + def honeypot_secret_key(self) -> Optional[pulumi.Input[str]]: + """ + Honeypot User Password (Secret Key) + """ + return pulumi.get(self, "honeypot_secret_key") + + @honeypot_secret_key.setter + def honeypot_secret_key(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "honeypot_secret_key", value) + + @property + @pulumi.getter(name="honeypotServerlessAppName") + def honeypot_serverless_app_name(self) -> Optional[pulumi.Input[str]]: + """ + Serverless application name + """ + return pulumi.get(self, "honeypot_serverless_app_name") + + @honeypot_serverless_app_name.setter + def honeypot_serverless_app_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "honeypot_serverless_app_name", value) + + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_auto_generated") + + @is_auto_generated.setter + def is_auto_generated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_auto_generated", value) + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @is_ootb_policy.setter + def is_ootb_policy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ootb_policy", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @limit_container_privileges.setter + def limit_container_privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]): + pulumi.set(self, "limit_container_privileges", value) + + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> Optional[pulumi.Input['FunctionRuntimePolicyLinuxCapabilitiesArgs']]: + return pulumi.get(self, "linux_capabilities") + + @linux_capabilities.setter + def linux_capabilities(self, value: Optional[pulumi.Input['FunctionRuntimePolicyLinuxCapabilitiesArgs']]): + pulumi.set(self, "linux_capabilities", value) + + @property + @pulumi.getter(name="malwareScanOptions") + def malware_scan_options(self) -> Optional[pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs']]: + """ + Configuration for Real-Time Malware Protection. + """ + return pulumi.get(self, "malware_scan_options") + + @malware_scan_options.setter + def malware_scan_options(self, value: Optional[pulumi.Input['FunctionRuntimePolicyMalwareScanOptionsArgs']]): + pulumi.set(self, "malware_scan_options", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "no_new_privileges") + + @no_new_privileges.setter + def no_new_privileges(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "no_new_privileges", value) + + @property + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "only_registered_images") + + @only_registered_images.setter + def only_registered_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_registered_images", value) + + @property + @pulumi.getter(name="packageBlock") + def package_block(self) -> Optional[pulumi.Input['FunctionRuntimePolicyPackageBlockArgs']]: + return pulumi.get(self, "package_block") + + @package_block.setter + def package_block(self, value: Optional[pulumi.Input['FunctionRuntimePolicyPackageBlockArgs']]): + pulumi.set(self, "package_block", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional[pulumi.Input['FunctionRuntimePolicyPortBlockArgs']]: + return pulumi.get(self, "port_block") + + @port_block.setter + def port_block(self, value: Optional[pulumi.Input['FunctionRuntimePolicyPortBlockArgs']]): + pulumi.set(self, "port_block", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input['FunctionRuntimePolicyReadonlyFilesArgs']]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyFilesArgs']]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> Optional[pulumi.Input['FunctionRuntimePolicyReadonlyRegistryArgs']]: + return pulumi.get(self, "readonly_registry") + + @readonly_registry.setter + def readonly_registry(self, value: Optional[pulumi.Input['FunctionRuntimePolicyReadonlyRegistryArgs']]): + pulumi.set(self, "readonly_registry", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") - @enabled.setter - def enabled(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enabled", value) + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) @property - @pulumi.getter - def enforce(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates that policy should effect container execution (not just for audit). - """ - return pulumi.get(self, "enforce") + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> Optional[pulumi.Input['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]: + return pulumi.get(self, "registry_access_monitoring") - @enforce.setter - def enforce(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enforce", value) + @registry_access_monitoring.setter + def registry_access_monitoring(self, value: Optional[pulumi.Input['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]): + pulumi.set(self, "registry_access_monitoring", value) @property - @pulumi.getter(name="honeypotAccessKey") - def honeypot_access_key(self) -> Optional[pulumi.Input[str]]: - """ - Honeypot User ID (Access Key) - """ - return pulumi.get(self, "honeypot_access_key") + @pulumi.getter(name="repoName") + def repo_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repo_name") - @honeypot_access_key.setter - def honeypot_access_key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "honeypot_access_key", value) + @repo_name.setter + def repo_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repo_name", value) @property - @pulumi.getter(name="honeypotApplyOns") - def honeypot_apply_ons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of options to apply the honeypot on (Environment Vairable, Layer, File) - """ - return pulumi.get(self, "honeypot_apply_ons") + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") - @honeypot_apply_ons.setter - def honeypot_apply_ons(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "honeypot_apply_ons", value) + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) @property - @pulumi.getter(name="honeypotSecretKey") - def honeypot_secret_key(self) -> Optional[pulumi.Input[str]]: - """ - Honeypot User Password (Secret Key) - """ - return pulumi.get(self, "honeypot_secret_key") + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") - @honeypot_secret_key.setter - def honeypot_secret_key(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "honeypot_secret_key", value) + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) @property - @pulumi.getter(name="honeypotServerlessAppName") - def honeypot_serverless_app_name(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]]]: """ - Serverless application name + Restricted volumes configuration. """ - return pulumi.get(self, "honeypot_serverless_app_name") + return pulumi.get(self, "restricted_volumes") - @honeypot_serverless_app_name.setter - def honeypot_serverless_app_name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "honeypot_serverless_app_name", value) + @restricted_volumes.setter + def restricted_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyRestrictedVolumeArgs']]]]): + pulumi.set(self, "restricted_volumes", value) @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: - """ - Name of the function runtime policy - """ - return pulumi.get(self, "name") + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> Optional[pulumi.Input['FunctionRuntimePolicyReverseShellArgs']]: + return pulumi.get(self, "reverse_shell") - @name.setter - def name(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "name", value) + @reverse_shell.setter + def reverse_shell(self, value: Optional[pulumi.Input['FunctionRuntimePolicyReverseShellArgs']]): + pulumi.set(self, "reverse_shell", value) + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "runtime_mode") + + @runtime_mode.setter + def runtime_mode(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "runtime_mode", value) + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "runtime_type") + + @runtime_type.setter + def runtime_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "runtime_type", value) @property @pulumi.getter(name="scopeExpression") @@ -524,80 +1905,190 @@ def scope_variables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['Functi def scope_variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeVariableArgs']]]]): pulumi.set(self, "scope_variables", value) + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FunctionRuntimePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + @property + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> Optional[pulumi.Input['FunctionRuntimePolicySystemIntegrityProtectionArgs']]: + return pulumi.get(self, "system_integrity_protection") + + @system_integrity_protection.setter + def system_integrity_protection(self, value: Optional[pulumi.Input['FunctionRuntimePolicySystemIntegrityProtectionArgs']]): + pulumi.set(self, "system_integrity_protection", value) + + @property + @pulumi.getter + def tripwire(self) -> Optional[pulumi.Input['FunctionRuntimePolicyTripwireArgs']]: + return pulumi.get(self, "tripwire") + + @tripwire.setter + def tripwire(self, value: Optional[pulumi.Input['FunctionRuntimePolicyTripwireArgs']]): + pulumi.set(self, "tripwire", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def updated(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "updated") + + @updated.setter + def updated(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vpatch_version") + + @vpatch_version.setter + def vpatch_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vpatch_version", value) + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> Optional[pulumi.Input['FunctionRuntimePolicyWhitelistedOsUsersArgs']]: + return pulumi.get(self, "whitelisted_os_users") + + @whitelisted_os_users.setter + def whitelisted_os_users(self, value: Optional[pulumi.Input['FunctionRuntimePolicyWhitelistedOsUsersArgs']]): + pulumi.set(self, "whitelisted_os_users", value) + class FunctionRuntimePolicy(pulumi.CustomResource): @overload def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_malicious_executables: Optional[pulumi.Input[bool]] = None, - block_malicious_executables_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_running_executables_in_tmp_folder: Optional[pulumi.Input[bool]] = None, - blocked_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAuditingArgs']]] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBlacklistedOsUsersArgs']]] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyContainerExecArgs']]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileBlockArgs']]] = None, + file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, honeypot_access_key: Optional[pulumi.Input[str]] = None, honeypot_apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, honeypot_secret_key: Optional[pulumi.Input[str]] = None, honeypot_serverless_app_name: Optional[pulumi.Input[str]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLinuxCapabilitiesArgs']]] = None, + malware_scan_options: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyMalwareScanOptionsArgs']]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyPackageBlockArgs']]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeVariableArgs']]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyWhitelistedOsUsersArgs']]] = None, __props__=None): """ - ## Example Usage - - ```python - import pulumi - import pulumiverse_aquasec as aquasec - - function_runtime_policy = aquasec.FunctionRuntimePolicy("functionRuntimePolicy", - application_scopes=["Global"], - block_malicious_executables=True, - block_malicious_executables_allowed_processes=[ - "proc1", - "proc2", - ], - block_running_executables_in_tmp_folder=True, - blocked_executables=[ - "exe1", - "exe2", - ], - description="function_runtime_policy", - enabled=True, - enforce=False, - scope_variables=[ - aquasec.FunctionRuntimePolicyScopeVariableArgs( - attribute="kubernetes.cluster", - value="default", - ), - aquasec.FunctionRuntimePolicyScopeVariableArgs( - attribute="kubernetes.label", - name="app", - value="aqua", - ), - ]) - ``` - + Create a FunctionRuntimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedExecutableArgs']]]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedRegistryArgs']]]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. - :param pulumi.Input[bool] block_malicious_executables: If true, prevent creation of malicious executables in functions during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] block_malicious_executables_allowed_processes: List of processes that will be allowed - :param pulumi.Input[bool] block_running_executables_in_tmp_folder: If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_executables: List of executables that are prevented from running in containers. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts + :param pulumi.Input[str] author: Username of the account that created the service. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBypassScopeArgs']]]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the function runtime policy - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyDriftPreventionArgs']]]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). + :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyExecutableBlacklistArgs']]]] executable_blacklists: Executable blacklist configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]] file_integrity_monitorings: Configuration for file integrity monitoring. :param pulumi.Input[str] honeypot_access_key: Honeypot User ID (Access Key) :param pulumi.Input[Sequence[pulumi.Input[str]]] honeypot_apply_ons: List of options to apply the honeypot on (Environment Vairable, Layer, File) :param pulumi.Input[str] honeypot_secret_key: Honeypot User Password (Secret Key) :param pulumi.Input[str] honeypot_serverless_app_name: Serverless application name - :param pulumi.Input[str] name: Name of the function runtime policy + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]] limit_container_privileges: Container privileges configuration. + :param pulumi.Input[pulumi.InputType['FunctionRuntimePolicyMalwareScanOptionsArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRestrictedVolumeArgs']]]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeVariableArgs']]]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeArgs']]]] scopes: Scope configuration. """ ... @overload @@ -606,40 +2097,7 @@ def __init__(__self__, args: Optional[FunctionRuntimePolicyArgs] = None, opts: Optional[pulumi.ResourceOptions] = None): """ - ## Example Usage - - ```python - import pulumi - import pulumiverse_aquasec as aquasec - - function_runtime_policy = aquasec.FunctionRuntimePolicy("functionRuntimePolicy", - application_scopes=["Global"], - block_malicious_executables=True, - block_malicious_executables_allowed_processes=[ - "proc1", - "proc2", - ], - block_running_executables_in_tmp_folder=True, - blocked_executables=[ - "exe1", - "exe2", - ], - description="function_runtime_policy", - enabled=True, - enforce=False, - scope_variables=[ - aquasec.FunctionRuntimePolicyScopeVariableArgs( - attribute="kubernetes.cluster", - value="default", - ), - aquasec.FunctionRuntimePolicyScopeVariableArgs( - attribute="kubernetes.label", - name="app", - value="aqua", - ), - ]) - ``` - + Create a FunctionRuntimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param FunctionRuntimePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -655,21 +2113,79 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_malicious_executables: Optional[pulumi.Input[bool]] = None, - block_malicious_executables_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_running_executables_in_tmp_folder: Optional[pulumi.Input[bool]] = None, - blocked_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAuditingArgs']]] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBlacklistedOsUsersArgs']]] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyContainerExecArgs']]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileBlockArgs']]] = None, + file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, honeypot_access_key: Optional[pulumi.Input[str]] = None, honeypot_apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, honeypot_secret_key: Optional[pulumi.Input[str]] = None, honeypot_serverless_app_name: Optional[pulumi.Input[str]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLinuxCapabilitiesArgs']]] = None, + malware_scan_options: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyMalwareScanOptionsArgs']]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyPackageBlockArgs']]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeVariableArgs']]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyWhitelistedOsUsersArgs']]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -679,22 +2195,79 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = FunctionRuntimePolicyArgs.__new__(FunctionRuntimePolicyArgs) + __props__.__dict__["allowed_executables"] = allowed_executables + __props__.__dict__["allowed_registries"] = allowed_registries __props__.__dict__["application_scopes"] = application_scopes - __props__.__dict__["block_malicious_executables"] = block_malicious_executables - __props__.__dict__["block_malicious_executables_allowed_processes"] = block_malicious_executables_allowed_processes - __props__.__dict__["block_running_executables_in_tmp_folder"] = block_running_executables_in_tmp_folder - __props__.__dict__["blocked_executables"] = blocked_executables + __props__.__dict__["audit_brute_force_login"] = audit_brute_force_login + __props__.__dict__["auditing"] = auditing + __props__.__dict__["author"] = author + __props__.__dict__["blacklisted_os_users"] = blacklisted_os_users + __props__.__dict__["block_container_exec"] = block_container_exec + __props__.__dict__["block_disallowed_images"] = block_disallowed_images + __props__.__dict__["block_fileless_exec"] = block_fileless_exec + __props__.__dict__["block_non_compliant_workloads"] = block_non_compliant_workloads + __props__.__dict__["block_non_k8s_containers"] = block_non_k8s_containers + __props__.__dict__["bypass_scopes"] = bypass_scopes + __props__.__dict__["container_exec"] = container_exec + __props__.__dict__["created"] = created + __props__.__dict__["cve"] = cve + __props__.__dict__["default_security_profile"] = default_security_profile __props__.__dict__["description"] = description + __props__.__dict__["digest"] = digest + __props__.__dict__["drift_preventions"] = drift_preventions + __props__.__dict__["enable_crypto_mining_dns"] = enable_crypto_mining_dns + __props__.__dict__["enable_fork_guard"] = enable_fork_guard + __props__.__dict__["enable_ip_reputation"] = enable_ip_reputation + __props__.__dict__["enable_port_scan_protection"] = enable_port_scan_protection __props__.__dict__["enabled"] = enabled __props__.__dict__["enforce"] = enforce + __props__.__dict__["enforce_after_days"] = enforce_after_days + __props__.__dict__["enforce_scheduler_added_on"] = enforce_scheduler_added_on + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["executable_blacklists"] = executable_blacklists + __props__.__dict__["failed_kubernetes_checks"] = failed_kubernetes_checks + __props__.__dict__["file_block"] = file_block + __props__.__dict__["file_integrity_monitorings"] = file_integrity_monitorings + __props__.__dict__["fork_guard_process_limit"] = fork_guard_process_limit __props__.__dict__["honeypot_access_key"] = honeypot_access_key __props__.__dict__["honeypot_apply_ons"] = honeypot_apply_ons __props__.__dict__["honeypot_secret_key"] = None if honeypot_secret_key is None else pulumi.Output.secret(honeypot_secret_key) __props__.__dict__["honeypot_serverless_app_name"] = honeypot_serverless_app_name + __props__.__dict__["image_name"] = image_name + __props__.__dict__["is_audit_checked"] = is_audit_checked + __props__.__dict__["is_auto_generated"] = is_auto_generated + __props__.__dict__["is_ootb_policy"] = is_ootb_policy + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["limit_container_privileges"] = limit_container_privileges + __props__.__dict__["linux_capabilities"] = linux_capabilities + __props__.__dict__["malware_scan_options"] = malware_scan_options __props__.__dict__["name"] = name + __props__.__dict__["no_new_privileges"] = no_new_privileges + __props__.__dict__["only_registered_images"] = only_registered_images + __props__.__dict__["package_block"] = package_block + __props__.__dict__["permission"] = permission + __props__.__dict__["port_block"] = port_block + __props__.__dict__["readonly_files"] = readonly_files + __props__.__dict__["readonly_registry"] = readonly_registry + __props__.__dict__["registry"] = registry + __props__.__dict__["registry_access_monitoring"] = registry_access_monitoring + __props__.__dict__["repo_name"] = repo_name + __props__.__dict__["resource_name"] = resource_name_ + __props__.__dict__["resource_type"] = resource_type + __props__.__dict__["restricted_volumes"] = restricted_volumes + __props__.__dict__["reverse_shell"] = reverse_shell + __props__.__dict__["runtime_mode"] = runtime_mode + __props__.__dict__["runtime_type"] = runtime_type __props__.__dict__["scope_expression"] = scope_expression __props__.__dict__["scope_variables"] = scope_variables - __props__.__dict__["author"] = None + __props__.__dict__["scopes"] = scopes + __props__.__dict__["system_integrity_protection"] = system_integrity_protection + __props__.__dict__["tripwire"] = tripwire + __props__.__dict__["type"] = type + __props__.__dict__["updated"] = updated + __props__.__dict__["version"] = version + __props__.__dict__["vpatch_version"] = vpatch_version + __props__.__dict__["whitelisted_os_users"] = whitelisted_os_users secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["honeypotSecretKey"]) opts = pulumi.ResourceOptions.merge(opts, secret_opts) super(FunctionRuntimePolicy, __self__).__init__( @@ -707,22 +2280,79 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + audit_brute_force_login: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAuditingArgs']]] = None, author: Optional[pulumi.Input[str]] = None, - block_malicious_executables: Optional[pulumi.Input[bool]] = None, - block_malicious_executables_allowed_processes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - block_running_executables_in_tmp_folder: Optional[pulumi.Input[bool]] = None, - blocked_executables: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBlacklistedOsUsersArgs']]] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyContainerExecArgs']]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileBlockArgs']]] = None, + file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, honeypot_access_key: Optional[pulumi.Input[str]] = None, honeypot_apply_ons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, honeypot_secret_key: Optional[pulumi.Input[str]] = None, honeypot_serverless_app_name: Optional[pulumi.Input[str]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLinuxCapabilitiesArgs']]] = None, + malware_scan_options: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyMalwareScanOptionsArgs']]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, + package_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyPackageBlockArgs']]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, - scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeVariableArgs']]]]] = None) -> 'FunctionRuntimePolicy': + scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeVariableArgs']]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyWhitelistedOsUsersArgs']]] = None) -> 'FunctionRuntimePolicy': """ Get an existing FunctionRuntimePolicy resource's state with the given name, id, and optional extra properties used to qualify the lookup. @@ -730,45 +2360,127 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedExecutableArgs']]]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyAllowedRegistryArgs']]]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. + :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[str] author: Username of the account that created the service. - :param pulumi.Input[bool] block_malicious_executables: If true, prevent creation of malicious executables in functions during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] block_malicious_executables_allowed_processes: List of processes that will be allowed - :param pulumi.Input[bool] block_running_executables_in_tmp_folder: If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_executables: List of executables that are prevented from running in containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyBypassScopeArgs']]]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the function runtime policy - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyDriftPreventionArgs']]]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). + :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyExecutableBlacklistArgs']]]] executable_blacklists: Executable blacklist configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyFileIntegrityMonitoringArgs']]]] file_integrity_monitorings: Configuration for file integrity monitoring. :param pulumi.Input[str] honeypot_access_key: Honeypot User ID (Access Key) :param pulumi.Input[Sequence[pulumi.Input[str]]] honeypot_apply_ons: List of options to apply the honeypot on (Environment Vairable, Layer, File) :param pulumi.Input[str] honeypot_secret_key: Honeypot User Password (Secret Key) :param pulumi.Input[str] honeypot_serverless_app_name: Serverless application name - :param pulumi.Input[str] name: Name of the function runtime policy + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyLimitContainerPrivilegeArgs']]]] limit_container_privileges: Container privileges configuration. + :param pulumi.Input[pulumi.InputType['FunctionRuntimePolicyMalwareScanOptionsArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. + :param pulumi.Input[str] name: Name assigned to the attribute. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyRestrictedVolumeArgs']]]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeVariableArgs']]]] scope_variables: List of scope attributes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['FunctionRuntimePolicyScopeArgs']]]] scopes: Scope configuration. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) __props__ = _FunctionRuntimePolicyState.__new__(_FunctionRuntimePolicyState) + __props__.__dict__["allowed_executables"] = allowed_executables + __props__.__dict__["allowed_registries"] = allowed_registries __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["audit_brute_force_login"] = audit_brute_force_login + __props__.__dict__["auditing"] = auditing __props__.__dict__["author"] = author - __props__.__dict__["block_malicious_executables"] = block_malicious_executables - __props__.__dict__["block_malicious_executables_allowed_processes"] = block_malicious_executables_allowed_processes - __props__.__dict__["block_running_executables_in_tmp_folder"] = block_running_executables_in_tmp_folder - __props__.__dict__["blocked_executables"] = blocked_executables + __props__.__dict__["blacklisted_os_users"] = blacklisted_os_users + __props__.__dict__["block_container_exec"] = block_container_exec + __props__.__dict__["block_disallowed_images"] = block_disallowed_images + __props__.__dict__["block_fileless_exec"] = block_fileless_exec + __props__.__dict__["block_non_compliant_workloads"] = block_non_compliant_workloads + __props__.__dict__["block_non_k8s_containers"] = block_non_k8s_containers + __props__.__dict__["bypass_scopes"] = bypass_scopes + __props__.__dict__["container_exec"] = container_exec + __props__.__dict__["created"] = created + __props__.__dict__["cve"] = cve + __props__.__dict__["default_security_profile"] = default_security_profile __props__.__dict__["description"] = description + __props__.__dict__["digest"] = digest + __props__.__dict__["drift_preventions"] = drift_preventions + __props__.__dict__["enable_crypto_mining_dns"] = enable_crypto_mining_dns + __props__.__dict__["enable_fork_guard"] = enable_fork_guard + __props__.__dict__["enable_ip_reputation"] = enable_ip_reputation + __props__.__dict__["enable_port_scan_protection"] = enable_port_scan_protection __props__.__dict__["enabled"] = enabled __props__.__dict__["enforce"] = enforce + __props__.__dict__["enforce_after_days"] = enforce_after_days + __props__.__dict__["enforce_scheduler_added_on"] = enforce_scheduler_added_on + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["executable_blacklists"] = executable_blacklists + __props__.__dict__["failed_kubernetes_checks"] = failed_kubernetes_checks + __props__.__dict__["file_block"] = file_block + __props__.__dict__["file_integrity_monitorings"] = file_integrity_monitorings + __props__.__dict__["fork_guard_process_limit"] = fork_guard_process_limit __props__.__dict__["honeypot_access_key"] = honeypot_access_key __props__.__dict__["honeypot_apply_ons"] = honeypot_apply_ons __props__.__dict__["honeypot_secret_key"] = honeypot_secret_key __props__.__dict__["honeypot_serverless_app_name"] = honeypot_serverless_app_name + __props__.__dict__["image_name"] = image_name + __props__.__dict__["is_audit_checked"] = is_audit_checked + __props__.__dict__["is_auto_generated"] = is_auto_generated + __props__.__dict__["is_ootb_policy"] = is_ootb_policy + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["limit_container_privileges"] = limit_container_privileges + __props__.__dict__["linux_capabilities"] = linux_capabilities + __props__.__dict__["malware_scan_options"] = malware_scan_options __props__.__dict__["name"] = name + __props__.__dict__["no_new_privileges"] = no_new_privileges + __props__.__dict__["only_registered_images"] = only_registered_images + __props__.__dict__["package_block"] = package_block + __props__.__dict__["permission"] = permission + __props__.__dict__["port_block"] = port_block + __props__.__dict__["readonly_files"] = readonly_files + __props__.__dict__["readonly_registry"] = readonly_registry + __props__.__dict__["registry"] = registry + __props__.__dict__["registry_access_monitoring"] = registry_access_monitoring + __props__.__dict__["repo_name"] = repo_name + __props__.__dict__["resource_name"] = resource_name_ + __props__.__dict__["resource_type"] = resource_type + __props__.__dict__["restricted_volumes"] = restricted_volumes + __props__.__dict__["reverse_shell"] = reverse_shell + __props__.__dict__["runtime_mode"] = runtime_mode + __props__.__dict__["runtime_type"] = runtime_type __props__.__dict__["scope_expression"] = scope_expression __props__.__dict__["scope_variables"] = scope_variables + __props__.__dict__["scopes"] = scopes + __props__.__dict__["system_integrity_protection"] = system_integrity_protection + __props__.__dict__["tripwire"] = tripwire + __props__.__dict__["type"] = type + __props__.__dict__["updated"] = updated + __props__.__dict__["version"] = version + __props__.__dict__["vpatch_version"] = vpatch_version + __props__.__dict__["whitelisted_os_users"] = whitelisted_os_users return FunctionRuntimePolicy(resource_name, opts=opts, __props__=__props__) + @property + @pulumi.getter(name="allowedExecutables") + def allowed_executables(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePolicyAllowedExecutable']]: + """ + Allowed executables configuration. + """ + return pulumi.get(self, "allowed_executables") + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePolicyAllowedRegistry']]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + @property @pulumi.getter(name="applicationScopes") def application_scopes(self) -> pulumi.Output[Sequence[str]]: @@ -777,6 +2489,19 @@ def application_scopes(self) -> pulumi.Output[Sequence[str]]: """ return pulumi.get(self, "application_scopes") + @property + @pulumi.getter(name="auditBruteForceLogin") + def audit_brute_force_login(self) -> pulumi.Output[Optional[bool]]: + """ + Detects brute force login attempts + """ + return pulumi.get(self, "audit_brute_force_login") + + @property + @pulumi.getter + def auditing(self) -> pulumi.Output['outputs.FunctionRuntimePolicyAuditing']: + return pulumi.get(self, "auditing") + @property @pulumi.getter def author(self) -> pulumi.Output[str]: @@ -786,36 +2511,62 @@ def author(self) -> pulumi.Output[str]: return pulumi.get(self, "author") @property - @pulumi.getter(name="blockMaliciousExecutables") - def block_malicious_executables(self) -> pulumi.Output[Optional[bool]]: - """ - If true, prevent creation of malicious executables in functions during their runtime post invocation. - """ - return pulumi.get(self, "block_malicious_executables") + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> pulumi.Output['outputs.FunctionRuntimePolicyBlacklistedOsUsers']: + return pulumi.get(self, "blacklisted_os_users") @property - @pulumi.getter(name="blockMaliciousExecutablesAllowedProcesses") - def block_malicious_executables_allowed_processes(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - List of processes that will be allowed - """ - return pulumi.get(self, "block_malicious_executables_allowed_processes") + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_container_exec") @property - @pulumi.getter(name="blockRunningExecutablesInTmpFolder") - def block_running_executables_in_tmp_folder(self) -> pulumi.Output[Optional[bool]]: - """ - If true, prevent running of executables in functions locate in /tmp folder during their runtime post invocation. - """ - return pulumi.get(self, "block_running_executables_in_tmp_folder") + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @property + @pulumi.getter(name="blockFilelessExec") + def block_fileless_exec(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_fileless_exec") + + @property + @pulumi.getter(name="blockNonCompliantWorkloads") + def block_non_compliant_workloads(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_non_compliant_workloads") + + @property + @pulumi.getter(name="blockNonK8sContainers") + def block_non_k8s_containers(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_non_k8s_containers") @property - @pulumi.getter(name="blockedExecutables") - def blocked_executables(self) -> pulumi.Output[Optional[Sequence[str]]]: + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> pulumi.Output[Optional[Sequence['outputs.FunctionRuntimePolicyBypassScope']]]: """ - List of executables that are prevented from running in containers. + Bypass scope configuration. """ - return pulumi.get(self, "blocked_executables") + return pulumi.get(self, "bypass_scopes") + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> pulumi.Output['outputs.FunctionRuntimePolicyContainerExec']: + return pulumi.get(self, "container_exec") + + @property + @pulumi.getter + def created(self) -> pulumi.Output[str]: + return pulumi.get(self, "created") + + @property + @pulumi.getter + def cve(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "cve") + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "default_security_profile") @property @pulumi.getter @@ -825,11 +2576,44 @@ def description(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "description") + @property + @pulumi.getter + def digest(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "digest") + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePolicyDriftPrevention']]: + """ + Drift prevention configuration. + """ + return pulumi.get(self, "drift_preventions") + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @property + @pulumi.getter(name="enableForkGuard") + def enable_fork_guard(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_fork_guard") + + @property + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_ip_reputation") + + @property + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_port_scan_protection") + @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -841,6 +2625,58 @@ def enforce(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "enforce") + @property + @pulumi.getter(name="enforceAfterDays") + def enforce_after_days(self) -> pulumi.Output[Optional[int]]: + """ + Indicates the number of days after which the runtime policy will be changed to enforce mode. + """ + return pulumi.get(self, "enforce_after_days") + + @property + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of excluded application scopes. + """ + return pulumi.get(self, "exclude_application_scopes") + + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePolicyExecutableBlacklist']]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> pulumi.Output['outputs.FunctionRuntimePolicyFailedKubernetesChecks']: + return pulumi.get(self, "failed_kubernetes_checks") + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> pulumi.Output['outputs.FunctionRuntimePolicyFileBlock']: + return pulumi.get(self, "file_block") + + @property + @pulumi.getter(name="fileIntegrityMonitorings") + def file_integrity_monitorings(self) -> pulumi.Output[Optional[Sequence['outputs.FunctionRuntimePolicyFileIntegrityMonitoring']]]: + """ + Configuration for file integrity monitoring. + """ + return pulumi.get(self, "file_integrity_monitorings") + + @property + @pulumi.getter(name="forkGuardProcessLimit") + def fork_guard_process_limit(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "fork_guard_process_limit") + @property @pulumi.getter(name="honeypotAccessKey") def honeypot_access_key(self) -> pulumi.Output[Optional[str]]: @@ -873,14 +2709,143 @@ def honeypot_serverless_app_name(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "honeypot_serverless_app_name") + @property + @pulumi.getter(name="imageName") + def image_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "image_name") + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_audit_checked") + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_auto_generated") + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[int]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePolicyLimitContainerPrivilege']]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> pulumi.Output['outputs.FunctionRuntimePolicyLinuxCapabilities']: + return pulumi.get(self, "linux_capabilities") + + @property + @pulumi.getter(name="malwareScanOptions") + def malware_scan_options(self) -> pulumi.Output[Optional['outputs.FunctionRuntimePolicyMalwareScanOptions']]: + """ + Configuration for Real-Time Malware Protection. + """ + return pulumi.get(self, "malware_scan_options") + @property @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Name of the function runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") + @property + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "no_new_privileges") + + @property + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "only_registered_images") + + @property + @pulumi.getter(name="packageBlock") + def package_block(self) -> pulumi.Output['outputs.FunctionRuntimePolicyPackageBlock']: + return pulumi.get(self, "package_block") + + @property + @pulumi.getter + def permission(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> pulumi.Output['outputs.FunctionRuntimePolicyPortBlock']: + return pulumi.get(self, "port_block") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> pulumi.Output['outputs.FunctionRuntimePolicyReadonlyFiles']: + return pulumi.get(self, "readonly_files") + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> pulumi.Output['outputs.FunctionRuntimePolicyReadonlyRegistry']: + return pulumi.get(self, "readonly_registry") + + @property + @pulumi.getter + def registry(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "registry") + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> pulumi.Output['outputs.FunctionRuntimePolicyRegistryAccessMonitoring']: + return pulumi.get(self, "registry_access_monitoring") + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "repo_name") + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "resource_name") + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "resource_type") + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePolicyRestrictedVolume']]: + """ + Restricted volumes configuration. + """ + return pulumi.get(self, "restricted_volumes") + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> pulumi.Output['outputs.FunctionRuntimePolicyReverseShell']: + return pulumi.get(self, "reverse_shell") + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "runtime_mode") + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "runtime_type") + @property @pulumi.getter(name="scopeExpression") def scope_expression(self) -> pulumi.Output[str]: @@ -897,3 +2862,46 @@ def scope_variables(self) -> pulumi.Output[Sequence['outputs.FunctionRuntimePoli """ return pulumi.get(self, "scope_variables") + @property + @pulumi.getter + def scopes(self) -> pulumi.Output[Optional[Sequence['outputs.FunctionRuntimePolicyScope']]]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + @property + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> pulumi.Output['outputs.FunctionRuntimePolicySystemIntegrityProtection']: + return pulumi.get(self, "system_integrity_protection") + + @property + @pulumi.getter + def tripwire(self) -> pulumi.Output['outputs.FunctionRuntimePolicyTripwire']: + return pulumi.get(self, "tripwire") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "type") + + @property + @pulumi.getter + def updated(self) -> pulumi.Output[str]: + return pulumi.get(self, "updated") + + @property + @pulumi.getter + def version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "vpatch_version") + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> pulumi.Output['outputs.FunctionRuntimePolicyWhitelistedOsUsers']: + return pulumi.get(self, "whitelisted_os_users") + diff --git a/sdk/python/pulumiverse_aquasec/get_acknowledges.py b/sdk/python/pulumiverse_aquasec/get_acknowledges.py index 933fdf02..7379d24b 100644 --- a/sdk/python/pulumiverse_aquasec/get_acknowledges.py +++ b/sdk/python/pulumiverse_aquasec/get_acknowledges.py @@ -14,6 +14,7 @@ 'GetAcknowledgesResult', 'AwaitableGetAcknowledgesResult', 'get_acknowledges', + 'get_acknowledges_output', ] @pulumi.output_type @@ -77,3 +78,21 @@ def get_acknowledges(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGe return AwaitableGetAcknowledgesResult( acknowledges=pulumi.get(__ret__, 'acknowledges'), id=pulumi.get(__ret__, 'id')) + + +@_utilities.lift_output_func(get_acknowledges) +def get_acknowledges_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAcknowledgesResult]: + """ + The data source `get_acknowledges` provides a method to query all acknowledges within the Aqua + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + acknowledges_acknowledges = aquasec.get_acknowledges() + pulumi.export("acknowledges", acknowledges_acknowledges) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_aqua_labels.py b/sdk/python/pulumiverse_aquasec/get_aqua_labels.py index d3a853d4..01752dca 100644 --- a/sdk/python/pulumiverse_aquasec/get_aqua_labels.py +++ b/sdk/python/pulumiverse_aquasec/get_aqua_labels.py @@ -14,6 +14,7 @@ 'GetAquaLabelsResult', 'AwaitableGetAquaLabelsResult', 'get_aqua_labels', + 'get_aqua_labels_output', ] @pulumi.output_type @@ -74,3 +75,21 @@ def get_aqua_labels(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGet return AwaitableGetAquaLabelsResult( aqua_labels=pulumi.get(__ret__, 'aqua_labels'), id=pulumi.get(__ret__, 'id')) + + +@_utilities.lift_output_func(get_aqua_labels) +def get_aqua_labels_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAquaLabelsResult]: + """ + The data source `get_aqua_labels` provides a method to query all aqua labels within the Aqua account management.The fields returned from this query are detailed in the Schema section below. + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + aqua_labels = aquasec.get_aqua_labels() + pulumi.export("scopes", aqua_labels) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_container_runtime_policy.py b/sdk/python/pulumiverse_aquasec/get_container_runtime_policy.py index f04109b0..95d408c6 100644 --- a/sdk/python/pulumiverse_aquasec/get_container_runtime_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_container_runtime_policy.py @@ -23,7 +23,7 @@ class GetContainerRuntimePolicyResult: """ A collection of values returned by getContainerRuntimePolicy. """ - def __init__(__self__, allowed_executables=None, allowed_registries=None, application_scopes=None, audit_all_network_activity=None, audit_all_processes_activity=None, audit_full_command_arguments=None, author=None, block_access_host_network=None, block_adding_capabilities=None, block_container_exec=None, block_cryptocurrency_mining=None, block_fileless_exec=None, block_low_port_binding=None, block_non_compliant_images=None, block_non_compliant_workloads=None, block_non_k8s_containers=None, block_privileged_containers=None, block_reverse_shell=None, block_root_user=None, block_unregistered_images=None, block_use_ipc_namespace=None, block_use_pid_namespace=None, block_use_user_namespace=None, block_use_uts_namespace=None, blocked_capabilities=None, blocked_executables=None, blocked_files=None, blocked_inbound_ports=None, blocked_outbound_ports=None, blocked_packages=None, blocked_volumes=None, container_exec_allowed_processes=None, description=None, enable_drift_prevention=None, enable_fork_guard=None, enable_ip_reputation_security=None, enable_port_scan_detection=None, enabled=None, enforce=None, enforce_after_days=None, exceptional_readonly_files_and_directories=None, exec_lockdown_white_lists=None, file_integrity_monitorings=None, fork_guard_process_limit=None, id=None, limit_new_privileges=None, malware_scan_options=None, monitor_system_time_changes=None, name=None, readonly_files_and_directories=None, reverse_shell_allowed_ips=None, reverse_shell_allowed_processes=None, scope_expression=None, scope_variables=None): + def __init__(__self__, allowed_executables=None, allowed_registries=None, application_scopes=None, audit_all_network_activity=None, audit_all_processes_activity=None, audit_full_command_arguments=None, auditing=None, author=None, block_access_host_network=None, block_adding_capabilities=None, block_container_exec=None, block_cryptocurrency_mining=None, block_fileless_exec=None, block_low_port_binding=None, block_non_compliant_images=None, block_non_compliant_workloads=None, block_non_k8s_containers=None, block_privileged_containers=None, block_reverse_shell=None, block_root_user=None, block_unregistered_images=None, block_use_ipc_namespace=None, block_use_pid_namespace=None, block_use_user_namespace=None, block_use_uts_namespace=None, blocked_capabilities=None, blocked_executables=None, blocked_files=None, blocked_inbound_ports=None, blocked_outbound_ports=None, blocked_packages=None, blocked_volumes=None, container_exec=None, container_exec_allowed_processes=None, description=None, enable_drift_prevention=None, enable_fork_guard=None, enable_ip_reputation_security=None, enable_port_scan_detection=None, enabled=None, enforce=None, enforce_after_days=None, exceptional_readonly_files_and_directories=None, exec_lockdown_white_lists=None, file_block=None, file_integrity_monitorings=None, fork_guard_process_limit=None, id=None, limit_container_privileges=None, limit_new_privileges=None, malware_scan_options=None, monitor_system_time_changes=None, name=None, port_block=None, readonly_files=None, readonly_files_and_directories=None, restricted_volumes=None, reverse_shell_allowed_ips=None, reverse_shell_allowed_processes=None, scope_expression=None, scope_variables=None): if allowed_executables and not isinstance(allowed_executables, list): raise TypeError("Expected argument 'allowed_executables' to be a list") pulumi.set(__self__, "allowed_executables", allowed_executables) @@ -42,6 +42,9 @@ def __init__(__self__, allowed_executables=None, allowed_registries=None, applic if audit_full_command_arguments and not isinstance(audit_full_command_arguments, bool): raise TypeError("Expected argument 'audit_full_command_arguments' to be a bool") pulumi.set(__self__, "audit_full_command_arguments", audit_full_command_arguments) + if auditing and not isinstance(auditing, dict): + raise TypeError("Expected argument 'auditing' to be a dict") + pulumi.set(__self__, "auditing", auditing) if author and not isinstance(author, str): raise TypeError("Expected argument 'author' to be a str") pulumi.set(__self__, "author", author) @@ -117,6 +120,9 @@ def __init__(__self__, allowed_executables=None, allowed_registries=None, applic if blocked_volumes and not isinstance(blocked_volumes, list): raise TypeError("Expected argument 'blocked_volumes' to be a list") pulumi.set(__self__, "blocked_volumes", blocked_volumes) + if container_exec and not isinstance(container_exec, dict): + raise TypeError("Expected argument 'container_exec' to be a dict") + pulumi.set(__self__, "container_exec", container_exec) if container_exec_allowed_processes and not isinstance(container_exec_allowed_processes, list): raise TypeError("Expected argument 'container_exec_allowed_processes' to be a list") pulumi.set(__self__, "container_exec_allowed_processes", container_exec_allowed_processes) @@ -150,6 +156,9 @@ def __init__(__self__, allowed_executables=None, allowed_registries=None, applic if exec_lockdown_white_lists and not isinstance(exec_lockdown_white_lists, list): raise TypeError("Expected argument 'exec_lockdown_white_lists' to be a list") pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if file_block and not isinstance(file_block, dict): + raise TypeError("Expected argument 'file_block' to be a dict") + pulumi.set(__self__, "file_block", file_block) if file_integrity_monitorings and not isinstance(file_integrity_monitorings, list): raise TypeError("Expected argument 'file_integrity_monitorings' to be a list") pulumi.set(__self__, "file_integrity_monitorings", file_integrity_monitorings) @@ -159,6 +168,9 @@ def __init__(__self__, allowed_executables=None, allowed_registries=None, applic if id and not isinstance(id, str): raise TypeError("Expected argument 'id' to be a str") pulumi.set(__self__, "id", id) + if limit_container_privileges and not isinstance(limit_container_privileges, list): + raise TypeError("Expected argument 'limit_container_privileges' to be a list") + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) if limit_new_privileges and not isinstance(limit_new_privileges, bool): raise TypeError("Expected argument 'limit_new_privileges' to be a bool") pulumi.set(__self__, "limit_new_privileges", limit_new_privileges) @@ -171,9 +183,18 @@ def __init__(__self__, allowed_executables=None, allowed_registries=None, applic if name and not isinstance(name, str): raise TypeError("Expected argument 'name' to be a str") pulumi.set(__self__, "name", name) + if port_block and not isinstance(port_block, dict): + raise TypeError("Expected argument 'port_block' to be a dict") + pulumi.set(__self__, "port_block", port_block) + if readonly_files and not isinstance(readonly_files, dict): + raise TypeError("Expected argument 'readonly_files' to be a dict") + pulumi.set(__self__, "readonly_files", readonly_files) if readonly_files_and_directories and not isinstance(readonly_files_and_directories, list): raise TypeError("Expected argument 'readonly_files_and_directories' to be a list") pulumi.set(__self__, "readonly_files_and_directories", readonly_files_and_directories) + if restricted_volumes and not isinstance(restricted_volumes, list): + raise TypeError("Expected argument 'restricted_volumes' to be a list") + pulumi.set(__self__, "restricted_volumes", restricted_volumes) if reverse_shell_allowed_ips and not isinstance(reverse_shell_allowed_ips, list): raise TypeError("Expected argument 'reverse_shell_allowed_ips' to be a list") pulumi.set(__self__, "reverse_shell_allowed_ips", reverse_shell_allowed_ips) @@ -189,17 +210,17 @@ def __init__(__self__, allowed_executables=None, allowed_registries=None, applic @property @pulumi.getter(name="allowedExecutables") - def allowed_executables(self) -> Sequence[str]: + def allowed_executables(self) -> Optional[Sequence['outputs.GetContainerRuntimePolicyAllowedExecutableResult']]: """ - List of executables that are allowed for the user. + Allowed executables configuration. """ return pulumi.get(self, "allowed_executables") @property @pulumi.getter(name="allowedRegistries") - def allowed_registries(self) -> Sequence[str]: + def allowed_registries(self) -> Optional[Sequence['outputs.GetContainerRuntimePolicyAllowedRegistryResult']]: """ - List of registries that allowed for running containers. + Allowed registries configuration. """ return pulumi.get(self, "allowed_registries") @@ -235,6 +256,11 @@ def audit_full_command_arguments(self) -> bool: """ return pulumi.get(self, "audit_full_command_arguments") + @property + @pulumi.getter + def auditing(self) -> Optional['outputs.GetContainerRuntimePolicyAuditingResult']: + return pulumi.get(self, "auditing") + @property @pulumi.getter def author(self) -> str: @@ -435,6 +461,11 @@ def blocked_volumes(self) -> Sequence[str]: """ return pulumi.get(self, "blocked_volumes") + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional['outputs.GetContainerRuntimePolicyContainerExecResult']: + return pulumi.get(self, "container_exec") + @property @pulumi.getter(name="containerExecAllowedProcesses") def container_exec_allowed_processes(self) -> Sequence[str]: @@ -523,9 +554,14 @@ def exec_lockdown_white_lists(self) -> Sequence[str]: """ return pulumi.get(self, "exec_lockdown_white_lists") + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional['outputs.GetContainerRuntimePolicyFileBlockResult']: + return pulumi.get(self, "file_block") + @property @pulumi.getter(name="fileIntegrityMonitorings") - def file_integrity_monitorings(self) -> Sequence['outputs.GetContainerRuntimePolicyFileIntegrityMonitoringResult']: + def file_integrity_monitorings(self) -> Optional[Sequence['outputs.GetContainerRuntimePolicyFileIntegrityMonitoringResult']]: """ Configuration for file integrity monitoring. """ @@ -547,6 +583,14 @@ def id(self) -> str: """ return pulumi.get(self, "id") + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[Sequence['outputs.GetContainerRuntimePolicyLimitContainerPrivilegeResult']]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + @property @pulumi.getter(name="limitNewPrivileges") def limit_new_privileges(self) -> bool: @@ -557,7 +601,7 @@ def limit_new_privileges(self) -> bool: @property @pulumi.getter(name="malwareScanOptions") - def malware_scan_options(self) -> Sequence['outputs.GetContainerRuntimePolicyMalwareScanOptionResult']: + def malware_scan_options(self) -> Optional[Sequence['outputs.GetContainerRuntimePolicyMalwareScanOptionResult']]: """ Configuration for Real-Time Malware Protection. """ @@ -579,6 +623,16 @@ def name(self) -> str: """ return pulumi.get(self, "name") + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional['outputs.GetContainerRuntimePolicyPortBlockResult']: + return pulumi.get(self, "port_block") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional['outputs.GetContainerRuntimePolicyReadonlyFilesResult']: + return pulumi.get(self, "readonly_files") + @property @pulumi.getter(name="readonlyFilesAndDirectories") def readonly_files_and_directories(self) -> Sequence[str]: @@ -587,6 +641,14 @@ def readonly_files_and_directories(self) -> Sequence[str]: """ return pulumi.get(self, "readonly_files_and_directories") + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[Sequence['outputs.GetContainerRuntimePolicyRestrictedVolumeResult']]: + """ + Restricted volumes configuration. + """ + return pulumi.get(self, "restricted_volumes") + @property @pulumi.getter(name="reverseShellAllowedIps") def reverse_shell_allowed_ips(self) -> Sequence[str]: @@ -632,6 +694,7 @@ def __await__(self): audit_all_network_activity=self.audit_all_network_activity, audit_all_processes_activity=self.audit_all_processes_activity, audit_full_command_arguments=self.audit_full_command_arguments, + auditing=self.auditing, author=self.author, block_access_host_network=self.block_access_host_network, block_adding_capabilities=self.block_adding_capabilities, @@ -657,6 +720,7 @@ def __await__(self): blocked_outbound_ports=self.blocked_outbound_ports, blocked_packages=self.blocked_packages, blocked_volumes=self.blocked_volumes, + container_exec=self.container_exec, container_exec_allowed_processes=self.container_exec_allowed_processes, description=self.description, enable_drift_prevention=self.enable_drift_prevention, @@ -668,22 +732,37 @@ def __await__(self): enforce_after_days=self.enforce_after_days, exceptional_readonly_files_and_directories=self.exceptional_readonly_files_and_directories, exec_lockdown_white_lists=self.exec_lockdown_white_lists, + file_block=self.file_block, file_integrity_monitorings=self.file_integrity_monitorings, fork_guard_process_limit=self.fork_guard_process_limit, id=self.id, + limit_container_privileges=self.limit_container_privileges, limit_new_privileges=self.limit_new_privileges, malware_scan_options=self.malware_scan_options, monitor_system_time_changes=self.monitor_system_time_changes, name=self.name, + port_block=self.port_block, + readonly_files=self.readonly_files, readonly_files_and_directories=self.readonly_files_and_directories, + restricted_volumes=self.restricted_volumes, reverse_shell_allowed_ips=self.reverse_shell_allowed_ips, reverse_shell_allowed_processes=self.reverse_shell_allowed_processes, scope_expression=self.scope_expression, scope_variables=self.scope_variables) -def get_container_runtime_policy(malware_scan_options: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyMalwareScanOptionArgs']]] = None, +def get_container_runtime_policy(allowed_executables: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedExecutableArgs']]] = None, + allowed_registries: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedRegistryArgs']]] = None, + auditing: Optional[pulumi.InputType['GetContainerRuntimePolicyAuditingArgs']] = None, + container_exec: Optional[pulumi.InputType['GetContainerRuntimePolicyContainerExecArgs']] = None, + file_block: Optional[pulumi.InputType['GetContainerRuntimePolicyFileBlockArgs']] = None, + file_integrity_monitorings: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyFileIntegrityMonitoringArgs']]] = None, + limit_container_privileges: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyLimitContainerPrivilegeArgs']]] = None, + malware_scan_options: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyMalwareScanOptionArgs']]] = None, name: Optional[str] = None, + port_block: Optional[pulumi.InputType['GetContainerRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.InputType['GetContainerRuntimePolicyReadonlyFilesArgs']] = None, + restricted_volumes: Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyRestrictedVolumeArgs']]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetContainerRuntimePolicyResult: """ ## Example Usage @@ -697,12 +776,26 @@ def get_container_runtime_policy(malware_scan_options: Optional[Sequence[pulumi. ``` + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedExecutableArgs']] allowed_executables: Allowed executables configuration. + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedRegistryArgs']] allowed_registries: List of allowed registries. + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitorings: Configuration for file integrity monitoring. + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyLimitContainerPrivilegeArgs']] limit_container_privileges: Container privileges configuration. :param Sequence[pulumi.InputType['GetContainerRuntimePolicyMalwareScanOptionArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. - :param str name: Name of the container runtime policy + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyRestrictedVolumeArgs']] restricted_volumes: Restricted volumes configuration. """ __args__ = dict() + __args__['allowedExecutables'] = allowed_executables + __args__['allowedRegistries'] = allowed_registries + __args__['auditing'] = auditing + __args__['containerExec'] = container_exec + __args__['fileBlock'] = file_block + __args__['fileIntegrityMonitorings'] = file_integrity_monitorings + __args__['limitContainerPrivileges'] = limit_container_privileges __args__['malwareScanOptions'] = malware_scan_options __args__['name'] = name + __args__['portBlock'] = port_block + __args__['readonlyFiles'] = readonly_files + __args__['restrictedVolumes'] = restricted_volumes opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke('aquasec:index/getContainerRuntimePolicy:getContainerRuntimePolicy', __args__, opts=opts, typ=GetContainerRuntimePolicyResult).value @@ -713,6 +806,7 @@ def get_container_runtime_policy(malware_scan_options: Optional[Sequence[pulumi. audit_all_network_activity=pulumi.get(__ret__, 'audit_all_network_activity'), audit_all_processes_activity=pulumi.get(__ret__, 'audit_all_processes_activity'), audit_full_command_arguments=pulumi.get(__ret__, 'audit_full_command_arguments'), + auditing=pulumi.get(__ret__, 'auditing'), author=pulumi.get(__ret__, 'author'), block_access_host_network=pulumi.get(__ret__, 'block_access_host_network'), block_adding_capabilities=pulumi.get(__ret__, 'block_adding_capabilities'), @@ -738,6 +832,7 @@ def get_container_runtime_policy(malware_scan_options: Optional[Sequence[pulumi. blocked_outbound_ports=pulumi.get(__ret__, 'blocked_outbound_ports'), blocked_packages=pulumi.get(__ret__, 'blocked_packages'), blocked_volumes=pulumi.get(__ret__, 'blocked_volumes'), + container_exec=pulumi.get(__ret__, 'container_exec'), container_exec_allowed_processes=pulumi.get(__ret__, 'container_exec_allowed_processes'), description=pulumi.get(__ret__, 'description'), enable_drift_prevention=pulumi.get(__ret__, 'enable_drift_prevention'), @@ -749,14 +844,19 @@ def get_container_runtime_policy(malware_scan_options: Optional[Sequence[pulumi. enforce_after_days=pulumi.get(__ret__, 'enforce_after_days'), exceptional_readonly_files_and_directories=pulumi.get(__ret__, 'exceptional_readonly_files_and_directories'), exec_lockdown_white_lists=pulumi.get(__ret__, 'exec_lockdown_white_lists'), + file_block=pulumi.get(__ret__, 'file_block'), file_integrity_monitorings=pulumi.get(__ret__, 'file_integrity_monitorings'), fork_guard_process_limit=pulumi.get(__ret__, 'fork_guard_process_limit'), id=pulumi.get(__ret__, 'id'), + limit_container_privileges=pulumi.get(__ret__, 'limit_container_privileges'), limit_new_privileges=pulumi.get(__ret__, 'limit_new_privileges'), malware_scan_options=pulumi.get(__ret__, 'malware_scan_options'), monitor_system_time_changes=pulumi.get(__ret__, 'monitor_system_time_changes'), name=pulumi.get(__ret__, 'name'), + port_block=pulumi.get(__ret__, 'port_block'), + readonly_files=pulumi.get(__ret__, 'readonly_files'), readonly_files_and_directories=pulumi.get(__ret__, 'readonly_files_and_directories'), + restricted_volumes=pulumi.get(__ret__, 'restricted_volumes'), reverse_shell_allowed_ips=pulumi.get(__ret__, 'reverse_shell_allowed_ips'), reverse_shell_allowed_processes=pulumi.get(__ret__, 'reverse_shell_allowed_processes'), scope_expression=pulumi.get(__ret__, 'scope_expression'), @@ -764,8 +864,18 @@ def get_container_runtime_policy(malware_scan_options: Optional[Sequence[pulumi. @_utilities.lift_output_func(get_container_runtime_policy) -def get_container_runtime_policy_output(malware_scan_options: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyMalwareScanOptionArgs']]]]] = None, +def get_container_runtime_policy_output(allowed_executables: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedRegistryArgs']]]]] = None, + auditing: Optional[pulumi.Input[Optional[pulumi.InputType['GetContainerRuntimePolicyAuditingArgs']]]] = None, + container_exec: Optional[pulumi.Input[Optional[pulumi.InputType['GetContainerRuntimePolicyContainerExecArgs']]]] = None, + file_block: Optional[pulumi.Input[Optional[pulumi.InputType['GetContainerRuntimePolicyFileBlockArgs']]]] = None, + file_integrity_monitorings: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyFileIntegrityMonitoringArgs']]]]] = None, + limit_container_privileges: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + malware_scan_options: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyMalwareScanOptionArgs']]]]] = None, name: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[Optional[pulumi.InputType['GetContainerRuntimePolicyPortBlockArgs']]]] = None, + readonly_files: Optional[pulumi.Input[Optional[pulumi.InputType['GetContainerRuntimePolicyReadonlyFilesArgs']]]] = None, + restricted_volumes: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetContainerRuntimePolicyRestrictedVolumeArgs']]]]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetContainerRuntimePolicyResult]: """ ## Example Usage @@ -779,7 +889,11 @@ def get_container_runtime_policy_output(malware_scan_options: Optional[pulumi.In ``` + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedExecutableArgs']] allowed_executables: Allowed executables configuration. + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyAllowedRegistryArgs']] allowed_registries: List of allowed registries. + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitorings: Configuration for file integrity monitoring. + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyLimitContainerPrivilegeArgs']] limit_container_privileges: Container privileges configuration. :param Sequence[pulumi.InputType['GetContainerRuntimePolicyMalwareScanOptionArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. - :param str name: Name of the container runtime policy + :param Sequence[pulumi.InputType['GetContainerRuntimePolicyRestrictedVolumeArgs']] restricted_volumes: Restricted volumes configuration. """ ... diff --git a/sdk/python/pulumiverse_aquasec/get_enforcer_groups.py b/sdk/python/pulumiverse_aquasec/get_enforcer_groups.py index 92e0a052..c9fb0ee3 100644 --- a/sdk/python/pulumiverse_aquasec/get_enforcer_groups.py +++ b/sdk/python/pulumiverse_aquasec/get_enforcer_groups.py @@ -775,6 +775,8 @@ def get_enforcer_groups(forensics: Optional[bool] = None, host_forensics: Optional[bool] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetEnforcerGroupsResult: """ + The data source `EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. + ## Example Usage ```python @@ -867,6 +869,8 @@ def get_enforcer_groups_output(forensics: Optional[pulumi.Input[Optional[bool]]] host_forensics: Optional[pulumi.Input[Optional[bool]]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetEnforcerGroupsResult]: """ + The data source `EnforcerGroups` provides an Enforcer group template that generates a configuration file, which is subsequently used to generate one or more Enforcers using a Docker command. + ## Example Usage ```python diff --git a/sdk/python/pulumiverse_aquasec/get_function_assurance_policy.py b/sdk/python/pulumiverse_aquasec/get_function_assurance_policy.py index 3df4a326..c66d754c 100644 --- a/sdk/python/pulumiverse_aquasec/get_function_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_function_assurance_policy.py @@ -318,7 +318,7 @@ def blacklisted_licenses(self) -> Sequence[str]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> bool: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -360,7 +360,7 @@ def custom_severity_enabled(self) -> bool: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> bool: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -368,7 +368,7 @@ def cves_black_list_enabled(self) -> bool: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Sequence[str]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -376,7 +376,7 @@ def cves_black_lists(self) -> Sequence[str]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> bool: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -428,6 +428,9 @@ def disallow_malware(self) -> bool: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> bool: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -551,6 +554,9 @@ def images(self) -> Sequence[str]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> bool: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @property @@ -620,7 +626,7 @@ def packages_black_list_enabled(self) -> bool: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Sequence['outputs.GetFunctionAssurancePolicyPackagesBlackListResult']: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") diff --git a/sdk/python/pulumiverse_aquasec/get_function_runtime_policy.py b/sdk/python/pulumiverse_aquasec/get_function_runtime_policy.py index d44bfd2e..537fe836 100644 --- a/sdk/python/pulumiverse_aquasec/get_function_runtime_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_function_runtime_policy.py @@ -9,6 +9,7 @@ from typing import Any, Mapping, Optional, Sequence, Union, overload from . import _utilities from . import outputs +from ._inputs import * __all__ = [ 'GetFunctionRuntimePolicyResult', @@ -22,7 +23,7 @@ class GetFunctionRuntimePolicyResult: """ A collection of values returned by getFunctionRuntimePolicy. """ - def __init__(__self__, application_scopes=None, author=None, block_malicious_executables=None, block_malicious_executables_allowed_processes=None, block_running_executables_in_tmp_folder=None, blocked_executables=None, description=None, enabled=None, enforce=None, honeypot_access_key=None, honeypot_apply_ons=None, honeypot_secret_key=None, honeypot_serverless_app_name=None, id=None, name=None, scope_expression=None, scope_variables=None): + def __init__(__self__, application_scopes=None, author=None, block_malicious_executables=None, block_malicious_executables_allowed_processes=None, block_running_executables_in_tmp_folder=None, blocked_executables=None, description=None, drift_preventions=None, enabled=None, enforce=None, executable_blacklists=None, honeypot_access_key=None, honeypot_apply_ons=None, honeypot_secret_key=None, honeypot_serverless_app_name=None, id=None, name=None, scope_expression=None, scope_variables=None): if application_scopes and not isinstance(application_scopes, list): raise TypeError("Expected argument 'application_scopes' to be a list") pulumi.set(__self__, "application_scopes", application_scopes) @@ -44,12 +45,18 @@ def __init__(__self__, application_scopes=None, author=None, block_malicious_exe if description and not isinstance(description, str): raise TypeError("Expected argument 'description' to be a str") pulumi.set(__self__, "description", description) + if drift_preventions and not isinstance(drift_preventions, list): + raise TypeError("Expected argument 'drift_preventions' to be a list") + pulumi.set(__self__, "drift_preventions", drift_preventions) if enabled and not isinstance(enabled, bool): raise TypeError("Expected argument 'enabled' to be a bool") pulumi.set(__self__, "enabled", enabled) if enforce and not isinstance(enforce, bool): raise TypeError("Expected argument 'enforce' to be a bool") pulumi.set(__self__, "enforce", enforce) + if executable_blacklists and not isinstance(executable_blacklists, list): + raise TypeError("Expected argument 'executable_blacklists' to be a list") + pulumi.set(__self__, "executable_blacklists", executable_blacklists) if honeypot_access_key and not isinstance(honeypot_access_key, str): raise TypeError("Expected argument 'honeypot_access_key' to be a str") pulumi.set(__self__, "honeypot_access_key", honeypot_access_key) @@ -131,6 +138,14 @@ def description(self) -> str: """ return pulumi.get(self, "description") + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[Sequence['outputs.GetFunctionRuntimePolicyDriftPreventionResult']]: + """ + Drift prevention configuration. + """ + return pulumi.get(self, "drift_preventions") + @property @pulumi.getter def enabled(self) -> bool: @@ -147,6 +162,14 @@ def enforce(self) -> bool: """ return pulumi.get(self, "enforce") + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[Sequence['outputs.GetFunctionRuntimePolicyExecutableBlacklistResult']]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + @property @pulumi.getter(name="honeypotAccessKey") def honeypot_access_key(self) -> str: @@ -225,8 +248,10 @@ def __await__(self): block_running_executables_in_tmp_folder=self.block_running_executables_in_tmp_folder, blocked_executables=self.blocked_executables, description=self.description, + drift_preventions=self.drift_preventions, enabled=self.enabled, enforce=self.enforce, + executable_blacklists=self.executable_blacklists, honeypot_access_key=self.honeypot_access_key, honeypot_apply_ons=self.honeypot_apply_ons, honeypot_secret_key=self.honeypot_secret_key, @@ -237,7 +262,9 @@ def __await__(self): scope_variables=self.scope_variables) -def get_function_runtime_policy(name: Optional[str] = None, +def get_function_runtime_policy(drift_preventions: Optional[Sequence[pulumi.InputType['GetFunctionRuntimePolicyDriftPreventionArgs']]] = None, + executable_blacklists: Optional[Sequence[pulumi.InputType['GetFunctionRuntimePolicyExecutableBlacklistArgs']]] = None, + name: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetFunctionRuntimePolicyResult: """ ## Example Usage @@ -251,9 +278,12 @@ def get_function_runtime_policy(name: Optional[str] = None, ``` - :param str name: Name of the function runtime policy + :param Sequence[pulumi.InputType['GetFunctionRuntimePolicyDriftPreventionArgs']] drift_preventions: Drift prevention configuration. + :param Sequence[pulumi.InputType['GetFunctionRuntimePolicyExecutableBlacklistArgs']] executable_blacklists: Executable blacklist configuration. """ __args__ = dict() + __args__['driftPreventions'] = drift_preventions + __args__['executableBlacklists'] = executable_blacklists __args__['name'] = name opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke('aquasec:index/getFunctionRuntimePolicy:getFunctionRuntimePolicy', __args__, opts=opts, typ=GetFunctionRuntimePolicyResult).value @@ -266,8 +296,10 @@ def get_function_runtime_policy(name: Optional[str] = None, block_running_executables_in_tmp_folder=pulumi.get(__ret__, 'block_running_executables_in_tmp_folder'), blocked_executables=pulumi.get(__ret__, 'blocked_executables'), description=pulumi.get(__ret__, 'description'), + drift_preventions=pulumi.get(__ret__, 'drift_preventions'), enabled=pulumi.get(__ret__, 'enabled'), enforce=pulumi.get(__ret__, 'enforce'), + executable_blacklists=pulumi.get(__ret__, 'executable_blacklists'), honeypot_access_key=pulumi.get(__ret__, 'honeypot_access_key'), honeypot_apply_ons=pulumi.get(__ret__, 'honeypot_apply_ons'), honeypot_secret_key=pulumi.get(__ret__, 'honeypot_secret_key'), @@ -279,7 +311,9 @@ def get_function_runtime_policy(name: Optional[str] = None, @_utilities.lift_output_func(get_function_runtime_policy) -def get_function_runtime_policy_output(name: Optional[pulumi.Input[str]] = None, +def get_function_runtime_policy_output(drift_preventions: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetFunctionRuntimePolicyDriftPreventionArgs']]]]] = None, + executable_blacklists: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetFunctionRuntimePolicyExecutableBlacklistArgs']]]]] = None, + name: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFunctionRuntimePolicyResult]: """ ## Example Usage @@ -293,6 +327,7 @@ def get_function_runtime_policy_output(name: Optional[pulumi.Input[str]] = None, ``` - :param str name: Name of the function runtime policy + :param Sequence[pulumi.InputType['GetFunctionRuntimePolicyDriftPreventionArgs']] drift_preventions: Drift prevention configuration. + :param Sequence[pulumi.InputType['GetFunctionRuntimePolicyExecutableBlacklistArgs']] executable_blacklists: Executable blacklist configuration. """ ... diff --git a/sdk/python/pulumiverse_aquasec/get_gateways.py b/sdk/python/pulumiverse_aquasec/get_gateways.py index a8cbdc2b..a0d9fa0b 100644 --- a/sdk/python/pulumiverse_aquasec/get_gateways.py +++ b/sdk/python/pulumiverse_aquasec/get_gateways.py @@ -14,6 +14,7 @@ 'GetGatewaysResult', 'AwaitableGetGatewaysResult', 'get_gateways', + 'get_gateways_output', ] @pulumi.output_type @@ -83,3 +84,27 @@ def get_gateways(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetGat return AwaitableGetGatewaysResult( gateways=pulumi.get(__ret__, 'gateways'), id=pulumi.get(__ret__, 'id')) + + +@_utilities.lift_output_func(get_gateways) +def get_gateways_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGatewaysResult]: + """ + The data source `get_gateways` provides a method to query all gateways within the Aqua + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + testgateway = aquasec.get_gateways() + pulumi.export("gatewayData", testgateway) + pulumi.export("gatewayName", testgateway.gateways[0].id) + pulumi.export("gatewayStatus", testgateway.gateways[0].status) + pulumi.export("gatewayDescription", testgateway.gateways[0].description) + pulumi.export("gatewayVersion", testgateway.gateways[0].version) + pulumi.export("gatewayHostname", testgateway.gateways[0].hostname) + pulumi.export("gatewayGrpcAddress", testgateway.gateways[0].grpc_address) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_groups.py b/sdk/python/pulumiverse_aquasec/get_groups.py index c9938650..75ff335b 100644 --- a/sdk/python/pulumiverse_aquasec/get_groups.py +++ b/sdk/python/pulumiverse_aquasec/get_groups.py @@ -14,6 +14,7 @@ 'GetGroupsResult', 'AwaitableGetGroupsResult', 'get_groups', + 'get_groups_output', ] @pulumi.output_type @@ -74,3 +75,21 @@ def get_groups(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetGroup return AwaitableGetGroupsResult( groups=pulumi.get(__ret__, 'groups'), id=pulumi.get(__ret__, 'id')) + + +@_utilities.lift_output_func(get_groups) +def get_groups_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupsResult]: + """ + The data source `get_groups` provides a method to query all groups within the Aqua CSPMgroup database. The fields returned from this query are detailed in the Schema section below. + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + groups = aquasec.get_groups() + pulumi.export("firstGroupName", groups.groups[0].name) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_host_assurance_policy.py b/sdk/python/pulumiverse_aquasec/get_host_assurance_policy.py index ec0db819..c3f58ec8 100644 --- a/sdk/python/pulumiverse_aquasec/get_host_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_host_assurance_policy.py @@ -318,7 +318,7 @@ def blacklisted_licenses(self) -> Sequence[str]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> bool: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -360,7 +360,7 @@ def custom_severity_enabled(self) -> bool: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> bool: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -368,7 +368,7 @@ def cves_black_list_enabled(self) -> bool: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Sequence[str]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -376,7 +376,7 @@ def cves_black_lists(self) -> Sequence[str]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> bool: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -428,6 +428,9 @@ def disallow_malware(self) -> bool: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> bool: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -551,6 +554,9 @@ def images(self) -> Sequence[str]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> bool: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @property @@ -620,7 +626,7 @@ def packages_black_list_enabled(self) -> bool: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Sequence['outputs.GetHostAssurancePolicyPackagesBlackListResult']: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") diff --git a/sdk/python/pulumiverse_aquasec/get_host_runtime_policy.py b/sdk/python/pulumiverse_aquasec/get_host_runtime_policy.py index 359c40a8..d290df80 100644 --- a/sdk/python/pulumiverse_aquasec/get_host_runtime_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_host_runtime_policy.py @@ -9,6 +9,7 @@ from typing import Any, Mapping, Optional, Sequence, Union, overload from . import _utilities from . import outputs +from ._inputs import * __all__ = [ 'GetHostRuntimePolicyResult', @@ -22,7 +23,7 @@ class GetHostRuntimePolicyResult: """ A collection of values returned by getHostRuntimePolicy. """ - def __init__(__self__, application_scopes=None, audit_all_os_user_activity=None, audit_brute_force_login=None, audit_full_command_arguments=None, audit_host_failed_login_events=None, audit_host_successful_login_events=None, audit_user_account_management=None, author=None, block_cryptocurrency_mining=None, blocked_files=None, description=None, enable_ip_reputation_security=None, enabled=None, enforce=None, enforce_after_days=None, file_integrity_monitorings=None, id=None, malware_scan_options=None, monitor_system_log_integrity=None, monitor_system_time_changes=None, monitor_windows_services=None, name=None, os_groups_alloweds=None, os_groups_blockeds=None, os_users_alloweds=None, os_users_blockeds=None, package_blocks=None, port_scanning_detection=None, scope_expression=None, scope_variables=None, windows_registry_monitorings=None, windows_registry_protections=None): + def __init__(__self__, application_scopes=None, audit_all_os_user_activity=None, audit_brute_force_login=None, audit_full_command_arguments=None, audit_host_failed_login_events=None, audit_host_successful_login_events=None, audit_user_account_management=None, auditing=None, author=None, block_cryptocurrency_mining=None, blocked_files=None, description=None, enable_ip_reputation=None, enabled=None, enforce=None, enforce_after_days=None, file_integrity_monitorings=None, id=None, malware_scan_options=None, monitor_system_log_integrity=None, monitor_system_time_changes=None, monitor_windows_services=None, name=None, os_groups_alloweds=None, os_groups_blockeds=None, os_users_alloweds=None, os_users_blockeds=None, package_blocks=None, port_scanning_detection=None, scope_expression=None, scope_variables=None, windows_registry_monitorings=None, windows_registry_protections=None): if application_scopes and not isinstance(application_scopes, list): raise TypeError("Expected argument 'application_scopes' to be a list") pulumi.set(__self__, "application_scopes", application_scopes) @@ -44,6 +45,9 @@ def __init__(__self__, application_scopes=None, audit_all_os_user_activity=None, if audit_user_account_management and not isinstance(audit_user_account_management, bool): raise TypeError("Expected argument 'audit_user_account_management' to be a bool") pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if auditing and not isinstance(auditing, dict): + raise TypeError("Expected argument 'auditing' to be a dict") + pulumi.set(__self__, "auditing", auditing) if author and not isinstance(author, str): raise TypeError("Expected argument 'author' to be a str") pulumi.set(__self__, "author", author) @@ -56,9 +60,9 @@ def __init__(__self__, application_scopes=None, audit_all_os_user_activity=None, if description and not isinstance(description, str): raise TypeError("Expected argument 'description' to be a str") pulumi.set(__self__, "description", description) - if enable_ip_reputation_security and not isinstance(enable_ip_reputation_security, bool): - raise TypeError("Expected argument 'enable_ip_reputation_security' to be a bool") - pulumi.set(__self__, "enable_ip_reputation_security", enable_ip_reputation_security) + if enable_ip_reputation and not isinstance(enable_ip_reputation, bool): + raise TypeError("Expected argument 'enable_ip_reputation' to be a bool") + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) if enabled and not isinstance(enabled, bool): raise TypeError("Expected argument 'enabled' to be a bool") pulumi.set(__self__, "enabled", enabled) @@ -176,6 +180,11 @@ def audit_user_account_management(self) -> bool: """ return pulumi.get(self, "audit_user_account_management") + @property + @pulumi.getter + def auditing(self) -> Optional['outputs.GetHostRuntimePolicyAuditingResult']: + return pulumi.get(self, "auditing") + @property @pulumi.getter def author(self) -> str: @@ -209,12 +218,12 @@ def description(self) -> str: return pulumi.get(self, "description") @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> bool: + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> bool: """ If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. """ - return pulumi.get(self, "enable_ip_reputation_security") + return pulumi.get(self, "enable_ip_reputation") @property @pulumi.getter @@ -242,7 +251,7 @@ def enforce_after_days(self) -> int: @property @pulumi.getter(name="fileIntegrityMonitorings") - def file_integrity_monitorings(self) -> Sequence['outputs.GetHostRuntimePolicyFileIntegrityMonitoringResult']: + def file_integrity_monitorings(self) -> Optional[Sequence['outputs.GetHostRuntimePolicyFileIntegrityMonitoringResult']]: """ Configuration for file integrity monitoring. """ @@ -258,7 +267,7 @@ def id(self) -> str: @property @pulumi.getter(name="malwareScanOptions") - def malware_scan_options(self) -> Sequence['outputs.GetHostRuntimePolicyMalwareScanOptionResult']: + def malware_scan_options(self) -> Optional[Sequence['outputs.GetHostRuntimePolicyMalwareScanOptionResult']]: """ Configuration for Real-Time Malware Protection. """ @@ -330,10 +339,7 @@ def os_users_blockeds(self) -> Sequence[str]: @property @pulumi.getter(name="packageBlocks") - def package_blocks(self) -> Sequence[str]: - """ - List of packages that are not allowed read, write or execute all files that under the packages. - """ + def package_blocks(self) -> Optional[Sequence['outputs.GetHostRuntimePolicyPackageBlockResult']]: return pulumi.get(self, "package_blocks") @property @@ -390,11 +396,12 @@ def __await__(self): audit_host_failed_login_events=self.audit_host_failed_login_events, audit_host_successful_login_events=self.audit_host_successful_login_events, audit_user_account_management=self.audit_user_account_management, + auditing=self.auditing, author=self.author, block_cryptocurrency_mining=self.block_cryptocurrency_mining, blocked_files=self.blocked_files, description=self.description, - enable_ip_reputation_security=self.enable_ip_reputation_security, + enable_ip_reputation=self.enable_ip_reputation, enabled=self.enabled, enforce=self.enforce, enforce_after_days=self.enforce_after_days, @@ -417,7 +424,11 @@ def __await__(self): windows_registry_protections=self.windows_registry_protections) -def get_host_runtime_policy(name: Optional[str] = None, +def get_host_runtime_policy(auditing: Optional[pulumi.InputType['GetHostRuntimePolicyAuditingArgs']] = None, + file_integrity_monitorings: Optional[Sequence[pulumi.InputType['GetHostRuntimePolicyFileIntegrityMonitoringArgs']]] = None, + malware_scan_options: Optional[Sequence[pulumi.InputType['GetHostRuntimePolicyMalwareScanOptionArgs']]] = None, + name: Optional[str] = None, + package_blocks: Optional[Sequence[pulumi.InputType['GetHostRuntimePolicyPackageBlockArgs']]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetHostRuntimePolicyResult: """ ## Example Usage @@ -431,10 +442,15 @@ def get_host_runtime_policy(name: Optional[str] = None, ``` - :param str name: Name of the host runtime policy + :param Sequence[pulumi.InputType['GetHostRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitorings: Configuration for file integrity monitoring. + :param Sequence[pulumi.InputType['GetHostRuntimePolicyMalwareScanOptionArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. """ __args__ = dict() + __args__['auditing'] = auditing + __args__['fileIntegrityMonitorings'] = file_integrity_monitorings + __args__['malwareScanOptions'] = malware_scan_options __args__['name'] = name + __args__['packageBlocks'] = package_blocks opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke('aquasec:index/getHostRuntimePolicy:getHostRuntimePolicy', __args__, opts=opts, typ=GetHostRuntimePolicyResult).value @@ -446,11 +462,12 @@ def get_host_runtime_policy(name: Optional[str] = None, audit_host_failed_login_events=pulumi.get(__ret__, 'audit_host_failed_login_events'), audit_host_successful_login_events=pulumi.get(__ret__, 'audit_host_successful_login_events'), audit_user_account_management=pulumi.get(__ret__, 'audit_user_account_management'), + auditing=pulumi.get(__ret__, 'auditing'), author=pulumi.get(__ret__, 'author'), block_cryptocurrency_mining=pulumi.get(__ret__, 'block_cryptocurrency_mining'), blocked_files=pulumi.get(__ret__, 'blocked_files'), description=pulumi.get(__ret__, 'description'), - enable_ip_reputation_security=pulumi.get(__ret__, 'enable_ip_reputation_security'), + enable_ip_reputation=pulumi.get(__ret__, 'enable_ip_reputation'), enabled=pulumi.get(__ret__, 'enabled'), enforce=pulumi.get(__ret__, 'enforce'), enforce_after_days=pulumi.get(__ret__, 'enforce_after_days'), @@ -474,7 +491,11 @@ def get_host_runtime_policy(name: Optional[str] = None, @_utilities.lift_output_func(get_host_runtime_policy) -def get_host_runtime_policy_output(name: Optional[pulumi.Input[str]] = None, +def get_host_runtime_policy_output(auditing: Optional[pulumi.Input[Optional[pulumi.InputType['GetHostRuntimePolicyAuditingArgs']]]] = None, + file_integrity_monitorings: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetHostRuntimePolicyFileIntegrityMonitoringArgs']]]]] = None, + malware_scan_options: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetHostRuntimePolicyMalwareScanOptionArgs']]]]] = None, + name: Optional[pulumi.Input[str]] = None, + package_blocks: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetHostRuntimePolicyPackageBlockArgs']]]]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetHostRuntimePolicyResult]: """ ## Example Usage @@ -488,6 +509,7 @@ def get_host_runtime_policy_output(name: Optional[pulumi.Input[str]] = None, ``` - :param str name: Name of the host runtime policy + :param Sequence[pulumi.InputType['GetHostRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitorings: Configuration for file integrity monitoring. + :param Sequence[pulumi.InputType['GetHostRuntimePolicyMalwareScanOptionArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. """ ... diff --git a/sdk/python/pulumiverse_aquasec/get_image.py b/sdk/python/pulumiverse_aquasec/get_image.py index 12ab6752..614b705d 100644 --- a/sdk/python/pulumiverse_aquasec/get_image.py +++ b/sdk/python/pulumiverse_aquasec/get_image.py @@ -652,8 +652,6 @@ def get_image(registry: Optional[str] = None, """ Use this data source to access information about an existing resource. - :param str registry: The name of the registry where the image is stored. - :param str repository: The name of the image's repository. :param str tag: The tag of the image. """ __args__ = dict() @@ -725,8 +723,6 @@ def get_image_output(registry: Optional[pulumi.Input[str]] = None, """ Use this data source to access information about an existing resource. - :param str registry: The name of the registry where the image is stored. - :param str repository: The name of the image's repository. :param str tag: The tag of the image. """ ... diff --git a/sdk/python/pulumiverse_aquasec/get_image_assurance_policy.py b/sdk/python/pulumiverse_aquasec/get_image_assurance_policy.py index 4767d061..9a2bb0b2 100644 --- a/sdk/python/pulumiverse_aquasec/get_image_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_image_assurance_policy.py @@ -318,7 +318,7 @@ def blacklisted_licenses(self) -> Sequence[str]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> bool: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -360,7 +360,7 @@ def custom_severity_enabled(self) -> bool: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> bool: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -368,7 +368,7 @@ def cves_black_list_enabled(self) -> bool: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Sequence[str]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -376,7 +376,7 @@ def cves_black_lists(self) -> Sequence[str]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> bool: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -428,6 +428,9 @@ def disallow_malware(self) -> bool: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> bool: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -551,6 +554,9 @@ def images(self) -> Sequence[str]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> bool: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @property @@ -620,7 +626,7 @@ def packages_black_list_enabled(self) -> bool: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Sequence['outputs.GetImageAssurancePolicyPackagesBlackListResult']: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") diff --git a/sdk/python/pulumiverse_aquasec/get_integration_registries.py b/sdk/python/pulumiverse_aquasec/get_integration_registries.py new file mode 100644 index 00000000..dbcd1074 --- /dev/null +++ b/sdk/python/pulumiverse_aquasec/get_integration_registries.py @@ -0,0 +1,471 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = [ + 'GetIntegrationRegistriesResult', + 'AwaitableGetIntegrationRegistriesResult', + 'get_integration_registries', + 'get_integration_registries_output', +] + +@pulumi.output_type +class GetIntegrationRegistriesResult: + """ + A collection of values returned by getIntegrationRegistries. + """ + def __init__(__self__, advanced_settings_cleanup=None, always_pull_patterns=None, auto_cleanup=None, auto_pull=None, auto_pull_interval=None, auto_pull_max=None, auto_pull_rescan=None, auto_pull_time=None, description=None, id=None, image_creation_date_condition=None, lastupdate=None, name=None, options=None, password=None, prefixes=None, pull_image_age=None, pull_image_count=None, pull_image_tag_patterns=None, pull_repo_patterns_excludeds=None, registry_scan_timeout=None, scanner_names=None, scanner_type=None, type=None, url=None, username=None, webhooks=None): + if advanced_settings_cleanup and not isinstance(advanced_settings_cleanup, bool): + raise TypeError("Expected argument 'advanced_settings_cleanup' to be a bool") + pulumi.set(__self__, "advanced_settings_cleanup", advanced_settings_cleanup) + if always_pull_patterns and not isinstance(always_pull_patterns, list): + raise TypeError("Expected argument 'always_pull_patterns' to be a list") + pulumi.set(__self__, "always_pull_patterns", always_pull_patterns) + if auto_cleanup and not isinstance(auto_cleanup, bool): + raise TypeError("Expected argument 'auto_cleanup' to be a bool") + pulumi.set(__self__, "auto_cleanup", auto_cleanup) + if auto_pull and not isinstance(auto_pull, bool): + raise TypeError("Expected argument 'auto_pull' to be a bool") + pulumi.set(__self__, "auto_pull", auto_pull) + if auto_pull_interval and not isinstance(auto_pull_interval, int): + raise TypeError("Expected argument 'auto_pull_interval' to be a int") + pulumi.set(__self__, "auto_pull_interval", auto_pull_interval) + if auto_pull_max and not isinstance(auto_pull_max, int): + raise TypeError("Expected argument 'auto_pull_max' to be a int") + pulumi.set(__self__, "auto_pull_max", auto_pull_max) + if auto_pull_rescan and not isinstance(auto_pull_rescan, bool): + raise TypeError("Expected argument 'auto_pull_rescan' to be a bool") + pulumi.set(__self__, "auto_pull_rescan", auto_pull_rescan) + if auto_pull_time and not isinstance(auto_pull_time, str): + raise TypeError("Expected argument 'auto_pull_time' to be a str") + pulumi.set(__self__, "auto_pull_time", auto_pull_time) + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if image_creation_date_condition and not isinstance(image_creation_date_condition, str): + raise TypeError("Expected argument 'image_creation_date_condition' to be a str") + pulumi.set(__self__, "image_creation_date_condition", image_creation_date_condition) + if lastupdate and not isinstance(lastupdate, int): + raise TypeError("Expected argument 'lastupdate' to be a int") + pulumi.set(__self__, "lastupdate", lastupdate) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if options and not isinstance(options, list): + raise TypeError("Expected argument 'options' to be a list") + pulumi.set(__self__, "options", options) + if password and not isinstance(password, str): + raise TypeError("Expected argument 'password' to be a str") + pulumi.set(__self__, "password", password) + if prefixes and not isinstance(prefixes, list): + raise TypeError("Expected argument 'prefixes' to be a list") + pulumi.set(__self__, "prefixes", prefixes) + if pull_image_age and not isinstance(pull_image_age, str): + raise TypeError("Expected argument 'pull_image_age' to be a str") + pulumi.set(__self__, "pull_image_age", pull_image_age) + if pull_image_count and not isinstance(pull_image_count, int): + raise TypeError("Expected argument 'pull_image_count' to be a int") + pulumi.set(__self__, "pull_image_count", pull_image_count) + if pull_image_tag_patterns and not isinstance(pull_image_tag_patterns, list): + raise TypeError("Expected argument 'pull_image_tag_patterns' to be a list") + pulumi.set(__self__, "pull_image_tag_patterns", pull_image_tag_patterns) + if pull_repo_patterns_excludeds and not isinstance(pull_repo_patterns_excludeds, list): + raise TypeError("Expected argument 'pull_repo_patterns_excludeds' to be a list") + pulumi.set(__self__, "pull_repo_patterns_excludeds", pull_repo_patterns_excludeds) + if registry_scan_timeout and not isinstance(registry_scan_timeout, int): + raise TypeError("Expected argument 'registry_scan_timeout' to be a int") + pulumi.set(__self__, "registry_scan_timeout", registry_scan_timeout) + if scanner_names and not isinstance(scanner_names, list): + raise TypeError("Expected argument 'scanner_names' to be a list") + pulumi.set(__self__, "scanner_names", scanner_names) + if scanner_type and not isinstance(scanner_type, str): + raise TypeError("Expected argument 'scanner_type' to be a str") + pulumi.set(__self__, "scanner_type", scanner_type) + if type and not isinstance(type, str): + raise TypeError("Expected argument 'type' to be a str") + pulumi.set(__self__, "type", type) + if url and not isinstance(url, str): + raise TypeError("Expected argument 'url' to be a str") + pulumi.set(__self__, "url", url) + if username and not isinstance(username, str): + raise TypeError("Expected argument 'username' to be a str") + pulumi.set(__self__, "username", username) + if webhooks and not isinstance(webhooks, list): + raise TypeError("Expected argument 'webhooks' to be a list") + pulumi.set(__self__, "webhooks", webhooks) + + @property + @pulumi.getter(name="advancedSettingsCleanup") + def advanced_settings_cleanup(self) -> Optional[bool]: + """ + Automatically clean up that don't match the pull criteria + """ + return pulumi.get(self, "advanced_settings_cleanup") + + @property + @pulumi.getter(name="alwaysPullPatterns") + def always_pull_patterns(self) -> Optional[Sequence[str]]: + """ + List of image patterns to pull always + """ + return pulumi.get(self, "always_pull_patterns") + + @property + @pulumi.getter(name="autoCleanup") + def auto_cleanup(self) -> bool: + """ + Automatically clean up images and repositories which are no longer present in the registry from Aqua console + """ + return pulumi.get(self, "auto_cleanup") + + @property + @pulumi.getter(name="autoPull") + def auto_pull(self) -> bool: + """ + Whether to automatically pull images from the registry on creation and daily + """ + return pulumi.get(self, "auto_pull") + + @property + @pulumi.getter(name="autoPullInterval") + def auto_pull_interval(self) -> int: + """ + The interval in days to start pulling new images from the registry, Defaults to 1 + """ + return pulumi.get(self, "auto_pull_interval") + + @property + @pulumi.getter(name="autoPullMax") + def auto_pull_max(self) -> int: + """ + Maximum number of repositories to pull every day, defaults to 100 + """ + return pulumi.get(self, "auto_pull_max") + + @property + @pulumi.getter(name="autoPullRescan") + def auto_pull_rescan(self) -> bool: + """ + Whether to automatically pull and rescan images from the registry on creation and daily + """ + return pulumi.get(self, "auto_pull_rescan") + + @property + @pulumi.getter(name="autoPullTime") + def auto_pull_time(self) -> str: + """ + The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 + """ + return pulumi.get(self, "auto_pull_time") + + @property + @pulumi.getter + def description(self) -> str: + """ + The description of the registry + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter + def id(self) -> str: + """ + The provider-assigned unique ID for this managed resource. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="imageCreationDateCondition") + def image_creation_date_condition(self) -> str: + """ + Additional condition for pulling and rescanning images, Defaults to 'none' + """ + return pulumi.get(self, "image_creation_date_condition") + + @property + @pulumi.getter + def lastupdate(self) -> int: + """ + The last time the registry was modified in UNIX time + """ + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter + def name(self) -> str: + """ + The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def options(self) -> Optional[Sequence['outputs.GetIntegrationRegistriesOptionResult']]: + return pulumi.get(self, "options") + + @property + @pulumi.getter + def password(self) -> str: + """ + The password for registry authentication + """ + return pulumi.get(self, "password") + + @property + @pulumi.getter + def prefixes(self) -> Sequence[str]: + """ + List of possible prefixes to image names pulled from the registry + """ + return pulumi.get(self, "prefixes") + + @property + @pulumi.getter(name="pullImageAge") + def pull_image_age(self) -> str: + """ + When auto pull image enabled, sets maximum age of auto pulled images + """ + return pulumi.get(self, "pull_image_age") + + @property + @pulumi.getter(name="pullImageCount") + def pull_image_count(self) -> int: + """ + When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + """ + return pulumi.get(self, "pull_image_count") + + @property + @pulumi.getter(name="pullImageTagPatterns") + def pull_image_tag_patterns(self) -> Optional[Sequence[str]]: + """ + List of image tags patterns to pull + """ + return pulumi.get(self, "pull_image_tag_patterns") + + @property + @pulumi.getter(name="pullRepoPatternsExcludeds") + def pull_repo_patterns_excludeds(self) -> Optional[Sequence[str]]: + """ + List of image patterns to exclude + """ + return pulumi.get(self, "pull_repo_patterns_excludeds") + + @property + @pulumi.getter(name="registryScanTimeout") + def registry_scan_timeout(self) -> Optional[int]: + """ + Registry scan timeout in Minutes + """ + return pulumi.get(self, "registry_scan_timeout") + + @property + @pulumi.getter(name="scannerNames") + def scanner_names(self) -> Sequence[str]: + """ + List of scanner names + """ + return pulumi.get(self, "scanner_names") + + @property + @pulumi.getter(name="scannerType") + def scanner_type(self) -> str: + """ + Scanner type + """ + return pulumi.get(self, "scanner_type") + + @property + @pulumi.getter + def type(self) -> str: + """ + Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter + def url(self) -> str: + """ + The URL, address or region of the registry + """ + return pulumi.get(self, "url") + + @property + @pulumi.getter + def username(self) -> str: + """ + The username for registry authentication. + """ + return pulumi.get(self, "username") + + @property + @pulumi.getter + def webhooks(self) -> Optional[Sequence['outputs.GetIntegrationRegistriesWebhookResult']]: + """ + When enabled, registry events are sent to the given Aqua webhook url + """ + return pulumi.get(self, "webhooks") + + +class AwaitableGetIntegrationRegistriesResult(GetIntegrationRegistriesResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetIntegrationRegistriesResult( + advanced_settings_cleanup=self.advanced_settings_cleanup, + always_pull_patterns=self.always_pull_patterns, + auto_cleanup=self.auto_cleanup, + auto_pull=self.auto_pull, + auto_pull_interval=self.auto_pull_interval, + auto_pull_max=self.auto_pull_max, + auto_pull_rescan=self.auto_pull_rescan, + auto_pull_time=self.auto_pull_time, + description=self.description, + id=self.id, + image_creation_date_condition=self.image_creation_date_condition, + lastupdate=self.lastupdate, + name=self.name, + options=self.options, + password=self.password, + prefixes=self.prefixes, + pull_image_age=self.pull_image_age, + pull_image_count=self.pull_image_count, + pull_image_tag_patterns=self.pull_image_tag_patterns, + pull_repo_patterns_excludeds=self.pull_repo_patterns_excludeds, + registry_scan_timeout=self.registry_scan_timeout, + scanner_names=self.scanner_names, + scanner_type=self.scanner_type, + type=self.type, + url=self.url, + username=self.username, + webhooks=self.webhooks) + + +def get_integration_registries(advanced_settings_cleanup: Optional[bool] = None, + always_pull_patterns: Optional[Sequence[str]] = None, + image_creation_date_condition: Optional[str] = None, + lastupdate: Optional[int] = None, + name: Optional[str] = None, + options: Optional[Sequence[pulumi.InputType['GetIntegrationRegistriesOptionArgs']]] = None, + pull_image_age: Optional[str] = None, + pull_image_count: Optional[int] = None, + pull_image_tag_patterns: Optional[Sequence[str]] = None, + pull_repo_patterns_excludeds: Optional[Sequence[str]] = None, + registry_scan_timeout: Optional[int] = None, + scanner_names: Optional[Sequence[str]] = None, + scanner_type: Optional[str] = None, + webhooks: Optional[Sequence[pulumi.InputType['GetIntegrationRegistriesWebhookArgs']]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetIntegrationRegistriesResult: + """ + Use this data source to access information about an existing resource. + + :param bool advanced_settings_cleanup: Automatically clean up that don't match the pull criteria + :param Sequence[str] always_pull_patterns: List of image patterns to pull always + :param str image_creation_date_condition: Additional condition for pulling and rescanning images, Defaults to 'none' + :param int lastupdate: The last time the registry was modified in UNIX time + :param str name: The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + :param str pull_image_age: When auto pull image enabled, sets maximum age of auto pulled images + :param int pull_image_count: When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + :param Sequence[str] pull_image_tag_patterns: List of image tags patterns to pull + :param Sequence[str] pull_repo_patterns_excludeds: List of image patterns to exclude + :param int registry_scan_timeout: Registry scan timeout in Minutes + :param Sequence[str] scanner_names: List of scanner names + :param str scanner_type: Scanner type + :param Sequence[pulumi.InputType['GetIntegrationRegistriesWebhookArgs']] webhooks: When enabled, registry events are sent to the given Aqua webhook url + """ + __args__ = dict() + __args__['advancedSettingsCleanup'] = advanced_settings_cleanup + __args__['alwaysPullPatterns'] = always_pull_patterns + __args__['imageCreationDateCondition'] = image_creation_date_condition + __args__['lastupdate'] = lastupdate + __args__['name'] = name + __args__['options'] = options + __args__['pullImageAge'] = pull_image_age + __args__['pullImageCount'] = pull_image_count + __args__['pullImageTagPatterns'] = pull_image_tag_patterns + __args__['pullRepoPatternsExcludeds'] = pull_repo_patterns_excludeds + __args__['registryScanTimeout'] = registry_scan_timeout + __args__['scannerNames'] = scanner_names + __args__['scannerType'] = scanner_type + __args__['webhooks'] = webhooks + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('aquasec:index/getIntegrationRegistries:getIntegrationRegistries', __args__, opts=opts, typ=GetIntegrationRegistriesResult).value + + return AwaitableGetIntegrationRegistriesResult( + advanced_settings_cleanup=pulumi.get(__ret__, 'advanced_settings_cleanup'), + always_pull_patterns=pulumi.get(__ret__, 'always_pull_patterns'), + auto_cleanup=pulumi.get(__ret__, 'auto_cleanup'), + auto_pull=pulumi.get(__ret__, 'auto_pull'), + auto_pull_interval=pulumi.get(__ret__, 'auto_pull_interval'), + auto_pull_max=pulumi.get(__ret__, 'auto_pull_max'), + auto_pull_rescan=pulumi.get(__ret__, 'auto_pull_rescan'), + auto_pull_time=pulumi.get(__ret__, 'auto_pull_time'), + description=pulumi.get(__ret__, 'description'), + id=pulumi.get(__ret__, 'id'), + image_creation_date_condition=pulumi.get(__ret__, 'image_creation_date_condition'), + lastupdate=pulumi.get(__ret__, 'lastupdate'), + name=pulumi.get(__ret__, 'name'), + options=pulumi.get(__ret__, 'options'), + password=pulumi.get(__ret__, 'password'), + prefixes=pulumi.get(__ret__, 'prefixes'), + pull_image_age=pulumi.get(__ret__, 'pull_image_age'), + pull_image_count=pulumi.get(__ret__, 'pull_image_count'), + pull_image_tag_patterns=pulumi.get(__ret__, 'pull_image_tag_patterns'), + pull_repo_patterns_excludeds=pulumi.get(__ret__, 'pull_repo_patterns_excludeds'), + registry_scan_timeout=pulumi.get(__ret__, 'registry_scan_timeout'), + scanner_names=pulumi.get(__ret__, 'scanner_names'), + scanner_type=pulumi.get(__ret__, 'scanner_type'), + type=pulumi.get(__ret__, 'type'), + url=pulumi.get(__ret__, 'url'), + username=pulumi.get(__ret__, 'username'), + webhooks=pulumi.get(__ret__, 'webhooks')) + + +@_utilities.lift_output_func(get_integration_registries) +def get_integration_registries_output(advanced_settings_cleanup: Optional[pulumi.Input[Optional[bool]]] = None, + always_pull_patterns: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, + image_creation_date_condition: Optional[pulumi.Input[Optional[str]]] = None, + lastupdate: Optional[pulumi.Input[Optional[int]]] = None, + name: Optional[pulumi.Input[str]] = None, + options: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetIntegrationRegistriesOptionArgs']]]]] = None, + pull_image_age: Optional[pulumi.Input[Optional[str]]] = None, + pull_image_count: Optional[pulumi.Input[Optional[int]]] = None, + pull_image_tag_patterns: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, + pull_repo_patterns_excludeds: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, + registry_scan_timeout: Optional[pulumi.Input[Optional[int]]] = None, + scanner_names: Optional[pulumi.Input[Optional[Sequence[str]]]] = None, + scanner_type: Optional[pulumi.Input[Optional[str]]] = None, + webhooks: Optional[pulumi.Input[Optional[Sequence[pulumi.InputType['GetIntegrationRegistriesWebhookArgs']]]]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIntegrationRegistriesResult]: + """ + Use this data source to access information about an existing resource. + + :param bool advanced_settings_cleanup: Automatically clean up that don't match the pull criteria + :param Sequence[str] always_pull_patterns: List of image patterns to pull always + :param str image_creation_date_condition: Additional condition for pulling and rescanning images, Defaults to 'none' + :param int lastupdate: The last time the registry was modified in UNIX time + :param str name: The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces + :param str pull_image_age: When auto pull image enabled, sets maximum age of auto pulled images + :param int pull_image_count: When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. + :param Sequence[str] pull_image_tag_patterns: List of image tags patterns to pull + :param Sequence[str] pull_repo_patterns_excludeds: List of image patterns to exclude + :param int registry_scan_timeout: Registry scan timeout in Minutes + :param Sequence[str] scanner_names: List of scanner names + :param str scanner_type: Scanner type + :param Sequence[pulumi.InputType['GetIntegrationRegistriesWebhookArgs']] webhooks: When enabled, registry events are sent to the given Aqua webhook url + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_integration_registry.py b/sdk/python/pulumiverse_aquasec/get_integration_registry.py index c4015a0c..857b8268 100644 --- a/sdk/python/pulumiverse_aquasec/get_integration_registry.py +++ b/sdk/python/pulumiverse_aquasec/get_integration_registry.py @@ -18,6 +18,8 @@ 'get_integration_registry_output', ] +warnings.warn("""aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries""", DeprecationWarning) + @pulumi.output_type class GetIntegrationRegistryResult: """ @@ -109,73 +111,46 @@ def __init__(__self__, advanced_settings_cleanup=None, always_pull_patterns=None @property @pulumi.getter(name="advancedSettingsCleanup") def advanced_settings_cleanup(self) -> Optional[bool]: - """ - Automatically clean up that don't match the pull criteria - """ return pulumi.get(self, "advanced_settings_cleanup") @property @pulumi.getter(name="alwaysPullPatterns") def always_pull_patterns(self) -> Optional[Sequence[str]]: - """ - List of image patterns to pull always - """ return pulumi.get(self, "always_pull_patterns") @property @pulumi.getter(name="autoCleanup") def auto_cleanup(self) -> bool: - """ - Automatically clean up images and repositories which are no longer present in the registry from Aqua console - """ return pulumi.get(self, "auto_cleanup") @property @pulumi.getter(name="autoPull") def auto_pull(self) -> bool: - """ - Whether to automatically pull images from the registry on creation and daily - """ return pulumi.get(self, "auto_pull") @property @pulumi.getter(name="autoPullInterval") def auto_pull_interval(self) -> int: - """ - The interval in days to start pulling new images from the registry, Defaults to 1 - """ return pulumi.get(self, "auto_pull_interval") @property @pulumi.getter(name="autoPullMax") def auto_pull_max(self) -> int: - """ - Maximum number of repositories to pull every day, defaults to 100 - """ return pulumi.get(self, "auto_pull_max") @property @pulumi.getter(name="autoPullRescan") def auto_pull_rescan(self) -> bool: - """ - Whether to automatically pull and rescan images from the registry on creation and daily - """ return pulumi.get(self, "auto_pull_rescan") @property @pulumi.getter(name="autoPullTime") def auto_pull_time(self) -> str: - """ - The time of day to start pulling new images from the registry, in the format HH:MM (24-hour clock), defaults to 03:00 - """ return pulumi.get(self, "auto_pull_time") @property @pulumi.getter def description(self) -> str: - """ - The description of the registry - """ return pulumi.get(self, "description") @property @@ -189,25 +164,16 @@ def id(self) -> str: @property @pulumi.getter(name="imageCreationDateCondition") def image_creation_date_condition(self) -> str: - """ - Additional condition for pulling and rescanning images, Defaults to 'none' - """ return pulumi.get(self, "image_creation_date_condition") @property @pulumi.getter def lastupdate(self) -> int: - """ - The last time the registry was modified in UNIX time - """ return pulumi.get(self, "lastupdate") @property @pulumi.getter def name(self) -> str: - """ - The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - """ return pulumi.get(self, "name") @property @@ -218,105 +184,66 @@ def options(self) -> Optional[Sequence['outputs.GetIntegrationRegistryOptionResu @property @pulumi.getter def password(self) -> str: - """ - The password for registry authentication - """ return pulumi.get(self, "password") @property @pulumi.getter def prefixes(self) -> Sequence[str]: - """ - List of possible prefixes to image names pulled from the registry - """ return pulumi.get(self, "prefixes") @property @pulumi.getter(name="pullImageAge") def pull_image_age(self) -> str: - """ - When auto pull image enabled, sets maximum age of auto pulled images - """ return pulumi.get(self, "pull_image_age") @property @pulumi.getter(name="pullImageCount") def pull_image_count(self) -> int: - """ - When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - """ return pulumi.get(self, "pull_image_count") @property @pulumi.getter(name="pullImageTagPatterns") def pull_image_tag_patterns(self) -> Optional[Sequence[str]]: - """ - List of image tags patterns to pull - """ return pulumi.get(self, "pull_image_tag_patterns") @property @pulumi.getter(name="pullRepoPatternsExcludeds") def pull_repo_patterns_excludeds(self) -> Optional[Sequence[str]]: - """ - List of image patterns to exclude - """ return pulumi.get(self, "pull_repo_patterns_excludeds") @property @pulumi.getter(name="registryScanTimeout") def registry_scan_timeout(self) -> Optional[int]: - """ - Registry scan timeout in Minutes - """ return pulumi.get(self, "registry_scan_timeout") @property @pulumi.getter(name="scannerNames") def scanner_names(self) -> Sequence[str]: - """ - List of scanner names - """ return pulumi.get(self, "scanner_names") @property @pulumi.getter(name="scannerType") def scanner_type(self) -> str: - """ - Scanner type - """ return pulumi.get(self, "scanner_type") @property @pulumi.getter def type(self) -> str: - """ - Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). - """ return pulumi.get(self, "type") @property @pulumi.getter def url(self) -> str: - """ - The URL, address or region of the registry - """ return pulumi.get(self, "url") @property @pulumi.getter def username(self) -> str: - """ - The username for registry authentication. - """ return pulumi.get(self, "username") @property @pulumi.getter def webhooks(self) -> Optional[Sequence['outputs.GetIntegrationRegistryWebhookResult']]: - """ - When enabled, registry events are sent to the given Aqua webhook url - """ return pulumi.get(self, "webhooks") @@ -372,21 +299,8 @@ def get_integration_registry(advanced_settings_cleanup: Optional[bool] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetIntegrationRegistryResult: """ Use this data source to access information about an existing resource. - - :param bool advanced_settings_cleanup: Automatically clean up that don't match the pull criteria - :param Sequence[str] always_pull_patterns: List of image patterns to pull always - :param str image_creation_date_condition: Additional condition for pulling and rescanning images, Defaults to 'none' - :param int lastupdate: The last time the registry was modified in UNIX time - :param str name: The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - :param str pull_image_age: When auto pull image enabled, sets maximum age of auto pulled images - :param int pull_image_count: When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - :param Sequence[str] pull_image_tag_patterns: List of image tags patterns to pull - :param Sequence[str] pull_repo_patterns_excludeds: List of image patterns to exclude - :param int registry_scan_timeout: Registry scan timeout in Minutes - :param Sequence[str] scanner_names: List of scanner names - :param str scanner_type: Scanner type - :param Sequence[pulumi.InputType['GetIntegrationRegistryWebhookArgs']] webhooks: When enabled, registry events are sent to the given Aqua webhook url """ + pulumi.log.warn("""get_integration_registry is deprecated: aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries""") __args__ = dict() __args__['advancedSettingsCleanup'] = advanced_settings_cleanup __args__['alwaysPullPatterns'] = always_pull_patterns @@ -453,19 +367,6 @@ def get_integration_registry_output(advanced_settings_cleanup: Optional[pulumi.I opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIntegrationRegistryResult]: """ Use this data source to access information about an existing resource. - - :param bool advanced_settings_cleanup: Automatically clean up that don't match the pull criteria - :param Sequence[str] always_pull_patterns: List of image patterns to pull always - :param str image_creation_date_condition: Additional condition for pulling and rescanning images, Defaults to 'none' - :param int lastupdate: The last time the registry was modified in UNIX time - :param str name: The name of the registry; string, required - this will be treated as the registry's ID, so choose a simple alphanumerical name without special signs and spaces - :param str pull_image_age: When auto pull image enabled, sets maximum age of auto pulled images - :param int pull_image_count: When auto pull image enabled, sets maximum age of auto pulled images tags from each repository. - :param Sequence[str] pull_image_tag_patterns: List of image tags patterns to pull - :param Sequence[str] pull_repo_patterns_excludeds: List of image patterns to exclude - :param int registry_scan_timeout: Registry scan timeout in Minutes - :param Sequence[str] scanner_names: List of scanner names - :param str scanner_type: Scanner type - :param Sequence[pulumi.InputType['GetIntegrationRegistryWebhookArgs']] webhooks: When enabled, registry events are sent to the given Aqua webhook url """ + pulumi.log.warn("""get_integration_registry is deprecated: aquasec.index/getintegrationregistry.getIntegrationRegistry has been deprecated in favor of aquasec.index/getintegrationregistries.getIntegrationRegistries""") ... diff --git a/sdk/python/pulumiverse_aquasec/get_integration_state.py b/sdk/python/pulumiverse_aquasec/get_integration_state.py index 56f2dbd7..a6d4d8a9 100644 --- a/sdk/python/pulumiverse_aquasec/get_integration_state.py +++ b/sdk/python/pulumiverse_aquasec/get_integration_state.py @@ -13,6 +13,7 @@ 'GetIntegrationStateResult', 'AwaitableGetIntegrationStateResult', 'get_integration_state', + 'get_integration_state_output', ] @pulumi.output_type @@ -100,3 +101,19 @@ def get_integration_state(opts: Optional[pulumi.InvokeOptions] = None) -> Awaita oidc_settings=pulumi.get(__ret__, 'oidc_settings'), openid_settings=pulumi.get(__ret__, 'openid_settings'), saml_settings=pulumi.get(__ret__, 'saml_settings')) + + +@_utilities.lift_output_func(get_integration_state) +def get_integration_state_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIntegrationStateResult]: + """ + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + integration_state = aquasec.get_integration_state() + pulumi.export("aquasecIntegrationState", integration_state) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_kubernetes_assurance_policy.py b/sdk/python/pulumiverse_aquasec/get_kubernetes_assurance_policy.py index 4ab465f2..233eeee4 100644 --- a/sdk/python/pulumiverse_aquasec/get_kubernetes_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/get_kubernetes_assurance_policy.py @@ -321,7 +321,7 @@ def blacklisted_licenses(self) -> Sequence[str]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> bool: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -363,7 +363,7 @@ def custom_severity_enabled(self) -> bool: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> bool: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -371,7 +371,7 @@ def cves_black_list_enabled(self) -> bool: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Sequence[str]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -379,7 +379,7 @@ def cves_black_lists(self) -> Sequence[str]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> bool: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -387,7 +387,7 @@ def cves_white_list_enabled(self) -> bool: @pulumi.getter(name="cvesWhiteLists") def cves_white_lists(self) -> Sequence[str]: """ - List of cves whitelisted licenses + List of CVEs whitelisted licenses """ return pulumi.get(self, "cves_white_lists") @@ -395,7 +395,7 @@ def cves_white_lists(self) -> Sequence[str]: @pulumi.getter(name="cvssSeverity") def cvss_severity(self) -> str: """ - Identifier of the cvss severity. + Identifier of the CVSS severity. """ return pulumi.get(self, "cvss_severity") @@ -403,7 +403,7 @@ def cvss_severity(self) -> str: @pulumi.getter(name="cvssSeverityEnabled") def cvss_severity_enabled(self) -> bool: """ - Indicates if the cvss severity is scanned. + Indicates if the CVSS severity is scanned. """ return pulumi.get(self, "cvss_severity_enabled") @@ -411,7 +411,7 @@ def cvss_severity_enabled(self) -> bool: @pulumi.getter(name="cvssSeverityExcludeNoFix") def cvss_severity_exclude_no_fix(self) -> bool: """ - Indicates that policy should ignore cvss cases that do not have a known fix. + Indicates that policy should ignore CVSS cases that do not have a known fix. """ return pulumi.get(self, "cvss_severity_exclude_no_fix") @@ -431,6 +431,9 @@ def disallow_malware(self) -> bool: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> bool: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -479,13 +482,16 @@ def enforce_excessive_permissions(self) -> bool: @property @pulumi.getter(name="exceptionalMonitoredMalwarePaths") def exceptional_monitored_malware_paths(self) -> Sequence[str]: + """ + Directories to be excluded from monitoring. + """ return pulumi.get(self, "exceptional_monitored_malware_paths") @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> bool: """ - Indicates if cicd failures will fail the image. + Indicates if CI/CD failures will fail the image. """ return pulumi.get(self, "fail_cicd") @@ -554,6 +560,9 @@ def images(self) -> Sequence[str]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> bool: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @property @@ -604,6 +613,9 @@ def maximum_score_exclude_no_fix(self) -> bool: @property @pulumi.getter(name="monitoredMalwarePaths") def monitored_malware_paths(self) -> Sequence[str]: + """ + Directories to be monitored. + """ return pulumi.get(self, "monitored_malware_paths") @property @@ -631,7 +643,7 @@ def packages_black_list_enabled(self) -> bool: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Sequence['outputs.GetKubernetesAssurancePolicyPackagesBlackListResult']: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -701,7 +713,7 @@ def scan_sensitive_data(self) -> bool: @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> bool: """ - Indicates if scanning should include scap. + Indicates if scanning should include SCAP. """ return pulumi.get(self, "scap_enabled") diff --git a/sdk/python/pulumiverse_aquasec/get_notifications.py b/sdk/python/pulumiverse_aquasec/get_notifications.py index f0009762..0cf67c36 100644 --- a/sdk/python/pulumiverse_aquasec/get_notifications.py +++ b/sdk/python/pulumiverse_aquasec/get_notifications.py @@ -14,6 +14,7 @@ 'GetNotificationsResult', 'AwaitableGetNotificationsResult', 'get_notifications', + 'get_notifications_output', ] @pulumi.output_type @@ -124,3 +125,11 @@ def get_notifications(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableG splunks=pulumi.get(__ret__, 'splunks'), teams=pulumi.get(__ret__, 'teams'), webhooks=pulumi.get(__ret__, 'webhooks')) + + +@_utilities.lift_output_func(get_notifications) +def get_notifications_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetNotificationsResult]: + """ + Use this data source to access information about an existing resource. + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_permissions_sets.py b/sdk/python/pulumiverse_aquasec/get_permissions_sets.py index ee72a167..503f90b4 100644 --- a/sdk/python/pulumiverse_aquasec/get_permissions_sets.py +++ b/sdk/python/pulumiverse_aquasec/get_permissions_sets.py @@ -14,6 +14,7 @@ 'GetPermissionsSetsResult', 'AwaitableGetPermissionsSetsResult', 'get_permissions_sets', + 'get_permissions_sets_output', ] @pulumi.output_type @@ -75,3 +76,22 @@ def get_permissions_sets(opts: Optional[pulumi.InvokeOptions] = None) -> Awaitab return AwaitableGetPermissionsSetsResult( id=pulumi.get(__ret__, 'id'), permissions_sets=pulumi.get(__ret__, 'permissions_sets')) + + +@_utilities.lift_output_func(get_permissions_sets) +def get_permissions_sets_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetPermissionsSetsResult]: + """ + The data source `PermissionsSets` provides a method to query all permissions within the Aqua CSPMThe fields returned from this query are detailed in the Schema section below. + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + testpermissionsset = aquasec.get_permissions_sets() + pulumi.export("permissionsSets", testpermissionsset) + pulumi.export("permissionsSetsNames", [[__item.name for __item in __item.permissions_sets] for __item in [testpermissionsset]]) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_roles.py b/sdk/python/pulumiverse_aquasec/get_roles.py index 290e90c0..6106c824 100644 --- a/sdk/python/pulumiverse_aquasec/get_roles.py +++ b/sdk/python/pulumiverse_aquasec/get_roles.py @@ -14,6 +14,7 @@ 'GetRolesResult', 'AwaitableGetRolesResult', 'get_roles', + 'get_roles_output', ] @pulumi.output_type @@ -74,3 +75,21 @@ def get_roles(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRolesR return AwaitableGetRolesResult( id=pulumi.get(__ret__, 'id'), roles=pulumi.get(__ret__, 'roles')) + + +@_utilities.lift_output_func(get_roles) +def get_roles_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRolesResult]: + """ + The data source `get_roles` provides a method to query all roles within the Aqua account managementrole database. The fields returned from this query are detailed in the Schema section below. + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + roles = aquasec.get_roles() + pulumi.export("firstUserName", roles.roles[0]) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_roles_mapping.py b/sdk/python/pulumiverse_aquasec/get_roles_mapping.py index 7fae94f6..82cc31f1 100644 --- a/sdk/python/pulumiverse_aquasec/get_roles_mapping.py +++ b/sdk/python/pulumiverse_aquasec/get_roles_mapping.py @@ -14,6 +14,7 @@ 'GetRolesMappingResult', 'AwaitableGetRolesMappingResult', 'get_roles_mapping', + 'get_roles_mapping_output', ] @pulumi.output_type @@ -115,3 +116,20 @@ def get_roles_mapping(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableG oauth2s=pulumi.get(__ret__, 'oauth2s'), openids=pulumi.get(__ret__, 'openids'), samls=pulumi.get(__ret__, 'samls')) + + +@_utilities.lift_output_func(get_roles_mapping) +def get_roles_mapping_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRolesMappingResult]: + """ + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + roles_mapping = aquasec.get_roles_mapping() + pulumi.export("roleMappingAll", roles_mapping) + pulumi.export("roleMappingSaml", roles_mapping.samls) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_roles_mapping_saas.py b/sdk/python/pulumiverse_aquasec/get_roles_mapping_saas.py index c318d125..83a6df6c 100644 --- a/sdk/python/pulumiverse_aquasec/get_roles_mapping_saas.py +++ b/sdk/python/pulumiverse_aquasec/get_roles_mapping_saas.py @@ -14,6 +14,7 @@ 'GetRolesMappingSaasResult', 'AwaitableGetRolesMappingSaasResult', 'get_roles_mapping_saas', + 'get_roles_mapping_saas_output', ] @pulumi.output_type @@ -72,3 +73,19 @@ def get_roles_mapping_saas(opts: Optional[pulumi.InvokeOptions] = None) -> Await return AwaitableGetRolesMappingSaasResult( id=pulumi.get(__ret__, 'id'), roles_mappings=pulumi.get(__ret__, 'roles_mappings')) + + +@_utilities.lift_output_func(get_roles_mapping_saas) +def get_roles_mapping_saas_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRolesMappingSaasResult]: + """ + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + roles_mapping_saas = aquasec.get_roles_mapping_saas() + pulumi.export("roleMapping", roles_mapping_saas.roles_mappings) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_service.py b/sdk/python/pulumiverse_aquasec/get_service.py index 93247ca5..96955cc3 100644 --- a/sdk/python/pulumiverse_aquasec/get_service.py +++ b/sdk/python/pulumiverse_aquasec/get_service.py @@ -349,8 +349,6 @@ def get_service(name: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetServiceResult: """ Use this data source to access information about an existing resource. - - :param str name: The name of the service. It is recommended not to use whitespace characters in the name. """ __args__ = dict() __args__['name'] = name @@ -391,7 +389,5 @@ def get_service_output(name: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetServiceResult]: """ Use this data source to access information about an existing resource. - - :param str name: The name of the service. It is recommended not to use whitespace characters in the name. """ ... diff --git a/sdk/python/pulumiverse_aquasec/get_users.py b/sdk/python/pulumiverse_aquasec/get_users.py index 6bb4d24e..b843c949 100644 --- a/sdk/python/pulumiverse_aquasec/get_users.py +++ b/sdk/python/pulumiverse_aquasec/get_users.py @@ -14,6 +14,7 @@ 'GetUsersResult', 'AwaitableGetUsersResult', 'get_users', + 'get_users_output', ] @pulumi.output_type @@ -74,3 +75,21 @@ def get_users(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetUsersR return AwaitableGetUsersResult( id=pulumi.get(__ret__, 'id'), users=pulumi.get(__ret__, 'users')) + + +@_utilities.lift_output_func(get_users) +def get_users_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetUsersResult]: + """ + The data source `get_users` provides a method to query all users within the Aqua users database. The fields returned from this query are detailed in the Schema section below. + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + users = aquasec.get_users() + pulumi.export("firstUserName", users.users[0].name) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/get_users_saas.py b/sdk/python/pulumiverse_aquasec/get_users_saas.py index 3e3f6694..f021f9ff 100644 --- a/sdk/python/pulumiverse_aquasec/get_users_saas.py +++ b/sdk/python/pulumiverse_aquasec/get_users_saas.py @@ -14,6 +14,7 @@ 'GetUsersSaasResult', 'AwaitableGetUsersSaasResult', 'get_users_saas', + 'get_users_saas_output', ] @pulumi.output_type @@ -74,3 +75,21 @@ def get_users_saas(opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetU return AwaitableGetUsersSaasResult( id=pulumi.get(__ret__, 'id'), users=pulumi.get(__ret__, 'users')) + + +@_utilities.lift_output_func(get_users_saas) +def get_users_saas_output(opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetUsersSaasResult]: + """ + The data source `get_users_saas` provides a method to query all saas users within the Aqua users management. The fields returned from this query are detailed in the Schema section below. + + ## Example Usage + + ```python + import pulumi + import pulumi_aquasec as aquasec + + users = aquasec.get_users() + pulumi.export("firstUserEmail", data["aquasec_users_saas"]["users"]["users"][0]["email"]) + ``` + """ + ... diff --git a/sdk/python/pulumiverse_aquasec/host_assurance_policy.py b/sdk/python/pulumiverse_aquasec/host_assurance_policy.py index 15237ca2..1aa4df1b 100644 --- a/sdk/python/pulumiverse_aquasec/host_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/host_assurance_policy.py @@ -17,8 +17,11 @@ class HostAssurancePolicyArgs: def __init__(__self__, *, application_scopes: pulumi.Input[Sequence[pulumi.Input[str]]], + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyAutoScanTimeArgs']]]] = None, @@ -30,6 +33,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -39,6 +43,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -50,17 +55,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -68,56 +82,70 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['HostAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + windows_cis_enabled: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a HostAssurancePolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -128,12 +156,19 @@ def __init__(__self__, *, :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] windows_cis_enabled: Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). """ pulumi.set(__self__, "application_scopes", application_scopes) + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) + if author is not None: + pulumi.set(__self__, "author", author) if auto_scan_configured is not None: pulumi.set(__self__, "auto_scan_configured", auto_scan_configured) if auto_scan_enabled is not None: @@ -156,6 +191,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -174,6 +211,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -196,6 +235,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) if fail_cicd is not None: pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: @@ -206,18 +247,34 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) + if ignore_recently_published_vln_period is not None: + pulumi.set(__self__, "ignore_recently_published_vln_period", ignore_recently_published_vln_period) if ignore_risk_resources_enabled is not None: pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -232,6 +289,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -242,6 +301,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -252,10 +315,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -266,10 +335,16 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + if windows_cis_enabled is not None: + pulumi.set(__self__, "windows_cis_enabled", windows_cis_enabled) @property @pulumi.getter(name="applicationScopes") @@ -280,6 +355,18 @@ def application_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: def application_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -292,6 +379,18 @@ def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def allowed_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "allowed_images", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -304,6 +403,18 @@ def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: def audit_on_failure(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_on_failure", value) + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + @property @pulumi.getter(name="autoScanConfigured") def auto_scan_configured(self) -> Optional[pulumi.Input[bool]]: @@ -371,7 +482,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -424,6 +535,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -437,7 +557,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -449,7 +569,7 @@ def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -461,7 +581,7 @@ def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -526,6 +646,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -541,6 +670,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -631,6 +763,15 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> Optional[pulumi.Input[bool]]: @@ -679,6 +820,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -688,6 +838,15 @@ def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: def ignore_recently_published_vln(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "ignore_recently_published_vln", value) + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @ignore_recently_published_vln_period.setter + def ignore_recently_published_vln_period(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ignore_recently_published_vln_period", value) + @property @pulumi.getter(name="ignoreRiskResourcesEnabled") def ignore_risk_resources_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -712,6 +871,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -727,12 +895,42 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -745,6 +943,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -820,6 +1036,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -836,7 +1061,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -877,6 +1102,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['HostAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['HostAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -925,6 +1168,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -934,6 +1186,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -946,6 +1207,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1003,6 +1273,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1027,12 +1315,26 @@ def whitelisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "whitelisted_licenses_enabled", value) + @property + @pulumi.getter(name="windowsCisEnabled") + def windows_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + """ + return pulumi.get(self, "windows_cis_enabled") + + @windows_cis_enabled.setter + def windows_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "windows_cis_enabled", value) + @pulumi.input_type class _HostAssurancePolicyState: def __init__(__self__, *, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -1046,6 +1348,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -1055,6 +1358,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -1066,18 +1370,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -1085,57 +1397,70 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['HostAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + windows_cis_enabled: Optional[pulumi.Input[bool]] = None): """ Input properties used for looking up and filtering HostAssurancePolicy resources. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -1146,11 +1471,16 @@ def __init__(__self__, *, :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] windows_cis_enabled: Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). """ + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) if author is not None: @@ -1177,6 +1507,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -1195,6 +1527,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -1217,6 +1551,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) if fail_cicd is not None: pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: @@ -1227,6 +1563,8 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) if ignore_recently_published_vln_period is not None: @@ -1235,12 +1573,24 @@ def __init__(__self__, *, pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -1255,6 +1605,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -1265,6 +1617,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -1275,10 +1631,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -1289,10 +1651,28 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + if windows_cis_enabled is not None: + pulumi.set(__self__, "windows_cis_enabled", windows_cis_enabled) + + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) @property @pulumi.getter(name="allowedImages") @@ -1315,6 +1695,18 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -1406,7 +1798,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -1459,6 +1851,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1472,7 +1873,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -1484,7 +1885,7 @@ def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -1496,7 +1897,7 @@ def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -1561,6 +1962,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -1576,6 +1986,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -1666,6 +2079,15 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> Optional[pulumi.Input[bool]]: @@ -1714,6 +2136,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -1756,6 +2187,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1771,12 +2211,42 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1789,6 +2259,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -1864,6 +2352,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1880,7 +2377,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -1921,6 +2418,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['HostAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['HostAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -1969,6 +2484,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -1978,6 +2502,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -1990,6 +2523,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -2047,6 +2589,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -2071,15 +2631,30 @@ def whitelisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "whitelisted_licenses_enabled", value) + @property + @pulumi.getter(name="windowsCisEnabled") + def windows_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + """ + return pulumi.get(self, "windows_cis_enabled") + + @windows_cis_enabled.setter + def windows_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "windows_cis_enabled", value) + class HostAssurancePolicy(pulumi.CustomResource): @overload def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2091,6 +2666,7 @@ def __init__(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2100,6 +2676,7 @@ def __init__(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2111,17 +2688,26 @@ def __init__(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2129,59 +2715,78 @@ def __init__(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['HostAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + windows_cis_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): """ - Create a HostAssurancePolicy resource with the given unique name, props, and options. + Host Assurance is a subsystem of Aqua. It is responsible for: + Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. + Evaluates scan findings according to defined Host Assurance Policies. + Determines host compliance based on these policies. + Generates an audit event for host assurance failure. + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2192,6 +2797,7 @@ def __init__(__self__, :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] windows_cis_enabled: Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). """ ... @overload @@ -2200,7 +2806,12 @@ def __init__(__self__, args: HostAssurancePolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Create a HostAssurancePolicy resource with the given unique name, props, and options. + Host Assurance is a subsystem of Aqua. It is responsible for: + Scans host VMs and Kubernetes nodes' file system for security issues, vulnerabilities in OS and programming language packages, open-source licenses, and compliance with CIS benchmarks. + Evaluates scan findings according to defined Host Assurance Policies. + Determines host compliance based on these policies. + Generates an audit event for host assurance failure. + :param str resource_name: The name of the resource. :param HostAssurancePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -2216,9 +2827,12 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2230,6 +2844,7 @@ def _internal_init(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2239,6 +2854,7 @@ def _internal_init(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2250,17 +2866,26 @@ def _internal_init(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2268,25 +2893,34 @@ def _internal_init(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['HostAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + windows_cis_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -2296,11 +2930,14 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = HostAssurancePolicyArgs.__new__(HostAssurancePolicyArgs) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images if application_scopes is None and not opts.urn: raise TypeError("Missing required property 'application_scopes'") __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure + __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured __props__.__dict__["auto_scan_enabled"] = auto_scan_enabled __props__.__dict__["auto_scan_times"] = auto_scan_times @@ -2312,6 +2949,7 @@ def _internal_init(__self__, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2321,6 +2959,7 @@ def _internal_init(__self__, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2332,17 +2971,26 @@ def _internal_init(__self__, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln + __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2350,27 +2998,34 @@ def _internal_init(__self__, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled - __props__.__dict__["author"] = None - __props__.__dict__["ignore_recently_published_vln_period"] = None + __props__.__dict__["windows_cis_enabled"] = windows_cis_enabled super(HostAssurancePolicy, __self__).__init__( 'aquasec:index/hostAssurancePolicy:HostAssurancePolicy', resource_name, @@ -2381,8 +3036,10 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -2396,6 +3053,7 @@ def get(resource_name: str, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2405,6 +3063,7 @@ def get(resource_name: str, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2416,18 +3075,26 @@ def get(resource_name: str, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2435,25 +3102,34 @@ def get(resource_name: str, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['HostAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None) -> 'HostAssurancePolicy': + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + windows_cis_enabled: Optional[pulumi.Input[bool]] = None) -> 'HostAssurancePolicy': """ Get an existing HostAssurancePolicy resource's state with the given name, id, and optional extra properties used to qualify the lookup. @@ -2461,36 +3137,40 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2501,13 +3181,16 @@ def get(resource_name: str, :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] windows_cis_enabled: Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) __props__ = _HostAssurancePolicyState.__new__(_HostAssurancePolicyState) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured @@ -2521,6 +3204,7 @@ def get(resource_name: str, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2530,6 +3214,7 @@ def get(resource_name: str, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2541,18 +3226,26 @@ def get(resource_name: str, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2560,27 +3253,44 @@ def get(resource_name: str, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled + __props__.__dict__["windows_cis_enabled"] = windows_cis_enabled return HostAssurancePolicy(resource_name, opts=opts, __props__=__props__) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2594,6 +3304,14 @@ def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: def application_scopes(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "application_scopes") + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> pulumi.Output[str]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> pulumi.Output[Optional[bool]]: @@ -2653,7 +3371,7 @@ def blacklisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -2686,6 +3404,11 @@ def custom_checks_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "custom_checks_enabled") + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> pulumi.Output[str]: + return pulumi.get(self, "custom_severity") + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2695,7 +3418,7 @@ def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -2703,7 +3426,7 @@ def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -2711,7 +3434,7 @@ def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -2752,6 +3475,11 @@ def cvss_severity_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: def description(self) -> pulumi.Output[Optional[str]]: return pulumi.get(self, "description") + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "disallow_exploit_types") + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @@ -2763,6 +3491,9 @@ def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -2813,6 +3544,11 @@ def enforce_excessive_permissions(self) -> pulumi.Output[Optional[bool]]: def exceptional_monitored_malware_paths(self) -> pulumi.Output[Optional[Sequence[str]]]: return pulumi.get(self, "exceptional_monitored_malware_paths") + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "exclude_application_scopes") + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> pulumi.Output[Optional[bool]]: @@ -2841,6 +3577,11 @@ def force_microenforcer(self) -> pulumi.Output[Optional[bool]]: def function_integrity_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "function_integrity_enabled") + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> pulumi.Output[Optional[bool]]: @@ -2867,6 +3608,11 @@ def ignored_risk_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "ignored_risk_resources") + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "ignored_sensitive_resources") + @property @pulumi.getter def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2878,8 +3624,26 @@ def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls") + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_names") + @property @pulumi.getter def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2888,6 +3652,16 @@ def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "labels") + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[str]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "linux_cis_enabled") + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> pulumi.Output[Optional[str]]: @@ -2935,6 +3709,11 @@ def only_none_root_users(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "only_none_root_users") + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2947,7 +3726,7 @@ def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> pulumi.Output[Optional[Sequence['outputs.HostAssurancePolicyPackagesBlackList']]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -2972,6 +3751,16 @@ def packages_white_lists(self) -> pulumi.Output[Optional[Sequence['outputs.HostA def partial_results_image_fail(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "partial_results_image_fail") + @property + @pulumi.getter + def permission(self) -> pulumi.Output[str]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> pulumi.Output['outputs.HostAssurancePolicyPolicySettings']: + return pulumi.get(self, "policy_settings") + @property @pulumi.getter(name="readOnly") def read_only(self) -> pulumi.Output[Optional[bool]]: @@ -3000,11 +3789,21 @@ def required_labels(self) -> pulumi.Output[Optional[Sequence['outputs.HostAssura def required_labels_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "required_labels_enabled") + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "scan_nfs_mounts") + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_process_memory") + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: @@ -3013,6 +3812,11 @@ def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "scan_sensitive_data") + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_windows_registry") + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -3050,6 +3854,16 @@ def trusted_base_images_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "trusted_base_images_enabled") + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> pulumi.Output[Sequence[int]]: + return pulumi.get(self, "vulnerability_score_ranges") + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -3066,3 +3880,11 @@ def whitelisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "whitelisted_licenses_enabled") + @property + @pulumi.getter(name="windowsCisEnabled") + def windows_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Checks the host according to the Windows CIS benchmark (relevant for hosts running Windows). + """ + return pulumi.get(self, "windows_cis_enabled") + diff --git a/sdk/python/pulumiverse_aquasec/host_runtime_policy.py b/sdk/python/pulumiverse_aquasec/host_runtime_policy.py index b101debc..1540f912 100644 --- a/sdk/python/pulumiverse_aquasec/host_runtime_policy.py +++ b/sdk/python/pulumiverse_aquasec/host_runtime_policy.py @@ -16,73 +16,131 @@ @pulumi.input_type class HostRuntimePolicyArgs: def __init__(__self__, *, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - audit_all_os_user_activity: Optional[pulumi.Input[bool]] = None, audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, audit_host_failed_login_events: Optional[pulumi.Input[bool]] = None, audit_host_successful_login_events: Optional[pulumi.Input[bool]] = None, audit_user_account_management: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input['HostRuntimePolicyAuditingArgs']] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input['HostRuntimePolicyBlacklistedOsUsersArgs']] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, blocked_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]]] = None, + container_exec: Optional[pulumi.Input['HostRuntimePolicyContainerExecArgs']] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input['HostRuntimePolicyFailedKubernetesChecksArgs']] = None, + file_block: Optional[pulumi.Input['HostRuntimePolicyFileBlockArgs']] = None, file_integrity_monitoring: Optional[pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs']] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]]] = None, + linux_capabilities: Optional[pulumi.Input['HostRuntimePolicyLinuxCapabilitiesArgs']] = None, malware_scan_options: Optional[pulumi.Input['HostRuntimePolicyMalwareScanOptionsArgs']] = None, monitor_system_log_integrity: Optional[pulumi.Input[bool]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, monitor_windows_services: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, os_groups_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_groups_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - port_scanning_detection: Optional[pulumi.Input[bool]] = None, + package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyPackageBlockArgs']]]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input['HostRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.Input['HostRuntimePolicyReadonlyFilesArgs']] = None, + readonly_registry: Optional[pulumi.Input['HostRuntimePolicyReadonlyRegistryArgs']] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input['HostRuntimePolicyRegistryAccessMonitoringArgs']] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]]] = None, + reverse_shell: Optional[pulumi.Input['HostRuntimePolicyReverseShellArgs']] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]]] = None, - windows_registry_monitoring: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs']] = None, - windows_registry_protection: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs']] = None): + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]]] = None, + system_integrity_protection: Optional[pulumi.Input['HostRuntimePolicySystemIntegrityProtectionArgs']] = None, + tripwire: Optional[pulumi.Input['HostRuntimePolicyTripwireArgs']] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input['HostRuntimePolicyWhitelistedOsUsersArgs']] = None): """ The set of arguments for constructing a HostRuntimePolicy resource. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. - :param pulumi.Input[bool] audit_all_os_user_activity: If true, all process activity will be audited. :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. :param pulumi.Input[bool] audit_host_failed_login_events: If true, host failed logins will be audited. :param pulumi.Input[bool] audit_host_successful_login_events: If true, host successful logins will be audited. :param pulumi.Input[bool] audit_user_account_management: If true, account management will be audited. + :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_files: List of files that are prevented from being read, modified and executed in the containers. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the host runtime policy - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs'] file_integrity_monitoring: Configuration for file integrity monitoring. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]] limit_container_privileges: Container privileges configuration. :param pulumi.Input['HostRuntimePolicyMalwareScanOptionsArgs'] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_log_integrity: If true, system log will be monitored. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. :param pulumi.Input[bool] monitor_windows_services: If true, windows service operations will be monitored. - :param pulumi.Input[str] name: Name of the host runtime policy + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_alloweds: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_blockeds: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_alloweds: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_blockeds: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - :param pulumi.Input[Sequence[pulumi.Input[str]]] package_blocks: List of packages that are not allowed read, write or execute all files that under the packages. - :param pulumi.Input[bool] port_scanning_detection: If true, port scanning behaviors will be audited. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]] scope_variables: List of scope attributes. - :param pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs'] windows_registry_monitoring: Configuration for windows registry monitoring. - :param pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs'] windows_registry_protection: Configuration for windows registry protection. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]] scopes: Scope configuration. """ + if allowed_executables is not None: + pulumi.set(__self__, "allowed_executables", allowed_executables) + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) - if audit_all_os_user_activity is not None: - pulumi.set(__self__, "audit_all_os_user_activity", audit_all_os_user_activity) if audit_brute_force_login is not None: pulumi.set(__self__, "audit_brute_force_login", audit_brute_force_login) if audit_full_command_arguments is not None: @@ -93,22 +151,84 @@ def __init__(__self__, *, pulumi.set(__self__, "audit_host_successful_login_events", audit_host_successful_login_events) if audit_user_account_management is not None: pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if auditing is not None: + pulumi.set(__self__, "auditing", auditing) + if author is not None: + pulumi.set(__self__, "author", author) + if blacklisted_os_users is not None: + pulumi.set(__self__, "blacklisted_os_users", blacklisted_os_users) + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) if block_cryptocurrency_mining is not None: pulumi.set(__self__, "block_cryptocurrency_mining", block_cryptocurrency_mining) + if block_disallowed_images is not None: + pulumi.set(__self__, "block_disallowed_images", block_disallowed_images) + if block_fileless_exec is not None: + pulumi.set(__self__, "block_fileless_exec", block_fileless_exec) + if block_non_compliant_workloads is not None: + pulumi.set(__self__, "block_non_compliant_workloads", block_non_compliant_workloads) + if block_non_k8s_containers is not None: + pulumi.set(__self__, "block_non_k8s_containers", block_non_k8s_containers) if blocked_files is not None: pulumi.set(__self__, "blocked_files", blocked_files) + if bypass_scopes is not None: + pulumi.set(__self__, "bypass_scopes", bypass_scopes) + if container_exec is not None: + pulumi.set(__self__, "container_exec", container_exec) + if created is not None: + pulumi.set(__self__, "created", created) + if cve is not None: + pulumi.set(__self__, "cve", cve) + if default_security_profile is not None: + pulumi.set(__self__, "default_security_profile", default_security_profile) if description is not None: pulumi.set(__self__, "description", description) - if enable_ip_reputation_security is not None: - pulumi.set(__self__, "enable_ip_reputation_security", enable_ip_reputation_security) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if drift_preventions is not None: + pulumi.set(__self__, "drift_preventions", drift_preventions) + if enable_crypto_mining_dns is not None: + pulumi.set(__self__, "enable_crypto_mining_dns", enable_crypto_mining_dns) + if enable_fork_guard is not None: + pulumi.set(__self__, "enable_fork_guard", enable_fork_guard) + if enable_ip_reputation is not None: + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) + if enable_port_scan_protection is not None: + pulumi.set(__self__, "enable_port_scan_protection", enable_port_scan_protection) if enabled is not None: pulumi.set(__self__, "enabled", enabled) if enforce is not None: pulumi.set(__self__, "enforce", enforce) if enforce_after_days is not None: pulumi.set(__self__, "enforce_after_days", enforce_after_days) + if enforce_scheduler_added_on is not None: + pulumi.set(__self__, "enforce_scheduler_added_on", enforce_scheduler_added_on) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if executable_blacklists is not None: + pulumi.set(__self__, "executable_blacklists", executable_blacklists) + if failed_kubernetes_checks is not None: + pulumi.set(__self__, "failed_kubernetes_checks", failed_kubernetes_checks) + if file_block is not None: + pulumi.set(__self__, "file_block", file_block) if file_integrity_monitoring is not None: pulumi.set(__self__, "file_integrity_monitoring", file_integrity_monitoring) + if fork_guard_process_limit is not None: + pulumi.set(__self__, "fork_guard_process_limit", fork_guard_process_limit) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if is_auto_generated is not None: + pulumi.set(__self__, "is_auto_generated", is_auto_generated) + if is_ootb_policy is not None: + pulumi.set(__self__, "is_ootb_policy", is_ootb_policy) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if limit_container_privileges is not None: + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) + if linux_capabilities is not None: + pulumi.set(__self__, "linux_capabilities", linux_capabilities) if malware_scan_options is not None: pulumi.set(__self__, "malware_scan_options", malware_scan_options) if monitor_system_log_integrity is not None: @@ -119,6 +239,10 @@ def __init__(__self__, *, pulumi.set(__self__, "monitor_windows_services", monitor_windows_services) if name is not None: pulumi.set(__self__, "name", name) + if no_new_privileges is not None: + pulumi.set(__self__, "no_new_privileges", no_new_privileges) + if only_registered_images is not None: + pulumi.set(__self__, "only_registered_images", only_registered_images) if os_groups_alloweds is not None: pulumi.set(__self__, "os_groups_alloweds", os_groups_alloweds) if os_groups_blockeds is not None: @@ -129,16 +253,76 @@ def __init__(__self__, *, pulumi.set(__self__, "os_users_blockeds", os_users_blockeds) if package_blocks is not None: pulumi.set(__self__, "package_blocks", package_blocks) - if port_scanning_detection is not None: - pulumi.set(__self__, "port_scanning_detection", port_scanning_detection) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if port_block is not None: + pulumi.set(__self__, "port_block", port_block) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_registry is not None: + pulumi.set(__self__, "readonly_registry", readonly_registry) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if registry_access_monitoring is not None: + pulumi.set(__self__, "registry_access_monitoring", registry_access_monitoring) + if repo_name is not None: + pulumi.set(__self__, "repo_name", repo_name) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if restricted_volumes is not None: + pulumi.set(__self__, "restricted_volumes", restricted_volumes) + if reverse_shell is not None: + pulumi.set(__self__, "reverse_shell", reverse_shell) + if runtime_mode is not None: + pulumi.set(__self__, "runtime_mode", runtime_mode) + if runtime_type is not None: + pulumi.set(__self__, "runtime_type", runtime_type) if scope_expression is not None: pulumi.set(__self__, "scope_expression", scope_expression) if scope_variables is not None: pulumi.set(__self__, "scope_variables", scope_variables) - if windows_registry_monitoring is not None: - pulumi.set(__self__, "windows_registry_monitoring", windows_registry_monitoring) - if windows_registry_protection is not None: - pulumi.set(__self__, "windows_registry_protection", windows_registry_protection) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if system_integrity_protection is not None: + pulumi.set(__self__, "system_integrity_protection", system_integrity_protection) + if tripwire is not None: + pulumi.set(__self__, "tripwire", tripwire) + if type is not None: + pulumi.set(__self__, "type", type) + if updated is not None: + pulumi.set(__self__, "updated", updated) + if version is not None: + pulumi.set(__self__, "version", version) + if vpatch_version is not None: + pulumi.set(__self__, "vpatch_version", vpatch_version) + if whitelisted_os_users is not None: + pulumi.set(__self__, "whitelisted_os_users", whitelisted_os_users) + + @property + @pulumi.getter(name="allowedExecutables") + def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]]]: + """ + Allowed executables configuration. + """ + return pulumi.get(self, "allowed_executables") + + @allowed_executables.setter + def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]]]): + pulumi.set(self, "allowed_executables", value) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]]]): + pulumi.set(self, "allowed_registries", value) @property @pulumi.getter(name="applicationScopes") @@ -152,18 +336,6 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) - @property - @pulumi.getter(name="auditAllOsUserActivity") - def audit_all_os_user_activity(self) -> Optional[pulumi.Input[bool]]: - """ - If true, all process activity will be audited. - """ - return pulumi.get(self, "audit_all_os_user_activity") - - @audit_all_os_user_activity.setter - def audit_all_os_user_activity(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "audit_all_os_user_activity", value) - @property @pulumi.getter(name="auditBruteForceLogin") def audit_brute_force_login(self) -> Optional[pulumi.Input[bool]]: @@ -224,6 +396,45 @@ def audit_user_account_management(self) -> Optional[pulumi.Input[bool]]: def audit_user_account_management(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_user_account_management", value) + @property + @pulumi.getter + def auditing(self) -> Optional[pulumi.Input['HostRuntimePolicyAuditingArgs']]: + return pulumi.get(self, "auditing") + + @auditing.setter + def auditing(self, value: Optional[pulumi.Input['HostRuntimePolicyAuditingArgs']]): + pulumi.set(self, "auditing", value) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Username of the account that created the service. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> Optional[pulumi.Input['HostRuntimePolicyBlacklistedOsUsersArgs']]: + return pulumi.get(self, "blacklisted_os_users") + + @blacklisted_os_users.setter + def blacklisted_os_users(self, value: Optional[pulumi.Input['HostRuntimePolicyBlacklistedOsUsersArgs']]): + pulumi.set(self, "blacklisted_os_users", value) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") + + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) + @property @pulumi.getter(name="blockCryptocurrencyMining") def block_cryptocurrency_mining(self) -> Optional[pulumi.Input[bool]]: @@ -236,6 +447,42 @@ def block_cryptocurrency_mining(self) -> Optional[pulumi.Input[bool]]: def block_cryptocurrency_mining(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_cryptocurrency_mining", value) + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @block_disallowed_images.setter + def block_disallowed_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_disallowed_images", value) + + @property + @pulumi.getter(name="blockFilelessExec") + def block_fileless_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_fileless_exec") + + @block_fileless_exec.setter + def block_fileless_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_fileless_exec", value) + + @property + @pulumi.getter(name="blockNonCompliantWorkloads") + def block_non_compliant_workloads(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_compliant_workloads") + + @block_non_compliant_workloads.setter + def block_non_compliant_workloads(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_compliant_workloads", value) + + @property + @pulumi.getter(name="blockNonK8sContainers") + def block_non_k8s_containers(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_k8s_containers") + + @block_non_k8s_containers.setter + def block_non_k8s_containers(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_k8s_containers", value) + @property @pulumi.getter(name="blockedFiles") def blocked_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -248,6 +495,54 @@ def blocked_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def blocked_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "blocked_files", value) + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]]]: + """ + Bypass scope configuration. + """ + return pulumi.get(self, "bypass_scopes") + + @bypass_scopes.setter + def bypass_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]]]): + pulumi.set(self, "bypass_scopes", value) + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional[pulumi.Input['HostRuntimePolicyContainerExecArgs']]: + return pulumi.get(self, "container_exec") + + @container_exec.setter + def container_exec(self, value: Optional[pulumi.Input['HostRuntimePolicyContainerExecArgs']]): + pulumi.set(self, "container_exec", value) + + @property + @pulumi.getter + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") + + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def cve(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "cve") + + @cve.setter + def cve(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cve", value) + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default_security_profile") + + @default_security_profile.setter + def default_security_profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default_security_profile", value) + @property @pulumi.getter def description(self) -> Optional[pulumi.Input[str]]: @@ -261,22 +556,67 @@ def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]]]: """ - If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + Drift prevention configuration. """ - return pulumi.get(self, "enable_ip_reputation_security") + return pulumi.get(self, "drift_preventions") + + @drift_preventions.setter + def drift_preventions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]]]): + pulumi.set(self, "drift_preventions", value) + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @enable_crypto_mining_dns.setter + def enable_crypto_mining_dns(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_crypto_mining_dns", value) - @enable_ip_reputation_security.setter - def enable_ip_reputation_security(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_ip_reputation_security", value) + @property + @pulumi.getter(name="enableForkGuard") + def enable_fork_guard(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_fork_guard") + + @enable_fork_guard.setter + def enable_fork_guard(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_fork_guard", value) + + @property + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_ip_reputation") + + @enable_ip_reputation.setter + def enable_ip_reputation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_ip_reputation", value) + + @property + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_port_scan_protection") + + @enable_port_scan_protection.setter + def enable_port_scan_protection(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_port_scan_protection", value) @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -308,6 +648,57 @@ def enforce_after_days(self) -> Optional[pulumi.Input[int]]: def enforce_after_days(self, value: Optional[pulumi.Input[int]]): pulumi.set(self, "enforce_after_days", value) + @property + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @enforce_scheduler_added_on.setter + def enforce_scheduler_added_on(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_scheduler_added_on", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of excluded application scopes. + """ + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]]]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + + @executable_blacklists.setter + def executable_blacklists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]]]): + pulumi.set(self, "executable_blacklists", value) + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> Optional[pulumi.Input['HostRuntimePolicyFailedKubernetesChecksArgs']]: + return pulumi.get(self, "failed_kubernetes_checks") + + @failed_kubernetes_checks.setter + def failed_kubernetes_checks(self, value: Optional[pulumi.Input['HostRuntimePolicyFailedKubernetesChecksArgs']]): + pulumi.set(self, "failed_kubernetes_checks", value) + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional[pulumi.Input['HostRuntimePolicyFileBlockArgs']]: + return pulumi.get(self, "file_block") + + @file_block.setter + def file_block(self, value: Optional[pulumi.Input['HostRuntimePolicyFileBlockArgs']]): + pulumi.set(self, "file_block", value) + @property @pulumi.getter(name="fileIntegrityMonitoring") def file_integrity_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs']]: @@ -320,6 +711,81 @@ def file_integrity_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyF def file_integrity_monitoring(self, value: Optional[pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs']]): pulumi.set(self, "file_integrity_monitoring", value) + @property + @pulumi.getter(name="forkGuardProcessLimit") + def fork_guard_process_limit(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "fork_guard_process_limit") + + @fork_guard_process_limit.setter + def fork_guard_process_limit(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "fork_guard_process_limit", value) + + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_auto_generated") + + @is_auto_generated.setter + def is_auto_generated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_auto_generated", value) + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @is_ootb_policy.setter + def is_ootb_policy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ootb_policy", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @limit_container_privileges.setter + def limit_container_privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]): + pulumi.set(self, "limit_container_privileges", value) + + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> Optional[pulumi.Input['HostRuntimePolicyLinuxCapabilitiesArgs']]: + return pulumi.get(self, "linux_capabilities") + + @linux_capabilities.setter + def linux_capabilities(self, value: Optional[pulumi.Input['HostRuntimePolicyLinuxCapabilitiesArgs']]): + pulumi.set(self, "linux_capabilities", value) + @property @pulumi.getter(name="malwareScanOptions") def malware_scan_options(self) -> Optional[pulumi.Input['HostRuntimePolicyMalwareScanOptionsArgs']]: @@ -372,7 +838,7 @@ def monitor_windows_services(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Name of the host runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -380,6 +846,24 @@ def name(self) -> Optional[pulumi.Input[str]]: def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) + @property + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "no_new_privileges") + + @no_new_privileges.setter + def no_new_privileges(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "no_new_privileges", value) + + @property + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "only_registered_images") + + @only_registered_images.setter + def only_registered_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_registered_images", value) + @property @pulumi.getter(name="osGroupsAlloweds") def os_groups_alloweds(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -430,27 +914,132 @@ def os_users_blockeds(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[s @property @pulumi.getter(name="packageBlocks") - def package_blocks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of packages that are not allowed read, write or execute all files that under the packages. - """ + def package_blocks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyPackageBlockArgs']]]]: return pulumi.get(self, "package_blocks") @package_blocks.setter - def package_blocks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + def package_blocks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyPackageBlockArgs']]]]): pulumi.set(self, "package_blocks", value) @property - @pulumi.getter(name="portScanningDetection") - def port_scanning_detection(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional[pulumi.Input['HostRuntimePolicyPortBlockArgs']]: + return pulumi.get(self, "port_block") + + @port_block.setter + def port_block(self, value: Optional[pulumi.Input['HostRuntimePolicyPortBlockArgs']]): + pulumi.set(self, "port_block", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input['HostRuntimePolicyReadonlyFilesArgs']]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input['HostRuntimePolicyReadonlyFilesArgs']]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> Optional[pulumi.Input['HostRuntimePolicyReadonlyRegistryArgs']]: + return pulumi.get(self, "readonly_registry") + + @readonly_registry.setter + def readonly_registry(self, value: Optional[pulumi.Input['HostRuntimePolicyReadonlyRegistryArgs']]): + pulumi.set(self, "readonly_registry", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyRegistryAccessMonitoringArgs']]: + return pulumi.get(self, "registry_access_monitoring") + + @registry_access_monitoring.setter + def registry_access_monitoring(self, value: Optional[pulumi.Input['HostRuntimePolicyRegistryAccessMonitoringArgs']]): + pulumi.set(self, "registry_access_monitoring", value) + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repo_name") + + @repo_name.setter + def repo_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repo_name", value) + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") + + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") + + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]]]: """ - If true, port scanning behaviors will be audited. + Restricted volumes configuration. """ - return pulumi.get(self, "port_scanning_detection") + return pulumi.get(self, "restricted_volumes") + + @restricted_volumes.setter + def restricted_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]]]): + pulumi.set(self, "restricted_volumes", value) + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> Optional[pulumi.Input['HostRuntimePolicyReverseShellArgs']]: + return pulumi.get(self, "reverse_shell") + + @reverse_shell.setter + def reverse_shell(self, value: Optional[pulumi.Input['HostRuntimePolicyReverseShellArgs']]): + pulumi.set(self, "reverse_shell", value) + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "runtime_mode") + + @runtime_mode.setter + def runtime_mode(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "runtime_mode", value) + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "runtime_type") - @port_scanning_detection.setter - def port_scanning_detection(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "port_scanning_detection", value) + @runtime_type.setter + def runtime_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "runtime_type", value) @property @pulumi.getter(name="scopeExpression") @@ -477,68 +1066,171 @@ def scope_variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['Ho pulumi.set(self, "scope_variables", value) @property - @pulumi.getter(name="windowsRegistryMonitoring") - def windows_registry_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs']]: + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]]]: """ - Configuration for windows registry monitoring. + Scope configuration. """ - return pulumi.get(self, "windows_registry_monitoring") + return pulumi.get(self, "scopes") - @windows_registry_monitoring.setter - def windows_registry_monitoring(self, value: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs']]): - pulumi.set(self, "windows_registry_monitoring", value) + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) @property - @pulumi.getter(name="windowsRegistryProtection") - def windows_registry_protection(self) -> Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs']]: - """ - Configuration for windows registry protection. - """ - return pulumi.get(self, "windows_registry_protection") + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> Optional[pulumi.Input['HostRuntimePolicySystemIntegrityProtectionArgs']]: + return pulumi.get(self, "system_integrity_protection") + + @system_integrity_protection.setter + def system_integrity_protection(self, value: Optional[pulumi.Input['HostRuntimePolicySystemIntegrityProtectionArgs']]): + pulumi.set(self, "system_integrity_protection", value) + + @property + @pulumi.getter + def tripwire(self) -> Optional[pulumi.Input['HostRuntimePolicyTripwireArgs']]: + return pulumi.get(self, "tripwire") + + @tripwire.setter + def tripwire(self, value: Optional[pulumi.Input['HostRuntimePolicyTripwireArgs']]): + pulumi.set(self, "tripwire", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) - @windows_registry_protection.setter - def windows_registry_protection(self, value: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs']]): - pulumi.set(self, "windows_registry_protection", value) + @property + @pulumi.getter + def updated(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "updated") + + @updated.setter + def updated(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vpatch_version") + + @vpatch_version.setter + def vpatch_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vpatch_version", value) + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> Optional[pulumi.Input['HostRuntimePolicyWhitelistedOsUsersArgs']]: + return pulumi.get(self, "whitelisted_os_users") + + @whitelisted_os_users.setter + def whitelisted_os_users(self, value: Optional[pulumi.Input['HostRuntimePolicyWhitelistedOsUsersArgs']]): + pulumi.set(self, "whitelisted_os_users", value) @pulumi.input_type class _HostRuntimePolicyState: def __init__(__self__, *, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - audit_all_os_user_activity: Optional[pulumi.Input[bool]] = None, audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, audit_host_failed_login_events: Optional[pulumi.Input[bool]] = None, audit_host_successful_login_events: Optional[pulumi.Input[bool]] = None, audit_user_account_management: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input['HostRuntimePolicyAuditingArgs']] = None, author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input['HostRuntimePolicyBlacklistedOsUsersArgs']] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, blocked_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]]] = None, + container_exec: Optional[pulumi.Input['HostRuntimePolicyContainerExecArgs']] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input['HostRuntimePolicyFailedKubernetesChecksArgs']] = None, + file_block: Optional[pulumi.Input['HostRuntimePolicyFileBlockArgs']] = None, file_integrity_monitoring: Optional[pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs']] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]]] = None, + linux_capabilities: Optional[pulumi.Input['HostRuntimePolicyLinuxCapabilitiesArgs']] = None, malware_scan_options: Optional[pulumi.Input['HostRuntimePolicyMalwareScanOptionsArgs']] = None, monitor_system_log_integrity: Optional[pulumi.Input[bool]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, monitor_windows_services: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, os_groups_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_groups_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - port_scanning_detection: Optional[pulumi.Input[bool]] = None, + package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyPackageBlockArgs']]]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input['HostRuntimePolicyPortBlockArgs']] = None, + readonly_files: Optional[pulumi.Input['HostRuntimePolicyReadonlyFilesArgs']] = None, + readonly_registry: Optional[pulumi.Input['HostRuntimePolicyReadonlyRegistryArgs']] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input['HostRuntimePolicyRegistryAccessMonitoringArgs']] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]]] = None, + reverse_shell: Optional[pulumi.Input['HostRuntimePolicyReverseShellArgs']] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]]] = None, - windows_registry_monitoring: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs']] = None, - windows_registry_protection: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs']] = None): + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]]] = None, + system_integrity_protection: Optional[pulumi.Input['HostRuntimePolicySystemIntegrityProtectionArgs']] = None, + tripwire: Optional[pulumi.Input['HostRuntimePolicyTripwireArgs']] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input['HostRuntimePolicyWhitelistedOsUsersArgs']] = None): """ Input properties used for looking up and filtering HostRuntimePolicy resources. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. - :param pulumi.Input[bool] audit_all_os_user_activity: If true, all process activity will be audited. :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. :param pulumi.Input[bool] audit_host_failed_login_events: If true, host failed logins will be audited. @@ -547,32 +1239,36 @@ def __init__(__self__, *, :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_files: List of files that are prevented from being read, modified and executed in the containers. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the host runtime policy - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs'] file_integrity_monitoring: Configuration for file integrity monitoring. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]] limit_container_privileges: Container privileges configuration. :param pulumi.Input['HostRuntimePolicyMalwareScanOptionsArgs'] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_log_integrity: If true, system log will be monitored. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. :param pulumi.Input[bool] monitor_windows_services: If true, windows service operations will be monitored. - :param pulumi.Input[str] name: Name of the host runtime policy + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_alloweds: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_blockeds: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_alloweds: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_blockeds: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - :param pulumi.Input[Sequence[pulumi.Input[str]]] package_blocks: List of packages that are not allowed read, write or execute all files that under the packages. - :param pulumi.Input[bool] port_scanning_detection: If true, port scanning behaviors will be audited. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeVariableArgs']]] scope_variables: List of scope attributes. - :param pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs'] windows_registry_monitoring: Configuration for windows registry monitoring. - :param pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs'] windows_registry_protection: Configuration for windows registry protection. + :param pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]] scopes: Scope configuration. """ + if allowed_executables is not None: + pulumi.set(__self__, "allowed_executables", allowed_executables) + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) - if audit_all_os_user_activity is not None: - pulumi.set(__self__, "audit_all_os_user_activity", audit_all_os_user_activity) if audit_brute_force_login is not None: pulumi.set(__self__, "audit_brute_force_login", audit_brute_force_login) if audit_full_command_arguments is not None: @@ -583,24 +1279,84 @@ def __init__(__self__, *, pulumi.set(__self__, "audit_host_successful_login_events", audit_host_successful_login_events) if audit_user_account_management is not None: pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if auditing is not None: + pulumi.set(__self__, "auditing", auditing) if author is not None: pulumi.set(__self__, "author", author) + if blacklisted_os_users is not None: + pulumi.set(__self__, "blacklisted_os_users", blacklisted_os_users) + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) if block_cryptocurrency_mining is not None: pulumi.set(__self__, "block_cryptocurrency_mining", block_cryptocurrency_mining) + if block_disallowed_images is not None: + pulumi.set(__self__, "block_disallowed_images", block_disallowed_images) + if block_fileless_exec is not None: + pulumi.set(__self__, "block_fileless_exec", block_fileless_exec) + if block_non_compliant_workloads is not None: + pulumi.set(__self__, "block_non_compliant_workloads", block_non_compliant_workloads) + if block_non_k8s_containers is not None: + pulumi.set(__self__, "block_non_k8s_containers", block_non_k8s_containers) if blocked_files is not None: pulumi.set(__self__, "blocked_files", blocked_files) + if bypass_scopes is not None: + pulumi.set(__self__, "bypass_scopes", bypass_scopes) + if container_exec is not None: + pulumi.set(__self__, "container_exec", container_exec) + if created is not None: + pulumi.set(__self__, "created", created) + if cve is not None: + pulumi.set(__self__, "cve", cve) + if default_security_profile is not None: + pulumi.set(__self__, "default_security_profile", default_security_profile) if description is not None: pulumi.set(__self__, "description", description) - if enable_ip_reputation_security is not None: - pulumi.set(__self__, "enable_ip_reputation_security", enable_ip_reputation_security) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if drift_preventions is not None: + pulumi.set(__self__, "drift_preventions", drift_preventions) + if enable_crypto_mining_dns is not None: + pulumi.set(__self__, "enable_crypto_mining_dns", enable_crypto_mining_dns) + if enable_fork_guard is not None: + pulumi.set(__self__, "enable_fork_guard", enable_fork_guard) + if enable_ip_reputation is not None: + pulumi.set(__self__, "enable_ip_reputation", enable_ip_reputation) + if enable_port_scan_protection is not None: + pulumi.set(__self__, "enable_port_scan_protection", enable_port_scan_protection) if enabled is not None: pulumi.set(__self__, "enabled", enabled) if enforce is not None: pulumi.set(__self__, "enforce", enforce) if enforce_after_days is not None: pulumi.set(__self__, "enforce_after_days", enforce_after_days) + if enforce_scheduler_added_on is not None: + pulumi.set(__self__, "enforce_scheduler_added_on", enforce_scheduler_added_on) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if executable_blacklists is not None: + pulumi.set(__self__, "executable_blacklists", executable_blacklists) + if failed_kubernetes_checks is not None: + pulumi.set(__self__, "failed_kubernetes_checks", failed_kubernetes_checks) + if file_block is not None: + pulumi.set(__self__, "file_block", file_block) if file_integrity_monitoring is not None: pulumi.set(__self__, "file_integrity_monitoring", file_integrity_monitoring) + if fork_guard_process_limit is not None: + pulumi.set(__self__, "fork_guard_process_limit", fork_guard_process_limit) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if is_auto_generated is not None: + pulumi.set(__self__, "is_auto_generated", is_auto_generated) + if is_ootb_policy is not None: + pulumi.set(__self__, "is_ootb_policy", is_ootb_policy) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if limit_container_privileges is not None: + pulumi.set(__self__, "limit_container_privileges", limit_container_privileges) + if linux_capabilities is not None: + pulumi.set(__self__, "linux_capabilities", linux_capabilities) if malware_scan_options is not None: pulumi.set(__self__, "malware_scan_options", malware_scan_options) if monitor_system_log_integrity is not None: @@ -611,6 +1367,10 @@ def __init__(__self__, *, pulumi.set(__self__, "monitor_windows_services", monitor_windows_services) if name is not None: pulumi.set(__self__, "name", name) + if no_new_privileges is not None: + pulumi.set(__self__, "no_new_privileges", no_new_privileges) + if only_registered_images is not None: + pulumi.set(__self__, "only_registered_images", only_registered_images) if os_groups_alloweds is not None: pulumi.set(__self__, "os_groups_alloweds", os_groups_alloweds) if os_groups_blockeds is not None: @@ -621,16 +1381,76 @@ def __init__(__self__, *, pulumi.set(__self__, "os_users_blockeds", os_users_blockeds) if package_blocks is not None: pulumi.set(__self__, "package_blocks", package_blocks) - if port_scanning_detection is not None: - pulumi.set(__self__, "port_scanning_detection", port_scanning_detection) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if port_block is not None: + pulumi.set(__self__, "port_block", port_block) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_registry is not None: + pulumi.set(__self__, "readonly_registry", readonly_registry) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if registry_access_monitoring is not None: + pulumi.set(__self__, "registry_access_monitoring", registry_access_monitoring) + if repo_name is not None: + pulumi.set(__self__, "repo_name", repo_name) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if restricted_volumes is not None: + pulumi.set(__self__, "restricted_volumes", restricted_volumes) + if reverse_shell is not None: + pulumi.set(__self__, "reverse_shell", reverse_shell) + if runtime_mode is not None: + pulumi.set(__self__, "runtime_mode", runtime_mode) + if runtime_type is not None: + pulumi.set(__self__, "runtime_type", runtime_type) if scope_expression is not None: pulumi.set(__self__, "scope_expression", scope_expression) if scope_variables is not None: pulumi.set(__self__, "scope_variables", scope_variables) - if windows_registry_monitoring is not None: - pulumi.set(__self__, "windows_registry_monitoring", windows_registry_monitoring) - if windows_registry_protection is not None: - pulumi.set(__self__, "windows_registry_protection", windows_registry_protection) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if system_integrity_protection is not None: + pulumi.set(__self__, "system_integrity_protection", system_integrity_protection) + if tripwire is not None: + pulumi.set(__self__, "tripwire", tripwire) + if type is not None: + pulumi.set(__self__, "type", type) + if updated is not None: + pulumi.set(__self__, "updated", updated) + if version is not None: + pulumi.set(__self__, "version", version) + if vpatch_version is not None: + pulumi.set(__self__, "vpatch_version", vpatch_version) + if whitelisted_os_users is not None: + pulumi.set(__self__, "whitelisted_os_users", whitelisted_os_users) + + @property + @pulumi.getter(name="allowedExecutables") + def allowed_executables(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]]]: + """ + Allowed executables configuration. + """ + return pulumi.get(self, "allowed_executables") + + @allowed_executables.setter + def allowed_executables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedExecutableArgs']]]]): + pulumi.set(self, "allowed_executables", value) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @allowed_registries.setter + def allowed_registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyAllowedRegistryArgs']]]]): + pulumi.set(self, "allowed_registries", value) @property @pulumi.getter(name="applicationScopes") @@ -644,18 +1464,6 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) - @property - @pulumi.getter(name="auditAllOsUserActivity") - def audit_all_os_user_activity(self) -> Optional[pulumi.Input[bool]]: - """ - If true, all process activity will be audited. - """ - return pulumi.get(self, "audit_all_os_user_activity") - - @audit_all_os_user_activity.setter - def audit_all_os_user_activity(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "audit_all_os_user_activity", value) - @property @pulumi.getter(name="auditBruteForceLogin") def audit_brute_force_login(self) -> Optional[pulumi.Input[bool]]: @@ -716,6 +1524,15 @@ def audit_user_account_management(self) -> Optional[pulumi.Input[bool]]: def audit_user_account_management(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_user_account_management", value) + @property + @pulumi.getter + def auditing(self) -> Optional[pulumi.Input['HostRuntimePolicyAuditingArgs']]: + return pulumi.get(self, "auditing") + + @auditing.setter + def auditing(self, value: Optional[pulumi.Input['HostRuntimePolicyAuditingArgs']]): + pulumi.set(self, "auditing", value) + @property @pulumi.getter def author(self) -> Optional[pulumi.Input[str]]: @@ -728,6 +1545,24 @@ def author(self) -> Optional[pulumi.Input[str]]: def author(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "author", value) + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> Optional[pulumi.Input['HostRuntimePolicyBlacklistedOsUsersArgs']]: + return pulumi.get(self, "blacklisted_os_users") + + @blacklisted_os_users.setter + def blacklisted_os_users(self, value: Optional[pulumi.Input['HostRuntimePolicyBlacklistedOsUsersArgs']]): + pulumi.set(self, "blacklisted_os_users", value) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_container_exec") + + @block_container_exec.setter + def block_container_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_container_exec", value) + @property @pulumi.getter(name="blockCryptocurrencyMining") def block_cryptocurrency_mining(self) -> Optional[pulumi.Input[bool]]: @@ -740,6 +1575,42 @@ def block_cryptocurrency_mining(self) -> Optional[pulumi.Input[bool]]: def block_cryptocurrency_mining(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "block_cryptocurrency_mining", value) + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @block_disallowed_images.setter + def block_disallowed_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_disallowed_images", value) + + @property + @pulumi.getter(name="blockFilelessExec") + def block_fileless_exec(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_fileless_exec") + + @block_fileless_exec.setter + def block_fileless_exec(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_fileless_exec", value) + + @property + @pulumi.getter(name="blockNonCompliantWorkloads") + def block_non_compliant_workloads(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_compliant_workloads") + + @block_non_compliant_workloads.setter + def block_non_compliant_workloads(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_compliant_workloads", value) + + @property + @pulumi.getter(name="blockNonK8sContainers") + def block_non_k8s_containers(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "block_non_k8s_containers") + + @block_non_k8s_containers.setter + def block_non_k8s_containers(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_non_k8s_containers", value) + @property @pulumi.getter(name="blockedFiles") def blocked_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -753,38 +1624,131 @@ def blocked_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]] pulumi.set(self, "blocked_files", value) @property - @pulumi.getter - def description(self) -> Optional[pulumi.Input[str]]: + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]]]: """ - The description of the host runtime policy + Bypass scope configuration. """ - return pulumi.get(self, "description") + return pulumi.get(self, "bypass_scopes") - @description.setter - def description(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "description", value) + @bypass_scopes.setter + def bypass_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyBypassScopeArgs']]]]): + pulumi.set(self, "bypass_scopes", value) @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> Optional[pulumi.Input[bool]]: - """ - If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - """ - return pulumi.get(self, "enable_ip_reputation_security") + @pulumi.getter(name="containerExec") + def container_exec(self) -> Optional[pulumi.Input['HostRuntimePolicyContainerExecArgs']]: + return pulumi.get(self, "container_exec") - @enable_ip_reputation_security.setter - def enable_ip_reputation_security(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "enable_ip_reputation_security", value) + @container_exec.setter + def container_exec(self, value: Optional[pulumi.Input['HostRuntimePolicyContainerExecArgs']]): + pulumi.set(self, "container_exec", value) @property @pulumi.getter - def enabled(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates if the runtime policy is enabled or not. - """ - return pulumi.get(self, "enabled") + def created(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "created") - @enabled.setter + @created.setter + def created(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "created", value) + + @property + @pulumi.getter + def cve(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "cve") + + @cve.setter + def cve(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cve", value) + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "default_security_profile") + + @default_security_profile.setter + def default_security_profile(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "default_security_profile", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the host runtime policy + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def digest(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "digest") + + @digest.setter + def digest(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "digest", value) + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]]]: + """ + Drift prevention configuration. + """ + return pulumi.get(self, "drift_preventions") + + @drift_preventions.setter + def drift_preventions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyDriftPreventionArgs']]]]): + pulumi.set(self, "drift_preventions", value) + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @enable_crypto_mining_dns.setter + def enable_crypto_mining_dns(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_crypto_mining_dns", value) + + @property + @pulumi.getter(name="enableForkGuard") + def enable_fork_guard(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_fork_guard") + + @enable_fork_guard.setter + def enable_fork_guard(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_fork_guard", value) + + @property + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_ip_reputation") + + @enable_ip_reputation.setter + def enable_ip_reputation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_ip_reputation", value) + + @property + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enable_port_scan_protection") + + @enable_port_scan_protection.setter + def enable_port_scan_protection(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enable_port_scan_protection", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") + + @enabled.setter def enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "enabled", value) @@ -812,6 +1776,57 @@ def enforce_after_days(self) -> Optional[pulumi.Input[int]]: def enforce_after_days(self, value: Optional[pulumi.Input[int]]): pulumi.set(self, "enforce_after_days", value) + @property + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @enforce_scheduler_added_on.setter + def enforce_scheduler_added_on(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_scheduler_added_on", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of excluded application scopes. + """ + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]]]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + + @executable_blacklists.setter + def executable_blacklists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyExecutableBlacklistArgs']]]]): + pulumi.set(self, "executable_blacklists", value) + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> Optional[pulumi.Input['HostRuntimePolicyFailedKubernetesChecksArgs']]: + return pulumi.get(self, "failed_kubernetes_checks") + + @failed_kubernetes_checks.setter + def failed_kubernetes_checks(self, value: Optional[pulumi.Input['HostRuntimePolicyFailedKubernetesChecksArgs']]): + pulumi.set(self, "failed_kubernetes_checks", value) + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> Optional[pulumi.Input['HostRuntimePolicyFileBlockArgs']]: + return pulumi.get(self, "file_block") + + @file_block.setter + def file_block(self, value: Optional[pulumi.Input['HostRuntimePolicyFileBlockArgs']]): + pulumi.set(self, "file_block", value) + @property @pulumi.getter(name="fileIntegrityMonitoring") def file_integrity_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs']]: @@ -824,6 +1839,81 @@ def file_integrity_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyF def file_integrity_monitoring(self, value: Optional[pulumi.Input['HostRuntimePolicyFileIntegrityMonitoringArgs']]): pulumi.set(self, "file_integrity_monitoring", value) + @property + @pulumi.getter(name="forkGuardProcessLimit") + def fork_guard_process_limit(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "fork_guard_process_limit") + + @fork_guard_process_limit.setter + def fork_guard_process_limit(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "fork_guard_process_limit", value) + + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "image_name") + + @image_name.setter + def image_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "image_name", value) + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_audit_checked") + + @is_audit_checked.setter + def is_audit_checked(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_audit_checked", value) + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_auto_generated") + + @is_auto_generated.setter + def is_auto_generated(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_auto_generated", value) + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @is_ootb_policy.setter + def is_ootb_policy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_ootb_policy", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @limit_container_privileges.setter + def limit_container_privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]): + pulumi.set(self, "limit_container_privileges", value) + + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> Optional[pulumi.Input['HostRuntimePolicyLinuxCapabilitiesArgs']]: + return pulumi.get(self, "linux_capabilities") + + @linux_capabilities.setter + def linux_capabilities(self, value: Optional[pulumi.Input['HostRuntimePolicyLinuxCapabilitiesArgs']]): + pulumi.set(self, "linux_capabilities", value) + @property @pulumi.getter(name="malwareScanOptions") def malware_scan_options(self) -> Optional[pulumi.Input['HostRuntimePolicyMalwareScanOptionsArgs']]: @@ -876,7 +1966,7 @@ def monitor_windows_services(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - Name of the host runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -884,6 +1974,24 @@ def name(self) -> Optional[pulumi.Input[str]]: def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) + @property + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "no_new_privileges") + + @no_new_privileges.setter + def no_new_privileges(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "no_new_privileges", value) + + @property + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "only_registered_images") + + @only_registered_images.setter + def only_registered_images(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_registered_images", value) + @property @pulumi.getter(name="osGroupsAlloweds") def os_groups_alloweds(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -934,27 +2042,132 @@ def os_users_blockeds(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[s @property @pulumi.getter(name="packageBlocks") - def package_blocks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - """ - List of packages that are not allowed read, write or execute all files that under the packages. - """ + def package_blocks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyPackageBlockArgs']]]]: return pulumi.get(self, "package_blocks") @package_blocks.setter - def package_blocks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + def package_blocks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyPackageBlockArgs']]]]): pulumi.set(self, "package_blocks", value) @property - @pulumi.getter(name="portScanningDetection") - def port_scanning_detection(self) -> Optional[pulumi.Input[bool]]: + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> Optional[pulumi.Input['HostRuntimePolicyPortBlockArgs']]: + return pulumi.get(self, "port_block") + + @port_block.setter + def port_block(self, value: Optional[pulumi.Input['HostRuntimePolicyPortBlockArgs']]): + pulumi.set(self, "port_block", value) + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[pulumi.Input['HostRuntimePolicyReadonlyFilesArgs']]: + return pulumi.get(self, "readonly_files") + + @readonly_files.setter + def readonly_files(self, value: Optional[pulumi.Input['HostRuntimePolicyReadonlyFilesArgs']]): + pulumi.set(self, "readonly_files", value) + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> Optional[pulumi.Input['HostRuntimePolicyReadonlyRegistryArgs']]: + return pulumi.get(self, "readonly_registry") + + @readonly_registry.setter + def readonly_registry(self, value: Optional[pulumi.Input['HostRuntimePolicyReadonlyRegistryArgs']]): + pulumi.set(self, "readonly_registry", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyRegistryAccessMonitoringArgs']]: + return pulumi.get(self, "registry_access_monitoring") + + @registry_access_monitoring.setter + def registry_access_monitoring(self, value: Optional[pulumi.Input['HostRuntimePolicyRegistryAccessMonitoringArgs']]): + pulumi.set(self, "registry_access_monitoring", value) + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "repo_name") + + @repo_name.setter + def repo_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "repo_name", value) + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_name") + + @resource_name.setter + def resource_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_name", value) + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "resource_type") + + @resource_type.setter + def resource_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource_type", value) + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]]]: """ - If true, port scanning behaviors will be audited. + Restricted volumes configuration. """ - return pulumi.get(self, "port_scanning_detection") + return pulumi.get(self, "restricted_volumes") + + @restricted_volumes.setter + def restricted_volumes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyRestrictedVolumeArgs']]]]): + pulumi.set(self, "restricted_volumes", value) + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> Optional[pulumi.Input['HostRuntimePolicyReverseShellArgs']]: + return pulumi.get(self, "reverse_shell") - @port_scanning_detection.setter - def port_scanning_detection(self, value: Optional[pulumi.Input[bool]]): - pulumi.set(self, "port_scanning_detection", value) + @reverse_shell.setter + def reverse_shell(self, value: Optional[pulumi.Input['HostRuntimePolicyReverseShellArgs']]): + pulumi.set(self, "reverse_shell", value) + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "runtime_mode") + + @runtime_mode.setter + def runtime_mode(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "runtime_mode", value) + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "runtime_type") + + @runtime_type.setter + def runtime_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "runtime_type", value) @property @pulumi.getter(name="scopeExpression") @@ -981,28 +2194,79 @@ def scope_variables(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['Ho pulumi.set(self, "scope_variables", value) @property - @pulumi.getter(name="windowsRegistryMonitoring") - def windows_registry_monitoring(self) -> Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs']]: + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]]]: """ - Configuration for windows registry monitoring. + Scope configuration. """ - return pulumi.get(self, "windows_registry_monitoring") + return pulumi.get(self, "scopes") - @windows_registry_monitoring.setter - def windows_registry_monitoring(self, value: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryMonitoringArgs']]): - pulumi.set(self, "windows_registry_monitoring", value) + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostRuntimePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) @property - @pulumi.getter(name="windowsRegistryProtection") - def windows_registry_protection(self) -> Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs']]: - """ - Configuration for windows registry protection. - """ - return pulumi.get(self, "windows_registry_protection") + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> Optional[pulumi.Input['HostRuntimePolicySystemIntegrityProtectionArgs']]: + return pulumi.get(self, "system_integrity_protection") - @windows_registry_protection.setter - def windows_registry_protection(self, value: Optional[pulumi.Input['HostRuntimePolicyWindowsRegistryProtectionArgs']]): - pulumi.set(self, "windows_registry_protection", value) + @system_integrity_protection.setter + def system_integrity_protection(self, value: Optional[pulumi.Input['HostRuntimePolicySystemIntegrityProtectionArgs']]): + pulumi.set(self, "system_integrity_protection", value) + + @property + @pulumi.getter + def tripwire(self) -> Optional[pulumi.Input['HostRuntimePolicyTripwireArgs']]: + return pulumi.get(self, "tripwire") + + @tripwire.setter + def tripwire(self, value: Optional[pulumi.Input['HostRuntimePolicyTripwireArgs']]): + pulumi.set(self, "tripwire", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def updated(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "updated") + + @updated.setter + def updated(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "updated", value) + + @property + @pulumi.getter + def version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "version") + + @version.setter + def version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "version", value) + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vpatch_version") + + @vpatch_version.setter + def vpatch_version(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vpatch_version", value) + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> Optional[pulumi.Input['HostRuntimePolicyWhitelistedOsUsersArgs']]: + return pulumi.get(self, "whitelisted_os_users") + + @whitelisted_os_users.setter + def whitelisted_os_users(self, value: Optional[pulumi.Input['HostRuntimePolicyWhitelistedOsUsersArgs']]): + pulumi.set(self, "whitelisted_os_users", value) class HostRuntimePolicy(pulumi.CustomResource): @@ -1010,146 +2274,127 @@ class HostRuntimePolicy(pulumi.CustomResource): def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - audit_all_os_user_activity: Optional[pulumi.Input[bool]] = None, audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, audit_host_failed_login_events: Optional[pulumi.Input[bool]] = None, audit_host_successful_login_events: Optional[pulumi.Input[bool]] = None, audit_user_account_management: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyAuditingArgs']]] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyBlacklistedOsUsersArgs']]] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, blocked_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyContainerExecArgs']]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFileBlockArgs']]] = None, file_integrity_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFileIntegrityMonitoringArgs']]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyLinuxCapabilitiesArgs']]] = None, malware_scan_options: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyMalwareScanOptionsArgs']]] = None, monitor_system_log_integrity: Optional[pulumi.Input[bool]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, monitor_windows_services: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, os_groups_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_groups_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - port_scanning_detection: Optional[pulumi.Input[bool]] = None, + package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyPackageBlockArgs']]]]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeVariableArgs']]]]] = None, - windows_registry_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryMonitoringArgs']]] = None, - windows_registry_protection: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryProtectionArgs']]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWhitelistedOsUsersArgs']]] = None, __props__=None): """ - ## Example Usage - - ```python - import pulumi - import pulumiverse_aquasec as aquasec - - host_runtime_policy = aquasec.HostRuntimePolicy("hostRuntimePolicy", - application_scopes=["Global"], - audit_all_os_user_activity=True, - audit_brute_force_login=True, - audit_full_command_arguments=True, - audit_host_failed_login_events=True, - audit_host_successful_login_events=True, - audit_user_account_management=True, - block_cryptocurrency_mining=True, - blocked_files=["blocked"], - description="host_runtime_policy", - enable_ip_reputation_security=True, - enabled=True, - enforce=False, - file_integrity_monitoring=aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - monitor_attributes=True, - monitor_create=True, - monitor_delete=True, - monitor_modify=True, - monitor_read=True, - monitored_paths=["paths"], - monitored_processes=["process"], - monitored_users=["user"], - ), - monitor_system_log_integrity=True, - monitor_system_time_changes=True, - monitor_windows_services=True, - os_groups_alloweds=["group1"], - os_groups_blockeds=["group2"], - os_users_alloweds=["user1"], - os_users_blockeds=["user2"], - package_blocks=["package1"], - port_scanning_detection=True, - scope_variables=[ - aquasec.HostRuntimePolicyScopeVariableArgs( - attribute="kubernetes.cluster", - value="default", - ), - aquasec.HostRuntimePolicyScopeVariableArgs( - attribute="kubernetes.label", - name="app", - value="aqua", - ), - ], - windows_registry_monitoring=aquasec.HostRuntimePolicyWindowsRegistryMonitoringArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - monitor_attributes=True, - monitor_create=True, - monitor_delete=True, - monitor_modify=True, - monitor_read=True, - monitored_paths=["paths"], - monitored_processes=["process"], - monitored_users=["user"], - ), - windows_registry_protection=aquasec.HostRuntimePolicyWindowsRegistryProtectionArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - protected_paths=["paths"], - protected_processes=["process"], - protected_users=["user"], - )) - ``` - + Create a HostRuntimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedExecutableArgs']]]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedRegistryArgs']]]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. - :param pulumi.Input[bool] audit_all_os_user_activity: If true, all process activity will be audited. :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. :param pulumi.Input[bool] audit_host_failed_login_events: If true, host failed logins will be audited. :param pulumi.Input[bool] audit_host_successful_login_events: If true, host successful logins will be audited. :param pulumi.Input[bool] audit_user_account_management: If true, account management will be audited. + :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_files: List of files that are prevented from being read, modified and executed in the containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyBypassScopeArgs']]]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the host runtime policy - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyDriftPreventionArgs']]]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyExecutableBlacklistArgs']]]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input[pulumi.InputType['HostRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitoring: Configuration for file integrity monitoring. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyLimitContainerPrivilegeArgs']]]] limit_container_privileges: Container privileges configuration. :param pulumi.Input[pulumi.InputType['HostRuntimePolicyMalwareScanOptionsArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_log_integrity: If true, system log will be monitored. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. :param pulumi.Input[bool] monitor_windows_services: If true, windows service operations will be monitored. - :param pulumi.Input[str] name: Name of the host runtime policy + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_alloweds: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_blockeds: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_alloweds: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_blockeds: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - :param pulumi.Input[Sequence[pulumi.Input[str]]] package_blocks: List of packages that are not allowed read, write or execute all files that under the packages. - :param pulumi.Input[bool] port_scanning_detection: If true, port scanning behaviors will be audited. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyRestrictedVolumeArgs']]]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeVariableArgs']]]] scope_variables: List of scope attributes. - :param pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryMonitoringArgs']] windows_registry_monitoring: Configuration for windows registry monitoring. - :param pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryProtectionArgs']] windows_registry_protection: Configuration for windows registry protection. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeArgs']]]] scopes: Scope configuration. """ ... @overload @@ -1158,82 +2403,7 @@ def __init__(__self__, args: Optional[HostRuntimePolicyArgs] = None, opts: Optional[pulumi.ResourceOptions] = None): """ - ## Example Usage - - ```python - import pulumi - import pulumiverse_aquasec as aquasec - - host_runtime_policy = aquasec.HostRuntimePolicy("hostRuntimePolicy", - application_scopes=["Global"], - audit_all_os_user_activity=True, - audit_brute_force_login=True, - audit_full_command_arguments=True, - audit_host_failed_login_events=True, - audit_host_successful_login_events=True, - audit_user_account_management=True, - block_cryptocurrency_mining=True, - blocked_files=["blocked"], - description="host_runtime_policy", - enable_ip_reputation_security=True, - enabled=True, - enforce=False, - file_integrity_monitoring=aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - monitor_attributes=True, - monitor_create=True, - monitor_delete=True, - monitor_modify=True, - monitor_read=True, - monitored_paths=["paths"], - monitored_processes=["process"], - monitored_users=["user"], - ), - monitor_system_log_integrity=True, - monitor_system_time_changes=True, - monitor_windows_services=True, - os_groups_alloweds=["group1"], - os_groups_blockeds=["group2"], - os_users_alloweds=["user1"], - os_users_blockeds=["user2"], - package_blocks=["package1"], - port_scanning_detection=True, - scope_variables=[ - aquasec.HostRuntimePolicyScopeVariableArgs( - attribute="kubernetes.cluster", - value="default", - ), - aquasec.HostRuntimePolicyScopeVariableArgs( - attribute="kubernetes.label", - name="app", - value="aqua", - ), - ], - windows_registry_monitoring=aquasec.HostRuntimePolicyWindowsRegistryMonitoringArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - monitor_attributes=True, - monitor_create=True, - monitor_delete=True, - monitor_modify=True, - monitor_read=True, - monitored_paths=["paths"], - monitored_processes=["process"], - monitored_users=["user"], - ), - windows_registry_protection=aquasec.HostRuntimePolicyWindowsRegistryProtectionArgs( - excluded_paths=["expaths"], - excluded_processes=["exprocess"], - excluded_users=["expuser"], - protected_paths=["paths"], - protected_processes=["process"], - protected_users=["user"], - )) - ``` - + Create a HostRuntimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param HostRuntimePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -1249,36 +2419,88 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - audit_all_os_user_activity: Optional[pulumi.Input[bool]] = None, audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, audit_host_failed_login_events: Optional[pulumi.Input[bool]] = None, audit_host_successful_login_events: Optional[pulumi.Input[bool]] = None, audit_user_account_management: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyAuditingArgs']]] = None, + author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyBlacklistedOsUsersArgs']]] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, blocked_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyContainerExecArgs']]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFileBlockArgs']]] = None, file_integrity_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFileIntegrityMonitoringArgs']]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyLinuxCapabilitiesArgs']]] = None, malware_scan_options: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyMalwareScanOptionsArgs']]] = None, monitor_system_log_integrity: Optional[pulumi.Input[bool]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, monitor_windows_services: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, os_groups_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_groups_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - port_scanning_detection: Optional[pulumi.Input[bool]] = None, + package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyPackageBlockArgs']]]]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeVariableArgs']]]]] = None, - windows_registry_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryMonitoringArgs']]] = None, - windows_registry_protection: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryProtectionArgs']]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWhitelistedOsUsersArgs']]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -1288,37 +2510,88 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = HostRuntimePolicyArgs.__new__(HostRuntimePolicyArgs) + __props__.__dict__["allowed_executables"] = allowed_executables + __props__.__dict__["allowed_registries"] = allowed_registries __props__.__dict__["application_scopes"] = application_scopes - __props__.__dict__["audit_all_os_user_activity"] = audit_all_os_user_activity __props__.__dict__["audit_brute_force_login"] = audit_brute_force_login __props__.__dict__["audit_full_command_arguments"] = audit_full_command_arguments __props__.__dict__["audit_host_failed_login_events"] = audit_host_failed_login_events __props__.__dict__["audit_host_successful_login_events"] = audit_host_successful_login_events __props__.__dict__["audit_user_account_management"] = audit_user_account_management + __props__.__dict__["auditing"] = auditing + __props__.__dict__["author"] = author + __props__.__dict__["blacklisted_os_users"] = blacklisted_os_users + __props__.__dict__["block_container_exec"] = block_container_exec __props__.__dict__["block_cryptocurrency_mining"] = block_cryptocurrency_mining + __props__.__dict__["block_disallowed_images"] = block_disallowed_images + __props__.__dict__["block_fileless_exec"] = block_fileless_exec + __props__.__dict__["block_non_compliant_workloads"] = block_non_compliant_workloads + __props__.__dict__["block_non_k8s_containers"] = block_non_k8s_containers __props__.__dict__["blocked_files"] = blocked_files + __props__.__dict__["bypass_scopes"] = bypass_scopes + __props__.__dict__["container_exec"] = container_exec + __props__.__dict__["created"] = created + __props__.__dict__["cve"] = cve + __props__.__dict__["default_security_profile"] = default_security_profile __props__.__dict__["description"] = description - __props__.__dict__["enable_ip_reputation_security"] = enable_ip_reputation_security + __props__.__dict__["digest"] = digest + __props__.__dict__["drift_preventions"] = drift_preventions + __props__.__dict__["enable_crypto_mining_dns"] = enable_crypto_mining_dns + __props__.__dict__["enable_fork_guard"] = enable_fork_guard + __props__.__dict__["enable_ip_reputation"] = enable_ip_reputation + __props__.__dict__["enable_port_scan_protection"] = enable_port_scan_protection __props__.__dict__["enabled"] = enabled __props__.__dict__["enforce"] = enforce __props__.__dict__["enforce_after_days"] = enforce_after_days + __props__.__dict__["enforce_scheduler_added_on"] = enforce_scheduler_added_on + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["executable_blacklists"] = executable_blacklists + __props__.__dict__["failed_kubernetes_checks"] = failed_kubernetes_checks + __props__.__dict__["file_block"] = file_block __props__.__dict__["file_integrity_monitoring"] = file_integrity_monitoring + __props__.__dict__["fork_guard_process_limit"] = fork_guard_process_limit + __props__.__dict__["image_name"] = image_name + __props__.__dict__["is_audit_checked"] = is_audit_checked + __props__.__dict__["is_auto_generated"] = is_auto_generated + __props__.__dict__["is_ootb_policy"] = is_ootb_policy + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["limit_container_privileges"] = limit_container_privileges + __props__.__dict__["linux_capabilities"] = linux_capabilities __props__.__dict__["malware_scan_options"] = malware_scan_options __props__.__dict__["monitor_system_log_integrity"] = monitor_system_log_integrity __props__.__dict__["monitor_system_time_changes"] = monitor_system_time_changes __props__.__dict__["monitor_windows_services"] = monitor_windows_services __props__.__dict__["name"] = name + __props__.__dict__["no_new_privileges"] = no_new_privileges + __props__.__dict__["only_registered_images"] = only_registered_images __props__.__dict__["os_groups_alloweds"] = os_groups_alloweds __props__.__dict__["os_groups_blockeds"] = os_groups_blockeds __props__.__dict__["os_users_alloweds"] = os_users_alloweds __props__.__dict__["os_users_blockeds"] = os_users_blockeds __props__.__dict__["package_blocks"] = package_blocks - __props__.__dict__["port_scanning_detection"] = port_scanning_detection + __props__.__dict__["permission"] = permission + __props__.__dict__["port_block"] = port_block + __props__.__dict__["readonly_files"] = readonly_files + __props__.__dict__["readonly_registry"] = readonly_registry + __props__.__dict__["registry"] = registry + __props__.__dict__["registry_access_monitoring"] = registry_access_monitoring + __props__.__dict__["repo_name"] = repo_name + __props__.__dict__["resource_name"] = resource_name_ + __props__.__dict__["resource_type"] = resource_type + __props__.__dict__["restricted_volumes"] = restricted_volumes + __props__.__dict__["reverse_shell"] = reverse_shell + __props__.__dict__["runtime_mode"] = runtime_mode + __props__.__dict__["runtime_type"] = runtime_type __props__.__dict__["scope_expression"] = scope_expression __props__.__dict__["scope_variables"] = scope_variables - __props__.__dict__["windows_registry_monitoring"] = windows_registry_monitoring - __props__.__dict__["windows_registry_protection"] = windows_registry_protection - __props__.__dict__["author"] = None + __props__.__dict__["scopes"] = scopes + __props__.__dict__["system_integrity_protection"] = system_integrity_protection + __props__.__dict__["tripwire"] = tripwire + __props__.__dict__["type"] = type + __props__.__dict__["updated"] = updated + __props__.__dict__["version"] = version + __props__.__dict__["vpatch_version"] = vpatch_version + __props__.__dict__["whitelisted_os_users"] = whitelisted_os_users super(HostRuntimePolicy, __self__).__init__( 'aquasec:index/hostRuntimePolicy:HostRuntimePolicy', resource_name, @@ -1329,37 +2602,88 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, + allowed_executables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedExecutableArgs']]]]] = None, + allowed_registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedRegistryArgs']]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - audit_all_os_user_activity: Optional[pulumi.Input[bool]] = None, audit_brute_force_login: Optional[pulumi.Input[bool]] = None, audit_full_command_arguments: Optional[pulumi.Input[bool]] = None, audit_host_failed_login_events: Optional[pulumi.Input[bool]] = None, audit_host_successful_login_events: Optional[pulumi.Input[bool]] = None, audit_user_account_management: Optional[pulumi.Input[bool]] = None, + auditing: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyAuditingArgs']]] = None, author: Optional[pulumi.Input[str]] = None, + blacklisted_os_users: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyBlacklistedOsUsersArgs']]] = None, + block_container_exec: Optional[pulumi.Input[bool]] = None, block_cryptocurrency_mining: Optional[pulumi.Input[bool]] = None, + block_disallowed_images: Optional[pulumi.Input[bool]] = None, + block_fileless_exec: Optional[pulumi.Input[bool]] = None, + block_non_compliant_workloads: Optional[pulumi.Input[bool]] = None, + block_non_k8s_containers: Optional[pulumi.Input[bool]] = None, blocked_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + bypass_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyBypassScopeArgs']]]]] = None, + container_exec: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyContainerExecArgs']]] = None, + created: Optional[pulumi.Input[str]] = None, + cve: Optional[pulumi.Input[str]] = None, + default_security_profile: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - enable_ip_reputation_security: Optional[pulumi.Input[bool]] = None, + digest: Optional[pulumi.Input[str]] = None, + drift_preventions: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyDriftPreventionArgs']]]]] = None, + enable_crypto_mining_dns: Optional[pulumi.Input[bool]] = None, + enable_fork_guard: Optional[pulumi.Input[bool]] = None, + enable_ip_reputation: Optional[pulumi.Input[bool]] = None, + enable_port_scan_protection: Optional[pulumi.Input[bool]] = None, enabled: Optional[pulumi.Input[bool]] = None, enforce: Optional[pulumi.Input[bool]] = None, enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_scheduler_added_on: Optional[pulumi.Input[int]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + executable_blacklists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyExecutableBlacklistArgs']]]]] = None, + failed_kubernetes_checks: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFailedKubernetesChecksArgs']]] = None, + file_block: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFileBlockArgs']]] = None, file_integrity_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyFileIntegrityMonitoringArgs']]] = None, + fork_guard_process_limit: Optional[pulumi.Input[int]] = None, + image_name: Optional[pulumi.Input[str]] = None, + is_audit_checked: Optional[pulumi.Input[bool]] = None, + is_auto_generated: Optional[pulumi.Input[bool]] = None, + is_ootb_policy: Optional[pulumi.Input[bool]] = None, + lastupdate: Optional[pulumi.Input[int]] = None, + limit_container_privileges: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyLimitContainerPrivilegeArgs']]]]] = None, + linux_capabilities: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyLinuxCapabilitiesArgs']]] = None, malware_scan_options: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyMalwareScanOptionsArgs']]] = None, monitor_system_log_integrity: Optional[pulumi.Input[bool]] = None, monitor_system_time_changes: Optional[pulumi.Input[bool]] = None, monitor_windows_services: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, + no_new_privileges: Optional[pulumi.Input[bool]] = None, + only_registered_images: Optional[pulumi.Input[bool]] = None, os_groups_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_groups_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_alloweds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, os_users_blockeds: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - port_scanning_detection: Optional[pulumi.Input[bool]] = None, + package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyPackageBlockArgs']]]]] = None, + permission: Optional[pulumi.Input[str]] = None, + port_block: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyPortBlockArgs']]] = None, + readonly_files: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReadonlyFilesArgs']]] = None, + readonly_registry: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReadonlyRegistryArgs']]] = None, + registry: Optional[pulumi.Input[str]] = None, + registry_access_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyRegistryAccessMonitoringArgs']]] = None, + repo_name: Optional[pulumi.Input[str]] = None, + resource_name_: Optional[pulumi.Input[str]] = None, + resource_type: Optional[pulumi.Input[str]] = None, + restricted_volumes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyRestrictedVolumeArgs']]]]] = None, + reverse_shell: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyReverseShellArgs']]] = None, + runtime_mode: Optional[pulumi.Input[int]] = None, + runtime_type: Optional[pulumi.Input[str]] = None, scope_expression: Optional[pulumi.Input[str]] = None, scope_variables: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeVariableArgs']]]]] = None, - windows_registry_monitoring: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryMonitoringArgs']]] = None, - windows_registry_protection: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryProtectionArgs']]] = None) -> 'HostRuntimePolicy': + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeArgs']]]]] = None, + system_integrity_protection: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicySystemIntegrityProtectionArgs']]] = None, + tripwire: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyTripwireArgs']]] = None, + type: Optional[pulumi.Input[str]] = None, + updated: Optional[pulumi.Input[str]] = None, + version: Optional[pulumi.Input[str]] = None, + vpatch_version: Optional[pulumi.Input[str]] = None, + whitelisted_os_users: Optional[pulumi.Input[pulumi.InputType['HostRuntimePolicyWhitelistedOsUsersArgs']]] = None) -> 'HostRuntimePolicy': """ Get an existing HostRuntimePolicy resource's state with the given name, id, and optional extra properties used to qualify the lookup. @@ -1367,8 +2691,9 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedExecutableArgs']]]] allowed_executables: Allowed executables configuration. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyAllowedRegistryArgs']]]] allowed_registries: List of allowed registries. :param pulumi.Input[Sequence[pulumi.Input[str]]] application_scopes: Indicates the application scope of the service. - :param pulumi.Input[bool] audit_all_os_user_activity: If true, all process activity will be audited. :param pulumi.Input[bool] audit_brute_force_login: Detects brute force login attempts :param pulumi.Input[bool] audit_full_command_arguments: If true, full command arguments will be audited. :param pulumi.Input[bool] audit_host_failed_login_events: If true, host failed logins will be audited. @@ -1377,80 +2702,141 @@ def get(resource_name: str, :param pulumi.Input[str] author: Username of the account that created the service. :param pulumi.Input[bool] block_cryptocurrency_mining: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining :param pulumi.Input[Sequence[pulumi.Input[str]]] blocked_files: List of files that are prevented from being read, modified and executed in the containers. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyBypassScopeArgs']]]] bypass_scopes: Bypass scope configuration. :param pulumi.Input[str] description: The description of the host runtime policy - :param pulumi.Input[bool] enable_ip_reputation_security: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. - :param pulumi.Input[bool] enabled: Indicates if the runtime policy is enabled or not. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyDriftPreventionArgs']]]] drift_preventions: Drift prevention configuration. + :param pulumi.Input[bool] enabled: Whether allowed executables configuration is enabled. :param pulumi.Input[bool] enforce: Indicates that policy should effect container execution (not just for audit). :param pulumi.Input[int] enforce_after_days: Indicates the number of days after which the runtime policy will be changed to enforce mode. + :param pulumi.Input[Sequence[pulumi.Input[str]]] exclude_application_scopes: List of excluded application scopes. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyExecutableBlacklistArgs']]]] executable_blacklists: Executable blacklist configuration. :param pulumi.Input[pulumi.InputType['HostRuntimePolicyFileIntegrityMonitoringArgs']] file_integrity_monitoring: Configuration for file integrity monitoring. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyLimitContainerPrivilegeArgs']]]] limit_container_privileges: Container privileges configuration. :param pulumi.Input[pulumi.InputType['HostRuntimePolicyMalwareScanOptionsArgs']] malware_scan_options: Configuration for Real-Time Malware Protection. :param pulumi.Input[bool] monitor_system_log_integrity: If true, system log will be monitored. :param pulumi.Input[bool] monitor_system_time_changes: If true, system time changes will be monitored. :param pulumi.Input[bool] monitor_windows_services: If true, windows service operations will be monitored. - :param pulumi.Input[str] name: Name of the host runtime policy + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_alloweds: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_groups_blockeds: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_alloweds: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others. :param pulumi.Input[Sequence[pulumi.Input[str]]] os_users_blockeds: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others. - :param pulumi.Input[Sequence[pulumi.Input[str]]] package_blocks: List of packages that are not allowed read, write or execute all files that under the packages. - :param pulumi.Input[bool] port_scanning_detection: If true, port scanning behaviors will be audited. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyRestrictedVolumeArgs']]]] restricted_volumes: Restricted volumes configuration. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeVariableArgs']]]] scope_variables: List of scope attributes. - :param pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryMonitoringArgs']] windows_registry_monitoring: Configuration for windows registry monitoring. - :param pulumi.Input[pulumi.InputType['HostRuntimePolicyWindowsRegistryProtectionArgs']] windows_registry_protection: Configuration for windows registry protection. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['HostRuntimePolicyScopeArgs']]]] scopes: Scope configuration. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) __props__ = _HostRuntimePolicyState.__new__(_HostRuntimePolicyState) + __props__.__dict__["allowed_executables"] = allowed_executables + __props__.__dict__["allowed_registries"] = allowed_registries __props__.__dict__["application_scopes"] = application_scopes - __props__.__dict__["audit_all_os_user_activity"] = audit_all_os_user_activity __props__.__dict__["audit_brute_force_login"] = audit_brute_force_login __props__.__dict__["audit_full_command_arguments"] = audit_full_command_arguments __props__.__dict__["audit_host_failed_login_events"] = audit_host_failed_login_events __props__.__dict__["audit_host_successful_login_events"] = audit_host_successful_login_events __props__.__dict__["audit_user_account_management"] = audit_user_account_management + __props__.__dict__["auditing"] = auditing __props__.__dict__["author"] = author + __props__.__dict__["blacklisted_os_users"] = blacklisted_os_users + __props__.__dict__["block_container_exec"] = block_container_exec __props__.__dict__["block_cryptocurrency_mining"] = block_cryptocurrency_mining + __props__.__dict__["block_disallowed_images"] = block_disallowed_images + __props__.__dict__["block_fileless_exec"] = block_fileless_exec + __props__.__dict__["block_non_compliant_workloads"] = block_non_compliant_workloads + __props__.__dict__["block_non_k8s_containers"] = block_non_k8s_containers __props__.__dict__["blocked_files"] = blocked_files + __props__.__dict__["bypass_scopes"] = bypass_scopes + __props__.__dict__["container_exec"] = container_exec + __props__.__dict__["created"] = created + __props__.__dict__["cve"] = cve + __props__.__dict__["default_security_profile"] = default_security_profile __props__.__dict__["description"] = description - __props__.__dict__["enable_ip_reputation_security"] = enable_ip_reputation_security + __props__.__dict__["digest"] = digest + __props__.__dict__["drift_preventions"] = drift_preventions + __props__.__dict__["enable_crypto_mining_dns"] = enable_crypto_mining_dns + __props__.__dict__["enable_fork_guard"] = enable_fork_guard + __props__.__dict__["enable_ip_reputation"] = enable_ip_reputation + __props__.__dict__["enable_port_scan_protection"] = enable_port_scan_protection __props__.__dict__["enabled"] = enabled __props__.__dict__["enforce"] = enforce __props__.__dict__["enforce_after_days"] = enforce_after_days + __props__.__dict__["enforce_scheduler_added_on"] = enforce_scheduler_added_on + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["executable_blacklists"] = executable_blacklists + __props__.__dict__["failed_kubernetes_checks"] = failed_kubernetes_checks + __props__.__dict__["file_block"] = file_block __props__.__dict__["file_integrity_monitoring"] = file_integrity_monitoring + __props__.__dict__["fork_guard_process_limit"] = fork_guard_process_limit + __props__.__dict__["image_name"] = image_name + __props__.__dict__["is_audit_checked"] = is_audit_checked + __props__.__dict__["is_auto_generated"] = is_auto_generated + __props__.__dict__["is_ootb_policy"] = is_ootb_policy + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["limit_container_privileges"] = limit_container_privileges + __props__.__dict__["linux_capabilities"] = linux_capabilities __props__.__dict__["malware_scan_options"] = malware_scan_options __props__.__dict__["monitor_system_log_integrity"] = monitor_system_log_integrity __props__.__dict__["monitor_system_time_changes"] = monitor_system_time_changes __props__.__dict__["monitor_windows_services"] = monitor_windows_services __props__.__dict__["name"] = name + __props__.__dict__["no_new_privileges"] = no_new_privileges + __props__.__dict__["only_registered_images"] = only_registered_images __props__.__dict__["os_groups_alloweds"] = os_groups_alloweds __props__.__dict__["os_groups_blockeds"] = os_groups_blockeds __props__.__dict__["os_users_alloweds"] = os_users_alloweds __props__.__dict__["os_users_blockeds"] = os_users_blockeds __props__.__dict__["package_blocks"] = package_blocks - __props__.__dict__["port_scanning_detection"] = port_scanning_detection + __props__.__dict__["permission"] = permission + __props__.__dict__["port_block"] = port_block + __props__.__dict__["readonly_files"] = readonly_files + __props__.__dict__["readonly_registry"] = readonly_registry + __props__.__dict__["registry"] = registry + __props__.__dict__["registry_access_monitoring"] = registry_access_monitoring + __props__.__dict__["repo_name"] = repo_name + __props__.__dict__["resource_name"] = resource_name_ + __props__.__dict__["resource_type"] = resource_type + __props__.__dict__["restricted_volumes"] = restricted_volumes + __props__.__dict__["reverse_shell"] = reverse_shell + __props__.__dict__["runtime_mode"] = runtime_mode + __props__.__dict__["runtime_type"] = runtime_type __props__.__dict__["scope_expression"] = scope_expression __props__.__dict__["scope_variables"] = scope_variables - __props__.__dict__["windows_registry_monitoring"] = windows_registry_monitoring - __props__.__dict__["windows_registry_protection"] = windows_registry_protection + __props__.__dict__["scopes"] = scopes + __props__.__dict__["system_integrity_protection"] = system_integrity_protection + __props__.__dict__["tripwire"] = tripwire + __props__.__dict__["type"] = type + __props__.__dict__["updated"] = updated + __props__.__dict__["version"] = version + __props__.__dict__["vpatch_version"] = vpatch_version + __props__.__dict__["whitelisted_os_users"] = whitelisted_os_users return HostRuntimePolicy(resource_name, opts=opts, __props__=__props__) @property - @pulumi.getter(name="applicationScopes") - def application_scopes(self) -> pulumi.Output[Sequence[str]]: + @pulumi.getter(name="allowedExecutables") + def allowed_executables(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyAllowedExecutable']]: """ - Indicates the application scope of the service. + Allowed executables configuration. """ - return pulumi.get(self, "application_scopes") + return pulumi.get(self, "allowed_executables") + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyAllowedRegistry']]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") @property - @pulumi.getter(name="auditAllOsUserActivity") - def audit_all_os_user_activity(self) -> pulumi.Output[Optional[bool]]: + @pulumi.getter(name="applicationScopes") + def application_scopes(self) -> pulumi.Output[Sequence[str]]: """ - If true, all process activity will be audited. + Indicates the application scope of the service. """ - return pulumi.get(self, "audit_all_os_user_activity") + return pulumi.get(self, "application_scopes") @property @pulumi.getter(name="auditBruteForceLogin") @@ -1492,6 +2878,11 @@ def audit_user_account_management(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "audit_user_account_management") + @property + @pulumi.getter + def auditing(self) -> pulumi.Output['outputs.HostRuntimePolicyAuditing']: + return pulumi.get(self, "auditing") + @property @pulumi.getter def author(self) -> pulumi.Output[str]: @@ -1500,6 +2891,16 @@ def author(self) -> pulumi.Output[str]: """ return pulumi.get(self, "author") + @property + @pulumi.getter(name="blacklistedOsUsers") + def blacklisted_os_users(self) -> pulumi.Output['outputs.HostRuntimePolicyBlacklistedOsUsers']: + return pulumi.get(self, "blacklisted_os_users") + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_container_exec") + @property @pulumi.getter(name="blockCryptocurrencyMining") def block_cryptocurrency_mining(self) -> pulumi.Output[Optional[bool]]: @@ -1508,6 +2909,26 @@ def block_cryptocurrency_mining(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "block_cryptocurrency_mining") + @property + @pulumi.getter(name="blockDisallowedImages") + def block_disallowed_images(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_disallowed_images") + + @property + @pulumi.getter(name="blockFilelessExec") + def block_fileless_exec(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_fileless_exec") + + @property + @pulumi.getter(name="blockNonCompliantWorkloads") + def block_non_compliant_workloads(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_non_compliant_workloads") + + @property + @pulumi.getter(name="blockNonK8sContainers") + def block_non_k8s_containers(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "block_non_k8s_containers") + @property @pulumi.getter(name="blockedFiles") def blocked_files(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -1516,6 +2937,34 @@ def blocked_files(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "blocked_files") + @property + @pulumi.getter(name="bypassScopes") + def bypass_scopes(self) -> pulumi.Output[Optional[Sequence['outputs.HostRuntimePolicyBypassScope']]]: + """ + Bypass scope configuration. + """ + return pulumi.get(self, "bypass_scopes") + + @property + @pulumi.getter(name="containerExec") + def container_exec(self) -> pulumi.Output['outputs.HostRuntimePolicyContainerExec']: + return pulumi.get(self, "container_exec") + + @property + @pulumi.getter + def created(self) -> pulumi.Output[str]: + return pulumi.get(self, "created") + + @property + @pulumi.getter + def cve(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "cve") + + @property + @pulumi.getter(name="defaultSecurityProfile") + def default_security_profile(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "default_security_profile") + @property @pulumi.getter def description(self) -> pulumi.Output[Optional[str]]: @@ -1525,18 +2974,43 @@ def description(self) -> pulumi.Output[Optional[str]]: return pulumi.get(self, "description") @property - @pulumi.getter(name="enableIpReputationSecurity") - def enable_ip_reputation_security(self) -> pulumi.Output[Optional[bool]]: + @pulumi.getter + def digest(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "digest") + + @property + @pulumi.getter(name="driftPreventions") + def drift_preventions(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyDriftPrevention']]: """ - If true, detect and prevent communication from containers to IP addresses known to have a bad reputation. + Drift prevention configuration. """ - return pulumi.get(self, "enable_ip_reputation_security") + return pulumi.get(self, "drift_preventions") + + @property + @pulumi.getter(name="enableCryptoMiningDns") + def enable_crypto_mining_dns(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_crypto_mining_dns") + + @property + @pulumi.getter(name="enableForkGuard") + def enable_fork_guard(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_fork_guard") + + @property + @pulumi.getter(name="enableIpReputation") + def enable_ip_reputation(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_ip_reputation") + + @property + @pulumi.getter(name="enablePortScanProtection") + def enable_port_scan_protection(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enable_port_scan_protection") @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if the runtime policy is enabled or not. + Whether allowed executables configuration is enabled. """ return pulumi.get(self, "enabled") @@ -1556,17 +3030,91 @@ def enforce_after_days(self) -> pulumi.Output[Optional[int]]: """ return pulumi.get(self, "enforce_after_days") + @property + @pulumi.getter(name="enforceSchedulerAddedOn") + def enforce_scheduler_added_on(self) -> pulumi.Output[int]: + return pulumi.get(self, "enforce_scheduler_added_on") + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of excluded application scopes. + """ + return pulumi.get(self, "exclude_application_scopes") + + @property + @pulumi.getter(name="executableBlacklists") + def executable_blacklists(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyExecutableBlacklist']]: + """ + Executable blacklist configuration. + """ + return pulumi.get(self, "executable_blacklists") + + @property + @pulumi.getter(name="failedKubernetesChecks") + def failed_kubernetes_checks(self) -> pulumi.Output['outputs.HostRuntimePolicyFailedKubernetesChecks']: + return pulumi.get(self, "failed_kubernetes_checks") + + @property + @pulumi.getter(name="fileBlock") + def file_block(self) -> pulumi.Output['outputs.HostRuntimePolicyFileBlock']: + return pulumi.get(self, "file_block") + @property @pulumi.getter(name="fileIntegrityMonitoring") - def file_integrity_monitoring(self) -> pulumi.Output[Optional['outputs.HostRuntimePolicyFileIntegrityMonitoring']]: + def file_integrity_monitoring(self) -> pulumi.Output['outputs.HostRuntimePolicyFileIntegrityMonitoring']: """ Configuration for file integrity monitoring. """ return pulumi.get(self, "file_integrity_monitoring") + @property + @pulumi.getter(name="forkGuardProcessLimit") + def fork_guard_process_limit(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "fork_guard_process_limit") + + @property + @pulumi.getter(name="imageName") + def image_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "image_name") + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_audit_checked") + + @property + @pulumi.getter(name="isAutoGenerated") + def is_auto_generated(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_auto_generated") + + @property + @pulumi.getter(name="isOotbPolicy") + def is_ootb_policy(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "is_ootb_policy") + + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[int]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="limitContainerPrivileges") + def limit_container_privileges(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyLimitContainerPrivilege']]: + """ + Container privileges configuration. + """ + return pulumi.get(self, "limit_container_privileges") + + @property + @pulumi.getter(name="linuxCapabilities") + def linux_capabilities(self) -> pulumi.Output['outputs.HostRuntimePolicyLinuxCapabilities']: + return pulumi.get(self, "linux_capabilities") + @property @pulumi.getter(name="malwareScanOptions") - def malware_scan_options(self) -> pulumi.Output[Optional['outputs.HostRuntimePolicyMalwareScanOptions']]: + def malware_scan_options(self) -> pulumi.Output['outputs.HostRuntimePolicyMalwareScanOptions']: """ Configuration for Real-Time Malware Protection. """ @@ -1600,10 +3148,20 @@ def monitor_windows_services(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - Name of the host runtime policy + Name assigned to the attribute. """ return pulumi.get(self, "name") + @property + @pulumi.getter(name="noNewPrivileges") + def no_new_privileges(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "no_new_privileges") + + @property + @pulumi.getter(name="onlyRegisteredImages") + def only_registered_images(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "only_registered_images") + @property @pulumi.getter(name="osGroupsAlloweds") def os_groups_alloweds(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -1638,19 +3196,76 @@ def os_users_blockeds(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter(name="packageBlocks") - def package_blocks(self) -> pulumi.Output[Optional[Sequence[str]]]: - """ - List of packages that are not allowed read, write or execute all files that under the packages. - """ + def package_blocks(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyPackageBlock']]: return pulumi.get(self, "package_blocks") @property - @pulumi.getter(name="portScanningDetection") - def port_scanning_detection(self) -> pulumi.Output[Optional[bool]]: + @pulumi.getter + def permission(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="portBlock") + def port_block(self) -> pulumi.Output['outputs.HostRuntimePolicyPortBlock']: + return pulumi.get(self, "port_block") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> pulumi.Output['outputs.HostRuntimePolicyReadonlyFiles']: + return pulumi.get(self, "readonly_files") + + @property + @pulumi.getter(name="readonlyRegistry") + def readonly_registry(self) -> pulumi.Output['outputs.HostRuntimePolicyReadonlyRegistry']: + return pulumi.get(self, "readonly_registry") + + @property + @pulumi.getter + def registry(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "registry") + + @property + @pulumi.getter(name="registryAccessMonitoring") + def registry_access_monitoring(self) -> pulumi.Output['outputs.HostRuntimePolicyRegistryAccessMonitoring']: + return pulumi.get(self, "registry_access_monitoring") + + @property + @pulumi.getter(name="repoName") + def repo_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "repo_name") + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "resource_name") + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "resource_type") + + @property + @pulumi.getter(name="restrictedVolumes") + def restricted_volumes(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicyRestrictedVolume']]: """ - If true, port scanning behaviors will be audited. + Restricted volumes configuration. """ - return pulumi.get(self, "port_scanning_detection") + return pulumi.get(self, "restricted_volumes") + + @property + @pulumi.getter(name="reverseShell") + def reverse_shell(self) -> pulumi.Output['outputs.HostRuntimePolicyReverseShell']: + return pulumi.get(self, "reverse_shell") + + @property + @pulumi.getter(name="runtimeMode") + def runtime_mode(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "runtime_mode") + + @property + @pulumi.getter(name="runtimeType") + def runtime_type(self) -> pulumi.Output[str]: + return pulumi.get(self, "runtime_type") @property @pulumi.getter(name="scopeExpression") @@ -1669,18 +3284,45 @@ def scope_variables(self) -> pulumi.Output[Sequence['outputs.HostRuntimePolicySc return pulumi.get(self, "scope_variables") @property - @pulumi.getter(name="windowsRegistryMonitoring") - def windows_registry_monitoring(self) -> pulumi.Output[Optional['outputs.HostRuntimePolicyWindowsRegistryMonitoring']]: + @pulumi.getter + def scopes(self) -> pulumi.Output[Optional[Sequence['outputs.HostRuntimePolicyScope']]]: """ - Configuration for windows registry monitoring. + Scope configuration. """ - return pulumi.get(self, "windows_registry_monitoring") + return pulumi.get(self, "scopes") @property - @pulumi.getter(name="windowsRegistryProtection") - def windows_registry_protection(self) -> pulumi.Output[Optional['outputs.HostRuntimePolicyWindowsRegistryProtection']]: - """ - Configuration for windows registry protection. - """ - return pulumi.get(self, "windows_registry_protection") + @pulumi.getter(name="systemIntegrityProtection") + def system_integrity_protection(self) -> pulumi.Output['outputs.HostRuntimePolicySystemIntegrityProtection']: + return pulumi.get(self, "system_integrity_protection") + + @property + @pulumi.getter + def tripwire(self) -> pulumi.Output['outputs.HostRuntimePolicyTripwire']: + return pulumi.get(self, "tripwire") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + return pulumi.get(self, "type") + + @property + @pulumi.getter + def updated(self) -> pulumi.Output[str]: + return pulumi.get(self, "updated") + + @property + @pulumi.getter + def version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="vpatchVersion") + def vpatch_version(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "vpatch_version") + + @property + @pulumi.getter(name="whitelistedOsUsers") + def whitelisted_os_users(self) -> pulumi.Output['outputs.HostRuntimePolicyWhitelistedOsUsers']: + return pulumi.get(self, "whitelisted_os_users") diff --git a/sdk/python/pulumiverse_aquasec/image_assurance_policy.py b/sdk/python/pulumiverse_aquasec/image_assurance_policy.py index 3062928f..59969adf 100644 --- a/sdk/python/pulumiverse_aquasec/image_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/image_assurance_policy.py @@ -17,8 +17,11 @@ class ImageAssurancePolicyArgs: def __init__(__self__, *, application_scopes: pulumi.Input[Sequence[pulumi.Input[str]]], + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyAutoScanTimeArgs']]]] = None, @@ -30,6 +33,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -39,6 +43,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -50,17 +55,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs']] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -68,37 +82,48 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['ImageAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a ImageAssurancePolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses @@ -106,18 +131,20 @@ def __init__(__self__, *, :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs'] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -130,10 +157,16 @@ def __init__(__self__, *, :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. """ pulumi.set(__self__, "application_scopes", application_scopes) + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) + if author is not None: + pulumi.set(__self__, "author", author) if auto_scan_configured is not None: pulumi.set(__self__, "auto_scan_configured", auto_scan_configured) if auto_scan_enabled is not None: @@ -156,6 +189,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -174,6 +209,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -196,6 +233,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) if fail_cicd is not None: pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: @@ -206,18 +245,34 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) + if ignore_recently_published_vln_period is not None: + pulumi.set(__self__, "ignore_recently_published_vln_period", ignore_recently_published_vln_period) if ignore_risk_resources_enabled is not None: pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -232,6 +287,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -242,6 +299,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -252,10 +313,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -266,6 +333,10 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: @@ -280,6 +351,18 @@ def application_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: def application_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -292,6 +375,18 @@ def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def allowed_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "allowed_images", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -304,6 +399,18 @@ def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: def audit_on_failure(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_on_failure", value) + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + @property @pulumi.getter(name="autoScanConfigured") def auto_scan_configured(self) -> Optional[pulumi.Input[bool]]: @@ -371,7 +478,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -424,6 +531,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -437,7 +553,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -526,6 +642,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -541,6 +666,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -631,6 +759,15 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> Optional[pulumi.Input[bool]]: @@ -679,6 +816,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -688,6 +834,15 @@ def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: def ignore_recently_published_vln(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "ignore_recently_published_vln", value) + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @ignore_recently_published_vln_period.setter + def ignore_recently_published_vln_period(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ignore_recently_published_vln_period", value) + @property @pulumi.getter(name="ignoreRiskResourcesEnabled") def ignore_risk_resources_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -712,6 +867,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -727,12 +891,45 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs']]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs']]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -745,6 +942,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -781,9 +996,6 @@ def maximum_score_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="maximumScoreExcludeNoFix") def maximum_score_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates that policy should ignore cases that do not have a known fix. - """ return pulumi.get(self, "maximum_score_exclude_no_fix") @maximum_score_exclude_no_fix.setter @@ -820,6 +1032,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -836,7 +1057,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -877,6 +1098,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['ImageAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['ImageAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -925,6 +1164,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -934,6 +1182,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -946,6 +1203,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1003,6 +1269,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1031,8 +1315,10 @@ def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.input_type class _ImageAssurancePolicyState: def __init__(__self__, *, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -1046,6 +1332,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -1055,6 +1342,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -1066,18 +1354,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs']] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -1085,38 +1381,48 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['ImageAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): """ Input properties used for looking up and filtering ImageAssurancePolicy resources. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses @@ -1124,18 +1430,20 @@ def __init__(__self__, *, :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs'] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -1147,10 +1455,14 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. """ + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) if author is not None: @@ -1177,6 +1489,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -1195,6 +1509,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -1217,6 +1533,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) if fail_cicd is not None: pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: @@ -1227,6 +1545,8 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) if ignore_recently_published_vln_period is not None: @@ -1235,12 +1555,24 @@ def __init__(__self__, *, pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -1255,6 +1587,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -1265,6 +1599,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -1275,10 +1613,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -1289,11 +1633,27 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1315,6 +1675,18 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -1406,7 +1778,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -1459,6 +1831,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1472,7 +1853,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -1561,6 +1942,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -1576,6 +1966,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -1666,6 +2059,15 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> Optional[pulumi.Input[bool]]: @@ -1714,6 +2116,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -1756,6 +2167,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1771,12 +2191,45 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs']]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input['ImageAssurancePolicyKubernetesControlsArgs']]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1789,6 +2242,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -1825,9 +2296,6 @@ def maximum_score_enabled(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="maximumScoreExcludeNoFix") def maximum_score_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: - """ - Indicates that policy should ignore cases that do not have a known fix. - """ return pulumi.get(self, "maximum_score_exclude_no_fix") @maximum_score_exclude_no_fix.setter @@ -1864,6 +2332,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1880,7 +2357,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ImageAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -1921,6 +2398,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['ImageAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['ImageAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -1969,6 +2464,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -1978,6 +2482,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -1990,6 +2503,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -2047,6 +2569,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -2077,9 +2617,12 @@ class ImageAssurancePolicy(pulumi.CustomResource): def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2091,6 +2634,7 @@ def __init__(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2100,6 +2644,7 @@ def __init__(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2111,17 +2656,26 @@ def __init__(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[pulumi.InputType['ImageAssurancePolicyKubernetesControlsArgs']]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2129,40 +2683,52 @@ def __init__(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): """ - Create a ImageAssurancePolicy resource with the given unique name, props, and options. + Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses @@ -2170,18 +2736,20 @@ def __init__(__self__, :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[pulumi.InputType['ImageAssurancePolicyKubernetesControlsArgs']] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2200,7 +2768,8 @@ def __init__(__self__, args: ImageAssurancePolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Create a ImageAssurancePolicy resource with the given unique name, props, and options. + Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. + :param str resource_name: The name of the resource. :param ImageAssurancePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -2216,9 +2785,12 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2230,6 +2802,7 @@ def _internal_init(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2239,6 +2812,7 @@ def _internal_init(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2250,17 +2824,26 @@ def _internal_init(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[pulumi.InputType['ImageAssurancePolicyKubernetesControlsArgs']]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2268,23 +2851,31 @@ def _internal_init(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): @@ -2296,11 +2887,14 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = ImageAssurancePolicyArgs.__new__(ImageAssurancePolicyArgs) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images if application_scopes is None and not opts.urn: raise TypeError("Missing required property 'application_scopes'") __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure + __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured __props__.__dict__["auto_scan_enabled"] = auto_scan_enabled __props__.__dict__["auto_scan_times"] = auto_scan_times @@ -2312,6 +2906,7 @@ def _internal_init(__self__, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2321,6 +2916,7 @@ def _internal_init(__self__, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2332,17 +2928,26 @@ def _internal_init(__self__, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln + __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2350,27 +2955,33 @@ def _internal_init(__self__, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled - __props__.__dict__["author"] = None - __props__.__dict__["ignore_recently_published_vln_period"] = None super(ImageAssurancePolicy, __self__).__init__( 'aquasec:index/imageAssurancePolicy:ImageAssurancePolicy', resource_name, @@ -2381,8 +2992,10 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -2396,6 +3009,7 @@ def get(resource_name: str, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2405,6 +3019,7 @@ def get(resource_name: str, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2416,18 +3031,26 @@ def get(resource_name: str, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[pulumi.InputType['ImageAssurancePolicyKubernetesControlsArgs']]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2435,23 +3058,31 @@ def get(resource_name: str, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None) -> 'ImageAssurancePolicy': """ @@ -2461,17 +3092,19 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses @@ -2479,18 +3112,20 @@ def get(resource_name: str, :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[pulumi.InputType['ImageAssurancePolicyKubernetesControlsArgs']] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. - :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ImageAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2506,8 +3141,10 @@ def get(resource_name: str, __props__ = _ImageAssurancePolicyState.__new__(_ImageAssurancePolicyState) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured @@ -2521,6 +3158,7 @@ def get(resource_name: str, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2530,6 +3168,7 @@ def get(resource_name: str, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2541,18 +3180,26 @@ def get(resource_name: str, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2560,27 +3207,43 @@ def get(resource_name: str, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled return ImageAssurancePolicy(resource_name, opts=opts, __props__=__props__) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2594,6 +3257,14 @@ def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: def application_scopes(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "application_scopes") + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> pulumi.Output[str]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> pulumi.Output[Optional[bool]]: @@ -2653,7 +3324,7 @@ def blacklisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -2686,6 +3357,11 @@ def custom_checks_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "custom_checks_enabled") + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> pulumi.Output[str]: + return pulumi.get(self, "custom_severity") + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2695,7 +3371,7 @@ def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -2752,6 +3428,11 @@ def cvss_severity_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: def description(self) -> pulumi.Output[Optional[str]]: return pulumi.get(self, "description") + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "disallow_exploit_types") + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @@ -2763,6 +3444,9 @@ def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -2813,6 +3497,11 @@ def enforce_excessive_permissions(self) -> pulumi.Output[Optional[bool]]: def exceptional_monitored_malware_paths(self) -> pulumi.Output[Optional[Sequence[str]]]: return pulumi.get(self, "exceptional_monitored_malware_paths") + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "exclude_application_scopes") + @property @pulumi.getter(name="failCicd") def fail_cicd(self) -> pulumi.Output[Optional[bool]]: @@ -2841,6 +3530,11 @@ def force_microenforcer(self) -> pulumi.Output[Optional[bool]]: def function_integrity_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "function_integrity_enabled") + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> pulumi.Output[Optional[bool]]: @@ -2867,6 +3561,11 @@ def ignored_risk_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "ignored_risk_resources") + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "ignored_sensitive_resources") + @property @pulumi.getter def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2878,8 +3577,29 @@ def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> pulumi.Output[Optional['outputs.ImageAssurancePolicyKubernetesControls']]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_names") + @property @pulumi.getter def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2888,6 +3608,16 @@ def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "labels") + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[str]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "linux_cis_enabled") + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> pulumi.Output[Optional[str]]: @@ -2912,9 +3642,6 @@ def maximum_score_enabled(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="maximumScoreExcludeNoFix") def maximum_score_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: - """ - Indicates that policy should ignore cases that do not have a known fix. - """ return pulumi.get(self, "maximum_score_exclude_no_fix") @property @@ -2935,6 +3662,11 @@ def only_none_root_users(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "only_none_root_users") + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2947,7 +3679,7 @@ def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> pulumi.Output[Optional[Sequence['outputs.ImageAssurancePolicyPackagesBlackList']]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -2972,6 +3704,16 @@ def packages_white_lists(self) -> pulumi.Output[Optional[Sequence['outputs.Image def partial_results_image_fail(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "partial_results_image_fail") + @property + @pulumi.getter + def permission(self) -> pulumi.Output[str]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> pulumi.Output['outputs.ImageAssurancePolicyPolicySettings']: + return pulumi.get(self, "policy_settings") + @property @pulumi.getter(name="readOnly") def read_only(self) -> pulumi.Output[Optional[bool]]: @@ -3000,11 +3742,21 @@ def required_labels(self) -> pulumi.Output[Optional[Sequence['outputs.ImageAssur def required_labels_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "required_labels_enabled") + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "scan_nfs_mounts") + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_process_memory") + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: @@ -3013,6 +3765,11 @@ def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "scan_sensitive_data") + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_windows_registry") + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -3050,6 +3807,16 @@ def trusted_base_images_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "trusted_base_images_enabled") + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> pulumi.Output[Optional[Sequence[int]]]: + return pulumi.get(self, "vulnerability_score_ranges") + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: diff --git a/sdk/python/pulumiverse_aquasec/integration_registry.py b/sdk/python/pulumiverse_aquasec/integration_registry.py index 310239f0..e32b1473 100644 --- a/sdk/python/pulumiverse_aquasec/integration_registry.py +++ b/sdk/python/pulumiverse_aquasec/integration_registry.py @@ -45,7 +45,7 @@ def __init__(__self__, *, webhooks: Optional[pulumi.Input[Sequence[pulumi.Input['IntegrationRegistryWebhookArgs']]]] = None): """ The set of arguments for constructing a IntegrationRegistry resource. - :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). :param pulumi.Input[bool] advanced_settings_cleanup: Automatically clean up that don't match the pull criteria :param pulumi.Input[Sequence[pulumi.Input[str]]] always_pull_patterns: List of image patterns to pull always :param pulumi.Input[str] author: The username of the user who created or last modified the registry @@ -130,7 +130,7 @@ def __init__(__self__, *, @pulumi.getter def type(self) -> pulumi.Input[str]: """ - Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). """ return pulumi.get(self, "type") @@ -502,7 +502,7 @@ def __init__(__self__, *, :param pulumi.Input[int] registry_scan_timeout: Registry scan timeout in Minutes :param pulumi.Input[Sequence[pulumi.Input[str]]] scanner_names: List of scanner names :param pulumi.Input[str] scanner_type: The Scanner type - :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). :param pulumi.Input[str] url: The URL, address or region of the registry :param pulumi.Input[str] username: The username for registry authentication. :param pulumi.Input[Sequence[pulumi.Input['IntegrationRegistryWebhookArgs']]] webhooks: When enabled, registry events are sent to the given Aqua webhook url @@ -839,7 +839,7 @@ def scanner_type(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def type(self) -> Optional[pulumi.Input[str]]: """ - Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). """ return pulumi.get(self, "type") @@ -953,6 +953,7 @@ def __init__(__self__, value="nginx:latest", ), ], + password="", prefixes=["111111111111.dkr.ecr.us-east-1.amazonaws.com"], pull_image_age="0D", pull_image_count=3, @@ -964,11 +965,8 @@ def __init__(__self__, ":xyz", ":onlytest", ], - scanner_names=[ - "aqua-scanner-645f867c4f-4sbtj", - "aqua-scanner-645f867c4f-8pkdd", - ], - scanner_type="specific", + scanner_names=[], + scanner_type="any", type="AWS", url="us-east-1", username="", @@ -1004,7 +1002,7 @@ def __init__(__self__, :param pulumi.Input[int] registry_scan_timeout: Registry scan timeout in Minutes :param pulumi.Input[Sequence[pulumi.Input[str]]] scanner_names: List of scanner names :param pulumi.Input[str] scanner_type: The Scanner type - :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). :param pulumi.Input[str] url: The URL, address or region of the registry :param pulumi.Input[str] username: The username for registry authentication. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['IntegrationRegistryWebhookArgs']]]] webhooks: When enabled, registry events are sent to the given Aqua webhook url @@ -1051,6 +1049,7 @@ def __init__(__self__, value="nginx:latest", ), ], + password="", prefixes=["111111111111.dkr.ecr.us-east-1.amazonaws.com"], pull_image_age="0D", pull_image_count=3, @@ -1062,11 +1061,8 @@ def __init__(__self__, ":xyz", ":onlytest", ], - scanner_names=[ - "aqua-scanner-645f867c4f-4sbtj", - "aqua-scanner-645f867c4f-8pkdd", - ], - scanner_type="specific", + scanner_names=[], + scanner_type="any", type="AWS", url="us-east-1", username="", @@ -1224,7 +1220,7 @@ def get(resource_name: str, :param pulumi.Input[int] registry_scan_timeout: Registry scan timeout in Minutes :param pulumi.Input[Sequence[pulumi.Input[str]]] scanner_names: List of scanner names :param pulumi.Input[str] scanner_type: The Scanner type - :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + :param pulumi.Input[str] type: Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). :param pulumi.Input[str] url: The URL, address or region of the registry :param pulumi.Input[str] username: The username for registry authentication. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['IntegrationRegistryWebhookArgs']]]] webhooks: When enabled, registry events are sent to the given Aqua webhook url @@ -1447,7 +1443,7 @@ def scanner_type(self) -> pulumi.Output[str]: @pulumi.getter def type(self) -> pulumi.Output[str]: """ - Registry type (HUB / V1 / V2 / ENGINE / AWS / GCR). + Registry type (HUB / V1 / V2 / ACR / GAR / ENGINE / AWS / GCR). """ return pulumi.get(self, "type") diff --git a/sdk/python/pulumiverse_aquasec/kubernetes_assurance_policy.py b/sdk/python/pulumiverse_aquasec/kubernetes_assurance_policy.py index ede2b94d..649dcb87 100644 --- a/sdk/python/pulumiverse_aquasec/kubernetes_assurance_policy.py +++ b/sdk/python/pulumiverse_aquasec/kubernetes_assurance_policy.py @@ -17,8 +17,11 @@ class KubernetesAssurancePolicyArgs: def __init__(__self__, *, application_scopes: pulumi.Input[Sequence[pulumi.Input[str]]], + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyAutoScanTimeArgs']]]] = None, @@ -30,6 +33,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -39,6 +43,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -50,17 +55,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -68,48 +82,64 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['KubernetesAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): """ The set of arguments for constructing a KubernetesAssurancePolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] enabled: Is the control enabled? + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] kubernetes_controls_names: List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. @@ -117,7 +147,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -130,10 +160,16 @@ def __init__(__self__, *, :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. """ pulumi.set(__self__, "application_scopes", application_scopes) + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) + if author is not None: + pulumi.set(__self__, "author", author) if auto_scan_configured is not None: pulumi.set(__self__, "auto_scan_configured", auto_scan_configured) if auto_scan_enabled is not None: @@ -156,6 +192,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -174,6 +212,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -196,6 +236,10 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if fail_cicd is not None: + pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: pulumi.set(__self__, "forbidden_labels", forbidden_labels) if forbidden_labels_enabled is not None: @@ -204,20 +248,34 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) + if ignore_recently_published_vln_period is not None: + pulumi.set(__self__, "ignore_recently_published_vln_period", ignore_recently_published_vln_period) if ignore_risk_resources_enabled is not None: pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) if kubernetes_controls_names is not None: pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -232,6 +290,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -242,6 +302,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -252,10 +316,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -266,6 +336,10 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: @@ -280,6 +354,18 @@ def application_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: def application_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -292,6 +378,18 @@ def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def allowed_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "allowed_images", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -304,6 +402,18 @@ def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: def audit_on_failure(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "audit_on_failure", value) + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + @property @pulumi.getter(name="autoScanConfigured") def auto_scan_configured(self) -> Optional[pulumi.Input[bool]]: @@ -371,7 +481,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -424,6 +534,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -437,7 +556,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -449,7 +568,7 @@ def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -461,7 +580,7 @@ def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -526,6 +645,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -541,6 +669,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -589,6 +720,9 @@ def dta_severity(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Is the control enabled? + """ return pulumi.get(self, "enabled") @enabled.setter @@ -631,6 +765,27 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="failCicd") + def fail_cicd(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if cicd failures will fail the image. + """ + return pulumi.get(self, "fail_cicd") + + @fail_cicd.setter + def fail_cicd(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "fail_cicd", value) + @property @pulumi.getter(name="forbiddenLabels") def forbidden_labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyForbiddenLabelArgs']]]]: @@ -667,6 +822,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -676,6 +840,15 @@ def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: def ignore_recently_published_vln(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "ignore_recently_published_vln", value) + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @ignore_recently_published_vln_period.setter + def ignore_recently_published_vln_period(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ignore_recently_published_vln_period", value) + @property @pulumi.getter(name="ignoreRiskResourcesEnabled") def ignore_risk_resources_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -700,6 +873,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -715,12 +897,36 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + @property @pulumi.getter(name="kubernetesControlsNames") def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -745,6 +951,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -820,6 +1044,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -836,7 +1069,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -877,6 +1110,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['KubernetesAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['KubernetesAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -925,6 +1176,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -934,6 +1194,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -946,6 +1215,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1003,6 +1281,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1031,8 +1327,10 @@ def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.input_type class _KubernetesAssurancePolicyState: def __init__(__self__, *, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -1046,6 +1344,7 @@ def __init__(__self__, *, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyCustomCheckArgs']]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -1055,6 +1354,7 @@ def __init__(__self__, *, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -1066,18 +1366,26 @@ def __init__(__self__, *, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyForbiddenLabelArgs']]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -1085,49 +1393,64 @@ def __init__(__self__, *, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesWhiteListArgs']]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['KubernetesAssurancePolicyPolicySettingsArgs']] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyRequiredLabelArgs']]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyScopeArgs']]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyTrustedBaseImageArgs']]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): """ Input properties used for looking up and filtering KubernetesAssurancePolicy resources. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] enabled: Is the control enabled? + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] kubernetes_controls_names: List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. @@ -1135,7 +1458,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -1147,10 +1470,14 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. """ + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) if allowed_images is not None: pulumi.set(__self__, "allowed_images", allowed_images) if application_scopes is not None: pulumi.set(__self__, "application_scopes", application_scopes) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) if audit_on_failure is not None: pulumi.set(__self__, "audit_on_failure", audit_on_failure) if author is not None: @@ -1177,6 +1504,8 @@ def __init__(__self__, *, pulumi.set(__self__, "custom_checks", custom_checks) if custom_checks_enabled is not None: pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) if custom_severity_enabled is not None: pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) if cves_black_list_enabled is not None: @@ -1195,6 +1524,8 @@ def __init__(__self__, *, pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) if description is not None: pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) if disallow_malware is not None: pulumi.set(__self__, "disallow_malware", disallow_malware) if docker_cis_enabled is not None: @@ -1217,6 +1548,10 @@ def __init__(__self__, *, pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) if exceptional_monitored_malware_paths is not None: pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if fail_cicd is not None: + pulumi.set(__self__, "fail_cicd", fail_cicd) if forbidden_labels is not None: pulumi.set(__self__, "forbidden_labels", forbidden_labels) if forbidden_labels_enabled is not None: @@ -1225,6 +1560,8 @@ def __init__(__self__, *, pulumi.set(__self__, "force_microenforcer", force_microenforcer) if function_integrity_enabled is not None: pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) if ignore_recently_published_vln is not None: pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) if ignore_recently_published_vln_period is not None: @@ -1233,14 +1570,24 @@ def __init__(__self__, *, pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) if ignored_risk_resources is not None: pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) if images is not None: pulumi.set(__self__, "images", images) if kube_cis_enabled is not None: pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) if kubernetes_controls_names is not None: pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) if labels is not None: pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) if malware_action is not None: pulumi.set(__self__, "malware_action", malware_action) if maximum_score is not None: @@ -1255,6 +1602,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if only_none_root_users is not None: pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) if packages_black_list_enabled is not None: pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) if packages_black_lists is not None: @@ -1265,6 +1614,10 @@ def __init__(__self__, *, pulumi.set(__self__, "packages_white_lists", packages_white_lists) if partial_results_image_fail is not None: pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) if read_only is not None: pulumi.set(__self__, "read_only", read_only) if registries is not None: @@ -1275,10 +1628,16 @@ def __init__(__self__, *, pulumi.set(__self__, "required_labels", required_labels) if required_labels_enabled is not None: pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) if scan_nfs_mounts is not None: pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) if scan_sensitive_data is not None: pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) if scap_enabled is not None: pulumi.set(__self__, "scap_enabled", scap_enabled) if scap_files is not None: @@ -1289,11 +1648,27 @@ def __init__(__self__, *, pulumi.set(__self__, "trusted_base_images", trusted_base_images) if trusted_base_images_enabled is not None: pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) if whitelisted_licenses is not None: pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) if whitelisted_licenses_enabled is not None: pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1315,6 +1690,18 @@ def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str] def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "application_scopes", value) + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: @@ -1406,7 +1793,7 @@ def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -1459,6 +1846,15 @@ def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "custom_checks_enabled", value) + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1472,7 +1868,7 @@ def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -1484,7 +1880,7 @@ def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -1496,7 +1892,7 @@ def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -1561,6 +1957,15 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> Optional[pulumi.Input[bool]]: @@ -1576,6 +1981,9 @@ def disallow_malware(self, value: Optional[pulumi.Input[bool]]): @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @docker_cis_enabled.setter @@ -1624,6 +2032,9 @@ def dta_severity(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Is the control enabled? + """ return pulumi.get(self, "enabled") @enabled.setter @@ -1666,6 +2077,27 @@ def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[ def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "exceptional_monitored_malware_paths", value) + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="failCicd") + def fail_cicd(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if cicd failures will fail the image. + """ + return pulumi.get(self, "fail_cicd") + + @fail_cicd.setter + def fail_cicd(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "fail_cicd", value) + @property @pulumi.getter(name="forbiddenLabels") def forbidden_labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyForbiddenLabelArgs']]]]: @@ -1702,6 +2134,15 @@ def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "function_integrity_enabled", value) + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: @@ -1744,6 +2185,15 @@ def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[ def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "ignored_risk_resources", value) + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + @property @pulumi.getter def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1759,12 +2209,36 @@ def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") @kube_cis_enabled.setter def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "kube_cis_enabled", value) + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyKubernetesControlArgs']]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + @property @pulumi.getter(name="kubernetesControlsNames") def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -1789,6 +2263,24 @@ def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "labels", value) + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> Optional[pulumi.Input[str]]: @@ -1864,6 +2356,15 @@ def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "only_none_root_users", value) + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -1880,7 +2381,7 @@ def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['KubernetesAssurancePolicyPackagesBlackListArgs']]]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -1921,6 +2422,24 @@ def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "partial_results_image_fail", value) + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['KubernetesAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['KubernetesAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + @property @pulumi.getter(name="readOnly") def read_only(self) -> Optional[pulumi.Input[bool]]: @@ -1969,6 +2488,15 @@ def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "required_labels_enabled", value) + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: @@ -1978,6 +2506,15 @@ def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_nfs_mounts", value) + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: @@ -1990,6 +2527,15 @@ def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "scan_sensitive_data", value) + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> Optional[pulumi.Input[bool]]: @@ -2047,6 +2593,24 @@ def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "trusted_base_images_enabled", value) + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -2077,9 +2641,12 @@ class KubernetesAssurancePolicy(pulumi.CustomResource): def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2091,6 +2658,7 @@ def __init__(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2100,6 +2668,7 @@ def __init__(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2111,17 +2680,26 @@ def __init__(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2129,51 +2707,68 @@ def __init__(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): """ - Create a KubernetesAssurancePolicy resource with the given unique name, props, and options. + Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] enabled: Is the control enabled? + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyKubernetesControlArgs']]]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] kubernetes_controls_names: List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. @@ -2181,7 +2776,7 @@ def __init__(__self__, :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2200,7 +2795,8 @@ def __init__(__self__, args: KubernetesAssurancePolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ - Create a KubernetesAssurancePolicy resource with the given unique name, props, and options. + Kubernetes Assurance is responsible for checking the security of workload configurations at the pod level, with respect to your organization's security requirements. + :param str resource_name: The name of the resource. :param KubernetesAssurancePolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -2216,9 +2812,12 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, auto_scan_enabled: Optional[pulumi.Input[bool]] = None, auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyAutoScanTimeArgs']]]]] = None, @@ -2230,6 +2829,7 @@ def _internal_init(__self__, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2239,6 +2839,7 @@ def _internal_init(__self__, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2250,17 +2851,26 @@ def _internal_init(__self__, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2268,23 +2878,31 @@ def _internal_init(__self__, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, __props__=None): @@ -2296,11 +2914,14 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = KubernetesAssurancePolicyArgs.__new__(KubernetesAssurancePolicyArgs) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images if application_scopes is None and not opts.urn: raise TypeError("Missing required property 'application_scopes'") __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure + __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured __props__.__dict__["auto_scan_enabled"] = auto_scan_enabled __props__.__dict__["auto_scan_times"] = auto_scan_times @@ -2312,6 +2933,7 @@ def _internal_init(__self__, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2321,6 +2943,7 @@ def _internal_init(__self__, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2332,17 +2955,26 @@ def _internal_init(__self__, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln + __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2350,27 +2982,33 @@ def _internal_init(__self__, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled - __props__.__dict__["author"] = None - __props__.__dict__["ignore_recently_published_vln_period"] = None super(KubernetesAssurancePolicy, __self__).__init__( 'aquasec:index/kubernetesAssurancePolicy:KubernetesAssurancePolicy', resource_name, @@ -2381,8 +3019,10 @@ def _internal_init(__self__, def get(resource_name: str, id: pulumi.Input[str], opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, audit_on_failure: Optional[pulumi.Input[bool]] = None, author: Optional[pulumi.Input[str]] = None, auto_scan_configured: Optional[pulumi.Input[bool]] = None, @@ -2396,6 +3036,7 @@ def get(resource_name: str, control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyCustomCheckArgs']]]]] = None, custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, custom_severity_enabled: Optional[pulumi.Input[bool]] = None, cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, @@ -2405,6 +3046,7 @@ def get(resource_name: str, cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, disallow_malware: Optional[pulumi.Input[bool]] = None, docker_cis_enabled: Optional[pulumi.Input[bool]] = None, domain: Optional[pulumi.Input[str]] = None, @@ -2416,18 +3058,26 @@ def get(resource_name: str, enforce_after_days: Optional[pulumi.Input[int]] = None, enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyForbiddenLabelArgs']]]]] = None, forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, force_microenforcer: Optional[pulumi.Input[bool]] = None, function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, malware_action: Optional[pulumi.Input[str]] = None, maximum_score: Optional[pulumi.Input[float]] = None, maximum_score_enabled: Optional[pulumi.Input[bool]] = None, @@ -2435,23 +3085,31 @@ def get(resource_name: str, monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]]] = None, packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesWhiteListArgs']]]]] = None, partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPolicySettingsArgs']]] = None, read_only: Optional[pulumi.Input[bool]] = None, registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, registry: Optional[pulumi.Input[str]] = None, required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyRequiredLabelArgs']]]]] = None, required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, scap_enabled: Optional[pulumi.Input[bool]] = None, scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyScopeArgs']]]]] = None, trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyTrustedBaseImageArgs']]]]] = None, trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None) -> 'KubernetesAssurancePolicy': """ @@ -2461,28 +3119,35 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. :param pulumi.Input[str] author: Name of user account that created the policy. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. - :param pulumi.Input[bool] blacklisted_licenses_enabled: Lndicates if license blacklist is relevant. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. - :param pulumi.Input[bool] cves_black_list_enabled: Indicates if cves blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. - :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of CVEs blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if CVEs whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] enabled: Is the control enabled? + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyKubernetesControlArgs']]]] kubernetes_controls: List of Kubernetes controls. :param pulumi.Input[Sequence[pulumi.Input[str]]] kubernetes_controls_names: List of kubernetes control names and available kubernetes controls are: 'Access to host IPC namespace', 'Access to host PID', 'Access to host network', 'Access to host ports', 'All container images must start with a GCR domain', 'All container images must start with an ECR domain', 'All container images must start with the *.azurecr.io domain', 'CPU not limited', 'CPU requests not specified', 'Can elevate its own privileges', 'ConfigMap with secrets', 'ConfigMap with sensitive content', 'Container images from public registries used', 'Default capabilitiessome containers do not drop all', 'Default capabilitiessome containers do not drop any', 'Delete pod logs', 'Exec into Pods', 'Image tag :latest used', 'Manage EKS IAM Auth ConfigMap', 'Manage Kubernetes RBAC resources', 'Manage Kubernetes networking', 'Manage Kubernetes workloads and pods', 'Manage all resources', 'Manage all resources at the namespace', 'Manage configmaps', 'Manage namespace secrets', 'Manage secrets', 'Manage webhookconfigurations', 'Manages /etc/hosts', 'Memory not limited', 'Memory requests not specified', 'Non-core volume types used.', 'Non-default /proc masks set', 'Privileged', 'Root file system is not read-only', 'Runs as root user', 'Runs with GID <= 10000', 'Runs with UID <= 10000', 'Runs with a root primary or supplementary GID', 'Runtime/Default AppArmor profile not set', 'Runtime/Default Seccomp profile not set', 'SELinux custom options set', 'SYS_ADMIN capability added', 'Seccomp policies disabled', 'Service with External IP', 'Specific capabilities added', 'Unsafe sysctl options set', 'User with admin access', 'Workloads in the default namespace', 'hostPath volume mounted with docker.sock', 'hostPath volumes mounted' :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. :param pulumi.Input[float] maximum_score: Value of allowed maximum score. @@ -2490,7 +3155,7 @@ def get(resource_name: str, :param pulumi.Input[bool] maximum_score_exclude_no_fix: Indicates that policy should ignore cases that do not have a known fix. :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. - :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of backlisted images. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['KubernetesAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. @@ -2506,8 +3171,10 @@ def get(resource_name: str, __props__ = _KubernetesAssurancePolicyState.__new__(_KubernetesAssurancePolicyState) + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability __props__.__dict__["allowed_images"] = allowed_images __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type __props__.__dict__["audit_on_failure"] = audit_on_failure __props__.__dict__["author"] = author __props__.__dict__["auto_scan_configured"] = auto_scan_configured @@ -2521,6 +3188,7 @@ def get(resource_name: str, __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix __props__.__dict__["custom_checks"] = custom_checks __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled __props__.__dict__["cves_black_lists"] = cves_black_lists @@ -2530,6 +3198,7 @@ def get(resource_name: str, __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types __props__.__dict__["disallow_malware"] = disallow_malware __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled __props__.__dict__["domain"] = domain @@ -2541,18 +3210,26 @@ def get(resource_name: str, __props__.__dict__["enforce_after_days"] = enforce_after_days __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["fail_cicd"] = fail_cicd __props__.__dict__["forbidden_labels"] = forbidden_labels __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled __props__.__dict__["force_microenforcer"] = force_microenforcer __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources __props__.__dict__["images"] = images __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled __props__.__dict__["malware_action"] = malware_action __props__.__dict__["maximum_score"] = maximum_score __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled @@ -2560,27 +3237,43 @@ def get(resource_name: str, __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths __props__.__dict__["name"] = name __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled __props__.__dict__["packages_black_lists"] = packages_black_lists __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled __props__.__dict__["packages_white_lists"] = packages_white_lists __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings __props__.__dict__["read_only"] = read_only __props__.__dict__["registries"] = registries __props__.__dict__["registry"] = registry __props__.__dict__["required_labels"] = required_labels __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry __props__.__dict__["scap_enabled"] = scap_enabled __props__.__dict__["scap_files"] = scap_files __props__.__dict__["scopes"] = scopes __props__.__dict__["trusted_base_images"] = trusted_base_images __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled return KubernetesAssurancePolicy(resource_name, opts=opts, __props__=__props__) + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + @property @pulumi.getter(name="allowedImages") def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2594,6 +3287,14 @@ def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: def application_scopes(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "application_scopes") + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> pulumi.Output[str]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + @property @pulumi.getter(name="auditOnFailure") def audit_on_failure(self) -> pulumi.Output[Optional[bool]]: @@ -2653,7 +3354,7 @@ def blacklisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="blacklistedLicensesEnabled") def blacklisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Lndicates if license blacklist is relevant. + Indicates if license blacklist is relevant. """ return pulumi.get(self, "blacklisted_licenses_enabled") @@ -2686,6 +3387,11 @@ def custom_checks_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "custom_checks_enabled") + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> pulumi.Output[str]: + return pulumi.get(self, "custom_severity") + @property @pulumi.getter(name="customSeverityEnabled") def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2695,7 +3401,7 @@ def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackListEnabled") def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves blacklist is relevant. + Indicates if CVEs blacklist is relevant. """ return pulumi.get(self, "cves_black_list_enabled") @@ -2703,7 +3409,7 @@ def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="cvesBlackLists") def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - List of cves blacklisted items. + List of CVEs blacklisted items. """ return pulumi.get(self, "cves_black_lists") @@ -2711,7 +3417,7 @@ def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="cvesWhiteListEnabled") def cves_white_list_enabled(self) -> pulumi.Output[Optional[bool]]: """ - Indicates if cves whitelist is relevant. + Indicates if CVEs whitelist is relevant. """ return pulumi.get(self, "cves_white_list_enabled") @@ -2752,6 +3458,11 @@ def cvss_severity_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: def description(self) -> pulumi.Output[Optional[str]]: return pulumi.get(self, "description") + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "disallow_exploit_types") + @property @pulumi.getter(name="disallowMalware") def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @@ -2763,6 +3474,9 @@ def disallow_malware(self) -> pulumi.Output[Optional[bool]]: @property @pulumi.getter(name="dockerCisEnabled") def docker_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ return pulumi.get(self, "docker_cis_enabled") @property @@ -2791,6 +3505,9 @@ def dta_severity(self) -> pulumi.Output[Optional[str]]: @property @pulumi.getter def enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Is the control enabled? + """ return pulumi.get(self, "enabled") @property @@ -2813,6 +3530,19 @@ def enforce_excessive_permissions(self) -> pulumi.Output[Optional[bool]]: def exceptional_monitored_malware_paths(self) -> pulumi.Output[Optional[Sequence[str]]]: return pulumi.get(self, "exceptional_monitored_malware_paths") + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "exclude_application_scopes") + + @property + @pulumi.getter(name="failCicd") + def fail_cicd(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if cicd failures will fail the image. + """ + return pulumi.get(self, "fail_cicd") + @property @pulumi.getter(name="forbiddenLabels") def forbidden_labels(self) -> pulumi.Output[Optional[Sequence['outputs.KubernetesAssurancePolicyForbiddenLabel']]]: @@ -2833,6 +3563,11 @@ def force_microenforcer(self) -> pulumi.Output[Optional[bool]]: def function_integrity_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "function_integrity_enabled") + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + @property @pulumi.getter(name="ignoreRecentlyPublishedVln") def ignore_recently_published_vln(self) -> pulumi.Output[Optional[bool]]: @@ -2859,6 +3594,11 @@ def ignored_risk_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "ignored_risk_resources") + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "ignored_sensitive_resources") + @property @pulumi.getter def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2870,8 +3610,24 @@ def images(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter(name="kubeCisEnabled") def kube_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ return pulumi.get(self, "kube_cis_enabled") + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> pulumi.Output[Sequence['outputs.KubernetesAssurancePolicyKubernetesControl']]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + @property @pulumi.getter(name="kubernetesControlsNames") def kubernetes_controls_names(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -2888,6 +3644,16 @@ def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "labels") + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[str]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "linux_cis_enabled") + @property @pulumi.getter(name="malwareAction") def malware_action(self) -> pulumi.Output[Optional[str]]: @@ -2935,6 +3701,11 @@ def only_none_root_users(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "only_none_root_users") + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + @property @pulumi.getter(name="packagesBlackListEnabled") def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -2947,7 +3718,7 @@ def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="packagesBlackLists") def packages_black_lists(self) -> pulumi.Output[Optional[Sequence['outputs.KubernetesAssurancePolicyPackagesBlackList']]]: """ - List of backlisted images. + List of blacklisted images. """ return pulumi.get(self, "packages_black_lists") @@ -2972,6 +3743,16 @@ def packages_white_lists(self) -> pulumi.Output[Optional[Sequence['outputs.Kuber def partial_results_image_fail(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "partial_results_image_fail") + @property + @pulumi.getter + def permission(self) -> pulumi.Output[str]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> pulumi.Output['outputs.KubernetesAssurancePolicyPolicySettings']: + return pulumi.get(self, "policy_settings") + @property @pulumi.getter(name="readOnly") def read_only(self) -> pulumi.Output[Optional[bool]]: @@ -3000,11 +3781,21 @@ def required_labels(self) -> pulumi.Output[Optional[Sequence['outputs.Kubernetes def required_labels_enabled(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "required_labels_enabled") + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + @property @pulumi.getter(name="scanNfsMounts") def scan_nfs_mounts(self) -> pulumi.Output[Optional[bool]]: return pulumi.get(self, "scan_nfs_mounts") + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_process_memory") + @property @pulumi.getter(name="scanSensitiveData") def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: @@ -3013,6 +3804,11 @@ def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "scan_sensitive_data") + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_windows_registry") + @property @pulumi.getter(name="scapEnabled") def scap_enabled(self) -> pulumi.Output[Optional[bool]]: @@ -3050,6 +3846,16 @@ def trusted_base_images_enabled(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "trusted_base_images_enabled") + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> pulumi.Output[Optional[Sequence[int]]]: + return pulumi.get(self, "vulnerability_score_ranges") + @property @pulumi.getter(name="whitelistedLicenses") def whitelisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: diff --git a/sdk/python/pulumiverse_aquasec/outputs.py b/sdk/python/pulumiverse_aquasec/outputs.py index 773ae924..dc09b4cf 100644 --- a/sdk/python/pulumiverse_aquasec/outputs.py +++ b/sdk/python/pulumiverse_aquasec/outputs.py @@ -34,9 +34,34 @@ 'ApplicationScopeCategoryWorkloadKuberneteVariable', 'ApplicationScopeCategoryWorkloadO', 'ApplicationScopeCategoryWorkloadOVariable', + 'ContainerRuntimePolicyAllowedExecutable', + 'ContainerRuntimePolicyAllowedRegistry', + 'ContainerRuntimePolicyAuditing', + 'ContainerRuntimePolicyBlacklistedOsUsers', + 'ContainerRuntimePolicyBypassScope', + 'ContainerRuntimePolicyBypassScopeScope', + 'ContainerRuntimePolicyBypassScopeScopeVariable', + 'ContainerRuntimePolicyContainerExec', + 'ContainerRuntimePolicyDriftPrevention', + 'ContainerRuntimePolicyExecutableBlacklist', + 'ContainerRuntimePolicyFailedKubernetesChecks', + 'ContainerRuntimePolicyFileBlock', 'ContainerRuntimePolicyFileIntegrityMonitoring', + 'ContainerRuntimePolicyLimitContainerPrivilege', + 'ContainerRuntimePolicyLinuxCapabilities', 'ContainerRuntimePolicyMalwareScanOptions', + 'ContainerRuntimePolicyPackageBlock', + 'ContainerRuntimePolicyPortBlock', + 'ContainerRuntimePolicyReadonlyFiles', + 'ContainerRuntimePolicyReadonlyRegistry', + 'ContainerRuntimePolicyRegistryAccessMonitoring', + 'ContainerRuntimePolicyRestrictedVolume', + 'ContainerRuntimePolicyReverseShell', + 'ContainerRuntimePolicyScope', 'ContainerRuntimePolicyScopeVariable', + 'ContainerRuntimePolicySystemIntegrityProtection', + 'ContainerRuntimePolicyTripwire', + 'ContainerRuntimePolicyWhitelistedOsUsers', 'EnforcerGroupsCommand', 'EnforcerGroupsOrchestrator', 'FirewallPolicyInboundNetwork', @@ -44,33 +69,88 @@ 'FunctionAssurancePolicyAutoScanTime', 'FunctionAssurancePolicyCustomCheck', 'FunctionAssurancePolicyForbiddenLabel', + 'FunctionAssurancePolicyKubernetesControl', 'FunctionAssurancePolicyPackagesBlackList', 'FunctionAssurancePolicyPackagesWhiteList', + 'FunctionAssurancePolicyPolicySettings', 'FunctionAssurancePolicyRequiredLabel', 'FunctionAssurancePolicyScope', 'FunctionAssurancePolicyScopeVariable', 'FunctionAssurancePolicyTrustedBaseImage', + 'FunctionRuntimePolicyAllowedExecutable', + 'FunctionRuntimePolicyAllowedRegistry', + 'FunctionRuntimePolicyAuditing', + 'FunctionRuntimePolicyBlacklistedOsUsers', + 'FunctionRuntimePolicyBypassScope', + 'FunctionRuntimePolicyBypassScopeScope', + 'FunctionRuntimePolicyBypassScopeScopeVariable', + 'FunctionRuntimePolicyContainerExec', + 'FunctionRuntimePolicyDriftPrevention', + 'FunctionRuntimePolicyExecutableBlacklist', + 'FunctionRuntimePolicyFailedKubernetesChecks', + 'FunctionRuntimePolicyFileBlock', + 'FunctionRuntimePolicyFileIntegrityMonitoring', + 'FunctionRuntimePolicyLimitContainerPrivilege', + 'FunctionRuntimePolicyLinuxCapabilities', + 'FunctionRuntimePolicyMalwareScanOptions', + 'FunctionRuntimePolicyPackageBlock', + 'FunctionRuntimePolicyPortBlock', + 'FunctionRuntimePolicyReadonlyFiles', + 'FunctionRuntimePolicyReadonlyRegistry', + 'FunctionRuntimePolicyRegistryAccessMonitoring', + 'FunctionRuntimePolicyRestrictedVolume', + 'FunctionRuntimePolicyReverseShell', + 'FunctionRuntimePolicyScope', 'FunctionRuntimePolicyScopeVariable', + 'FunctionRuntimePolicySystemIntegrityProtection', + 'FunctionRuntimePolicyTripwire', + 'FunctionRuntimePolicyWhitelistedOsUsers', 'HostAssurancePolicyAutoScanTime', 'HostAssurancePolicyCustomCheck', 'HostAssurancePolicyForbiddenLabel', 'HostAssurancePolicyPackagesBlackList', 'HostAssurancePolicyPackagesWhiteList', + 'HostAssurancePolicyPolicySettings', 'HostAssurancePolicyRequiredLabel', 'HostAssurancePolicyScope', 'HostAssurancePolicyScopeVariable', 'HostAssurancePolicyTrustedBaseImage', + 'HostRuntimePolicyAllowedExecutable', + 'HostRuntimePolicyAllowedRegistry', + 'HostRuntimePolicyAuditing', + 'HostRuntimePolicyBlacklistedOsUsers', + 'HostRuntimePolicyBypassScope', + 'HostRuntimePolicyBypassScopeScope', + 'HostRuntimePolicyBypassScopeScopeVariable', + 'HostRuntimePolicyContainerExec', + 'HostRuntimePolicyDriftPrevention', + 'HostRuntimePolicyExecutableBlacklist', + 'HostRuntimePolicyFailedKubernetesChecks', + 'HostRuntimePolicyFileBlock', 'HostRuntimePolicyFileIntegrityMonitoring', + 'HostRuntimePolicyLimitContainerPrivilege', + 'HostRuntimePolicyLinuxCapabilities', 'HostRuntimePolicyMalwareScanOptions', + 'HostRuntimePolicyPackageBlock', + 'HostRuntimePolicyPortBlock', + 'HostRuntimePolicyReadonlyFiles', + 'HostRuntimePolicyReadonlyRegistry', + 'HostRuntimePolicyRegistryAccessMonitoring', + 'HostRuntimePolicyRestrictedVolume', + 'HostRuntimePolicyReverseShell', + 'HostRuntimePolicyScope', 'HostRuntimePolicyScopeVariable', - 'HostRuntimePolicyWindowsRegistryMonitoring', - 'HostRuntimePolicyWindowsRegistryProtection', + 'HostRuntimePolicySystemIntegrityProtection', + 'HostRuntimePolicyTripwire', + 'HostRuntimePolicyWhitelistedOsUsers', 'ImageAssuranceChecksPerformed', 'ImageAssurancePolicyAutoScanTime', 'ImageAssurancePolicyCustomCheck', 'ImageAssurancePolicyForbiddenLabel', + 'ImageAssurancePolicyKubernetesControls', 'ImageAssurancePolicyPackagesBlackList', 'ImageAssurancePolicyPackagesWhiteList', + 'ImageAssurancePolicyPolicySettings', 'ImageAssurancePolicyRequiredLabel', 'ImageAssurancePolicyScope', 'ImageAssurancePolicyScopeVariable', @@ -82,8 +162,10 @@ 'KubernetesAssurancePolicyAutoScanTime', 'KubernetesAssurancePolicyCustomCheck', 'KubernetesAssurancePolicyForbiddenLabel', + 'KubernetesAssurancePolicyKubernetesControl', 'KubernetesAssurancePolicyPackagesBlackList', 'KubernetesAssurancePolicyPackagesWhiteList', + 'KubernetesAssurancePolicyPolicySettings', 'KubernetesAssurancePolicyRequiredLabel', 'KubernetesAssurancePolicyScope', 'KubernetesAssurancePolicyScopeVariable', @@ -95,6 +177,17 @@ 'ServiceScopeVariable', 'UserSaasGroup', 'UserSaasLogin', + 'VmwareAssurancePolicyAutoScanTime', + 'VmwareAssurancePolicyCustomCheck', + 'VmwareAssurancePolicyForbiddenLabel', + 'VmwareAssurancePolicyKubernetesControl', + 'VmwareAssurancePolicyPackagesBlackList', + 'VmwareAssurancePolicyPackagesWhiteList', + 'VmwareAssurancePolicyPolicySettings', + 'VmwareAssurancePolicyRequiredLabel', + 'VmwareAssurancePolicyScope', + 'VmwareAssurancePolicyScopeVariable', + 'VmwareAssurancePolicyTrustedBaseImage', 'GetAcknowledgesAcknowledgeResult', 'GetApplicationScopeCategoryResult', 'GetApplicationScopeCategoryArtifactResult', @@ -119,8 +212,17 @@ 'GetApplicationScopeCategoryWorkloadOResult', 'GetApplicationScopeCategoryWorkloadOVariableResult', 'GetAquaLabelsAquaLabelResult', + 'GetContainerRuntimePolicyAllowedExecutableResult', + 'GetContainerRuntimePolicyAllowedRegistryResult', + 'GetContainerRuntimePolicyAuditingResult', + 'GetContainerRuntimePolicyContainerExecResult', + 'GetContainerRuntimePolicyFileBlockResult', 'GetContainerRuntimePolicyFileIntegrityMonitoringResult', + 'GetContainerRuntimePolicyLimitContainerPrivilegeResult', 'GetContainerRuntimePolicyMalwareScanOptionResult', + 'GetContainerRuntimePolicyPortBlockResult', + 'GetContainerRuntimePolicyReadonlyFilesResult', + 'GetContainerRuntimePolicyRestrictedVolumeResult', 'GetContainerRuntimePolicyScopeVariableResult', 'GetEnforcerGroupsCommandResult', 'GetEnforcerGroupsOrchestratorResult', @@ -135,6 +237,8 @@ 'GetFunctionAssurancePolicyScopeResult', 'GetFunctionAssurancePolicyScopeVariableResult', 'GetFunctionAssurancePolicyTrustedBaseImageResult', + 'GetFunctionRuntimePolicyDriftPreventionResult', + 'GetFunctionRuntimePolicyExecutableBlacklistResult', 'GetFunctionRuntimePolicyScopeVariableResult', 'GetGatewaysGatewayResult', 'GetGroupsGroupResult', @@ -147,8 +251,10 @@ 'GetHostAssurancePolicyScopeResult', 'GetHostAssurancePolicyScopeVariableResult', 'GetHostAssurancePolicyTrustedBaseImageResult', + 'GetHostRuntimePolicyAuditingResult', 'GetHostRuntimePolicyFileIntegrityMonitoringResult', 'GetHostRuntimePolicyMalwareScanOptionResult', + 'GetHostRuntimePolicyPackageBlockResult', 'GetHostRuntimePolicyScopeVariableResult', 'GetHostRuntimePolicyWindowsRegistryMonitoringResult', 'GetHostRuntimePolicyWindowsRegistryProtectionResult', @@ -164,6 +270,8 @@ 'GetImageAssurancePolicyTrustedBaseImageResult', 'GetImageHistoryResult', 'GetImageVulnerabilityResult', + 'GetIntegrationRegistriesOptionResult', + 'GetIntegrationRegistriesWebhookResult', 'GetIntegrationRegistryOptionResult', 'GetIntegrationRegistryWebhookResult', 'GetKubernetesAssurancePolicyAutoScanTimeResult', @@ -571,6 +679,10 @@ def __init__(__self__, *, cfs: Optional[Sequence['outputs.ApplicationScopeCategoryArtifactCf']] = None, functions: Optional[Sequence['outputs.ApplicationScopeCategoryArtifactFunction']] = None, images: Optional[Sequence['outputs.ApplicationScopeCategoryArtifactImage']] = None): + """ + :param Sequence['ApplicationScopeCategoryArtifactFunctionArgs'] functions: Function name + :param Sequence['ApplicationScopeCategoryArtifactImageArgs'] images: Name of a registry as defined in Aqua + """ if cfs is not None: pulumi.set(__self__, "cfs", cfs) if functions is not None: @@ -586,11 +698,17 @@ def cfs(self) -> Optional[Sequence['outputs.ApplicationScopeCategoryArtifactCf'] @property @pulumi.getter def functions(self) -> Optional[Sequence['outputs.ApplicationScopeCategoryArtifactFunction']]: + """ + Function name + """ return pulumi.get(self, "functions") @property @pulumi.getter def images(self) -> Optional[Sequence['outputs.ApplicationScopeCategoryArtifactImage']]: + """ + Name of a registry as defined in Aqua + """ return pulumi.get(self, "images") @@ -1023,2371 +1141,2746 @@ def value(self) -> Optional[str]: @pulumi.output_type -class ContainerRuntimePolicyFileIntegrityMonitoring(dict): +class ContainerRuntimePolicyAllowedExecutable(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "excludedPaths": - suggest = "excluded_paths" - elif key == "excludedProcesses": - suggest = "excluded_processes" - elif key == "excludedUsers": - suggest = "excluded_users" - elif key == "monitorAttributes": - suggest = "monitor_attributes" - elif key == "monitorCreate": - suggest = "monitor_create" - elif key == "monitorDelete": - suggest = "monitor_delete" - elif key == "monitorModify": - suggest = "monitor_modify" - elif key == "monitorRead": - suggest = "monitor_read" - elif key == "monitoredPaths": - suggest = "monitored_paths" - elif key == "monitoredProcesses": - suggest = "monitored_processes" - elif key == "monitoredUsers": - suggest = "monitored_users" + if key == "allowExecutables": + suggest = "allow_executables" + elif key == "allowRootExecutables": + suggest = "allow_root_executables" + elif key == "separateExecutables": + suggest = "separate_executables" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyFileIntegrityMonitoring. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyAllowedExecutable. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ContainerRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + ContainerRuntimePolicyAllowedExecutable.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ContainerRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + ContainerRuntimePolicyAllowedExecutable.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - excluded_paths: Optional[Sequence[str]] = None, - excluded_processes: Optional[Sequence[str]] = None, - excluded_users: Optional[Sequence[str]] = None, - monitor_attributes: Optional[bool] = None, - monitor_create: Optional[bool] = None, - monitor_delete: Optional[bool] = None, - monitor_modify: Optional[bool] = None, - monitor_read: Optional[bool] = None, - monitored_paths: Optional[Sequence[str]] = None, - monitored_processes: Optional[Sequence[str]] = None, - monitored_users: Optional[Sequence[str]] = None): - """ - :param Sequence[str] excluded_paths: List of paths to be excluded from being monitored. - :param Sequence[str] excluded_processes: List of processes to be excluded from being monitored. - :param Sequence[str] excluded_users: List of users to be excluded from being monitored. - :param bool monitor_attributes: If true, add attributes operations will be monitored. - :param bool monitor_create: If true, create operations will be monitored. - :param bool monitor_delete: If true, deletion operations will be monitored. - :param bool monitor_modify: If true, modification operations will be monitored. - :param bool monitor_read: If true, read operations will be monitored. - :param Sequence[str] monitored_paths: List of paths to be monitored. - :param Sequence[str] monitored_processes: List of processes to be monitored. - :param Sequence[str] monitored_users: List of users to be monitored. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if monitor_attributes is not None: - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - if monitor_create is not None: - pulumi.set(__self__, "monitor_create", monitor_create) - if monitor_delete is not None: - pulumi.set(__self__, "monitor_delete", monitor_delete) - if monitor_modify is not None: - pulumi.set(__self__, "monitor_modify", monitor_modify) - if monitor_read is not None: - pulumi.set(__self__, "monitor_read", monitor_read) - if monitored_paths is not None: - pulumi.set(__self__, "monitored_paths", monitored_paths) - if monitored_processes is not None: - pulumi.set(__self__, "monitored_processes", monitored_processes) - if monitored_users is not None: - pulumi.set(__self__, "monitored_users", monitored_users) - - @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[Sequence[str]]: + allow_executables: Optional[Sequence[str]] = None, + allow_root_executables: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + separate_executables: Optional[bool] = None): """ - List of paths to be excluded from being monitored. + :param Sequence[str] allow_executables: List of allowed executables. + :param Sequence[str] allow_root_executables: List of allowed root executables. + :param bool enabled: Whether allowed executables configuration is enabled. + :param bool separate_executables: Whether to treat executables separately. """ - return pulumi.get(self, "excluded_paths") + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[Sequence[str]]: + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[Sequence[str]]: """ - List of processes to be excluded from being monitored. + List of allowed executables. """ - return pulumi.get(self, "excluded_processes") + return pulumi.get(self, "allow_executables") @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[Sequence[str]]: + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[Sequence[str]]: """ - List of users to be excluded from being monitored. + List of allowed root executables. """ - return pulumi.get(self, "excluded_users") + return pulumi.get(self, "allow_root_executables") @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> Optional[bool]: + @pulumi.getter + def enabled(self) -> Optional[bool]: """ - If true, add attributes operations will be monitored. + Whether allowed executables configuration is enabled. """ - return pulumi.get(self, "monitor_attributes") + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> Optional[bool]: + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[bool]: """ - If true, create operations will be monitored. + Whether to treat executables separately. """ - return pulumi.get(self, "monitor_create") + return pulumi.get(self, "separate_executables") - @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> Optional[bool]: + +@pulumi.output_type +class ContainerRuntimePolicyAllowedRegistry(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "allowedRegistries": + suggest = "allowed_registries" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyAllowedRegistry. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyAllowedRegistry.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyAllowedRegistry.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allowed_registries: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): """ - If true, deletion operations will be monitored. + :param Sequence[str] allowed_registries: List of allowed registries. + :param bool enabled: Whether allowed registries are enabled. """ - return pulumi.get(self, "monitor_delete") + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> Optional[bool]: + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[Sequence[str]]: """ - If true, modification operations will be monitored. + List of allowed registries. """ - return pulumi.get(self, "monitor_modify") + return pulumi.get(self, "allowed_registries") @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> Optional[bool]: + @pulumi.getter + def enabled(self) -> Optional[bool]: """ - If true, read operations will be monitored. + Whether allowed registries are enabled. """ - return pulumi.get(self, "monitor_read") + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class ContainerRuntimePolicyAuditing(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "auditAllNetwork": + suggest = "audit_all_network" + elif key == "auditAllProcesses": + suggest = "audit_all_processes" + elif key == "auditFailedLogin": + suggest = "audit_failed_login" + elif key == "auditOsUserActivity": + suggest = "audit_os_user_activity" + elif key == "auditProcessCmdline": + suggest = "audit_process_cmdline" + elif key == "auditSuccessLogin": + suggest = "audit_success_login" + elif key == "auditUserAccountManagement": + suggest = "audit_user_account_management" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyAuditing. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyAuditing.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyAuditing.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Optional[Sequence[str]]: - """ - List of paths to be monitored. - """ - return pulumi.get(self, "monitored_paths") + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Optional[Sequence[str]]: - """ - List of processes to be monitored. - """ - return pulumi.get(self, "monitored_processes") + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Optional[Sequence[str]]: - """ - List of users to be monitored. - """ - return pulumi.get(self, "monitored_users") + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @pulumi.output_type -class ContainerRuntimePolicyMalwareScanOptions(dict): +class ContainerRuntimePolicyBlacklistedOsUsers(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "excludeDirectories": - suggest = "exclude_directories" - elif key == "excludeProcesses": - suggest = "exclude_processes" + if key == "groupBlackLists": + suggest = "group_black_lists" + elif key == "userBlackLists": + suggest = "user_black_lists" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyMalwareScanOptions. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyBlacklistedOsUsers. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ContainerRuntimePolicyMalwareScanOptions.__key_warning(key) + ContainerRuntimePolicyBlacklistedOsUsers.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ContainerRuntimePolicyMalwareScanOptions.__key_warning(key) + ContainerRuntimePolicyBlacklistedOsUsers.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - action: Optional[str] = None, enabled: Optional[bool] = None, - exclude_directories: Optional[Sequence[str]] = None, - exclude_processes: Optional[Sequence[str]] = None): - """ - :param str action: Set Action, Defaults to 'Alert' when empty - :param bool enabled: Defines if enabled or not - :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. - :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. - """ - if action is not None: - pulumi.set(__self__, "action", action) + group_black_lists: Optional[Sequence[str]] = None, + user_black_lists: Optional[Sequence[str]] = None): if enabled is not None: pulumi.set(__self__, "enabled", enabled) - if exclude_directories is not None: - pulumi.set(__self__, "exclude_directories", exclude_directories) - if exclude_processes is not None: - pulumi.set(__self__, "exclude_processes", exclude_processes) + if group_black_lists is not None: + pulumi.set(__self__, "group_black_lists", group_black_lists) + if user_black_lists is not None: + pulumi.set(__self__, "user_black_lists", user_black_lists) @property @pulumi.getter - def action(self) -> Optional[str]: + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="groupBlackLists") + def group_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "group_black_lists") + + @property + @pulumi.getter(name="userBlackLists") + def user_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "user_black_lists") + + +@pulumi.output_type +class ContainerRuntimePolicyBypassScope(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + scopes: Optional[Sequence['outputs.ContainerRuntimePolicyBypassScopeScope']] = None): """ - Set Action, Defaults to 'Alert' when empty + :param bool enabled: Whether bypassing the scope is enabled. + :param Sequence['ContainerRuntimePolicyBypassScopeScopeArgs'] scopes: Scope configuration. """ - return pulumi.get(self, "action") + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) @property @pulumi.getter def enabled(self) -> Optional[bool]: """ - Defines if enabled or not + Whether bypassing the scope is enabled. """ return pulumi.get(self, "enabled") @property - @pulumi.getter(name="excludeDirectories") - def exclude_directories(self) -> Optional[Sequence[str]]: + @pulumi.getter + def scopes(self) -> Optional[Sequence['outputs.ContainerRuntimePolicyBypassScopeScope']]: """ - List of registry paths to be excluded from being protected. + Scope configuration. """ - return pulumi.get(self, "exclude_directories") + return pulumi.get(self, "scopes") + + +@pulumi.output_type +class ContainerRuntimePolicyBypassScopeScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.ContainerRuntimePolicyBypassScopeScopeVariable']] = None): + """ + :param str expression: Scope expression. + :param Sequence['ContainerRuntimePolicyBypassScopeScopeVariableArgs'] variables: List of variables in the scope. + """ + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property - @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Optional[Sequence[str]]: + @pulumi.getter + def expression(self) -> Optional[str]: """ - List of registry processes to be excluded from being protected. + Scope expression. """ - return pulumi.get(self, "exclude_processes") + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def variables(self) -> Optional[Sequence['outputs.ContainerRuntimePolicyBypassScopeScopeVariable']]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") @pulumi.output_type -class ContainerRuntimePolicyScopeVariable(dict): +class ContainerRuntimePolicyBypassScopeScopeVariable(dict): def __init__(__self__, *, - attribute: str, - value: str, - name: Optional[str] = None): + attribute: Optional[str] = None, + value: Optional[str] = None): """ - :param str attribute: Class of supported scope. - :param str value: Value assigned to the attribute. - :param str name: Name assigned to the attribute. + :param str attribute: Variable attribute. + :param str value: Variable value. """ - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) - if name is not None: - pulumi.set(__self__, "name", name) + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def attribute(self) -> str: + def attribute(self) -> Optional[str]: """ - Class of supported scope. + Variable attribute. """ return pulumi.get(self, "attribute") @property @pulumi.getter - def value(self) -> str: + def value(self) -> Optional[str]: """ - Value assigned to the attribute. + Variable value. """ return pulumi.get(self, "value") - @property - @pulumi.getter - def name(self) -> Optional[str]: - """ - Name assigned to the attribute. - """ - return pulumi.get(self, "name") - @pulumi.output_type -class EnforcerGroupsCommand(dict): +class ContainerRuntimePolicyContainerExec(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockContainerExec": + suggest = "block_container_exec" + elif key == "containerExecProcWhiteLists": + suggest = "container_exec_proc_white_lists" + elif key == "reverseShellIpWhiteLists": + suggest = "reverse_shell_ip_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyContainerExec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyContainerExec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyContainerExec.__key_warning(key) + return super().get(key, default) + def __init__(__self__, *, - default: Optional[str] = None, - kubernetes: Optional[str] = None, - swarm: Optional[str] = None, - windows: Optional[str] = None): - if default is not None: - pulumi.set(__self__, "default", default) - if kubernetes is not None: - pulumi.set(__self__, "kubernetes", kubernetes) - if swarm is not None: - pulumi.set(__self__, "swarm", swarm) - if windows is not None: - pulumi.set(__self__, "windows", windows) + block_container_exec: Optional[bool] = None, + container_exec_proc_white_lists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) @property - @pulumi.getter - def default(self) -> Optional[str]: - return pulumi.get(self, "default") + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[bool]: + return pulumi.get(self, "block_container_exec") @property - @pulumi.getter - def kubernetes(self) -> Optional[str]: - return pulumi.get(self, "kubernetes") + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "container_exec_proc_white_lists") @property @pulumi.getter - def swarm(self) -> Optional[str]: - return pulumi.get(self, "swarm") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def windows(self) -> Optional[str]: - return pulumi.get(self, "windows") + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") @pulumi.output_type -class EnforcerGroupsOrchestrator(dict): +class ContainerRuntimePolicyDriftPrevention(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "serviceAccount": - suggest = "service_account" + if key == "execLockdown": + suggest = "exec_lockdown" + elif key == "execLockdownWhiteLists": + suggest = "exec_lockdown_white_lists" + elif key == "imageLockdown": + suggest = "image_lockdown" if suggest: - pulumi.log.warn(f"Key '{key}' not found in EnforcerGroupsOrchestrator. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyDriftPrevention. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - EnforcerGroupsOrchestrator.__key_warning(key) + ContainerRuntimePolicyDriftPrevention.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - EnforcerGroupsOrchestrator.__key_warning(key) + ContainerRuntimePolicyDriftPrevention.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - master: Optional[bool] = None, - namespace: Optional[str] = None, - service_account: Optional[str] = None, - type: Optional[str] = None): + enabled: Optional[bool] = None, + exec_lockdown: Optional[bool] = None, + exec_lockdown_white_lists: Optional[Sequence[str]] = None, + image_lockdown: Optional[bool] = None): """ - :param str namespace: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - :param str service_account: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). - :param str type: Enforcer Type. + :param bool enabled: Whether drift prevention is enabled. + :param bool exec_lockdown: Whether to lockdown execution drift. + :param Sequence[str] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param bool image_lockdown: Whether to lockdown image drift. """ - if master is not None: - pulumi.set(__self__, "master", master) - if namespace is not None: - pulumi.set(__self__, "namespace", namespace) - if service_account is not None: - pulumi.set(__self__, "service_account", service_account) - if type is not None: - pulumi.set(__self__, "type", type) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) @property @pulumi.getter - def master(self) -> Optional[bool]: - return pulumi.get(self, "master") + def enabled(self) -> Optional[bool]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") @property - @pulumi.getter - def namespace(self) -> Optional[str]: + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[bool]: """ - May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + Whether to lockdown execution drift. """ - return pulumi.get(self, "namespace") + return pulumi.get(self, "exec_lockdown") @property - @pulumi.getter(name="serviceAccount") - def service_account(self) -> Optional[str]: + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[Sequence[str]]: """ - May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + List of items in the execution lockdown white list. """ - return pulumi.get(self, "service_account") + return pulumi.get(self, "exec_lockdown_white_lists") @property - @pulumi.getter - def type(self) -> Optional[str]: + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[bool]: """ - Enforcer Type. + Whether to lockdown image drift. """ - return pulumi.get(self, "type") + return pulumi.get(self, "image_lockdown") @pulumi.output_type -class FirewallPolicyInboundNetwork(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "portRange": - suggest = "port_range" - elif key == "resourceType": - suggest = "resource_type" - - if suggest: - pulumi.log.warn(f"Key '{key}' not found in FirewallPolicyInboundNetwork. Access the value via the '{suggest}' property getter instead.") - - def __getitem__(self, key: str) -> Any: - FirewallPolicyInboundNetwork.__key_warning(key) - return super().__getitem__(key) - - def get(self, key: str, default = None) -> Any: - FirewallPolicyInboundNetwork.__key_warning(key) - return super().get(key, default) - +class ContainerRuntimePolicyExecutableBlacklist(dict): def __init__(__self__, *, - allow: bool, - port_range: str, - resource_type: str, - resource: Optional[str] = None): + enabled: Optional[bool] = None, + executables: Optional[Sequence[str]] = None): """ - :param bool allow: Indicates whether the specified resources are allowed to pass in data or requests. - :param str port_range: Range of ports affected by firewall. - :param str resource_type: Type of the resource - :param str resource: Information of the resource. + :param bool enabled: Whether the executable blacklist is enabled. + :param Sequence[str] executables: List of blacklisted executables. """ - pulumi.set(__self__, "allow", allow) - pulumi.set(__self__, "port_range", port_range) - pulumi.set(__self__, "resource_type", resource_type) - if resource is not None: - pulumi.set(__self__, "resource", resource) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) @property @pulumi.getter - def allow(self) -> bool: - """ - Indicates whether the specified resources are allowed to pass in data or requests. - """ - return pulumi.get(self, "allow") - - @property - @pulumi.getter(name="portRange") - def port_range(self) -> str: - """ - Range of ports affected by firewall. - """ - return pulumi.get(self, "port_range") - - @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> str: + def enabled(self) -> Optional[bool]: """ - Type of the resource + Whether the executable blacklist is enabled. """ - return pulumi.get(self, "resource_type") + return pulumi.get(self, "enabled") @property @pulumi.getter - def resource(self) -> Optional[str]: + def executables(self) -> Optional[Sequence[str]]: """ - Information of the resource. + List of blacklisted executables. """ - return pulumi.get(self, "resource") + return pulumi.get(self, "executables") @pulumi.output_type -class FirewallPolicyOutboundNetwork(dict): +class ContainerRuntimePolicyFailedKubernetesChecks(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "portRange": - suggest = "port_range" - elif key == "resourceType": - suggest = "resource_type" + if key == "failedChecks": + suggest = "failed_checks" if suggest: - pulumi.log.warn(f"Key '{key}' not found in FirewallPolicyOutboundNetwork. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyFailedKubernetesChecks. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - FirewallPolicyOutboundNetwork.__key_warning(key) + ContainerRuntimePolicyFailedKubernetesChecks.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - FirewallPolicyOutboundNetwork.__key_warning(key) + ContainerRuntimePolicyFailedKubernetesChecks.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - allow: bool, - port_range: str, - resource_type: str, - resource: Optional[str] = None): - """ - :param bool allow: Indicates whether the specified resources are allowed to receive data or requests. - :param str port_range: Range of ports affected by firewall. - :param str resource_type: Type of the resource. - :param str resource: Information of the resource. - """ - pulumi.set(__self__, "allow", allow) - pulumi.set(__self__, "port_range", port_range) - pulumi.set(__self__, "resource_type", resource_type) - if resource is not None: - pulumi.set(__self__, "resource", resource) + enabled: Optional[bool] = None, + failed_checks: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if failed_checks is not None: + pulumi.set(__self__, "failed_checks", failed_checks) @property @pulumi.getter - def allow(self) -> bool: - """ - Indicates whether the specified resources are allowed to receive data or requests. - """ - return pulumi.get(self, "allow") - - @property - @pulumi.getter(name="portRange") - def port_range(self) -> str: - """ - Range of ports affected by firewall. - """ - return pulumi.get(self, "port_range") - - @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> str: - """ - Type of the resource. - """ - return pulumi.get(self, "resource_type") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def resource(self) -> Optional[str]: - """ - Information of the resource. - """ - return pulumi.get(self, "resource") + @pulumi.getter(name="failedChecks") + def failed_checks(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "failed_checks") @pulumi.output_type -class FunctionAssurancePolicyAutoScanTime(dict): +class ContainerRuntimePolicyFileBlock(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "iterationType": - suggest = "iteration_type" - elif key == "weekDays": - suggest = "week_days" + if key == "blockFilesProcesses": + suggest = "block_files_processes" + elif key == "blockFilesUsers": + suggest = "block_files_users" + elif key == "exceptionalBlockFiles": + suggest = "exceptional_block_files" + elif key == "exceptionalBlockFilesProcesses": + suggest = "exceptional_block_files_processes" + elif key == "exceptionalBlockFilesUsers": + suggest = "exceptional_block_files_users" + elif key == "filenameBlockLists": + suggest = "filename_block_lists" if suggest: - pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyFileBlock. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - FunctionAssurancePolicyAutoScanTime.__key_warning(key) + ContainerRuntimePolicyFileBlock.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - FunctionAssurancePolicyAutoScanTime.__key_warning(key) + ContainerRuntimePolicyFileBlock.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - iteration: Optional[int] = None, - iteration_type: Optional[str] = None, - time: Optional[str] = None, - week_days: Optional[Sequence[str]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + block_files_processes: Optional[Sequence[str]] = None, + block_files_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_files: Optional[Sequence[str]] = None, + exceptional_block_files_processes: Optional[Sequence[str]] = None, + exceptional_block_files_users: Optional[Sequence[str]] = None, + filename_block_lists: Optional[Sequence[str]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) @property - @pulumi.getter - def iteration(self) -> Optional[int]: - return pulumi.get(self, "iteration") + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_processes") @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[str]: - return pulumi.get(self, "iteration_type") + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_users") @property @pulumi.getter - def time(self) -> Optional[str]: - return pulumi.get(self, "time") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[Sequence[str]]: - return pulumi.get(self, "week_days") + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files") + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_users") + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "filename_block_lists") @pulumi.output_type -class FunctionAssurancePolicyCustomCheck(dict): +class ContainerRuntimePolicyFileIntegrityMonitoring(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "lastModified": - suggest = "last_modified" - elif key == "readOnly": - suggest = "read_only" - elif key == "scriptId": - suggest = "script_id" + if key == "exceptionalMonitoredFiles": + suggest = "exceptional_monitored_files" + elif key == "exceptionalMonitoredFilesProcesses": + suggest = "exceptional_monitored_files_processes" + elif key == "exceptionalMonitoredFilesUsers": + suggest = "exceptional_monitored_files_users" + elif key == "monitoredFiles": + suggest = "monitored_files" + elif key == "monitoredFilesAttributes": + suggest = "monitored_files_attributes" + elif key == "monitoredFilesCreate": + suggest = "monitored_files_create" + elif key == "monitoredFilesDelete": + suggest = "monitored_files_delete" + elif key == "monitoredFilesModify": + suggest = "monitored_files_modify" + elif key == "monitoredFilesProcesses": + suggest = "monitored_files_processes" + elif key == "monitoredFilesRead": + suggest = "monitored_files_read" + elif key == "monitoredFilesUsers": + suggest = "monitored_files_users" if suggest: - pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyFileIntegrityMonitoring. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - FunctionAssurancePolicyCustomCheck.__key_warning(key) + ContainerRuntimePolicyFileIntegrityMonitoring.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - FunctionAssurancePolicyCustomCheck.__key_warning(key) + ContainerRuntimePolicyFileIntegrityMonitoring.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - author: Optional[str] = None, - description: Optional[str] = None, - engine: Optional[str] = None, - last_modified: Optional[int] = None, - name: Optional[str] = None, - path: Optional[str] = None, - read_only: Optional[bool] = None, - script_id: Optional[str] = None, - severity: Optional[str] = None, - snippet: Optional[str] = None): - """ - :param str author: Name of user account that created the policy. + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) @property @pulumi.getter - def author(self) -> Optional[str]: + def enabled(self) -> Optional[bool]: """ - Name of user account that created the policy. + If true, file integrity monitoring is enabled. """ - return pulumi.get(self, "author") + return pulumi.get(self, "enabled") @property - @pulumi.getter - def description(self) -> Optional[str]: - return pulumi.get(self, "description") + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") @property - @pulumi.getter - def engine(self) -> Optional[str]: - return pulumi.get(self, "engine") + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[int]: - return pulumi.get(self, "last_modified") + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") @property - @pulumi.getter - def path(self) -> Optional[str]: - return pulumi.get(self, "path") + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[bool]: - return pulumi.get(self, "read_only") + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[str]: - return pulumi.get(self, "script_id") + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") @property - @pulumi.getter - def severity(self) -> Optional[str]: - return pulumi.get(self, "severity") + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") @property - @pulumi.getter - def snippet(self) -> Optional[str]: - return pulumi.get(self, "snippet") - - -@pulumi.output_type -class FunctionAssurancePolicyForbiddenLabel(dict): - def __init__(__self__, *, - key: Optional[str] = None, - value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") @property - @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") @pulumi.output_type -class FunctionAssurancePolicyPackagesBlackList(dict): +class ContainerRuntimePolicyLimitContainerPrivilege(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "blockAddCapabilities": + suggest = "block_add_capabilities" + elif key == "preventLowPortBinding": + suggest = "prevent_low_port_binding" + elif key == "preventRootUser": + suggest = "prevent_root_user" + elif key == "useHostUser": + suggest = "use_host_user" if suggest: - pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyLimitContainerPrivilege. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - FunctionAssurancePolicyPackagesBlackList.__key_warning(key) + ContainerRuntimePolicyLimitContainerPrivilege.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - FunctionAssurancePolicyPackagesBlackList.__key_warning(key) + ContainerRuntimePolicyLimitContainerPrivilege.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, - name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + block_add_capabilities: Optional[bool] = None, + enabled: Optional[bool] = None, + ipcmode: Optional[bool] = None, + netmode: Optional[bool] = None, + pidmode: Optional[bool] = None, + prevent_low_port_binding: Optional[bool] = None, + prevent_root_user: Optional[bool] = None, + privileged: Optional[bool] = None, + use_host_user: Optional[bool] = None, + usermode: Optional[bool] = None, + utsmode: Optional[bool] = None): + """ + :param bool block_add_capabilities: Whether to block adding capabilities. + :param bool enabled: Whether container privilege limitations are enabled. + :param bool ipcmode: Whether to limit IPC-related capabilities. + :param bool netmode: Whether to limit network-related capabilities. + :param bool pidmode: Whether to limit process-related capabilities. + :param bool prevent_low_port_binding: Whether to prevent low port binding. + :param bool prevent_root_user: Whether to prevent the use of the root user. + :param bool privileged: Whether the container is run in privileged mode. + :param bool use_host_user: Whether to use the host user. + :param bool usermode: Whether to limit user-related capabilities. + :param bool utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) @property - @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[bool]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") @property @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + def enabled(self) -> Optional[bool]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") @property @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") + def ipcmode(self) -> Optional[bool]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") @property @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") + def netmode(self) -> Optional[bool]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") @property @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") + def pidmode(self) -> Optional[bool]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[bool]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") + + @property + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[bool]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") @property @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + def privileged(self) -> Optional[bool]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") + + @property + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[bool]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") @property @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + def usermode(self) -> Optional[bool]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter + def utsmode(self) -> Optional[bool]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") @pulumi.output_type -class FunctionAssurancePolicyPackagesWhiteList(dict): +class ContainerRuntimePolicyLinuxCapabilities(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "removeLinuxCapabilities": + suggest = "remove_linux_capabilities" if suggest: - pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyLinuxCapabilities. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - FunctionAssurancePolicyPackagesWhiteList.__key_warning(key) + ContainerRuntimePolicyLinuxCapabilities.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - FunctionAssurancePolicyPackagesWhiteList.__key_warning(key) + ContainerRuntimePolicyLinuxCapabilities.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, - name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + enabled: Optional[bool] = None, + remove_linux_capabilities: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if remove_linux_capabilities is not None: + pulumi.set(__self__, "remove_linux_capabilities", remove_linux_capabilities) @property @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + @pulumi.getter(name="removeLinuxCapabilities") + def remove_linux_capabilities(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "remove_linux_capabilities") - @property - @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") - @property - @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") +@pulumi.output_type +class ContainerRuntimePolicyMalwareScanOptions(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "excludeDirectories": + suggest = "exclude_directories" + elif key == "excludeProcesses": + suggest = "exclude_processes" + elif key == "includeDirectories": + suggest = "include_directories" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyMalwareScanOptions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyMalwareScanOptions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyMalwareScanOptions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): + """ + :param str action: Set Action, Defaults to 'Alert' when empty + :param bool enabled: Defines if enabled or not + :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. + :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) @property @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") + def action(self) -> Optional[str]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") @property @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + def enabled(self) -> Optional[bool]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") @property - @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") @property - @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[Sequence[str]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") @pulumi.output_type -class FunctionAssurancePolicyRequiredLabel(dict): +class ContainerRuntimePolicyPackageBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockPackagesProcesses": + suggest = "block_packages_processes" + elif key == "blockPackagesUsers": + suggest = "block_packages_users" + elif key == "exceptionalBlockPackagesFiles": + suggest = "exceptional_block_packages_files" + elif key == "exceptionalBlockPackagesProcesses": + suggest = "exceptional_block_packages_processes" + elif key == "exceptionalBlockPackagesUsers": + suggest = "exceptional_block_packages_users" + elif key == "packagesBlackLists": + suggest = "packages_black_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyPackageBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyPackageBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyPackageBlock.__key_warning(key) + return super().get(key, default) + def __init__(__self__, *, - key: Optional[str] = None, - value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + block_packages_processes: Optional[Sequence[str]] = None, + block_packages_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_packages_files: Optional[Sequence[str]] = None, + exceptional_block_packages_processes: Optional[Sequence[str]] = None, + exceptional_block_packages_users: Optional[Sequence[str]] = None, + packages_black_lists: Optional[Sequence[str]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) @property - @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_processes") + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_users") @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + @property + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_files") -@pulumi.output_type -class FunctionAssurancePolicyScope(dict): - def __init__(__self__, *, - expression: Optional[str] = None, - variables: Optional[Sequence['outputs.FunctionAssurancePolicyScopeVariable']] = None): - if expression is not None: - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_processes") @property - @pulumi.getter - def expression(self) -> Optional[str]: - return pulumi.get(self, "expression") + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_users") @property - @pulumi.getter - def variables(self) -> Optional[Sequence['outputs.FunctionAssurancePolicyScopeVariable']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "packages_black_lists") @pulumi.output_type -class FunctionAssurancePolicyScopeVariable(dict): +class ContainerRuntimePolicyPortBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockInboundPorts": + suggest = "block_inbound_ports" + elif key == "blockOutboundPorts": + suggest = "block_outbound_ports" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyPortBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyPortBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyPortBlock.__key_warning(key) + return super().get(key, default) + def __init__(__self__, *, - attribute: Optional[str] = None, - name: Optional[str] = None, - value: Optional[str] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) - if value is not None: - pulumi.set(__self__, "value", value) + block_inbound_ports: Optional[Sequence[str]] = None, + block_outbound_ports: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter - def attribute(self) -> Optional[str]: - return pulumi.get(self, "attribute") + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_inbound_ports") @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_outbound_ports") @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @pulumi.output_type -class FunctionAssurancePolicyTrustedBaseImage(dict): +class ContainerRuntimePolicyReadonlyFiles(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalReadonlyFiles": + suggest = "exceptional_readonly_files" + elif key == "exceptionalReadonlyFilesProcesses": + suggest = "exceptional_readonly_files_processes" + elif key == "exceptionalReadonlyFilesUsers": + suggest = "exceptional_readonly_files_users" + elif key == "readonlyFiles": + suggest = "readonly_files" + elif key == "readonlyFilesProcesses": + suggest = "readonly_files_processes" + elif key == "readonlyFilesUsers": + suggest = "readonly_files_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyReadonlyFiles. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyReadonlyFiles.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyReadonlyFiles.__key_warning(key) + return super().get(key, default) + def __init__(__self__, *, - imagename: Optional[str] = None, - registry: Optional[str] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) + enabled: Optional[bool] = None, + exceptional_readonly_files: Optional[Sequence[str]] = None, + exceptional_readonly_files_processes: Optional[Sequence[str]] = None, + exceptional_readonly_files_users: Optional[Sequence[str]] = None, + readonly_files: Optional[Sequence[str]] = None, + readonly_files_processes: Optional[Sequence[str]] = None, + readonly_files_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) @property @pulumi.getter - def imagename(self) -> Optional[str]: - return pulumi.get(self, "imagename") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def registry(self) -> Optional[str]: - return pulumi.get(self, "registry") + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files") + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_processes") -@pulumi.output_type -class FunctionRuntimePolicyScopeVariable(dict): - def __init__(__self__, *, - attribute: str, - value: str, - name: Optional[str] = None): - """ - :param str attribute: Class of supported scope. - :param str value: Value assigned to the attribute. - :param str name: Name assigned to the attribute. - """ - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) - if name is not None: - pulumi.set(__self__, "name", name) + @property + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_users") @property - @pulumi.getter - def attribute(self) -> str: - """ - Class of supported scope. - """ - return pulumi.get(self, "attribute") + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files") @property - @pulumi.getter - def value(self) -> str: - """ - Value assigned to the attribute. - """ - return pulumi.get(self, "value") + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_processes") @property - @pulumi.getter - def name(self) -> Optional[str]: - """ - Name assigned to the attribute. - """ - return pulumi.get(self, "name") + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_users") @pulumi.output_type -class HostAssurancePolicyAutoScanTime(dict): +class ContainerRuntimePolicyReadonlyRegistry(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "iterationType": - suggest = "iteration_type" - elif key == "weekDays": - suggest = "week_days" + if key == "exceptionalReadonlyRegistryPaths": + suggest = "exceptional_readonly_registry_paths" + elif key == "exceptionalReadonlyRegistryProcesses": + suggest = "exceptional_readonly_registry_processes" + elif key == "exceptionalReadonlyRegistryUsers": + suggest = "exceptional_readonly_registry_users" + elif key == "readonlyRegistryPaths": + suggest = "readonly_registry_paths" + elif key == "readonlyRegistryProcesses": + suggest = "readonly_registry_processes" + elif key == "readonlyRegistryUsers": + suggest = "readonly_registry_users" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyReadonlyRegistry. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostAssurancePolicyAutoScanTime.__key_warning(key) + ContainerRuntimePolicyReadonlyRegistry.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostAssurancePolicyAutoScanTime.__key_warning(key) + ContainerRuntimePolicyReadonlyRegistry.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - iteration: Optional[int] = None, - iteration_type: Optional[str] = None, - time: Optional[str] = None, - week_days: Optional[Sequence[str]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + enabled: Optional[bool] = None, + exceptional_readonly_registry_paths: Optional[Sequence[str]] = None, + exceptional_readonly_registry_processes: Optional[Sequence[str]] = None, + exceptional_readonly_registry_users: Optional[Sequence[str]] = None, + readonly_registry_paths: Optional[Sequence[str]] = None, + readonly_registry_processes: Optional[Sequence[str]] = None, + readonly_registry_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_registry_paths is not None: + pulumi.set(__self__, "exceptional_readonly_registry_paths", exceptional_readonly_registry_paths) + if exceptional_readonly_registry_processes is not None: + pulumi.set(__self__, "exceptional_readonly_registry_processes", exceptional_readonly_registry_processes) + if exceptional_readonly_registry_users is not None: + pulumi.set(__self__, "exceptional_readonly_registry_users", exceptional_readonly_registry_users) + if readonly_registry_paths is not None: + pulumi.set(__self__, "readonly_registry_paths", readonly_registry_paths) + if readonly_registry_processes is not None: + pulumi.set(__self__, "readonly_registry_processes", readonly_registry_processes) + if readonly_registry_users is not None: + pulumi.set(__self__, "readonly_registry_users", readonly_registry_users) @property @pulumi.getter - def iteration(self) -> Optional[int]: - return pulumi.get(self, "iteration") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[str]: - return pulumi.get(self, "iteration_type") + @pulumi.getter(name="exceptionalReadonlyRegistryPaths") + def exceptional_readonly_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_paths") @property - @pulumi.getter - def time(self) -> Optional[str]: - return pulumi.get(self, "time") + @pulumi.getter(name="exceptionalReadonlyRegistryProcesses") + def exceptional_readonly_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_processes") @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[Sequence[str]]: - return pulumi.get(self, "week_days") + @pulumi.getter(name="exceptionalReadonlyRegistryUsers") + def exceptional_readonly_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_users") + + @property + @pulumi.getter(name="readonlyRegistryPaths") + def readonly_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_paths") + + @property + @pulumi.getter(name="readonlyRegistryProcesses") + def readonly_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_processes") + + @property + @pulumi.getter(name="readonlyRegistryUsers") + def readonly_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_users") @pulumi.output_type -class HostAssurancePolicyCustomCheck(dict): +class ContainerRuntimePolicyRegistryAccessMonitoring(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "lastModified": - suggest = "last_modified" - elif key == "readOnly": - suggest = "read_only" - elif key == "scriptId": - suggest = "script_id" + if key == "exceptionalMonitoredRegistryPaths": + suggest = "exceptional_monitored_registry_paths" + elif key == "exceptionalMonitoredRegistryProcesses": + suggest = "exceptional_monitored_registry_processes" + elif key == "exceptionalMonitoredRegistryUsers": + suggest = "exceptional_monitored_registry_users" + elif key == "monitoredRegistryAttributes": + suggest = "monitored_registry_attributes" + elif key == "monitoredRegistryCreate": + suggest = "monitored_registry_create" + elif key == "monitoredRegistryDelete": + suggest = "monitored_registry_delete" + elif key == "monitoredRegistryModify": + suggest = "monitored_registry_modify" + elif key == "monitoredRegistryPaths": + suggest = "monitored_registry_paths" + elif key == "monitoredRegistryProcesses": + suggest = "monitored_registry_processes" + elif key == "monitoredRegistryRead": + suggest = "monitored_registry_read" + elif key == "monitoredRegistryUsers": + suggest = "monitored_registry_users" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyRegistryAccessMonitoring. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostAssurancePolicyCustomCheck.__key_warning(key) + ContainerRuntimePolicyRegistryAccessMonitoring.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostAssurancePolicyCustomCheck.__key_warning(key) + ContainerRuntimePolicyRegistryAccessMonitoring.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - author: Optional[str] = None, - description: Optional[str] = None, - engine: Optional[str] = None, - last_modified: Optional[int] = None, - name: Optional[str] = None, - path: Optional[str] = None, - read_only: Optional[bool] = None, - script_id: Optional[str] = None, - severity: Optional[str] = None, - snippet: Optional[str] = None): - """ - :param str author: Name of user account that created the policy. - """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) + enabled: Optional[bool] = None, + exceptional_monitored_registry_paths: Optional[Sequence[str]] = None, + exceptional_monitored_registry_processes: Optional[Sequence[str]] = None, + exceptional_monitored_registry_users: Optional[Sequence[str]] = None, + monitored_registry_attributes: Optional[bool] = None, + monitored_registry_create: Optional[bool] = None, + monitored_registry_delete: Optional[bool] = None, + monitored_registry_modify: Optional[bool] = None, + monitored_registry_paths: Optional[Sequence[str]] = None, + monitored_registry_processes: Optional[Sequence[str]] = None, + monitored_registry_read: Optional[bool] = None, + monitored_registry_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_registry_paths is not None: + pulumi.set(__self__, "exceptional_monitored_registry_paths", exceptional_monitored_registry_paths) + if exceptional_monitored_registry_processes is not None: + pulumi.set(__self__, "exceptional_monitored_registry_processes", exceptional_monitored_registry_processes) + if exceptional_monitored_registry_users is not None: + pulumi.set(__self__, "exceptional_monitored_registry_users", exceptional_monitored_registry_users) + if monitored_registry_attributes is not None: + pulumi.set(__self__, "monitored_registry_attributes", monitored_registry_attributes) + if monitored_registry_create is not None: + pulumi.set(__self__, "monitored_registry_create", monitored_registry_create) + if monitored_registry_delete is not None: + pulumi.set(__self__, "monitored_registry_delete", monitored_registry_delete) + if monitored_registry_modify is not None: + pulumi.set(__self__, "monitored_registry_modify", monitored_registry_modify) + if monitored_registry_paths is not None: + pulumi.set(__self__, "monitored_registry_paths", monitored_registry_paths) + if monitored_registry_processes is not None: + pulumi.set(__self__, "monitored_registry_processes", monitored_registry_processes) + if monitored_registry_read is not None: + pulumi.set(__self__, "monitored_registry_read", monitored_registry_read) + if monitored_registry_users is not None: + pulumi.set(__self__, "monitored_registry_users", monitored_registry_users) @property @pulumi.getter - def author(self) -> Optional[str]: - """ - Name of user account that created the policy. - """ - return pulumi.get(self, "author") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def description(self) -> Optional[str]: - return pulumi.get(self, "description") + @pulumi.getter(name="exceptionalMonitoredRegistryPaths") + def exceptional_monitored_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_paths") @property - @pulumi.getter - def engine(self) -> Optional[str]: - return pulumi.get(self, "engine") + @pulumi.getter(name="exceptionalMonitoredRegistryProcesses") + def exceptional_monitored_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_processes") @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[int]: - return pulumi.get(self, "last_modified") + @pulumi.getter(name="exceptionalMonitoredRegistryUsers") + def exceptional_monitored_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_users") @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + @pulumi.getter(name="monitoredRegistryAttributes") + def monitored_registry_attributes(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_attributes") @property - @pulumi.getter - def path(self) -> Optional[str]: - return pulumi.get(self, "path") + @pulumi.getter(name="monitoredRegistryCreate") + def monitored_registry_create(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_create") @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[bool]: - return pulumi.get(self, "read_only") + @pulumi.getter(name="monitoredRegistryDelete") + def monitored_registry_delete(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_delete") @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[str]: - return pulumi.get(self, "script_id") + @pulumi.getter(name="monitoredRegistryModify") + def monitored_registry_modify(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_modify") @property - @pulumi.getter - def severity(self) -> Optional[str]: - return pulumi.get(self, "severity") + @pulumi.getter(name="monitoredRegistryPaths") + def monitored_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_paths") @property - @pulumi.getter - def snippet(self) -> Optional[str]: - return pulumi.get(self, "snippet") + @pulumi.getter(name="monitoredRegistryProcesses") + def monitored_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_processes") + + @property + @pulumi.getter(name="monitoredRegistryRead") + def monitored_registry_read(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_read") + + @property + @pulumi.getter(name="monitoredRegistryUsers") + def monitored_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_users") @pulumi.output_type -class HostAssurancePolicyForbiddenLabel(dict): +class ContainerRuntimePolicyRestrictedVolume(dict): def __init__(__self__, *, - key: Optional[str] = None, - value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + enabled: Optional[bool] = None, + volumes: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether restricted volumes are enabled. + :param Sequence[str] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) @property @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") + def enabled(self) -> Optional[bool]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def volumes(self) -> Optional[Sequence[str]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") @pulumi.output_type -class HostAssurancePolicyPackagesBlackList(dict): +class ContainerRuntimePolicyReverseShell(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "blockReverseShell": + suggest = "block_reverse_shell" + elif key == "reverseShellIpWhiteLists": + suggest = "reverse_shell_ip_white_lists" + elif key == "reverseShellProcWhiteLists": + suggest = "reverse_shell_proc_white_lists" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyReverseShell. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostAssurancePolicyPackagesBlackList.__key_warning(key) + ContainerRuntimePolicyReverseShell.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostAssurancePolicyPackagesBlackList.__key_warning(key) + ContainerRuntimePolicyReverseShell.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, - name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + block_reverse_shell: Optional[bool] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None, + reverse_shell_proc_white_lists: Optional[Sequence[str]] = None): + if block_reverse_shell is not None: + pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + if reverse_shell_proc_white_lists is not None: + pulumi.set(__self__, "reverse_shell_proc_white_lists", reverse_shell_proc_white_lists) @property - @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + @pulumi.getter(name="blockReverseShell") + def block_reverse_shell(self) -> Optional[bool]: + return pulumi.get(self, "block_reverse_shell") @property @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") @property - @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") + @pulumi.getter(name="reverseShellProcWhiteLists") + def reverse_shell_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_proc_white_lists") + + +@pulumi.output_type +class ContainerRuntimePolicyScope(dict): + def __init__(__self__, *, + expression: str, + variables: Sequence['outputs.ContainerRuntimePolicyScopeVariable']): + """ + :param str expression: Scope expression. + :param Sequence['ContainerRuntimePolicyScopeVariableArgs'] variables: List of variables in the scope. + """ + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") + def expression(self) -> str: + """ + Scope expression. + """ + return pulumi.get(self, "expression") @property @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + def variables(self) -> Sequence['outputs.ContainerRuntimePolicyScopeVariable']: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + +@pulumi.output_type +class ContainerRuntimePolicyScopeVariable(dict): + def __init__(__self__, *, + attribute: str, + value: str, + name: Optional[str] = None): + """ + :param str attribute: Class of supported scope. + :param str value: Value assigned to the attribute. + :param str name: Name assigned to the attribute. + """ + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) + if name is not None: + pulumi.set(__self__, "name", name) @property @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + def attribute(self) -> str: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") @property @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + def value(self) -> str: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") @pulumi.output_type -class HostAssurancePolicyPackagesWhiteList(dict): +class ContainerRuntimePolicySystemIntegrityProtection(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "auditSystemtimeChange": + suggest = "audit_systemtime_change" + elif key == "monitorAuditLogIntegrity": + suggest = "monitor_audit_log_integrity" + elif key == "windowsServicesMonitoring": + suggest = "windows_services_monitoring" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicySystemIntegrityProtection. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostAssurancePolicyPackagesWhiteList.__key_warning(key) + ContainerRuntimePolicySystemIntegrityProtection.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostAssurancePolicyPackagesWhiteList.__key_warning(key) + ContainerRuntimePolicySystemIntegrityProtection.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, - name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + audit_systemtime_change: Optional[bool] = None, + enabled: Optional[bool] = None, + monitor_audit_log_integrity: Optional[bool] = None, + windows_services_monitoring: Optional[bool] = None): + if audit_systemtime_change is not None: + pulumi.set(__self__, "audit_systemtime_change", audit_systemtime_change) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if monitor_audit_log_integrity is not None: + pulumi.set(__self__, "monitor_audit_log_integrity", monitor_audit_log_integrity) + if windows_services_monitoring is not None: + pulumi.set(__self__, "windows_services_monitoring", windows_services_monitoring) @property - @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + @pulumi.getter(name="auditSystemtimeChange") + def audit_systemtime_change(self) -> Optional[bool]: + return pulumi.get(self, "audit_systemtime_change") @property @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") + @pulumi.getter(name="monitorAuditLogIntegrity") + def monitor_audit_log_integrity(self) -> Optional[bool]: + return pulumi.get(self, "monitor_audit_log_integrity") @property - @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") + @pulumi.getter(name="windowsServicesMonitoring") + def windows_services_monitoring(self) -> Optional[bool]: + return pulumi.get(self, "windows_services_monitoring") + + +@pulumi.output_type +class ContainerRuntimePolicyTripwire(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "applyOns": + suggest = "apply_ons" + elif key == "serverlessApp": + suggest = "serverless_app" + elif key == "userId": + suggest = "user_id" + elif key == "userPassword": + suggest = "user_password" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyTripwire. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyTripwire.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyTripwire.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + apply_ons: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + serverless_app: Optional[str] = None, + user_id: Optional[str] = None, + user_password: Optional[str] = None): + if apply_ons is not None: + pulumi.set(__self__, "apply_ons", apply_ons) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if serverless_app is not None: + pulumi.set(__self__, "serverless_app", serverless_app) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + if user_password is not None: + pulumi.set(__self__, "user_password", user_password) @property - @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") + @pulumi.getter(name="applyOns") + def apply_ons(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "apply_ons") @property @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + @pulumi.getter(name="serverlessApp") + def serverless_app(self) -> Optional[str]: + return pulumi.get(self, "serverless_app") @property - @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + @pulumi.getter(name="userId") + def user_id(self) -> Optional[str]: + return pulumi.get(self, "user_id") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter(name="userPassword") + def user_password(self) -> Optional[str]: + return pulumi.get(self, "user_password") @pulumi.output_type -class HostAssurancePolicyRequiredLabel(dict): - def __init__(__self__, *, - key: Optional[str] = None, - value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) +class ContainerRuntimePolicyWhitelistedOsUsers(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupWhiteLists": + suggest = "group_white_lists" + elif key == "userWhiteLists": + suggest = "user_white_lists" - @property - @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ContainerRuntimePolicyWhitelistedOsUsers. Access the value via the '{suggest}' property getter instead.") - @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def __getitem__(self, key: str) -> Any: + ContainerRuntimePolicyWhitelistedOsUsers.__key_warning(key) + return super().__getitem__(key) + def get(self, key: str, default = None) -> Any: + ContainerRuntimePolicyWhitelistedOsUsers.__key_warning(key) + return super().get(key, default) -@pulumi.output_type -class HostAssurancePolicyScope(dict): def __init__(__self__, *, - expression: Optional[str] = None, - variables: Optional[Sequence['outputs.HostAssurancePolicyScopeVariable']] = None): - if expression is not None: - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) + enabled: Optional[bool] = None, + group_white_lists: Optional[Sequence[str]] = None, + user_white_lists: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_white_lists is not None: + pulumi.set(__self__, "group_white_lists", group_white_lists) + if user_white_lists is not None: + pulumi.set(__self__, "user_white_lists", user_white_lists) @property @pulumi.getter - def expression(self) -> Optional[str]: - return pulumi.get(self, "expression") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter - def variables(self) -> Optional[Sequence['outputs.HostAssurancePolicyScopeVariable']]: - return pulumi.get(self, "variables") + @pulumi.getter(name="groupWhiteLists") + def group_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "group_white_lists") + + @property + @pulumi.getter(name="userWhiteLists") + def user_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "user_white_lists") @pulumi.output_type -class HostAssurancePolicyScopeVariable(dict): +class EnforcerGroupsCommand(dict): def __init__(__self__, *, - attribute: Optional[str] = None, - name: Optional[str] = None, - value: Optional[str] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def attribute(self) -> Optional[str]: - return pulumi.get(self, "attribute") + default: Optional[str] = None, + kubernetes: Optional[str] = None, + swarm: Optional[str] = None, + windows: Optional[str] = None): + if default is not None: + pulumi.set(__self__, "default", default) + if kubernetes is not None: + pulumi.set(__self__, "kubernetes", kubernetes) + if swarm is not None: + pulumi.set(__self__, "swarm", swarm) + if windows is not None: + pulumi.set(__self__, "windows", windows) @property @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + def default(self) -> Optional[str]: + return pulumi.get(self, "default") @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") - - -@pulumi.output_type -class HostAssurancePolicyTrustedBaseImage(dict): - def __init__(__self__, *, - imagename: Optional[str] = None, - registry: Optional[str] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) + def kubernetes(self) -> Optional[str]: + return pulumi.get(self, "kubernetes") @property @pulumi.getter - def imagename(self) -> Optional[str]: - return pulumi.get(self, "imagename") + def swarm(self) -> Optional[str]: + return pulumi.get(self, "swarm") @property @pulumi.getter - def registry(self) -> Optional[str]: - return pulumi.get(self, "registry") + def windows(self) -> Optional[str]: + return pulumi.get(self, "windows") @pulumi.output_type -class HostRuntimePolicyFileIntegrityMonitoring(dict): +class EnforcerGroupsOrchestrator(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "excludedPaths": - suggest = "excluded_paths" - elif key == "excludedProcesses": - suggest = "excluded_processes" - elif key == "excludedUsers": - suggest = "excluded_users" - elif key == "monitorAttributes": - suggest = "monitor_attributes" - elif key == "monitorCreate": - suggest = "monitor_create" - elif key == "monitorDelete": - suggest = "monitor_delete" - elif key == "monitorModify": - suggest = "monitor_modify" - elif key == "monitorRead": - suggest = "monitor_read" - elif key == "monitoredPaths": - suggest = "monitored_paths" - elif key == "monitoredProcesses": - suggest = "monitored_processes" - elif key == "monitoredUsers": - suggest = "monitored_users" + if key == "serviceAccount": + suggest = "service_account" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyFileIntegrityMonitoring. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in EnforcerGroupsOrchestrator. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + EnforcerGroupsOrchestrator.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + EnforcerGroupsOrchestrator.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - excluded_paths: Optional[Sequence[str]] = None, - excluded_processes: Optional[Sequence[str]] = None, - excluded_users: Optional[Sequence[str]] = None, - monitor_attributes: Optional[bool] = None, - monitor_create: Optional[bool] = None, - monitor_delete: Optional[bool] = None, - monitor_modify: Optional[bool] = None, - monitor_read: Optional[bool] = None, - monitored_paths: Optional[Sequence[str]] = None, - monitored_processes: Optional[Sequence[str]] = None, - monitored_users: Optional[Sequence[str]] = None): - """ - :param Sequence[str] excluded_paths: List of paths to be excluded from being monitored. - :param Sequence[str] excluded_processes: List of processes to be excluded from being monitored. - :param Sequence[str] excluded_users: List of users to be excluded from being monitored. - :param bool monitor_attributes: If true, add attributes operations will be monitored. - :param bool monitor_create: If true, create operations will be monitored. - :param bool monitor_delete: If true, deletion operations will be monitored. - :param bool monitor_modify: If true, modification operations will be monitored. - :param bool monitor_read: If true, read operations will be monitored. - :param Sequence[str] monitored_paths: List of paths to be monitored. - :param Sequence[str] monitored_processes: List of processes to be monitored. - :param Sequence[str] monitored_users: List of users to be monitored. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if monitor_attributes is not None: - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - if monitor_create is not None: - pulumi.set(__self__, "monitor_create", monitor_create) - if monitor_delete is not None: - pulumi.set(__self__, "monitor_delete", monitor_delete) - if monitor_modify is not None: - pulumi.set(__self__, "monitor_modify", monitor_modify) - if monitor_read is not None: - pulumi.set(__self__, "monitor_read", monitor_read) - if monitored_paths is not None: - pulumi.set(__self__, "monitored_paths", monitored_paths) - if monitored_processes is not None: - pulumi.set(__self__, "monitored_processes", monitored_processes) - if monitored_users is not None: - pulumi.set(__self__, "monitored_users", monitored_users) - - @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[Sequence[str]]: + master: Optional[bool] = None, + namespace: Optional[str] = None, + service_account: Optional[str] = None, + type: Optional[str] = None): """ - List of paths to be excluded from being monitored. + :param str namespace: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). + :param str service_account: May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). """ - return pulumi.get(self, "excluded_paths") + if master is not None: + pulumi.set(__self__, "master", master) + if namespace is not None: + pulumi.set(__self__, "namespace", namespace) + if service_account is not None: + pulumi.set(__self__, "service_account", service_account) + if type is not None: + pulumi.set(__self__, "type", type) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[Sequence[str]]: - """ - List of processes to be excluded from being monitored. - """ - return pulumi.get(self, "excluded_processes") + @pulumi.getter + def master(self) -> Optional[bool]: + return pulumi.get(self, "master") @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[Sequence[str]]: + @pulumi.getter + def namespace(self) -> Optional[str]: """ - List of users to be excluded from being monitored. + May be specified for these orchestrators: Kubernetes, Kubernetes GKE, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). """ - return pulumi.get(self, "excluded_users") + return pulumi.get(self, "namespace") @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> Optional[bool]: + @pulumi.getter(name="serviceAccount") + def service_account(self) -> Optional[str]: """ - If true, add attributes operations will be monitored. + May be specified for these orchestrators: Kubernetes, Kubernetes GKE, OpenShift, VMware Tanzu Kubernetes Grid Integrated Edition (PKS). """ - return pulumi.get(self, "monitor_attributes") + return pulumi.get(self, "service_account") @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> Optional[bool]: - """ - If true, create operations will be monitored. - """ - return pulumi.get(self, "monitor_create") + @pulumi.getter + def type(self) -> Optional[str]: + return pulumi.get(self, "type") - @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> Optional[bool]: - """ - If true, deletion operations will be monitored. - """ - return pulumi.get(self, "monitor_delete") - @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> Optional[bool]: +@pulumi.output_type +class FirewallPolicyInboundNetwork(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "portRange": + suggest = "port_range" + elif key == "resourceType": + suggest = "resource_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FirewallPolicyInboundNetwork. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FirewallPolicyInboundNetwork.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FirewallPolicyInboundNetwork.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allow: bool, + port_range: str, + resource_type: str, + resource: Optional[str] = None): """ - If true, modification operations will be monitored. + :param bool allow: Indicates whether the specified resources are allowed to pass in data or requests. + :param str port_range: Range of ports affected by firewall. + :param str resource_type: Type of the resource + :param str resource: Information of the resource. """ - return pulumi.get(self, "monitor_modify") + pulumi.set(__self__, "allow", allow) + pulumi.set(__self__, "port_range", port_range) + pulumi.set(__self__, "resource_type", resource_type) + if resource is not None: + pulumi.set(__self__, "resource", resource) @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> Optional[bool]: + @pulumi.getter + def allow(self) -> bool: """ - If true, read operations will be monitored. + Indicates whether the specified resources are allowed to pass in data or requests. """ - return pulumi.get(self, "monitor_read") + return pulumi.get(self, "allow") @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Optional[Sequence[str]]: + @pulumi.getter(name="portRange") + def port_range(self) -> str: """ - List of paths to be monitored. + Range of ports affected by firewall. """ - return pulumi.get(self, "monitored_paths") + return pulumi.get(self, "port_range") @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Optional[Sequence[str]]: + @pulumi.getter(name="resourceType") + def resource_type(self) -> str: """ - List of processes to be monitored. + Type of the resource """ - return pulumi.get(self, "monitored_processes") + return pulumi.get(self, "resource_type") @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Optional[Sequence[str]]: + @pulumi.getter + def resource(self) -> Optional[str]: """ - List of users to be monitored. + Information of the resource. """ - return pulumi.get(self, "monitored_users") + return pulumi.get(self, "resource") @pulumi.output_type -class HostRuntimePolicyMalwareScanOptions(dict): +class FirewallPolicyOutboundNetwork(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "excludeDirectories": - suggest = "exclude_directories" - elif key == "excludeProcesses": - suggest = "exclude_processes" + if key == "portRange": + suggest = "port_range" + elif key == "resourceType": + suggest = "resource_type" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyMalwareScanOptions. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FirewallPolicyOutboundNetwork. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostRuntimePolicyMalwareScanOptions.__key_warning(key) + FirewallPolicyOutboundNetwork.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostRuntimePolicyMalwareScanOptions.__key_warning(key) + FirewallPolicyOutboundNetwork.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - action: Optional[str] = None, - enabled: Optional[bool] = None, - exclude_directories: Optional[Sequence[str]] = None, - exclude_processes: Optional[Sequence[str]] = None): + allow: bool, + port_range: str, + resource_type: str, + resource: Optional[str] = None): """ - :param str action: Set Action, Defaults to 'Alert' when empty - :param bool enabled: Defines if enabled or not - :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. - :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param bool allow: Indicates whether the specified resources are allowed to receive data or requests. + :param str port_range: Range of ports affected by firewall. + :param str resource_type: Type of the resource. + :param str resource: Information of the resource. """ - if action is not None: - pulumi.set(__self__, "action", action) - if enabled is not None: - pulumi.set(__self__, "enabled", enabled) - if exclude_directories is not None: - pulumi.set(__self__, "exclude_directories", exclude_directories) - if exclude_processes is not None: - pulumi.set(__self__, "exclude_processes", exclude_processes) + pulumi.set(__self__, "allow", allow) + pulumi.set(__self__, "port_range", port_range) + pulumi.set(__self__, "resource_type", resource_type) + if resource is not None: + pulumi.set(__self__, "resource", resource) @property @pulumi.getter - def action(self) -> Optional[str]: + def allow(self) -> bool: """ - Set Action, Defaults to 'Alert' when empty + Indicates whether the specified resources are allowed to receive data or requests. """ - return pulumi.get(self, "action") + return pulumi.get(self, "allow") @property - @pulumi.getter - def enabled(self) -> Optional[bool]: + @pulumi.getter(name="portRange") + def port_range(self) -> str: """ - Defines if enabled or not + Range of ports affected by firewall. """ - return pulumi.get(self, "enabled") + return pulumi.get(self, "port_range") @property - @pulumi.getter(name="excludeDirectories") - def exclude_directories(self) -> Optional[Sequence[str]]: + @pulumi.getter(name="resourceType") + def resource_type(self) -> str: """ - List of registry paths to be excluded from being protected. + Type of the resource. """ - return pulumi.get(self, "exclude_directories") + return pulumi.get(self, "resource_type") @property - @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Optional[Sequence[str]]: + @pulumi.getter + def resource(self) -> Optional[str]: """ - List of registry processes to be excluded from being protected. + Information of the resource. """ - return pulumi.get(self, "exclude_processes") + return pulumi.get(self, "resource") @pulumi.output_type -class HostRuntimePolicyScopeVariable(dict): +class FunctionAssurancePolicyAutoScanTime(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "iterationType": + suggest = "iteration_type" + elif key == "weekDays": + suggest = "week_days" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionAssurancePolicyAutoScanTime.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionAssurancePolicyAutoScanTime.__key_warning(key) + return super().get(key, default) + def __init__(__self__, *, - attribute: str, - value: str, - name: Optional[str] = None): - """ - :param str attribute: Class of supported scope. - :param str value: Value assigned to the attribute. - :param str name: Name assigned to the attribute. - """ - pulumi.set(__self__, "attribute", attribute) - pulumi.set(__self__, "value", value) - if name is not None: - pulumi.set(__self__, "name", name) + iteration: Optional[int] = None, + iteration_type: Optional[str] = None, + time: Optional[str] = None, + week_days: Optional[Sequence[str]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) @property @pulumi.getter - def attribute(self) -> str: - """ - Class of supported scope. - """ - return pulumi.get(self, "attribute") + def iteration(self) -> Optional[int]: + return pulumi.get(self, "iteration") @property - @pulumi.getter - def value(self) -> str: - """ - Value assigned to the attribute. - """ - return pulumi.get(self, "value") + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[str]: + return pulumi.get(self, "iteration_type") @property @pulumi.getter - def name(self) -> Optional[str]: - """ - Name assigned to the attribute. - """ - return pulumi.get(self, "name") + def time(self) -> Optional[str]: + return pulumi.get(self, "time") + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "week_days") @pulumi.output_type -class HostRuntimePolicyWindowsRegistryMonitoring(dict): +class FunctionAssurancePolicyCustomCheck(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "excludedPaths": - suggest = "excluded_paths" - elif key == "excludedProcesses": - suggest = "excluded_processes" - elif key == "excludedUsers": - suggest = "excluded_users" - elif key == "monitorAttributes": - suggest = "monitor_attributes" - elif key == "monitorCreate": - suggest = "monitor_create" - elif key == "monitorDelete": - suggest = "monitor_delete" - elif key == "monitorModify": - suggest = "monitor_modify" - elif key == "monitorRead": - suggest = "monitor_read" - elif key == "monitoredPaths": - suggest = "monitored_paths" - elif key == "monitoredProcesses": - suggest = "monitored_processes" - elif key == "monitoredUsers": - suggest = "monitored_users" + if key == "lastModified": + suggest = "last_modified" + elif key == "readOnly": + suggest = "read_only" + elif key == "scriptId": + suggest = "script_id" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyWindowsRegistryMonitoring. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostRuntimePolicyWindowsRegistryMonitoring.__key_warning(key) + FunctionAssurancePolicyCustomCheck.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostRuntimePolicyWindowsRegistryMonitoring.__key_warning(key) + FunctionAssurancePolicyCustomCheck.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - excluded_paths: Optional[Sequence[str]] = None, - excluded_processes: Optional[Sequence[str]] = None, - excluded_users: Optional[Sequence[str]] = None, - monitor_attributes: Optional[bool] = None, - monitor_create: Optional[bool] = None, - monitor_delete: Optional[bool] = None, - monitor_modify: Optional[bool] = None, - monitor_read: Optional[bool] = None, - monitored_paths: Optional[Sequence[str]] = None, - monitored_processes: Optional[Sequence[str]] = None, - monitored_users: Optional[Sequence[str]] = None): - """ - :param Sequence[str] excluded_paths: List of paths to be excluded from being monitored. - :param Sequence[str] excluded_processes: List of registry processes to be excluded from being monitored. - :param Sequence[str] excluded_users: List of registry users to be excluded from being monitored. - :param bool monitor_attributes: If true, add attributes operations will be monitored. - :param bool monitor_create: If true, create operations will be monitored. - :param bool monitor_delete: If true, deletion operations will be monitored. - :param bool monitor_modify: If true, modification operations will be monitored. - :param bool monitor_read: If true, read operations will be monitored. - :param Sequence[str] monitored_paths: List of paths to be monitored. - :param Sequence[str] monitored_processes: List of registry processes to be monitored. - :param Sequence[str] monitored_users: List of registry users to be monitored. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if monitor_attributes is not None: - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - if monitor_create is not None: - pulumi.set(__self__, "monitor_create", monitor_create) - if monitor_delete is not None: - pulumi.set(__self__, "monitor_delete", monitor_delete) - if monitor_modify is not None: - pulumi.set(__self__, "monitor_modify", monitor_modify) - if monitor_read is not None: - pulumi.set(__self__, "monitor_read", monitor_read) - if monitored_paths is not None: - pulumi.set(__self__, "monitored_paths", monitored_paths) - if monitored_processes is not None: - pulumi.set(__self__, "monitored_processes", monitored_processes) - if monitored_users is not None: - pulumi.set(__self__, "monitored_users", monitored_users) - - @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[Sequence[str]]: + author: Optional[str] = None, + description: Optional[str] = None, + engine: Optional[str] = None, + last_modified: Optional[int] = None, + name: Optional[str] = None, + path: Optional[str] = None, + read_only: Optional[bool] = None, + script_id: Optional[str] = None, + severity: Optional[str] = None, + snippet: Optional[str] = None): """ - List of paths to be excluded from being monitored. + :param str author: Name of user account that created the policy. """ - return pulumi.get(self, "excluded_paths") + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[Sequence[str]]: + @pulumi.getter + def author(self) -> Optional[str]: """ - List of registry processes to be excluded from being monitored. + Name of user account that created the policy. """ - return pulumi.get(self, "excluded_processes") + return pulumi.get(self, "author") @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[Sequence[str]]: - """ - List of registry users to be excluded from being monitored. - """ - return pulumi.get(self, "excluded_users") + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> Optional[bool]: - """ - If true, add attributes operations will be monitored. - """ - return pulumi.get(self, "monitor_attributes") + @pulumi.getter + def engine(self) -> Optional[str]: + return pulumi.get(self, "engine") @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> Optional[bool]: - """ - If true, create operations will be monitored. - """ - return pulumi.get(self, "monitor_create") + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[int]: + return pulumi.get(self, "last_modified") @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> Optional[bool]: - """ - If true, deletion operations will be monitored. - """ - return pulumi.get(self, "monitor_delete") + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> Optional[bool]: - """ - If true, modification operations will be monitored. - """ - return pulumi.get(self, "monitor_modify") + @pulumi.getter + def path(self) -> Optional[str]: + return pulumi.get(self, "path") @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> Optional[bool]: - """ - If true, read operations will be monitored. - """ - return pulumi.get(self, "monitor_read") + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[bool]: + return pulumi.get(self, "read_only") @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Optional[Sequence[str]]: - """ - List of paths to be monitored. - """ - return pulumi.get(self, "monitored_paths") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[str]: + return pulumi.get(self, "script_id") @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Optional[Sequence[str]]: - """ - List of registry processes to be monitored. - """ - return pulumi.get(self, "monitored_processes") + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Optional[Sequence[str]]: - """ - List of registry users to be monitored. - """ - return pulumi.get(self, "monitored_users") + @pulumi.getter + def snippet(self) -> Optional[str]: + return pulumi.get(self, "snippet") + + +@pulumi.output_type +class FunctionAssurancePolicyForbiddenLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") @pulumi.output_type -class HostRuntimePolicyWindowsRegistryProtection(dict): +class FunctionAssurancePolicyKubernetesControl(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "excludedPaths": - suggest = "excluded_paths" - elif key == "excludedProcesses": - suggest = "excluded_processes" - elif key == "excludedUsers": - suggest = "excluded_users" - elif key == "protectedPaths": - suggest = "protected_paths" - elif key == "protectedProcesses": - suggest = "protected_processes" - elif key == "protectedUsers": - suggest = "protected_users" + if key == "avdId": + suggest = "avd_id" + elif key == "scriptId": + suggest = "script_id" if suggest: - pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyWindowsRegistryProtection. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyKubernetesControl. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - HostRuntimePolicyWindowsRegistryProtection.__key_warning(key) + FunctionAssurancePolicyKubernetesControl.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - HostRuntimePolicyWindowsRegistryProtection.__key_warning(key) + FunctionAssurancePolicyKubernetesControl.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - excluded_paths: Optional[Sequence[str]] = None, - excluded_processes: Optional[Sequence[str]] = None, - excluded_users: Optional[Sequence[str]] = None, - protected_paths: Optional[Sequence[str]] = None, - protected_processes: Optional[Sequence[str]] = None, - protected_users: Optional[Sequence[str]] = None): - """ - :param Sequence[str] excluded_paths: List of registry paths to be excluded from being protected. - :param Sequence[str] excluded_processes: List of registry processes to be excluded from being protected. - :param Sequence[str] excluded_users: List of registry paths to be users from being protected. - :param Sequence[str] protected_paths: List of registry paths to be protected. - :param Sequence[str] protected_processes: List of registry processes to be protected. - :param Sequence[str] protected_users: List of registry users to be protected. - """ - if excluded_paths is not None: - pulumi.set(__self__, "excluded_paths", excluded_paths) - if excluded_processes is not None: - pulumi.set(__self__, "excluded_processes", excluded_processes) - if excluded_users is not None: - pulumi.set(__self__, "excluded_users", excluded_users) - if protected_paths is not None: - pulumi.set(__self__, "protected_paths", protected_paths) - if protected_processes is not None: - pulumi.set(__self__, "protected_processes", protected_processes) - if protected_users is not None: - pulumi.set(__self__, "protected_users", protected_users) + avd_id: Optional[str] = None, + description: Optional[str] = None, + enabled: Optional[bool] = None, + kind: Optional[str] = None, + name: Optional[str] = None, + ootb: Optional[bool] = None, + script_id: Optional[int] = None, + severity: Optional[str] = None): + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Optional[Sequence[str]]: - """ - List of registry paths to be excluded from being protected. - """ - return pulumi.get(self, "excluded_paths") + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[str]: + return pulumi.get(self, "avd_id") @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Optional[Sequence[str]]: - """ - List of registry processes to be excluded from being protected. - """ - return pulumi.get(self, "excluded_processes") + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Optional[Sequence[str]]: - """ - List of registry paths to be users from being protected. - """ - return pulumi.get(self, "excluded_users") + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="protectedPaths") - def protected_paths(self) -> Optional[Sequence[str]]: - """ - List of registry paths to be protected. - """ - return pulumi.get(self, "protected_paths") + @pulumi.getter + def kind(self) -> Optional[str]: + return pulumi.get(self, "kind") @property - @pulumi.getter(name="protectedProcesses") - def protected_processes(self) -> Optional[Sequence[str]]: - """ - List of registry processes to be protected. - """ - return pulumi.get(self, "protected_processes") + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") @property - @pulumi.getter(name="protectedUsers") - def protected_users(self) -> Optional[Sequence[str]]: - """ - List of registry users to be protected. - """ - return pulumi.get(self, "protected_users") + @pulumi.getter + def ootb(self) -> Optional[bool]: + return pulumi.get(self, "ootb") + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[int]: + return pulumi.get(self, "script_id") + + @property + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") @pulumi.output_type -class ImageAssuranceChecksPerformed(dict): +class FunctionAssurancePolicyPackagesBlackList(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "assuranceType": - suggest = "assurance_type" - elif key == "dtaSkipped": - suggest = "dta_skipped" - elif key == "dtaSkippedReason": - suggest = "dta_skipped_reason" - elif key == "policyName": - suggest = "policy_name" + if key == "versionRange": + suggest = "version_range" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageAssuranceChecksPerformed. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageAssuranceChecksPerformed.__key_warning(key) + FunctionAssurancePolicyPackagesBlackList.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageAssuranceChecksPerformed.__key_warning(key) + FunctionAssurancePolicyPackagesBlackList.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - assurance_type: Optional[str] = None, - blocking: Optional[bool] = None, - control: Optional[str] = None, - dta_skipped: Optional[bool] = None, - dta_skipped_reason: Optional[str] = None, - failed: Optional[bool] = None, - policy_name: Optional[str] = None): - """ - :param bool dta_skipped: If DTA was skipped. - :param str dta_skipped_reason: The reason why DTA was skipped. - """ - if assurance_type is not None: - pulumi.set(__self__, "assurance_type", assurance_type) - if blocking is not None: - pulumi.set(__self__, "blocking", blocking) - if control is not None: - pulumi.set(__self__, "control", control) - if dta_skipped is not None: - pulumi.set(__self__, "dta_skipped", dta_skipped) - if dta_skipped_reason is not None: - pulumi.set(__self__, "dta_skipped_reason", dta_skipped_reason) - if failed is not None: - pulumi.set(__self__, "failed", failed) - if policy_name is not None: - pulumi.set(__self__, "policy_name", policy_name) + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property - @pulumi.getter(name="assuranceType") - def assurance_type(self) -> Optional[str]: - return pulumi.get(self, "assurance_type") + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") @property @pulumi.getter - def blocking(self) -> Optional[bool]: - return pulumi.get(self, "blocking") + def display(self) -> Optional[str]: + return pulumi.get(self, "display") @property @pulumi.getter - def control(self) -> Optional[str]: - return pulumi.get(self, "control") + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") @property - @pulumi.getter(name="dtaSkipped") - def dta_skipped(self) -> Optional[bool]: - """ - If DTA was skipped. - """ - return pulumi.get(self, "dta_skipped") + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") @property - @pulumi.getter(name="dtaSkippedReason") - def dta_skipped_reason(self) -> Optional[str]: - """ - The reason why DTA was skipped. - """ - return pulumi.get(self, "dta_skipped_reason") + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") @property @pulumi.getter - def failed(self) -> Optional[bool]: - return pulumi.get(self, "failed") + def name(self) -> Optional[str]: + return pulumi.get(self, "name") @property - @pulumi.getter(name="policyName") - def policy_name(self) -> Optional[str]: - return pulumi.get(self, "policy_name") + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") @pulumi.output_type -class ImageAssurancePolicyAutoScanTime(dict): +class FunctionAssurancePolicyPackagesWhiteList(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "iterationType": - suggest = "iteration_type" - elif key == "weekDays": - suggest = "week_days" + if key == "versionRange": + suggest = "version_range" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageAssurancePolicyAutoScanTime.__key_warning(key) + FunctionAssurancePolicyPackagesWhiteList.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageAssurancePolicyAutoScanTime.__key_warning(key) + FunctionAssurancePolicyPackagesWhiteList.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - iteration: Optional[int] = None, - iteration_type: Optional[str] = None, - time: Optional[str] = None, - week_days: Optional[Sequence[str]] = None): - if iteration is not None: - pulumi.set(__self__, "iteration", iteration) - if iteration_type is not None: - pulumi.set(__self__, "iteration_type", iteration_type) - if time is not None: - pulumi.set(__self__, "time", time) - if week_days is not None: - pulumi.set(__self__, "week_days", week_days) + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property @pulumi.getter - def iteration(self) -> Optional[int]: - return pulumi.get(self, "iteration") + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") @property - @pulumi.getter(name="iterationType") - def iteration_type(self) -> Optional[str]: - return pulumi.get(self, "iteration_type") + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") @property @pulumi.getter - def time(self) -> Optional[str]: - return pulumi.get(self, "time") + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") @property - @pulumi.getter(name="weekDays") - def week_days(self) -> Optional[Sequence[str]]: - return pulumi.get(self, "week_days") + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") + + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") @pulumi.output_type -class ImageAssurancePolicyCustomCheck(dict): +class FunctionAssurancePolicyPolicySettings(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "lastModified": - suggest = "last_modified" - elif key == "readOnly": - suggest = "read_only" - elif key == "scriptId": - suggest = "script_id" + if key == "isAuditChecked": + suggest = "is_audit_checked" + elif key == "warningMessage": + suggest = "warning_message" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionAssurancePolicyPolicySettings. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageAssurancePolicyCustomCheck.__key_warning(key) + FunctionAssurancePolicyPolicySettings.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageAssurancePolicyCustomCheck.__key_warning(key) + FunctionAssurancePolicyPolicySettings.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - author: Optional[str] = None, - description: Optional[str] = None, - engine: Optional[str] = None, - last_modified: Optional[int] = None, - name: Optional[str] = None, - path: Optional[str] = None, - read_only: Optional[bool] = None, - script_id: Optional[str] = None, - severity: Optional[str] = None, - snippet: Optional[str] = None): - """ - :param str author: Name of user account that created the policy. - """ - if author is not None: - pulumi.set(__self__, "author", author) - if description is not None: - pulumi.set(__self__, "description", description) - if engine is not None: - pulumi.set(__self__, "engine", engine) - if last_modified is not None: - pulumi.set(__self__, "last_modified", last_modified) - if name is not None: - pulumi.set(__self__, "name", name) - if path is not None: - pulumi.set(__self__, "path", path) - if read_only is not None: - pulumi.set(__self__, "read_only", read_only) - if script_id is not None: - pulumi.set(__self__, "script_id", script_id) - if severity is not None: - pulumi.set(__self__, "severity", severity) - if snippet is not None: - pulumi.set(__self__, "snippet", snippet) + enforce: Optional[bool] = None, + is_audit_checked: Optional[bool] = None, + warn: Optional[bool] = None, + warning_message: Optional[str] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) @property @pulumi.getter - def author(self) -> Optional[str]: - """ - Name of user account that created the policy. - """ - return pulumi.get(self, "author") + def enforce(self) -> Optional[bool]: + return pulumi.get(self, "enforce") @property - @pulumi.getter - def description(self) -> Optional[str]: - return pulumi.get(self, "description") + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[bool]: + return pulumi.get(self, "is_audit_checked") @property @pulumi.getter - def engine(self) -> Optional[str]: - return pulumi.get(self, "engine") + def warn(self) -> Optional[bool]: + return pulumi.get(self, "warn") @property - @pulumi.getter(name="lastModified") - def last_modified(self) -> Optional[int]: - return pulumi.get(self, "last_modified") + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[str]: + return pulumi.get(self, "warning_message") + + +@pulumi.output_type +class FunctionAssurancePolicyRequiredLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + def key(self) -> Optional[str]: + return pulumi.get(self, "key") @property @pulumi.getter - def path(self) -> Optional[str]: - return pulumi.get(self, "path") + def value(self) -> Optional[str]: + return pulumi.get(self, "value") - @property - @pulumi.getter(name="readOnly") - def read_only(self) -> Optional[bool]: - return pulumi.get(self, "read_only") - @property - @pulumi.getter(name="scriptId") - def script_id(self) -> Optional[str]: - return pulumi.get(self, "script_id") +@pulumi.output_type +class FunctionAssurancePolicyScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.FunctionAssurancePolicyScopeVariable']] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property @pulumi.getter - def severity(self) -> Optional[str]: - return pulumi.get(self, "severity") + def expression(self) -> Optional[str]: + return pulumi.get(self, "expression") @property @pulumi.getter - def snippet(self) -> Optional[str]: - return pulumi.get(self, "snippet") + def variables(self) -> Optional[Sequence['outputs.FunctionAssurancePolicyScopeVariable']]: + return pulumi.get(self, "variables") @pulumi.output_type -class ImageAssurancePolicyForbiddenLabel(dict): +class FunctionAssurancePolicyScopeVariable(dict): def __init__(__self__, *, - key: Optional[str] = None, + attribute: Optional[str] = None, + name: Optional[str] = None, value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") + def attribute(self) -> Optional[str]: + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") @property @pulumi.getter @@ -3396,219 +3889,336 @@ def value(self) -> Optional[str]: @pulumi.output_type -class ImageAssurancePolicyPackagesBlackList(dict): +class FunctionAssurancePolicyTrustedBaseImage(dict): + def __init__(__self__, *, + imagename: Optional[str] = None, + registry: Optional[str] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) + + @property + @pulumi.getter + def imagename(self) -> Optional[str]: + return pulumi.get(self, "imagename") + + @property + @pulumi.getter + def registry(self) -> Optional[str]: + return pulumi.get(self, "registry") + + +@pulumi.output_type +class FunctionRuntimePolicyAllowedExecutable(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "allowExecutables": + suggest = "allow_executables" + elif key == "allowRootExecutables": + suggest = "allow_root_executables" + elif key == "separateExecutables": + suggest = "separate_executables" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyAllowedExecutable. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageAssurancePolicyPackagesBlackList.__key_warning(key) + FunctionRuntimePolicyAllowedExecutable.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageAssurancePolicyPackagesBlackList.__key_warning(key) + FunctionRuntimePolicyAllowedExecutable.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, - name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + allow_executables: Optional[Sequence[str]] = None, + allow_root_executables: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + separate_executables: Optional[bool] = None): + """ + :param Sequence[str] allow_executables: List of allowed executables. + :param Sequence[str] allow_root_executables: List of allowed root executables. + :param bool enabled: Whether allowed executables configuration is enabled. + :param bool separate_executables: Whether to treat executables separately. + """ + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) @property - @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed executables. + """ + return pulumi.get(self, "allow_executables") @property - @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed root executables. + """ + return pulumi.get(self, "allow_root_executables") @property @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") + def enabled(self) -> Optional[bool]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") @property - @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[bool]: + """ + Whether to treat executables separately. + """ + return pulumi.get(self, "separate_executables") - @property - @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") - @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") +@pulumi.output_type +class FunctionRuntimePolicyAllowedRegistry(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "allowedRegistries": + suggest = "allowed_registries" - @property - @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyAllowedRegistry. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyAllowedRegistry.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyAllowedRegistry.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allowed_registries: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + """ + :param Sequence[str] allowed_registries: List of allowed registries. + :param bool enabled: Whether allowed registries are enabled. + """ + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[Sequence[str]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether allowed registries are enabled. + """ + return pulumi.get(self, "enabled") @pulumi.output_type -class ImageAssurancePolicyPackagesWhiteList(dict): +class FunctionRuntimePolicyAuditing(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "auditAllNetwork": + suggest = "audit_all_network" + elif key == "auditAllProcesses": + suggest = "audit_all_processes" + elif key == "auditFailedLogin": + suggest = "audit_failed_login" + elif key == "auditOsUserActivity": + suggest = "audit_os_user_activity" + elif key == "auditProcessCmdline": + suggest = "audit_process_cmdline" + elif key == "auditSuccessLogin": + suggest = "audit_success_login" + elif key == "auditUserAccountManagement": + suggest = "audit_user_account_management" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyAuditing. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageAssurancePolicyPackagesWhiteList.__key_warning(key) + FunctionRuntimePolicyAuditing.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageAssurancePolicyPackagesWhiteList.__key_warning(key) + FunctionRuntimePolicyAuditing.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, - name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) - if name is not None: - pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) @property - @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") @property - @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") @property - @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") @property - @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") @property - @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") @property @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class FunctionRuntimePolicyBlacklistedOsUsers(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupBlackLists": + suggest = "group_black_lists" + elif key == "userBlackLists": + suggest = "user_black_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyBlacklistedOsUsers. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyBlacklistedOsUsers.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyBlacklistedOsUsers.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + group_black_lists: Optional[Sequence[str]] = None, + user_black_lists: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_black_lists is not None: + pulumi.set(__self__, "group_black_lists", group_black_lists) + if user_black_lists is not None: + pulumi.set(__self__, "user_black_lists", user_black_lists) @property @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter(name="groupBlackLists") + def group_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "group_black_lists") + + @property + @pulumi.getter(name="userBlackLists") + def user_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "user_black_lists") @pulumi.output_type -class ImageAssurancePolicyRequiredLabel(dict): +class FunctionRuntimePolicyBypassScope(dict): def __init__(__self__, *, - key: Optional[str] = None, - value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) + enabled: Optional[bool] = None, + scopes: Optional[Sequence['outputs.FunctionRuntimePolicyBypassScopeScope']] = None): + """ + :param bool enabled: Whether bypassing the scope is enabled. + :param Sequence['FunctionRuntimePolicyBypassScopeScopeArgs'] scopes: Scope configuration. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) @property @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") + def enabled(self) -> Optional[bool]: + """ + Whether bypassing the scope is enabled. + """ + return pulumi.get(self, "enabled") @property @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") + def scopes(self) -> Optional[Sequence['outputs.FunctionRuntimePolicyBypassScopeScope']]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") @pulumi.output_type -class ImageAssurancePolicyScope(dict): +class FunctionRuntimePolicyBypassScopeScope(dict): def __init__(__self__, *, expression: Optional[str] = None, - variables: Optional[Sequence['outputs.ImageAssurancePolicyScopeVariable']] = None): + variables: Optional[Sequence['outputs.FunctionRuntimePolicyBypassScopeScopeVariable']] = None): + """ + :param str expression: Scope expression. + :param Sequence['FunctionRuntimePolicyBypassScopeScopeVariableArgs'] variables: List of variables in the scope. + """ if expression is not None: pulumi.set(__self__, "expression", expression) if variables is not None: @@ -3617,191 +4227,4849 @@ def __init__(__self__, *, @property @pulumi.getter def expression(self) -> Optional[str]: + """ + Scope expression. + """ return pulumi.get(self, "expression") @property @pulumi.getter - def variables(self) -> Optional[Sequence['outputs.ImageAssurancePolicyScopeVariable']]: + def variables(self) -> Optional[Sequence['outputs.FunctionRuntimePolicyBypassScopeScopeVariable']]: + """ + List of variables in the scope. + """ return pulumi.get(self, "variables") @pulumi.output_type -class ImageAssurancePolicyScopeVariable(dict): +class FunctionRuntimePolicyBypassScopeScopeVariable(dict): def __init__(__self__, *, attribute: Optional[str] = None, - name: Optional[str] = None, value: Optional[str] = None): + """ + :param str attribute: Variable attribute. + :param str value: Variable value. + """ if attribute is not None: pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter def attribute(self) -> Optional[str]: + """ + Variable attribute. + """ return pulumi.get(self, "attribute") - @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") - @property @pulumi.getter def value(self) -> Optional[str]: + """ + Variable value. + """ return pulumi.get(self, "value") @pulumi.output_type -class ImageAssurancePolicyTrustedBaseImage(dict): +class FunctionRuntimePolicyContainerExec(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockContainerExec": + suggest = "block_container_exec" + elif key == "containerExecProcWhiteLists": + suggest = "container_exec_proc_white_lists" + elif key == "reverseShellIpWhiteLists": + suggest = "reverse_shell_ip_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyContainerExec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyContainerExec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyContainerExec.__key_warning(key) + return super().get(key, default) + def __init__(__self__, *, - imagename: Optional[str] = None, - registry: Optional[str] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) + block_container_exec: Optional[bool] = None, + container_exec_proc_white_lists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) @property - @pulumi.getter - def imagename(self) -> Optional[str]: - return pulumi.get(self, "imagename") + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[bool]: + return pulumi.get(self, "block_container_exec") + + @property + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "container_exec_proc_white_lists") @property @pulumi.getter - def registry(self) -> Optional[str]: - return pulumi.get(self, "registry") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") @pulumi.output_type -class ImageHistory(dict): +class FunctionRuntimePolicyDriftPrevention(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "createdBy": - suggest = "created_by" + if key == "execLockdown": + suggest = "exec_lockdown" + elif key == "execLockdownWhiteLists": + suggest = "exec_lockdown_white_lists" + elif key == "imageLockdown": + suggest = "image_lockdown" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageHistory. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyDriftPrevention. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageHistory.__key_warning(key) + FunctionRuntimePolicyDriftPrevention.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageHistory.__key_warning(key) + FunctionRuntimePolicyDriftPrevention.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - comment: Optional[str] = None, - created: Optional[str] = None, - created_by: Optional[str] = None, - id: Optional[str] = None, - size: Optional[int] = None): + enabled: Optional[bool] = None, + exec_lockdown: Optional[bool] = None, + exec_lockdown_white_lists: Optional[Sequence[str]] = None, + image_lockdown: Optional[bool] = None): """ - :param str comment: The image creation comment. - :param str created: The date and time when the image was registered. - :param str id: The ID of this resource. + :param bool enabled: Whether drift prevention is enabled. + :param bool exec_lockdown: Whether to lockdown execution drift. + :param Sequence[str] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param bool image_lockdown: Whether to lockdown image drift. """ - if comment is not None: - pulumi.set(__self__, "comment", comment) - if created is not None: - pulumi.set(__self__, "created", created) - if created_by is not None: - pulumi.set(__self__, "created_by", created_by) - if id is not None: - pulumi.set(__self__, "id", id) - if size is not None: - pulumi.set(__self__, "size", size) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) @property @pulumi.getter - def comment(self) -> Optional[str]: + def enabled(self) -> Optional[bool]: """ - The image creation comment. + Whether drift prevention is enabled. """ - return pulumi.get(self, "comment") + return pulumi.get(self, "enabled") @property - @pulumi.getter - def created(self) -> Optional[str]: + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[bool]: """ - The date and time when the image was registered. + Whether to lockdown execution drift. """ - return pulumi.get(self, "created") + return pulumi.get(self, "exec_lockdown") @property - @pulumi.getter(name="createdBy") - def created_by(self) -> Optional[str]: - return pulumi.get(self, "created_by") + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[Sequence[str]]: + """ + List of items in the execution lockdown white list. + """ + return pulumi.get(self, "exec_lockdown_white_lists") + + @property + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown image drift. + """ + return pulumi.get(self, "image_lockdown") + + +@pulumi.output_type +class FunctionRuntimePolicyExecutableBlacklist(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + executables: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether the executable blacklist is enabled. + :param Sequence[str] executables: List of blacklisted executables. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) @property @pulumi.getter - def id(self) -> Optional[str]: + def enabled(self) -> Optional[bool]: """ - The ID of this resource. + Whether the executable blacklist is enabled. """ - return pulumi.get(self, "id") + return pulumi.get(self, "enabled") @property @pulumi.getter - def size(self) -> Optional[int]: - return pulumi.get(self, "size") + def executables(self) -> Optional[Sequence[str]]: + """ + List of blacklisted executables. + """ + return pulumi.get(self, "executables") @pulumi.output_type -class ImageVulnerability(dict): +class FunctionRuntimePolicyFailedKubernetesChecks(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "ackAuthor": - suggest = "ack_author" - elif key == "ackComment": - suggest = "ack_comment" - elif key == "ackExpirationConfiguredAt": - suggest = "ack_expiration_configured_at" - elif key == "ackExpirationConfiguredBy": - suggest = "ack_expiration_configured_by" - elif key == "ackExpirationDays": - suggest = "ack_expiration_days" - elif key == "ackScope": - suggest = "ack_scope" - elif key == "acknowledgeDate": - suggest = "acknowledge_date" - elif key == "ancestorPkg": - suggest = "ancestor_pkg" - elif key == "aquaScore": - suggest = "aqua_score" - elif key == "aquaScoreClassification": - suggest = "aqua_score_classification" - elif key == "aquaScoringSystem": - suggest = "aqua_scoring_system" - elif key == "aquaSeverity": - suggest = "aqua_severity" - elif key == "aquaSeverityClassification": - suggest = "aqua_severity_classification" - elif key == "aquaVectors": - suggest = "aqua_vectors" - elif key == "auditEventsCount": - suggest = "audit_events_count" - elif key == "blockEventsCount": - suggest = "block_events_count" - elif key == "exploitReference": - suggest = "exploit_reference" - elif key == "exploitType": - suggest = "exploit_type" - elif key == "firstFoundDate": - suggest = "first_found_date" - elif key == "fixVersion": - suggest = "fix_version" - elif key == "imageName": - suggest = "image_name" - elif key == "lastFoundDate": - suggest = "last_found_date" - elif key == "modificationDate": - suggest = "modification_date" + if key == "failedChecks": + suggest = "failed_checks" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyFailedKubernetesChecks. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyFailedKubernetesChecks.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyFailedKubernetesChecks.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + failed_checks: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if failed_checks is not None: + pulumi.set(__self__, "failed_checks", failed_checks) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="failedChecks") + def failed_checks(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "failed_checks") + + +@pulumi.output_type +class FunctionRuntimePolicyFileBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockFilesProcesses": + suggest = "block_files_processes" + elif key == "blockFilesUsers": + suggest = "block_files_users" + elif key == "exceptionalBlockFiles": + suggest = "exceptional_block_files" + elif key == "exceptionalBlockFilesProcesses": + suggest = "exceptional_block_files_processes" + elif key == "exceptionalBlockFilesUsers": + suggest = "exceptional_block_files_users" + elif key == "filenameBlockLists": + suggest = "filename_block_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyFileBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyFileBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyFileBlock.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_files_processes: Optional[Sequence[str]] = None, + block_files_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_files: Optional[Sequence[str]] = None, + exceptional_block_files_processes: Optional[Sequence[str]] = None, + exceptional_block_files_users: Optional[Sequence[str]] = None, + filename_block_lists: Optional[Sequence[str]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_processes") + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_users") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files") + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_users") + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "filename_block_lists") + + +@pulumi.output_type +class FunctionRuntimePolicyFileIntegrityMonitoring(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalMonitoredFiles": + suggest = "exceptional_monitored_files" + elif key == "exceptionalMonitoredFilesProcesses": + suggest = "exceptional_monitored_files_processes" + elif key == "exceptionalMonitoredFilesUsers": + suggest = "exceptional_monitored_files_users" + elif key == "monitoredFiles": + suggest = "monitored_files" + elif key == "monitoredFilesAttributes": + suggest = "monitored_files_attributes" + elif key == "monitoredFilesCreate": + suggest = "monitored_files_create" + elif key == "monitoredFilesDelete": + suggest = "monitored_files_delete" + elif key == "monitoredFilesModify": + suggest = "monitored_files_modify" + elif key == "monitoredFilesProcesses": + suggest = "monitored_files_processes" + elif key == "monitoredFilesRead": + suggest = "monitored_files_read" + elif key == "monitoredFilesUsers": + suggest = "monitored_files_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyFileIntegrityMonitoring. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") + + @property + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") + + @property + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") + + @property + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") + + @property + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") + + @property + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") + + @property + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") + + @property + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") + + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") + + @property + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") + + @property + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") + + +@pulumi.output_type +class FunctionRuntimePolicyLimitContainerPrivilege(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockAddCapabilities": + suggest = "block_add_capabilities" + elif key == "preventLowPortBinding": + suggest = "prevent_low_port_binding" + elif key == "preventRootUser": + suggest = "prevent_root_user" + elif key == "useHostUser": + suggest = "use_host_user" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyLimitContainerPrivilege. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyLimitContainerPrivilege.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyLimitContainerPrivilege.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_add_capabilities: Optional[bool] = None, + enabled: Optional[bool] = None, + ipcmode: Optional[bool] = None, + netmode: Optional[bool] = None, + pidmode: Optional[bool] = None, + prevent_low_port_binding: Optional[bool] = None, + prevent_root_user: Optional[bool] = None, + privileged: Optional[bool] = None, + use_host_user: Optional[bool] = None, + usermode: Optional[bool] = None, + utsmode: Optional[bool] = None): + """ + :param bool block_add_capabilities: Whether to block adding capabilities. + :param bool enabled: Whether container privilege limitations are enabled. + :param bool ipcmode: Whether to limit IPC-related capabilities. + :param bool netmode: Whether to limit network-related capabilities. + :param bool pidmode: Whether to limit process-related capabilities. + :param bool prevent_low_port_binding: Whether to prevent low port binding. + :param bool prevent_root_user: Whether to prevent the use of the root user. + :param bool privileged: Whether the container is run in privileged mode. + :param bool use_host_user: Whether to use the host user. + :param bool usermode: Whether to limit user-related capabilities. + :param bool utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) + + @property + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[bool]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def ipcmode(self) -> Optional[bool]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") + + @property + @pulumi.getter + def netmode(self) -> Optional[bool]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") + + @property + @pulumi.getter + def pidmode(self) -> Optional[bool]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") + + @property + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[bool]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") + + @property + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[bool]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") + + @property + @pulumi.getter + def privileged(self) -> Optional[bool]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") + + @property + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[bool]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") + + @property + @pulumi.getter + def usermode(self) -> Optional[bool]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") + + @property + @pulumi.getter + def utsmode(self) -> Optional[bool]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") + + +@pulumi.output_type +class FunctionRuntimePolicyLinuxCapabilities(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "removeLinuxCapabilities": + suggest = "remove_linux_capabilities" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyLinuxCapabilities. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyLinuxCapabilities.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyLinuxCapabilities.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + remove_linux_capabilities: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if remove_linux_capabilities is not None: + pulumi.set(__self__, "remove_linux_capabilities", remove_linux_capabilities) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="removeLinuxCapabilities") + def remove_linux_capabilities(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "remove_linux_capabilities") + + +@pulumi.output_type +class FunctionRuntimePolicyMalwareScanOptions(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "excludeDirectories": + suggest = "exclude_directories" + elif key == "excludeProcesses": + suggest = "exclude_processes" + elif key == "includeDirectories": + suggest = "include_directories" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyMalwareScanOptions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyMalwareScanOptions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyMalwareScanOptions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): + """ + :param str action: Set Action, Defaults to 'Alert' when empty + :param bool enabled: Defines if enabled or not + :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. + :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) + + @property + @pulumi.getter + def action(self) -> Optional[str]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") + + @property + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[Sequence[str]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") + + @property + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") + + +@pulumi.output_type +class FunctionRuntimePolicyPackageBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockPackagesProcesses": + suggest = "block_packages_processes" + elif key == "blockPackagesUsers": + suggest = "block_packages_users" + elif key == "exceptionalBlockPackagesFiles": + suggest = "exceptional_block_packages_files" + elif key == "exceptionalBlockPackagesProcesses": + suggest = "exceptional_block_packages_processes" + elif key == "exceptionalBlockPackagesUsers": + suggest = "exceptional_block_packages_users" + elif key == "packagesBlackLists": + suggest = "packages_black_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyPackageBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyPackageBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyPackageBlock.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_packages_processes: Optional[Sequence[str]] = None, + block_packages_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_packages_files: Optional[Sequence[str]] = None, + exceptional_block_packages_processes: Optional[Sequence[str]] = None, + exceptional_block_packages_users: Optional[Sequence[str]] = None, + packages_black_lists: Optional[Sequence[str]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + + @property + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_processes") + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_users") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_files") + + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_processes") + + @property + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_users") + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "packages_black_lists") + + +@pulumi.output_type +class FunctionRuntimePolicyPortBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockInboundPorts": + suggest = "block_inbound_ports" + elif key == "blockOutboundPorts": + suggest = "block_outbound_ports" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyPortBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyPortBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyPortBlock.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_inbound_ports: Optional[Sequence[str]] = None, + block_outbound_ports: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_inbound_ports") + + @property + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_outbound_ports") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class FunctionRuntimePolicyReadonlyFiles(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalReadonlyFiles": + suggest = "exceptional_readonly_files" + elif key == "exceptionalReadonlyFilesProcesses": + suggest = "exceptional_readonly_files_processes" + elif key == "exceptionalReadonlyFilesUsers": + suggest = "exceptional_readonly_files_users" + elif key == "readonlyFiles": + suggest = "readonly_files" + elif key == "readonlyFilesProcesses": + suggest = "readonly_files_processes" + elif key == "readonlyFilesUsers": + suggest = "readonly_files_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyReadonlyFiles. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyReadonlyFiles.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyReadonlyFiles.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_readonly_files: Optional[Sequence[str]] = None, + exceptional_readonly_files_processes: Optional[Sequence[str]] = None, + exceptional_readonly_files_users: Optional[Sequence[str]] = None, + readonly_files: Optional[Sequence[str]] = None, + readonly_files_processes: Optional[Sequence[str]] = None, + readonly_files_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files") + + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_processes") + + @property + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_users") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files") + + @property + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_processes") + + @property + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_users") + + +@pulumi.output_type +class FunctionRuntimePolicyReadonlyRegistry(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalReadonlyRegistryPaths": + suggest = "exceptional_readonly_registry_paths" + elif key == "exceptionalReadonlyRegistryProcesses": + suggest = "exceptional_readonly_registry_processes" + elif key == "exceptionalReadonlyRegistryUsers": + suggest = "exceptional_readonly_registry_users" + elif key == "readonlyRegistryPaths": + suggest = "readonly_registry_paths" + elif key == "readonlyRegistryProcesses": + suggest = "readonly_registry_processes" + elif key == "readonlyRegistryUsers": + suggest = "readonly_registry_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyReadonlyRegistry. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyReadonlyRegistry.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyReadonlyRegistry.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_readonly_registry_paths: Optional[Sequence[str]] = None, + exceptional_readonly_registry_processes: Optional[Sequence[str]] = None, + exceptional_readonly_registry_users: Optional[Sequence[str]] = None, + readonly_registry_paths: Optional[Sequence[str]] = None, + readonly_registry_processes: Optional[Sequence[str]] = None, + readonly_registry_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_registry_paths is not None: + pulumi.set(__self__, "exceptional_readonly_registry_paths", exceptional_readonly_registry_paths) + if exceptional_readonly_registry_processes is not None: + pulumi.set(__self__, "exceptional_readonly_registry_processes", exceptional_readonly_registry_processes) + if exceptional_readonly_registry_users is not None: + pulumi.set(__self__, "exceptional_readonly_registry_users", exceptional_readonly_registry_users) + if readonly_registry_paths is not None: + pulumi.set(__self__, "readonly_registry_paths", readonly_registry_paths) + if readonly_registry_processes is not None: + pulumi.set(__self__, "readonly_registry_processes", readonly_registry_processes) + if readonly_registry_users is not None: + pulumi.set(__self__, "readonly_registry_users", readonly_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryPaths") + def exceptional_readonly_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_paths") + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryProcesses") + def exceptional_readonly_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_processes") + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryUsers") + def exceptional_readonly_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_users") + + @property + @pulumi.getter(name="readonlyRegistryPaths") + def readonly_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_paths") + + @property + @pulumi.getter(name="readonlyRegistryProcesses") + def readonly_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_processes") + + @property + @pulumi.getter(name="readonlyRegistryUsers") + def readonly_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_users") + + +@pulumi.output_type +class FunctionRuntimePolicyRegistryAccessMonitoring(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalMonitoredRegistryPaths": + suggest = "exceptional_monitored_registry_paths" + elif key == "exceptionalMonitoredRegistryProcesses": + suggest = "exceptional_monitored_registry_processes" + elif key == "exceptionalMonitoredRegistryUsers": + suggest = "exceptional_monitored_registry_users" + elif key == "monitoredRegistryAttributes": + suggest = "monitored_registry_attributes" + elif key == "monitoredRegistryCreate": + suggest = "monitored_registry_create" + elif key == "monitoredRegistryDelete": + suggest = "monitored_registry_delete" + elif key == "monitoredRegistryModify": + suggest = "monitored_registry_modify" + elif key == "monitoredRegistryPaths": + suggest = "monitored_registry_paths" + elif key == "monitoredRegistryProcesses": + suggest = "monitored_registry_processes" + elif key == "monitoredRegistryRead": + suggest = "monitored_registry_read" + elif key == "monitoredRegistryUsers": + suggest = "monitored_registry_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyRegistryAccessMonitoring. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyRegistryAccessMonitoring.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyRegistryAccessMonitoring.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_monitored_registry_paths: Optional[Sequence[str]] = None, + exceptional_monitored_registry_processes: Optional[Sequence[str]] = None, + exceptional_monitored_registry_users: Optional[Sequence[str]] = None, + monitored_registry_attributes: Optional[bool] = None, + monitored_registry_create: Optional[bool] = None, + monitored_registry_delete: Optional[bool] = None, + monitored_registry_modify: Optional[bool] = None, + monitored_registry_paths: Optional[Sequence[str]] = None, + monitored_registry_processes: Optional[Sequence[str]] = None, + monitored_registry_read: Optional[bool] = None, + monitored_registry_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_registry_paths is not None: + pulumi.set(__self__, "exceptional_monitored_registry_paths", exceptional_monitored_registry_paths) + if exceptional_monitored_registry_processes is not None: + pulumi.set(__self__, "exceptional_monitored_registry_processes", exceptional_monitored_registry_processes) + if exceptional_monitored_registry_users is not None: + pulumi.set(__self__, "exceptional_monitored_registry_users", exceptional_monitored_registry_users) + if monitored_registry_attributes is not None: + pulumi.set(__self__, "monitored_registry_attributes", monitored_registry_attributes) + if monitored_registry_create is not None: + pulumi.set(__self__, "monitored_registry_create", monitored_registry_create) + if monitored_registry_delete is not None: + pulumi.set(__self__, "monitored_registry_delete", monitored_registry_delete) + if monitored_registry_modify is not None: + pulumi.set(__self__, "monitored_registry_modify", monitored_registry_modify) + if monitored_registry_paths is not None: + pulumi.set(__self__, "monitored_registry_paths", monitored_registry_paths) + if monitored_registry_processes is not None: + pulumi.set(__self__, "monitored_registry_processes", monitored_registry_processes) + if monitored_registry_read is not None: + pulumi.set(__self__, "monitored_registry_read", monitored_registry_read) + if monitored_registry_users is not None: + pulumi.set(__self__, "monitored_registry_users", monitored_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryPaths") + def exceptional_monitored_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_paths") + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryProcesses") + def exceptional_monitored_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_processes") + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryUsers") + def exceptional_monitored_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_users") + + @property + @pulumi.getter(name="monitoredRegistryAttributes") + def monitored_registry_attributes(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_attributes") + + @property + @pulumi.getter(name="monitoredRegistryCreate") + def monitored_registry_create(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_create") + + @property + @pulumi.getter(name="monitoredRegistryDelete") + def monitored_registry_delete(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_delete") + + @property + @pulumi.getter(name="monitoredRegistryModify") + def monitored_registry_modify(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_modify") + + @property + @pulumi.getter(name="monitoredRegistryPaths") + def monitored_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_paths") + + @property + @pulumi.getter(name="monitoredRegistryProcesses") + def monitored_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_processes") + + @property + @pulumi.getter(name="monitoredRegistryRead") + def monitored_registry_read(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_read") + + @property + @pulumi.getter(name="monitoredRegistryUsers") + def monitored_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_users") + + +@pulumi.output_type +class FunctionRuntimePolicyRestrictedVolume(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + volumes: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether restricted volumes are enabled. + :param Sequence[str] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def volumes(self) -> Optional[Sequence[str]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") + + +@pulumi.output_type +class FunctionRuntimePolicyReverseShell(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockReverseShell": + suggest = "block_reverse_shell" + elif key == "reverseShellIpWhiteLists": + suggest = "reverse_shell_ip_white_lists" + elif key == "reverseShellProcWhiteLists": + suggest = "reverse_shell_proc_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyReverseShell. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyReverseShell.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyReverseShell.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_reverse_shell: Optional[bool] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None, + reverse_shell_proc_white_lists: Optional[Sequence[str]] = None): + if block_reverse_shell is not None: + pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + if reverse_shell_proc_white_lists is not None: + pulumi.set(__self__, "reverse_shell_proc_white_lists", reverse_shell_proc_white_lists) + + @property + @pulumi.getter(name="blockReverseShell") + def block_reverse_shell(self) -> Optional[bool]: + return pulumi.get(self, "block_reverse_shell") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @property + @pulumi.getter(name="reverseShellProcWhiteLists") + def reverse_shell_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_proc_white_lists") + + +@pulumi.output_type +class FunctionRuntimePolicyScope(dict): + def __init__(__self__, *, + expression: str, + variables: Sequence['outputs.FunctionRuntimePolicyScopeVariable']): + """ + :param str expression: Scope expression. + :param Sequence['FunctionRuntimePolicyScopeVariableArgs'] variables: List of variables in the scope. + """ + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> str: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def variables(self) -> Sequence['outputs.FunctionRuntimePolicyScopeVariable']: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + +@pulumi.output_type +class FunctionRuntimePolicyScopeVariable(dict): + def __init__(__self__, *, + attribute: str, + value: str, + name: Optional[str] = None): + """ + :param str attribute: Class of supported scope. + :param str value: Value assigned to the attribute. + :param str name: Name assigned to the attribute. + """ + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def attribute(self) -> str: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def value(self) -> str: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class FunctionRuntimePolicySystemIntegrityProtection(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "auditSystemtimeChange": + suggest = "audit_systemtime_change" + elif key == "monitorAuditLogIntegrity": + suggest = "monitor_audit_log_integrity" + elif key == "windowsServicesMonitoring": + suggest = "windows_services_monitoring" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicySystemIntegrityProtection. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicySystemIntegrityProtection.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicySystemIntegrityProtection.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + audit_systemtime_change: Optional[bool] = None, + enabled: Optional[bool] = None, + monitor_audit_log_integrity: Optional[bool] = None, + windows_services_monitoring: Optional[bool] = None): + if audit_systemtime_change is not None: + pulumi.set(__self__, "audit_systemtime_change", audit_systemtime_change) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if monitor_audit_log_integrity is not None: + pulumi.set(__self__, "monitor_audit_log_integrity", monitor_audit_log_integrity) + if windows_services_monitoring is not None: + pulumi.set(__self__, "windows_services_monitoring", windows_services_monitoring) + + @property + @pulumi.getter(name="auditSystemtimeChange") + def audit_systemtime_change(self) -> Optional[bool]: + return pulumi.get(self, "audit_systemtime_change") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="monitorAuditLogIntegrity") + def monitor_audit_log_integrity(self) -> Optional[bool]: + return pulumi.get(self, "monitor_audit_log_integrity") + + @property + @pulumi.getter(name="windowsServicesMonitoring") + def windows_services_monitoring(self) -> Optional[bool]: + return pulumi.get(self, "windows_services_monitoring") + + +@pulumi.output_type +class FunctionRuntimePolicyTripwire(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "applyOns": + suggest = "apply_ons" + elif key == "serverlessApp": + suggest = "serverless_app" + elif key == "userId": + suggest = "user_id" + elif key == "userPassword": + suggest = "user_password" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyTripwire. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyTripwire.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyTripwire.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + apply_ons: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + serverless_app: Optional[str] = None, + user_id: Optional[str] = None, + user_password: Optional[str] = None): + if apply_ons is not None: + pulumi.set(__self__, "apply_ons", apply_ons) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if serverless_app is not None: + pulumi.set(__self__, "serverless_app", serverless_app) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + if user_password is not None: + pulumi.set(__self__, "user_password", user_password) + + @property + @pulumi.getter(name="applyOns") + def apply_ons(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "apply_ons") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="serverlessApp") + def serverless_app(self) -> Optional[str]: + return pulumi.get(self, "serverless_app") + + @property + @pulumi.getter(name="userId") + def user_id(self) -> Optional[str]: + return pulumi.get(self, "user_id") + + @property + @pulumi.getter(name="userPassword") + def user_password(self) -> Optional[str]: + return pulumi.get(self, "user_password") + + +@pulumi.output_type +class FunctionRuntimePolicyWhitelistedOsUsers(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupWhiteLists": + suggest = "group_white_lists" + elif key == "userWhiteLists": + suggest = "user_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in FunctionRuntimePolicyWhitelistedOsUsers. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + FunctionRuntimePolicyWhitelistedOsUsers.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + FunctionRuntimePolicyWhitelistedOsUsers.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + group_white_lists: Optional[Sequence[str]] = None, + user_white_lists: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_white_lists is not None: + pulumi.set(__self__, "group_white_lists", group_white_lists) + if user_white_lists is not None: + pulumi.set(__self__, "user_white_lists", user_white_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="groupWhiteLists") + def group_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "group_white_lists") + + @property + @pulumi.getter(name="userWhiteLists") + def user_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "user_white_lists") + + +@pulumi.output_type +class HostAssurancePolicyAutoScanTime(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "iterationType": + suggest = "iteration_type" + elif key == "weekDays": + suggest = "week_days" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostAssurancePolicyAutoScanTime.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostAssurancePolicyAutoScanTime.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + iteration: Optional[int] = None, + iteration_type: Optional[str] = None, + time: Optional[str] = None, + week_days: Optional[Sequence[str]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[int]: + return pulumi.get(self, "iteration") + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[str]: + return pulumi.get(self, "iteration_type") + + @property + @pulumi.getter + def time(self) -> Optional[str]: + return pulumi.get(self, "time") + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "week_days") + + +@pulumi.output_type +class HostAssurancePolicyCustomCheck(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastModified": + suggest = "last_modified" + elif key == "readOnly": + suggest = "read_only" + elif key == "scriptId": + suggest = "script_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostAssurancePolicyCustomCheck.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostAssurancePolicyCustomCheck.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + author: Optional[str] = None, + description: Optional[str] = None, + engine: Optional[str] = None, + last_modified: Optional[int] = None, + name: Optional[str] = None, + path: Optional[str] = None, + read_only: Optional[bool] = None, + script_id: Optional[str] = None, + severity: Optional[str] = None, + snippet: Optional[str] = None): + """ + :param str author: Name of user account that created the policy. + """ + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) + + @property + @pulumi.getter + def author(self) -> Optional[str]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + @property + @pulumi.getter + def engine(self) -> Optional[str]: + return pulumi.get(self, "engine") + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[int]: + return pulumi.get(self, "last_modified") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def path(self) -> Optional[str]: + return pulumi.get(self, "path") + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[bool]: + return pulumi.get(self, "read_only") + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[str]: + return pulumi.get(self, "script_id") + + @property + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") + + @property + @pulumi.getter + def snippet(self) -> Optional[str]: + return pulumi.get(self, "snippet") + + +@pulumi.output_type +class HostAssurancePolicyForbiddenLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class HostAssurancePolicyPackagesBlackList(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "versionRange": + suggest = "version_range" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostAssurancePolicyPackagesBlackList.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostAssurancePolicyPackagesBlackList.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") + + @property + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") + + @property + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") + + @property + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") + + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") + + +@pulumi.output_type +class HostAssurancePolicyPackagesWhiteList(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "versionRange": + suggest = "version_range" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostAssurancePolicyPackagesWhiteList.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostAssurancePolicyPackagesWhiteList.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") + + @property + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") + + @property + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") + + @property + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") + + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") + + +@pulumi.output_type +class HostAssurancePolicyPolicySettings(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isAuditChecked": + suggest = "is_audit_checked" + elif key == "warningMessage": + suggest = "warning_message" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostAssurancePolicyPolicySettings. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostAssurancePolicyPolicySettings.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostAssurancePolicyPolicySettings.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enforce: Optional[bool] = None, + is_audit_checked: Optional[bool] = None, + warn: Optional[bool] = None, + warning_message: Optional[str] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) + + @property + @pulumi.getter + def enforce(self) -> Optional[bool]: + return pulumi.get(self, "enforce") + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[bool]: + return pulumi.get(self, "is_audit_checked") + + @property + @pulumi.getter + def warn(self) -> Optional[bool]: + return pulumi.get(self, "warn") + + @property + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[str]: + return pulumi.get(self, "warning_message") + + +@pulumi.output_type +class HostAssurancePolicyRequiredLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class HostAssurancePolicyScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.HostAssurancePolicyScopeVariable']] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[str]: + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def variables(self) -> Optional[Sequence['outputs.HostAssurancePolicyScopeVariable']]: + return pulumi.get(self, "variables") + + +@pulumi.output_type +class HostAssurancePolicyScopeVariable(dict): + def __init__(__self__, *, + attribute: Optional[str] = None, + name: Optional[str] = None, + value: Optional[str] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[str]: + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class HostAssurancePolicyTrustedBaseImage(dict): + def __init__(__self__, *, + imagename: Optional[str] = None, + registry: Optional[str] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) + + @property + @pulumi.getter + def imagename(self) -> Optional[str]: + return pulumi.get(self, "imagename") + + @property + @pulumi.getter + def registry(self) -> Optional[str]: + return pulumi.get(self, "registry") + + +@pulumi.output_type +class HostRuntimePolicyAllowedExecutable(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "allowExecutables": + suggest = "allow_executables" + elif key == "allowRootExecutables": + suggest = "allow_root_executables" + elif key == "separateExecutables": + suggest = "separate_executables" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyAllowedExecutable. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyAllowedExecutable.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyAllowedExecutable.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allow_executables: Optional[Sequence[str]] = None, + allow_root_executables: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + separate_executables: Optional[bool] = None): + """ + :param Sequence[str] allow_executables: List of allowed executables. + :param Sequence[str] allow_root_executables: List of allowed root executables. + :param bool enabled: Whether allowed executables configuration is enabled. + :param bool separate_executables: Whether to treat executables separately. + """ + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) + + @property + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed executables. + """ + return pulumi.get(self, "allow_executables") + + @property + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed root executables. + """ + return pulumi.get(self, "allow_root_executables") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[bool]: + """ + Whether to treat executables separately. + """ + return pulumi.get(self, "separate_executables") + + +@pulumi.output_type +class HostRuntimePolicyAllowedRegistry(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "allowedRegistries": + suggest = "allowed_registries" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyAllowedRegistry. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyAllowedRegistry.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyAllowedRegistry.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + allowed_registries: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + """ + :param Sequence[str] allowed_registries: List of allowed registries. + :param bool enabled: Whether allowed registries are enabled. + """ + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[Sequence[str]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether allowed registries are enabled. + """ + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class HostRuntimePolicyAuditing(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "auditAllNetwork": + suggest = "audit_all_network" + elif key == "auditAllProcesses": + suggest = "audit_all_processes" + elif key == "auditFailedLogin": + suggest = "audit_failed_login" + elif key == "auditOsUserActivity": + suggest = "audit_os_user_activity" + elif key == "auditProcessCmdline": + suggest = "audit_process_cmdline" + elif key == "auditSuccessLogin": + suggest = "audit_success_login" + elif key == "auditUserAccountManagement": + suggest = "audit_user_account_management" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyAuditing. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyAuditing.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyAuditing.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") + + @property + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") + + @property + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class HostRuntimePolicyBlacklistedOsUsers(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupBlackLists": + suggest = "group_black_lists" + elif key == "userBlackLists": + suggest = "user_black_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyBlacklistedOsUsers. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyBlacklistedOsUsers.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyBlacklistedOsUsers.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + group_black_lists: Optional[Sequence[str]] = None, + user_black_lists: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_black_lists is not None: + pulumi.set(__self__, "group_black_lists", group_black_lists) + if user_black_lists is not None: + pulumi.set(__self__, "user_black_lists", user_black_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="groupBlackLists") + def group_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "group_black_lists") + + @property + @pulumi.getter(name="userBlackLists") + def user_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "user_black_lists") + + +@pulumi.output_type +class HostRuntimePolicyBypassScope(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + scopes: Optional[Sequence['outputs.HostRuntimePolicyBypassScopeScope']] = None): + """ + :param bool enabled: Whether bypassing the scope is enabled. + :param Sequence['HostRuntimePolicyBypassScopeScopeArgs'] scopes: Scope configuration. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether bypassing the scope is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def scopes(self) -> Optional[Sequence['outputs.HostRuntimePolicyBypassScopeScope']]: + """ + Scope configuration. + """ + return pulumi.get(self, "scopes") + + +@pulumi.output_type +class HostRuntimePolicyBypassScopeScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.HostRuntimePolicyBypassScopeScopeVariable']] = None): + """ + :param str expression: Scope expression. + :param Sequence['HostRuntimePolicyBypassScopeScopeVariableArgs'] variables: List of variables in the scope. + """ + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[str]: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def variables(self) -> Optional[Sequence['outputs.HostRuntimePolicyBypassScopeScopeVariable']]: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + +@pulumi.output_type +class HostRuntimePolicyBypassScopeScopeVariable(dict): + def __init__(__self__, *, + attribute: Optional[str] = None, + value: Optional[str] = None): + """ + :param str attribute: Variable attribute. + :param str value: Variable value. + """ + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[str]: + """ + Variable attribute. + """ + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + """ + Variable value. + """ + return pulumi.get(self, "value") + + +@pulumi.output_type +class HostRuntimePolicyContainerExec(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockContainerExec": + suggest = "block_container_exec" + elif key == "containerExecProcWhiteLists": + suggest = "container_exec_proc_white_lists" + elif key == "reverseShellIpWhiteLists": + suggest = "reverse_shell_ip_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyContainerExec. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyContainerExec.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyContainerExec.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_container_exec: Optional[bool] = None, + container_exec_proc_white_lists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[bool]: + return pulumi.get(self, "block_container_exec") + + @property + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "container_exec_proc_white_lists") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + +@pulumi.output_type +class HostRuntimePolicyDriftPrevention(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "execLockdown": + suggest = "exec_lockdown" + elif key == "execLockdownWhiteLists": + suggest = "exec_lockdown_white_lists" + elif key == "imageLockdown": + suggest = "image_lockdown" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyDriftPrevention. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyDriftPrevention.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyDriftPrevention.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exec_lockdown: Optional[bool] = None, + exec_lockdown_white_lists: Optional[Sequence[str]] = None, + image_lockdown: Optional[bool] = None): + """ + :param bool enabled: Whether drift prevention is enabled. + :param bool exec_lockdown: Whether to lockdown execution drift. + :param Sequence[str] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param bool image_lockdown: Whether to lockdown image drift. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown execution drift. + """ + return pulumi.get(self, "exec_lockdown") + + @property + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[Sequence[str]]: + """ + List of items in the execution lockdown white list. + """ + return pulumi.get(self, "exec_lockdown_white_lists") + + @property + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown image drift. + """ + return pulumi.get(self, "image_lockdown") + + +@pulumi.output_type +class HostRuntimePolicyExecutableBlacklist(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + executables: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether the executable blacklist is enabled. + :param Sequence[str] executables: List of blacklisted executables. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether the executable blacklist is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def executables(self) -> Optional[Sequence[str]]: + """ + List of blacklisted executables. + """ + return pulumi.get(self, "executables") + + +@pulumi.output_type +class HostRuntimePolicyFailedKubernetesChecks(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "failedChecks": + suggest = "failed_checks" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyFailedKubernetesChecks. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyFailedKubernetesChecks.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyFailedKubernetesChecks.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + failed_checks: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if failed_checks is not None: + pulumi.set(__self__, "failed_checks", failed_checks) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="failedChecks") + def failed_checks(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "failed_checks") + + +@pulumi.output_type +class HostRuntimePolicyFileBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockFilesProcesses": + suggest = "block_files_processes" + elif key == "blockFilesUsers": + suggest = "block_files_users" + elif key == "exceptionalBlockFiles": + suggest = "exceptional_block_files" + elif key == "exceptionalBlockFilesProcesses": + suggest = "exceptional_block_files_processes" + elif key == "exceptionalBlockFilesUsers": + suggest = "exceptional_block_files_users" + elif key == "filenameBlockLists": + suggest = "filename_block_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyFileBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyFileBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyFileBlock.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_files_processes: Optional[Sequence[str]] = None, + block_files_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_files: Optional[Sequence[str]] = None, + exceptional_block_files_processes: Optional[Sequence[str]] = None, + exceptional_block_files_users: Optional[Sequence[str]] = None, + filename_block_lists: Optional[Sequence[str]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_processes") + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_users") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files") + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_users") + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "filename_block_lists") + + +@pulumi.output_type +class HostRuntimePolicyFileIntegrityMonitoring(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalMonitoredFiles": + suggest = "exceptional_monitored_files" + elif key == "exceptionalMonitoredFilesProcesses": + suggest = "exceptional_monitored_files_processes" + elif key == "exceptionalMonitoredFilesUsers": + suggest = "exceptional_monitored_files_users" + elif key == "monitoredFiles": + suggest = "monitored_files" + elif key == "monitoredFilesAttributes": + suggest = "monitored_files_attributes" + elif key == "monitoredFilesCreate": + suggest = "monitored_files_create" + elif key == "monitoredFilesDelete": + suggest = "monitored_files_delete" + elif key == "monitoredFilesModify": + suggest = "monitored_files_modify" + elif key == "monitoredFilesProcesses": + suggest = "monitored_files_processes" + elif key == "monitoredFilesRead": + suggest = "monitored_files_read" + elif key == "monitoredFilesUsers": + suggest = "monitored_files_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyFileIntegrityMonitoring. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyFileIntegrityMonitoring.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") + + @property + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") + + @property + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") + + @property + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") + + @property + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") + + @property + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") + + @property + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") + + @property + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") + + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") + + @property + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") + + @property + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") + + +@pulumi.output_type +class HostRuntimePolicyLimitContainerPrivilege(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockAddCapabilities": + suggest = "block_add_capabilities" + elif key == "preventLowPortBinding": + suggest = "prevent_low_port_binding" + elif key == "preventRootUser": + suggest = "prevent_root_user" + elif key == "useHostUser": + suggest = "use_host_user" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyLimitContainerPrivilege. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyLimitContainerPrivilege.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyLimitContainerPrivilege.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_add_capabilities: Optional[bool] = None, + enabled: Optional[bool] = None, + ipcmode: Optional[bool] = None, + netmode: Optional[bool] = None, + pidmode: Optional[bool] = None, + prevent_low_port_binding: Optional[bool] = None, + prevent_root_user: Optional[bool] = None, + privileged: Optional[bool] = None, + use_host_user: Optional[bool] = None, + usermode: Optional[bool] = None, + utsmode: Optional[bool] = None): + """ + :param bool block_add_capabilities: Whether to block adding capabilities. + :param bool enabled: Whether container privilege limitations are enabled. + :param bool ipcmode: Whether to limit IPC-related capabilities. + :param bool netmode: Whether to limit network-related capabilities. + :param bool pidmode: Whether to limit process-related capabilities. + :param bool prevent_low_port_binding: Whether to prevent low port binding. + :param bool prevent_root_user: Whether to prevent the use of the root user. + :param bool privileged: Whether the container is run in privileged mode. + :param bool use_host_user: Whether to use the host user. + :param bool usermode: Whether to limit user-related capabilities. + :param bool utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) + + @property + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[bool]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def ipcmode(self) -> Optional[bool]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") + + @property + @pulumi.getter + def netmode(self) -> Optional[bool]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") + + @property + @pulumi.getter + def pidmode(self) -> Optional[bool]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") + + @property + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[bool]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") + + @property + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[bool]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") + + @property + @pulumi.getter + def privileged(self) -> Optional[bool]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") + + @property + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[bool]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") + + @property + @pulumi.getter + def usermode(self) -> Optional[bool]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") + + @property + @pulumi.getter + def utsmode(self) -> Optional[bool]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") + + +@pulumi.output_type +class HostRuntimePolicyLinuxCapabilities(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "removeLinuxCapabilities": + suggest = "remove_linux_capabilities" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyLinuxCapabilities. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyLinuxCapabilities.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyLinuxCapabilities.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + remove_linux_capabilities: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if remove_linux_capabilities is not None: + pulumi.set(__self__, "remove_linux_capabilities", remove_linux_capabilities) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="removeLinuxCapabilities") + def remove_linux_capabilities(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "remove_linux_capabilities") + + +@pulumi.output_type +class HostRuntimePolicyMalwareScanOptions(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "excludeDirectories": + suggest = "exclude_directories" + elif key == "excludeProcesses": + suggest = "exclude_processes" + elif key == "includeDirectories": + suggest = "include_directories" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyMalwareScanOptions. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyMalwareScanOptions.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyMalwareScanOptions.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): + """ + :param str action: Set Action, Defaults to 'Alert' when empty + :param bool enabled: Defines if enabled or not + :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. + :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) + + @property + @pulumi.getter + def action(self) -> Optional[str]: + """ + Set Action, Defaults to 'Alert' when empty + """ + return pulumi.get(self, "action") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Defines if enabled or not + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") + + @property + @pulumi.getter(name="excludeProcesses") + def exclude_processes(self) -> Optional[Sequence[str]]: + """ + List of registry processes to be excluded from being protected. + """ + return pulumi.get(self, "exclude_processes") + + @property + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") + + +@pulumi.output_type +class HostRuntimePolicyPackageBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockPackagesProcesses": + suggest = "block_packages_processes" + elif key == "blockPackagesUsers": + suggest = "block_packages_users" + elif key == "exceptionalBlockPackagesFiles": + suggest = "exceptional_block_packages_files" + elif key == "exceptionalBlockPackagesProcesses": + suggest = "exceptional_block_packages_processes" + elif key == "exceptionalBlockPackagesUsers": + suggest = "exceptional_block_packages_users" + elif key == "packagesBlackLists": + suggest = "packages_black_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyPackageBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyPackageBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyPackageBlock.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_packages_processes: Optional[Sequence[str]] = None, + block_packages_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_packages_files: Optional[Sequence[str]] = None, + exceptional_block_packages_processes: Optional[Sequence[str]] = None, + exceptional_block_packages_users: Optional[Sequence[str]] = None, + packages_black_lists: Optional[Sequence[str]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + + @property + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_processes") + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_users") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_files") + + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_processes") + + @property + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_users") + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "packages_black_lists") + + +@pulumi.output_type +class HostRuntimePolicyPortBlock(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockInboundPorts": + suggest = "block_inbound_ports" + elif key == "blockOutboundPorts": + suggest = "block_outbound_ports" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyPortBlock. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyPortBlock.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyPortBlock.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_inbound_ports: Optional[Sequence[str]] = None, + block_outbound_ports: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_inbound_ports") + + @property + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_outbound_ports") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class HostRuntimePolicyReadonlyFiles(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalReadonlyFiles": + suggest = "exceptional_readonly_files" + elif key == "exceptionalReadonlyFilesProcesses": + suggest = "exceptional_readonly_files_processes" + elif key == "exceptionalReadonlyFilesUsers": + suggest = "exceptional_readonly_files_users" + elif key == "readonlyFiles": + suggest = "readonly_files" + elif key == "readonlyFilesProcesses": + suggest = "readonly_files_processes" + elif key == "readonlyFilesUsers": + suggest = "readonly_files_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyReadonlyFiles. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyReadonlyFiles.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyReadonlyFiles.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_readonly_files: Optional[Sequence[str]] = None, + exceptional_readonly_files_processes: Optional[Sequence[str]] = None, + exceptional_readonly_files_users: Optional[Sequence[str]] = None, + readonly_files: Optional[Sequence[str]] = None, + readonly_files_processes: Optional[Sequence[str]] = None, + readonly_files_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files") + + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_processes") + + @property + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_users") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files") + + @property + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_processes") + + @property + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_users") + + +@pulumi.output_type +class HostRuntimePolicyReadonlyRegistry(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalReadonlyRegistryPaths": + suggest = "exceptional_readonly_registry_paths" + elif key == "exceptionalReadonlyRegistryProcesses": + suggest = "exceptional_readonly_registry_processes" + elif key == "exceptionalReadonlyRegistryUsers": + suggest = "exceptional_readonly_registry_users" + elif key == "readonlyRegistryPaths": + suggest = "readonly_registry_paths" + elif key == "readonlyRegistryProcesses": + suggest = "readonly_registry_processes" + elif key == "readonlyRegistryUsers": + suggest = "readonly_registry_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyReadonlyRegistry. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyReadonlyRegistry.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyReadonlyRegistry.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_readonly_registry_paths: Optional[Sequence[str]] = None, + exceptional_readonly_registry_processes: Optional[Sequence[str]] = None, + exceptional_readonly_registry_users: Optional[Sequence[str]] = None, + readonly_registry_paths: Optional[Sequence[str]] = None, + readonly_registry_processes: Optional[Sequence[str]] = None, + readonly_registry_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_registry_paths is not None: + pulumi.set(__self__, "exceptional_readonly_registry_paths", exceptional_readonly_registry_paths) + if exceptional_readonly_registry_processes is not None: + pulumi.set(__self__, "exceptional_readonly_registry_processes", exceptional_readonly_registry_processes) + if exceptional_readonly_registry_users is not None: + pulumi.set(__self__, "exceptional_readonly_registry_users", exceptional_readonly_registry_users) + if readonly_registry_paths is not None: + pulumi.set(__self__, "readonly_registry_paths", readonly_registry_paths) + if readonly_registry_processes is not None: + pulumi.set(__self__, "readonly_registry_processes", readonly_registry_processes) + if readonly_registry_users is not None: + pulumi.set(__self__, "readonly_registry_users", readonly_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryPaths") + def exceptional_readonly_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_paths") + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryProcesses") + def exceptional_readonly_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_processes") + + @property + @pulumi.getter(name="exceptionalReadonlyRegistryUsers") + def exceptional_readonly_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_registry_users") + + @property + @pulumi.getter(name="readonlyRegistryPaths") + def readonly_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_paths") + + @property + @pulumi.getter(name="readonlyRegistryProcesses") + def readonly_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_processes") + + @property + @pulumi.getter(name="readonlyRegistryUsers") + def readonly_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_registry_users") + + +@pulumi.output_type +class HostRuntimePolicyRegistryAccessMonitoring(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "exceptionalMonitoredRegistryPaths": + suggest = "exceptional_monitored_registry_paths" + elif key == "exceptionalMonitoredRegistryProcesses": + suggest = "exceptional_monitored_registry_processes" + elif key == "exceptionalMonitoredRegistryUsers": + suggest = "exceptional_monitored_registry_users" + elif key == "monitoredRegistryAttributes": + suggest = "monitored_registry_attributes" + elif key == "monitoredRegistryCreate": + suggest = "monitored_registry_create" + elif key == "monitoredRegistryDelete": + suggest = "monitored_registry_delete" + elif key == "monitoredRegistryModify": + suggest = "monitored_registry_modify" + elif key == "monitoredRegistryPaths": + suggest = "monitored_registry_paths" + elif key == "monitoredRegistryProcesses": + suggest = "monitored_registry_processes" + elif key == "monitoredRegistryRead": + suggest = "monitored_registry_read" + elif key == "monitoredRegistryUsers": + suggest = "monitored_registry_users" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyRegistryAccessMonitoring. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyRegistryAccessMonitoring.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyRegistryAccessMonitoring.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_monitored_registry_paths: Optional[Sequence[str]] = None, + exceptional_monitored_registry_processes: Optional[Sequence[str]] = None, + exceptional_monitored_registry_users: Optional[Sequence[str]] = None, + monitored_registry_attributes: Optional[bool] = None, + monitored_registry_create: Optional[bool] = None, + monitored_registry_delete: Optional[bool] = None, + monitored_registry_modify: Optional[bool] = None, + monitored_registry_paths: Optional[Sequence[str]] = None, + monitored_registry_processes: Optional[Sequence[str]] = None, + monitored_registry_read: Optional[bool] = None, + monitored_registry_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_registry_paths is not None: + pulumi.set(__self__, "exceptional_monitored_registry_paths", exceptional_monitored_registry_paths) + if exceptional_monitored_registry_processes is not None: + pulumi.set(__self__, "exceptional_monitored_registry_processes", exceptional_monitored_registry_processes) + if exceptional_monitored_registry_users is not None: + pulumi.set(__self__, "exceptional_monitored_registry_users", exceptional_monitored_registry_users) + if monitored_registry_attributes is not None: + pulumi.set(__self__, "monitored_registry_attributes", monitored_registry_attributes) + if monitored_registry_create is not None: + pulumi.set(__self__, "monitored_registry_create", monitored_registry_create) + if monitored_registry_delete is not None: + pulumi.set(__self__, "monitored_registry_delete", monitored_registry_delete) + if monitored_registry_modify is not None: + pulumi.set(__self__, "monitored_registry_modify", monitored_registry_modify) + if monitored_registry_paths is not None: + pulumi.set(__self__, "monitored_registry_paths", monitored_registry_paths) + if monitored_registry_processes is not None: + pulumi.set(__self__, "monitored_registry_processes", monitored_registry_processes) + if monitored_registry_read is not None: + pulumi.set(__self__, "monitored_registry_read", monitored_registry_read) + if monitored_registry_users is not None: + pulumi.set(__self__, "monitored_registry_users", monitored_registry_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryPaths") + def exceptional_monitored_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_paths") + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryProcesses") + def exceptional_monitored_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_processes") + + @property + @pulumi.getter(name="exceptionalMonitoredRegistryUsers") + def exceptional_monitored_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_monitored_registry_users") + + @property + @pulumi.getter(name="monitoredRegistryAttributes") + def monitored_registry_attributes(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_attributes") + + @property + @pulumi.getter(name="monitoredRegistryCreate") + def monitored_registry_create(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_create") + + @property + @pulumi.getter(name="monitoredRegistryDelete") + def monitored_registry_delete(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_delete") + + @property + @pulumi.getter(name="monitoredRegistryModify") + def monitored_registry_modify(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_modify") + + @property + @pulumi.getter(name="monitoredRegistryPaths") + def monitored_registry_paths(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_paths") + + @property + @pulumi.getter(name="monitoredRegistryProcesses") + def monitored_registry_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_processes") + + @property + @pulumi.getter(name="monitoredRegistryRead") + def monitored_registry_read(self) -> Optional[bool]: + return pulumi.get(self, "monitored_registry_read") + + @property + @pulumi.getter(name="monitoredRegistryUsers") + def monitored_registry_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "monitored_registry_users") + + +@pulumi.output_type +class HostRuntimePolicyRestrictedVolume(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + volumes: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether restricted volumes are enabled. + :param Sequence[str] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def volumes(self) -> Optional[Sequence[str]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") + + +@pulumi.output_type +class HostRuntimePolicyReverseShell(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "blockReverseShell": + suggest = "block_reverse_shell" + elif key == "reverseShellIpWhiteLists": + suggest = "reverse_shell_ip_white_lists" + elif key == "reverseShellProcWhiteLists": + suggest = "reverse_shell_proc_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyReverseShell. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyReverseShell.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyReverseShell.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + block_reverse_shell: Optional[bool] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None, + reverse_shell_proc_white_lists: Optional[Sequence[str]] = None): + if block_reverse_shell is not None: + pulumi.set(__self__, "block_reverse_shell", block_reverse_shell) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + if reverse_shell_proc_white_lists is not None: + pulumi.set(__self__, "reverse_shell_proc_white_lists", reverse_shell_proc_white_lists) + + @property + @pulumi.getter(name="blockReverseShell") + def block_reverse_shell(self) -> Optional[bool]: + return pulumi.get(self, "block_reverse_shell") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + @property + @pulumi.getter(name="reverseShellProcWhiteLists") + def reverse_shell_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_proc_white_lists") + + +@pulumi.output_type +class HostRuntimePolicyScope(dict): + def __init__(__self__, *, + expression: str, + variables: Sequence['outputs.HostRuntimePolicyScopeVariable']): + """ + :param str expression: Scope expression. + :param Sequence['HostRuntimePolicyScopeVariableArgs'] variables: List of variables in the scope. + """ + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> str: + """ + Scope expression. + """ + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def variables(self) -> Sequence['outputs.HostRuntimePolicyScopeVariable']: + """ + List of variables in the scope. + """ + return pulumi.get(self, "variables") + + +@pulumi.output_type +class HostRuntimePolicyScopeVariable(dict): + def __init__(__self__, *, + attribute: str, + value: str, + name: Optional[str] = None): + """ + :param str attribute: Class of supported scope. + :param str value: Value assigned to the attribute. + :param str name: Name assigned to the attribute. + """ + pulumi.set(__self__, "attribute", attribute) + pulumi.set(__self__, "value", value) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def attribute(self) -> str: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def value(self) -> str: + """ + Value assigned to the attribute. + """ + return pulumi.get(self, "value") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") + + +@pulumi.output_type +class HostRuntimePolicySystemIntegrityProtection(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "auditSystemtimeChange": + suggest = "audit_systemtime_change" + elif key == "monitorAuditLogIntegrity": + suggest = "monitor_audit_log_integrity" + elif key == "windowsServicesMonitoring": + suggest = "windows_services_monitoring" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicySystemIntegrityProtection. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicySystemIntegrityProtection.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicySystemIntegrityProtection.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + audit_systemtime_change: Optional[bool] = None, + enabled: Optional[bool] = None, + monitor_audit_log_integrity: Optional[bool] = None, + windows_services_monitoring: Optional[bool] = None): + if audit_systemtime_change is not None: + pulumi.set(__self__, "audit_systemtime_change", audit_systemtime_change) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if monitor_audit_log_integrity is not None: + pulumi.set(__self__, "monitor_audit_log_integrity", monitor_audit_log_integrity) + if windows_services_monitoring is not None: + pulumi.set(__self__, "windows_services_monitoring", windows_services_monitoring) + + @property + @pulumi.getter(name="auditSystemtimeChange") + def audit_systemtime_change(self) -> Optional[bool]: + return pulumi.get(self, "audit_systemtime_change") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="monitorAuditLogIntegrity") + def monitor_audit_log_integrity(self) -> Optional[bool]: + return pulumi.get(self, "monitor_audit_log_integrity") + + @property + @pulumi.getter(name="windowsServicesMonitoring") + def windows_services_monitoring(self) -> Optional[bool]: + return pulumi.get(self, "windows_services_monitoring") + + +@pulumi.output_type +class HostRuntimePolicyTripwire(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "applyOns": + suggest = "apply_ons" + elif key == "serverlessApp": + suggest = "serverless_app" + elif key == "userId": + suggest = "user_id" + elif key == "userPassword": + suggest = "user_password" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyTripwire. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyTripwire.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyTripwire.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + apply_ons: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + serverless_app: Optional[str] = None, + user_id: Optional[str] = None, + user_password: Optional[str] = None): + if apply_ons is not None: + pulumi.set(__self__, "apply_ons", apply_ons) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if serverless_app is not None: + pulumi.set(__self__, "serverless_app", serverless_app) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) + if user_password is not None: + pulumi.set(__self__, "user_password", user_password) + + @property + @pulumi.getter(name="applyOns") + def apply_ons(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "apply_ons") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="serverlessApp") + def serverless_app(self) -> Optional[str]: + return pulumi.get(self, "serverless_app") + + @property + @pulumi.getter(name="userId") + def user_id(self) -> Optional[str]: + return pulumi.get(self, "user_id") + + @property + @pulumi.getter(name="userPassword") + def user_password(self) -> Optional[str]: + return pulumi.get(self, "user_password") + + +@pulumi.output_type +class HostRuntimePolicyWhitelistedOsUsers(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "groupWhiteLists": + suggest = "group_white_lists" + elif key == "userWhiteLists": + suggest = "user_white_lists" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in HostRuntimePolicyWhitelistedOsUsers. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + HostRuntimePolicyWhitelistedOsUsers.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + HostRuntimePolicyWhitelistedOsUsers.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enabled: Optional[bool] = None, + group_white_lists: Optional[Sequence[str]] = None, + user_white_lists: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if group_white_lists is not None: + pulumi.set(__self__, "group_white_lists", group_white_lists) + if user_white_lists is not None: + pulumi.set(__self__, "user_white_lists", user_white_lists) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="groupWhiteLists") + def group_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "group_white_lists") + + @property + @pulumi.getter(name="userWhiteLists") + def user_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "user_white_lists") + + +@pulumi.output_type +class ImageAssuranceChecksPerformed(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "assuranceType": + suggest = "assurance_type" + elif key == "dtaSkipped": + suggest = "dta_skipped" + elif key == "dtaSkippedReason": + suggest = "dta_skipped_reason" + elif key == "policyName": + suggest = "policy_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssuranceChecksPerformed. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssuranceChecksPerformed.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssuranceChecksPerformed.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + assurance_type: Optional[str] = None, + blocking: Optional[bool] = None, + control: Optional[str] = None, + dta_skipped: Optional[bool] = None, + dta_skipped_reason: Optional[str] = None, + failed: Optional[bool] = None, + policy_name: Optional[str] = None): + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) + if blocking is not None: + pulumi.set(__self__, "blocking", blocking) + if control is not None: + pulumi.set(__self__, "control", control) + if dta_skipped is not None: + pulumi.set(__self__, "dta_skipped", dta_skipped) + if dta_skipped_reason is not None: + pulumi.set(__self__, "dta_skipped_reason", dta_skipped_reason) + if failed is not None: + pulumi.set(__self__, "failed", failed) + if policy_name is not None: + pulumi.set(__self__, "policy_name", policy_name) + + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[str]: + return pulumi.get(self, "assurance_type") + + @property + @pulumi.getter + def blocking(self) -> Optional[bool]: + return pulumi.get(self, "blocking") + + @property + @pulumi.getter + def control(self) -> Optional[str]: + return pulumi.get(self, "control") + + @property + @pulumi.getter(name="dtaSkipped") + def dta_skipped(self) -> Optional[bool]: + return pulumi.get(self, "dta_skipped") + + @property + @pulumi.getter(name="dtaSkippedReason") + def dta_skipped_reason(self) -> Optional[str]: + return pulumi.get(self, "dta_skipped_reason") + + @property + @pulumi.getter + def failed(self) -> Optional[bool]: + return pulumi.get(self, "failed") + + @property + @pulumi.getter(name="policyName") + def policy_name(self) -> Optional[str]: + return pulumi.get(self, "policy_name") + + +@pulumi.output_type +class ImageAssurancePolicyAutoScanTime(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "iterationType": + suggest = "iteration_type" + elif key == "weekDays": + suggest = "week_days" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssurancePolicyAutoScanTime.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssurancePolicyAutoScanTime.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + iteration: Optional[int] = None, + iteration_type: Optional[str] = None, + time: Optional[str] = None, + week_days: Optional[Sequence[str]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[int]: + return pulumi.get(self, "iteration") + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[str]: + return pulumi.get(self, "iteration_type") + + @property + @pulumi.getter + def time(self) -> Optional[str]: + return pulumi.get(self, "time") + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "week_days") + + +@pulumi.output_type +class ImageAssurancePolicyCustomCheck(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastModified": + suggest = "last_modified" + elif key == "readOnly": + suggest = "read_only" + elif key == "scriptId": + suggest = "script_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssurancePolicyCustomCheck.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssurancePolicyCustomCheck.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + author: Optional[str] = None, + description: Optional[str] = None, + engine: Optional[str] = None, + last_modified: Optional[int] = None, + name: Optional[str] = None, + path: Optional[str] = None, + read_only: Optional[bool] = None, + script_id: Optional[str] = None, + severity: Optional[str] = None, + snippet: Optional[str] = None): + """ + :param str author: Name of user account that created the policy. + """ + if author is not None: + pulumi.set(__self__, "author", author) + if description is not None: + pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) + if name is not None: + pulumi.set(__self__, "name", name) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) + + @property + @pulumi.getter + def author(self) -> Optional[str]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + @property + @pulumi.getter + def engine(self) -> Optional[str]: + return pulumi.get(self, "engine") + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[int]: + return pulumi.get(self, "last_modified") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def path(self) -> Optional[str]: + return pulumi.get(self, "path") + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[bool]: + return pulumi.get(self, "read_only") + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[str]: + return pulumi.get(self, "script_id") + + @property + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") + + @property + @pulumi.getter + def snippet(self) -> Optional[str]: + return pulumi.get(self, "snippet") + + +@pulumi.output_type +class ImageAssurancePolicyForbiddenLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class ImageAssurancePolicyKubernetesControls(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "avdId": + suggest = "avd_id" + elif key == "scriptId": + suggest = "script_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyKubernetesControls. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssurancePolicyKubernetesControls.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssurancePolicyKubernetesControls.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + avd_id: Optional[str] = None, + description: Optional[str] = None, + enabled: Optional[bool] = None, + kind: Optional[str] = None, + name: Optional[str] = None, + ootb: Optional[bool] = None, + script_id: Optional[int] = None, + severity: Optional[str] = None): + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + + @property + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[str]: + return pulumi.get(self, "avd_id") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def kind(self) -> Optional[str]: + return pulumi.get(self, "kind") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def ootb(self) -> Optional[bool]: + return pulumi.get(self, "ootb") + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[int]: + return pulumi.get(self, "script_id") + + @property + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") + + +@pulumi.output_type +class ImageAssurancePolicyPackagesBlackList(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "versionRange": + suggest = "version_range" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssurancePolicyPackagesBlackList.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssurancePolicyPackagesBlackList.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") + + @property + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") + + @property + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") + + @property + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") + + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") + + +@pulumi.output_type +class ImageAssurancePolicyPackagesWhiteList(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "versionRange": + suggest = "version_range" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssurancePolicyPackagesWhiteList.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssurancePolicyPackagesWhiteList.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") + + @property + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") + + @property + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") + + @property + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") + + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") + + +@pulumi.output_type +class ImageAssurancePolicyPolicySettings(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isAuditChecked": + suggest = "is_audit_checked" + elif key == "warningMessage": + suggest = "warning_message" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageAssurancePolicyPolicySettings. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageAssurancePolicyPolicySettings.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageAssurancePolicyPolicySettings.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + enforce: Optional[bool] = None, + is_audit_checked: Optional[bool] = None, + warn: Optional[bool] = None, + warning_message: Optional[str] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) + + @property + @pulumi.getter + def enforce(self) -> Optional[bool]: + return pulumi.get(self, "enforce") + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[bool]: + return pulumi.get(self, "is_audit_checked") + + @property + @pulumi.getter + def warn(self) -> Optional[bool]: + return pulumi.get(self, "warn") + + @property + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[str]: + return pulumi.get(self, "warning_message") + + +@pulumi.output_type +class ImageAssurancePolicyRequiredLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class ImageAssurancePolicyScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.ImageAssurancePolicyScopeVariable']] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) + + @property + @pulumi.getter + def expression(self) -> Optional[str]: + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def variables(self) -> Optional[Sequence['outputs.ImageAssurancePolicyScopeVariable']]: + return pulumi.get(self, "variables") + + +@pulumi.output_type +class ImageAssurancePolicyScopeVariable(dict): + def __init__(__self__, *, + attribute: Optional[str] = None, + name: Optional[str] = None, + value: Optional[str] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def attribute(self) -> Optional[str]: + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class ImageAssurancePolicyTrustedBaseImage(dict): + def __init__(__self__, *, + imagename: Optional[str] = None, + registry: Optional[str] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) + + @property + @pulumi.getter + def imagename(self) -> Optional[str]: + return pulumi.get(self, "imagename") + + @property + @pulumi.getter + def registry(self) -> Optional[str]: + return pulumi.get(self, "registry") + + +@pulumi.output_type +class ImageHistory(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "createdBy": + suggest = "created_by" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ImageHistory. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageHistory.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageHistory.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + comment: Optional[str] = None, + created: Optional[str] = None, + created_by: Optional[str] = None, + id: Optional[str] = None, + size: Optional[int] = None): + if comment is not None: + pulumi.set(__self__, "comment", comment) + if created is not None: + pulumi.set(__self__, "created", created) + if created_by is not None: + pulumi.set(__self__, "created_by", created_by) + if id is not None: + pulumi.set(__self__, "id", id) + if size is not None: + pulumi.set(__self__, "size", size) + + @property + @pulumi.getter + def comment(self) -> Optional[str]: + return pulumi.get(self, "comment") + + @property + @pulumi.getter + def created(self) -> Optional[str]: + return pulumi.get(self, "created") + + @property + @pulumi.getter(name="createdBy") + def created_by(self) -> Optional[str]: + return pulumi.get(self, "created_by") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + return pulumi.get(self, "id") + + @property + @pulumi.getter + def size(self) -> Optional[int]: + return pulumi.get(self, "size") + + +@pulumi.output_type +class ImageVulnerability(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ackAuthor": + suggest = "ack_author" + elif key == "ackComment": + suggest = "ack_comment" + elif key == "ackExpirationConfiguredAt": + suggest = "ack_expiration_configured_at" + elif key == "ackExpirationConfiguredBy": + suggest = "ack_expiration_configured_by" + elif key == "ackExpirationDays": + suggest = "ack_expiration_days" + elif key == "ackScope": + suggest = "ack_scope" + elif key == "acknowledgeDate": + suggest = "acknowledge_date" + elif key == "ancestorPkg": + suggest = "ancestor_pkg" + elif key == "aquaScore": + suggest = "aqua_score" + elif key == "aquaScoreClassification": + suggest = "aqua_score_classification" + elif key == "aquaScoringSystem": + suggest = "aqua_scoring_system" + elif key == "aquaSeverity": + suggest = "aqua_severity" + elif key == "aquaSeverityClassification": + suggest = "aqua_severity_classification" + elif key == "aquaVectors": + suggest = "aqua_vectors" + elif key == "auditEventsCount": + suggest = "audit_events_count" + elif key == "blockEventsCount": + suggest = "block_events_count" + elif key == "exploitReference": + suggest = "exploit_reference" + elif key == "exploitType": + suggest = "exploit_type" + elif key == "firstFoundDate": + suggest = "first_found_date" + elif key == "fixVersion": + suggest = "fix_version" + elif key == "imageName": + suggest = "image_name" + elif key == "lastFoundDate": + suggest = "last_found_date" + elif key == "modificationDate": + suggest = "modification_date" elif key == "nvdCvss2Score": suggest = "nvd_cvss2_score" elif key == "nvdCvss2Vectors": @@ -3872,662 +9140,1550 @@ def __key_warning(key: str): suggest = "vendor_url" if suggest: - pulumi.log.warn(f"Key '{key}' not found in ImageVulnerability. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in ImageVulnerability. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ImageVulnerability.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ImageVulnerability.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + ack_author: Optional[str] = None, + ack_comment: Optional[str] = None, + ack_expiration_configured_at: Optional[str] = None, + ack_expiration_configured_by: Optional[str] = None, + ack_expiration_days: Optional[int] = None, + ack_scope: Optional[str] = None, + acknowledge_date: Optional[str] = None, + ancestor_pkg: Optional[str] = None, + aqua_score: Optional[float] = None, + aqua_score_classification: Optional[str] = None, + aqua_scoring_system: Optional[str] = None, + aqua_severity: Optional[str] = None, + aqua_severity_classification: Optional[str] = None, + aqua_vectors: Optional[str] = None, + audit_events_count: Optional[int] = None, + block_events_count: Optional[int] = None, + classification: Optional[str] = None, + description: Optional[str] = None, + digest: Optional[str] = None, + exploit_reference: Optional[str] = None, + exploit_type: Optional[str] = None, + first_found_date: Optional[str] = None, + fix_version: Optional[str] = None, + image_name: Optional[str] = None, + last_found_date: Optional[str] = None, + modification_date: Optional[str] = None, + name: Optional[str] = None, + nvd_cvss2_score: Optional[float] = None, + nvd_cvss2_vectors: Optional[str] = None, + nvd_cvss3_score: Optional[float] = None, + nvd_cvss3_severity: Optional[str] = None, + nvd_cvss3_vectors: Optional[str] = None, + nvd_severity: Optional[str] = None, + nvd_url: Optional[str] = None, + os: Optional[str] = None, + os_version: Optional[str] = None, + permission: Optional[str] = None, + publish_date: Optional[str] = None, + registry: Optional[str] = None, + repository: Optional[str] = None, + resource_architecture: Optional[str] = None, + resource_cpe: Optional[str] = None, + resource_format: Optional[str] = None, + resource_hash: Optional[str] = None, + resource_licenses: Optional[Sequence[str]] = None, + resource_name: Optional[str] = None, + resource_path: Optional[str] = None, + resource_type: Optional[str] = None, + resource_version: Optional[str] = None, + severity_classification: Optional[str] = None, + solution: Optional[str] = None, + temporal_vector: Optional[str] = None, + v_patch_applied_by: Optional[str] = None, + v_patch_applied_on: Optional[str] = None, + v_patch_enforced_by: Optional[str] = None, + v_patch_enforced_on: Optional[str] = None, + v_patch_policy_enforce: Optional[bool] = None, + v_patch_policy_name: Optional[str] = None, + v_patch_reverted_by: Optional[str] = None, + v_patch_reverted_on: Optional[str] = None, + v_patch_status: Optional[str] = None, + vendor_cvss2_score: Optional[float] = None, + vendor_cvss2_vectors: Optional[str] = None, + vendor_severity: Optional[str] = None, + vendor_statement: Optional[str] = None, + vendor_url: Optional[str] = None): + if ack_author is not None: + pulumi.set(__self__, "ack_author", ack_author) + if ack_comment is not None: + pulumi.set(__self__, "ack_comment", ack_comment) + if ack_expiration_configured_at is not None: + pulumi.set(__self__, "ack_expiration_configured_at", ack_expiration_configured_at) + if ack_expiration_configured_by is not None: + pulumi.set(__self__, "ack_expiration_configured_by", ack_expiration_configured_by) + if ack_expiration_days is not None: + pulumi.set(__self__, "ack_expiration_days", ack_expiration_days) + if ack_scope is not None: + pulumi.set(__self__, "ack_scope", ack_scope) + if acknowledge_date is not None: + pulumi.set(__self__, "acknowledge_date", acknowledge_date) + if ancestor_pkg is not None: + pulumi.set(__self__, "ancestor_pkg", ancestor_pkg) + if aqua_score is not None: + pulumi.set(__self__, "aqua_score", aqua_score) + if aqua_score_classification is not None: + pulumi.set(__self__, "aqua_score_classification", aqua_score_classification) + if aqua_scoring_system is not None: + pulumi.set(__self__, "aqua_scoring_system", aqua_scoring_system) + if aqua_severity is not None: + pulumi.set(__self__, "aqua_severity", aqua_severity) + if aqua_severity_classification is not None: + pulumi.set(__self__, "aqua_severity_classification", aqua_severity_classification) + if aqua_vectors is not None: + pulumi.set(__self__, "aqua_vectors", aqua_vectors) + if audit_events_count is not None: + pulumi.set(__self__, "audit_events_count", audit_events_count) + if block_events_count is not None: + pulumi.set(__self__, "block_events_count", block_events_count) + if classification is not None: + pulumi.set(__self__, "classification", classification) + if description is not None: + pulumi.set(__self__, "description", description) + if digest is not None: + pulumi.set(__self__, "digest", digest) + if exploit_reference is not None: + pulumi.set(__self__, "exploit_reference", exploit_reference) + if exploit_type is not None: + pulumi.set(__self__, "exploit_type", exploit_type) + if first_found_date is not None: + pulumi.set(__self__, "first_found_date", first_found_date) + if fix_version is not None: + pulumi.set(__self__, "fix_version", fix_version) + if image_name is not None: + pulumi.set(__self__, "image_name", image_name) + if last_found_date is not None: + pulumi.set(__self__, "last_found_date", last_found_date) + if modification_date is not None: + pulumi.set(__self__, "modification_date", modification_date) + if name is not None: + pulumi.set(__self__, "name", name) + if nvd_cvss2_score is not None: + pulumi.set(__self__, "nvd_cvss2_score", nvd_cvss2_score) + if nvd_cvss2_vectors is not None: + pulumi.set(__self__, "nvd_cvss2_vectors", nvd_cvss2_vectors) + if nvd_cvss3_score is not None: + pulumi.set(__self__, "nvd_cvss3_score", nvd_cvss3_score) + if nvd_cvss3_severity is not None: + pulumi.set(__self__, "nvd_cvss3_severity", nvd_cvss3_severity) + if nvd_cvss3_vectors is not None: + pulumi.set(__self__, "nvd_cvss3_vectors", nvd_cvss3_vectors) + if nvd_severity is not None: + pulumi.set(__self__, "nvd_severity", nvd_severity) + if nvd_url is not None: + pulumi.set(__self__, "nvd_url", nvd_url) + if os is not None: + pulumi.set(__self__, "os", os) + if os_version is not None: + pulumi.set(__self__, "os_version", os_version) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if publish_date is not None: + pulumi.set(__self__, "publish_date", publish_date) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if repository is not None: + pulumi.set(__self__, "repository", repository) + if resource_architecture is not None: + pulumi.set(__self__, "resource_architecture", resource_architecture) + if resource_cpe is not None: + pulumi.set(__self__, "resource_cpe", resource_cpe) + if resource_format is not None: + pulumi.set(__self__, "resource_format", resource_format) + if resource_hash is not None: + pulumi.set(__self__, "resource_hash", resource_hash) + if resource_licenses is not None: + pulumi.set(__self__, "resource_licenses", resource_licenses) + if resource_name is not None: + pulumi.set(__self__, "resource_name", resource_name) + if resource_path is not None: + pulumi.set(__self__, "resource_path", resource_path) + if resource_type is not None: + pulumi.set(__self__, "resource_type", resource_type) + if resource_version is not None: + pulumi.set(__self__, "resource_version", resource_version) + if severity_classification is not None: + pulumi.set(__self__, "severity_classification", severity_classification) + if solution is not None: + pulumi.set(__self__, "solution", solution) + if temporal_vector is not None: + pulumi.set(__self__, "temporal_vector", temporal_vector) + if v_patch_applied_by is not None: + pulumi.set(__self__, "v_patch_applied_by", v_patch_applied_by) + if v_patch_applied_on is not None: + pulumi.set(__self__, "v_patch_applied_on", v_patch_applied_on) + if v_patch_enforced_by is not None: + pulumi.set(__self__, "v_patch_enforced_by", v_patch_enforced_by) + if v_patch_enforced_on is not None: + pulumi.set(__self__, "v_patch_enforced_on", v_patch_enforced_on) + if v_patch_policy_enforce is not None: + pulumi.set(__self__, "v_patch_policy_enforce", v_patch_policy_enforce) + if v_patch_policy_name is not None: + pulumi.set(__self__, "v_patch_policy_name", v_patch_policy_name) + if v_patch_reverted_by is not None: + pulumi.set(__self__, "v_patch_reverted_by", v_patch_reverted_by) + if v_patch_reverted_on is not None: + pulumi.set(__self__, "v_patch_reverted_on", v_patch_reverted_on) + if v_patch_status is not None: + pulumi.set(__self__, "v_patch_status", v_patch_status) + if vendor_cvss2_score is not None: + pulumi.set(__self__, "vendor_cvss2_score", vendor_cvss2_score) + if vendor_cvss2_vectors is not None: + pulumi.set(__self__, "vendor_cvss2_vectors", vendor_cvss2_vectors) + if vendor_severity is not None: + pulumi.set(__self__, "vendor_severity", vendor_severity) + if vendor_statement is not None: + pulumi.set(__self__, "vendor_statement", vendor_statement) + if vendor_url is not None: + pulumi.set(__self__, "vendor_url", vendor_url) + + @property + @pulumi.getter(name="ackAuthor") + def ack_author(self) -> Optional[str]: + return pulumi.get(self, "ack_author") + + @property + @pulumi.getter(name="ackComment") + def ack_comment(self) -> Optional[str]: + return pulumi.get(self, "ack_comment") + + @property + @pulumi.getter(name="ackExpirationConfiguredAt") + def ack_expiration_configured_at(self) -> Optional[str]: + return pulumi.get(self, "ack_expiration_configured_at") + + @property + @pulumi.getter(name="ackExpirationConfiguredBy") + def ack_expiration_configured_by(self) -> Optional[str]: + return pulumi.get(self, "ack_expiration_configured_by") + + @property + @pulumi.getter(name="ackExpirationDays") + def ack_expiration_days(self) -> Optional[int]: + return pulumi.get(self, "ack_expiration_days") + + @property + @pulumi.getter(name="ackScope") + def ack_scope(self) -> Optional[str]: + return pulumi.get(self, "ack_scope") + + @property + @pulumi.getter(name="acknowledgeDate") + def acknowledge_date(self) -> Optional[str]: + return pulumi.get(self, "acknowledge_date") + + @property + @pulumi.getter(name="ancestorPkg") + def ancestor_pkg(self) -> Optional[str]: + return pulumi.get(self, "ancestor_pkg") + + @property + @pulumi.getter(name="aquaScore") + def aqua_score(self) -> Optional[float]: + return pulumi.get(self, "aqua_score") + + @property + @pulumi.getter(name="aquaScoreClassification") + def aqua_score_classification(self) -> Optional[str]: + return pulumi.get(self, "aqua_score_classification") + + @property + @pulumi.getter(name="aquaScoringSystem") + def aqua_scoring_system(self) -> Optional[str]: + return pulumi.get(self, "aqua_scoring_system") + + @property + @pulumi.getter(name="aquaSeverity") + def aqua_severity(self) -> Optional[str]: + return pulumi.get(self, "aqua_severity") + + @property + @pulumi.getter(name="aquaSeverityClassification") + def aqua_severity_classification(self) -> Optional[str]: + return pulumi.get(self, "aqua_severity_classification") + + @property + @pulumi.getter(name="aquaVectors") + def aqua_vectors(self) -> Optional[str]: + return pulumi.get(self, "aqua_vectors") + + @property + @pulumi.getter(name="auditEventsCount") + def audit_events_count(self) -> Optional[int]: + return pulumi.get(self, "audit_events_count") + + @property + @pulumi.getter(name="blockEventsCount") + def block_events_count(self) -> Optional[int]: + return pulumi.get(self, "block_events_count") + + @property + @pulumi.getter + def classification(self) -> Optional[str]: + return pulumi.get(self, "classification") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + @property + @pulumi.getter + def digest(self) -> Optional[str]: + return pulumi.get(self, "digest") + + @property + @pulumi.getter(name="exploitReference") + def exploit_reference(self) -> Optional[str]: + return pulumi.get(self, "exploit_reference") + + @property + @pulumi.getter(name="exploitType") + def exploit_type(self) -> Optional[str]: + return pulumi.get(self, "exploit_type") + + @property + @pulumi.getter(name="firstFoundDate") + def first_found_date(self) -> Optional[str]: + return pulumi.get(self, "first_found_date") + + @property + @pulumi.getter(name="fixVersion") + def fix_version(self) -> Optional[str]: + return pulumi.get(self, "fix_version") + + @property + @pulumi.getter(name="imageName") + def image_name(self) -> Optional[str]: + return pulumi.get(self, "image_name") + + @property + @pulumi.getter(name="lastFoundDate") + def last_found_date(self) -> Optional[str]: + return pulumi.get(self, "last_found_date") + + @property + @pulumi.getter(name="modificationDate") + def modification_date(self) -> Optional[str]: + return pulumi.get(self, "modification_date") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="nvdCvss2Score") + def nvd_cvss2_score(self) -> Optional[float]: + return pulumi.get(self, "nvd_cvss2_score") + + @property + @pulumi.getter(name="nvdCvss2Vectors") + def nvd_cvss2_vectors(self) -> Optional[str]: + return pulumi.get(self, "nvd_cvss2_vectors") + + @property + @pulumi.getter(name="nvdCvss3Score") + def nvd_cvss3_score(self) -> Optional[float]: + return pulumi.get(self, "nvd_cvss3_score") + + @property + @pulumi.getter(name="nvdCvss3Severity") + def nvd_cvss3_severity(self) -> Optional[str]: + return pulumi.get(self, "nvd_cvss3_severity") + + @property + @pulumi.getter(name="nvdCvss3Vectors") + def nvd_cvss3_vectors(self) -> Optional[str]: + return pulumi.get(self, "nvd_cvss3_vectors") + + @property + @pulumi.getter(name="nvdSeverity") + def nvd_severity(self) -> Optional[str]: + return pulumi.get(self, "nvd_severity") + + @property + @pulumi.getter(name="nvdUrl") + def nvd_url(self) -> Optional[str]: + return pulumi.get(self, "nvd_url") + + @property + @pulumi.getter + def os(self) -> Optional[str]: + return pulumi.get(self, "os") + + @property + @pulumi.getter(name="osVersion") + def os_version(self) -> Optional[str]: + return pulumi.get(self, "os_version") + + @property + @pulumi.getter + def permission(self) -> Optional[str]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="publishDate") + def publish_date(self) -> Optional[str]: + return pulumi.get(self, "publish_date") + + @property + @pulumi.getter + def registry(self) -> Optional[str]: + return pulumi.get(self, "registry") + + @property + @pulumi.getter + def repository(self) -> Optional[str]: + return pulumi.get(self, "repository") + + @property + @pulumi.getter(name="resourceArchitecture") + def resource_architecture(self) -> Optional[str]: + return pulumi.get(self, "resource_architecture") + + @property + @pulumi.getter(name="resourceCpe") + def resource_cpe(self) -> Optional[str]: + return pulumi.get(self, "resource_cpe") + + @property + @pulumi.getter(name="resourceFormat") + def resource_format(self) -> Optional[str]: + return pulumi.get(self, "resource_format") + + @property + @pulumi.getter(name="resourceHash") + def resource_hash(self) -> Optional[str]: + return pulumi.get(self, "resource_hash") + + @property + @pulumi.getter(name="resourceLicenses") + def resource_licenses(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "resource_licenses") + + @property + @pulumi.getter(name="resourceName") + def resource_name(self) -> Optional[str]: + return pulumi.get(self, "resource_name") + + @property + @pulumi.getter(name="resourcePath") + def resource_path(self) -> Optional[str]: + return pulumi.get(self, "resource_path") + + @property + @pulumi.getter(name="resourceType") + def resource_type(self) -> Optional[str]: + return pulumi.get(self, "resource_type") + + @property + @pulumi.getter(name="resourceVersion") + def resource_version(self) -> Optional[str]: + return pulumi.get(self, "resource_version") + + @property + @pulumi.getter(name="severityClassification") + def severity_classification(self) -> Optional[str]: + return pulumi.get(self, "severity_classification") + + @property + @pulumi.getter + def solution(self) -> Optional[str]: + return pulumi.get(self, "solution") + + @property + @pulumi.getter(name="temporalVector") + def temporal_vector(self) -> Optional[str]: + return pulumi.get(self, "temporal_vector") + + @property + @pulumi.getter(name="vPatchAppliedBy") + def v_patch_applied_by(self) -> Optional[str]: + return pulumi.get(self, "v_patch_applied_by") + + @property + @pulumi.getter(name="vPatchAppliedOn") + def v_patch_applied_on(self) -> Optional[str]: + return pulumi.get(self, "v_patch_applied_on") + + @property + @pulumi.getter(name="vPatchEnforcedBy") + def v_patch_enforced_by(self) -> Optional[str]: + return pulumi.get(self, "v_patch_enforced_by") + + @property + @pulumi.getter(name="vPatchEnforcedOn") + def v_patch_enforced_on(self) -> Optional[str]: + return pulumi.get(self, "v_patch_enforced_on") + + @property + @pulumi.getter(name="vPatchPolicyEnforce") + def v_patch_policy_enforce(self) -> Optional[bool]: + return pulumi.get(self, "v_patch_policy_enforce") + + @property + @pulumi.getter(name="vPatchPolicyName") + def v_patch_policy_name(self) -> Optional[str]: + return pulumi.get(self, "v_patch_policy_name") + + @property + @pulumi.getter(name="vPatchRevertedBy") + def v_patch_reverted_by(self) -> Optional[str]: + return pulumi.get(self, "v_patch_reverted_by") + + @property + @pulumi.getter(name="vPatchRevertedOn") + def v_patch_reverted_on(self) -> Optional[str]: + return pulumi.get(self, "v_patch_reverted_on") + + @property + @pulumi.getter(name="vPatchStatus") + def v_patch_status(self) -> Optional[str]: + return pulumi.get(self, "v_patch_status") + + @property + @pulumi.getter(name="vendorCvss2Score") + def vendor_cvss2_score(self) -> Optional[float]: + return pulumi.get(self, "vendor_cvss2_score") + + @property + @pulumi.getter(name="vendorCvss2Vectors") + def vendor_cvss2_vectors(self) -> Optional[str]: + return pulumi.get(self, "vendor_cvss2_vectors") + + @property + @pulumi.getter(name="vendorSeverity") + def vendor_severity(self) -> Optional[str]: + return pulumi.get(self, "vendor_severity") + + @property + @pulumi.getter(name="vendorStatement") + def vendor_statement(self) -> Optional[str]: + return pulumi.get(self, "vendor_statement") + + @property + @pulumi.getter(name="vendorUrl") + def vendor_url(self) -> Optional[str]: + return pulumi.get(self, "vendor_url") + + +@pulumi.output_type +class IntegrationRegistryOption(dict): + def __init__(__self__, *, + option: Optional[str] = None, + value: Optional[str] = None): + if option is not None: + pulumi.set(__self__, "option", option) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def option(self) -> Optional[str]: + return pulumi.get(self, "option") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class IntegrationRegistryWebhook(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "authToken": + suggest = "auth_token" + elif key == "unQuarantine": + suggest = "un_quarantine" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in IntegrationRegistryWebhook. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + IntegrationRegistryWebhook.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + IntegrationRegistryWebhook.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + auth_token: Optional[str] = None, + enabled: Optional[bool] = None, + un_quarantine: Optional[bool] = None, + url: Optional[str] = None): + if auth_token is not None: + pulumi.set(__self__, "auth_token", auth_token) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if un_quarantine is not None: + pulumi.set(__self__, "un_quarantine", un_quarantine) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="authToken") + def auth_token(self) -> Optional[str]: + return pulumi.get(self, "auth_token") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="unQuarantine") + def un_quarantine(self) -> Optional[bool]: + return pulumi.get(self, "un_quarantine") + + @property + @pulumi.getter + def url(self) -> Optional[str]: + return pulumi.get(self, "url") + + +@pulumi.output_type +class KubernetesAssurancePolicyAutoScanTime(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "iterationType": + suggest = "iteration_type" + elif key == "weekDays": + suggest = "week_days" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + KubernetesAssurancePolicyAutoScanTime.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + KubernetesAssurancePolicyAutoScanTime.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + iteration: Optional[int] = None, + iteration_type: Optional[str] = None, + time: Optional[str] = None, + week_days: Optional[Sequence[str]] = None): + if iteration is not None: + pulumi.set(__self__, "iteration", iteration) + if iteration_type is not None: + pulumi.set(__self__, "iteration_type", iteration_type) + if time is not None: + pulumi.set(__self__, "time", time) + if week_days is not None: + pulumi.set(__self__, "week_days", week_days) + + @property + @pulumi.getter + def iteration(self) -> Optional[int]: + return pulumi.get(self, "iteration") + + @property + @pulumi.getter(name="iterationType") + def iteration_type(self) -> Optional[str]: + return pulumi.get(self, "iteration_type") + + @property + @pulumi.getter + def time(self) -> Optional[str]: + return pulumi.get(self, "time") + + @property + @pulumi.getter(name="weekDays") + def week_days(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "week_days") + + +@pulumi.output_type +class KubernetesAssurancePolicyCustomCheck(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "lastModified": + suggest = "last_modified" + elif key == "readOnly": + suggest = "read_only" + elif key == "scriptId": + suggest = "script_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - ImageVulnerability.__key_warning(key) + KubernetesAssurancePolicyCustomCheck.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - ImageVulnerability.__key_warning(key) + KubernetesAssurancePolicyCustomCheck.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - ack_author: Optional[str] = None, - ack_comment: Optional[str] = None, - ack_expiration_configured_at: Optional[str] = None, - ack_expiration_configured_by: Optional[str] = None, - ack_expiration_days: Optional[int] = None, - ack_scope: Optional[str] = None, - acknowledge_date: Optional[str] = None, - ancestor_pkg: Optional[str] = None, - aqua_score: Optional[float] = None, - aqua_score_classification: Optional[str] = None, - aqua_scoring_system: Optional[str] = None, - aqua_severity: Optional[str] = None, - aqua_severity_classification: Optional[str] = None, - aqua_vectors: Optional[str] = None, - audit_events_count: Optional[int] = None, - block_events_count: Optional[int] = None, - classification: Optional[str] = None, + author: Optional[str] = None, description: Optional[str] = None, - digest: Optional[str] = None, - exploit_reference: Optional[str] = None, - exploit_type: Optional[str] = None, - first_found_date: Optional[str] = None, - fix_version: Optional[str] = None, - image_name: Optional[str] = None, - last_found_date: Optional[str] = None, - modification_date: Optional[str] = None, + engine: Optional[str] = None, + last_modified: Optional[int] = None, name: Optional[str] = None, - nvd_cvss2_score: Optional[float] = None, - nvd_cvss2_vectors: Optional[str] = None, - nvd_cvss3_score: Optional[float] = None, - nvd_cvss3_severity: Optional[str] = None, - nvd_cvss3_vectors: Optional[str] = None, - nvd_severity: Optional[str] = None, - nvd_url: Optional[str] = None, - os: Optional[str] = None, - os_version: Optional[str] = None, - permission: Optional[str] = None, - publish_date: Optional[str] = None, - registry: Optional[str] = None, - repository: Optional[str] = None, - resource_architecture: Optional[str] = None, - resource_cpe: Optional[str] = None, - resource_format: Optional[str] = None, - resource_hash: Optional[str] = None, - resource_licenses: Optional[Sequence[str]] = None, - resource_name: Optional[str] = None, - resource_path: Optional[str] = None, - resource_type: Optional[str] = None, - resource_version: Optional[str] = None, - severity_classification: Optional[str] = None, - solution: Optional[str] = None, - temporal_vector: Optional[str] = None, - v_patch_applied_by: Optional[str] = None, - v_patch_applied_on: Optional[str] = None, - v_patch_enforced_by: Optional[str] = None, - v_patch_enforced_on: Optional[str] = None, - v_patch_policy_enforce: Optional[bool] = None, - v_patch_policy_name: Optional[str] = None, - v_patch_reverted_by: Optional[str] = None, - v_patch_reverted_on: Optional[str] = None, - v_patch_status: Optional[str] = None, - vendor_cvss2_score: Optional[float] = None, - vendor_cvss2_vectors: Optional[str] = None, - vendor_severity: Optional[str] = None, - vendor_statement: Optional[str] = None, - vendor_url: Optional[str] = None): + path: Optional[str] = None, + read_only: Optional[bool] = None, + script_id: Optional[str] = None, + severity: Optional[str] = None, + snippet: Optional[str] = None): """ - :param str digest: The content digest of the image. - :param str name: The name of the image. - :param str os: The operating system detected in the image - :param str os_version: The version of the OS detected in the image. - :param str permission: Permission of the image. - :param str registry: The name of the registry where the image is stored. - :param str repository: The name of the image's repository. + :param str author: Name of user account that created the policy. """ - if ack_author is not None: - pulumi.set(__self__, "ack_author", ack_author) - if ack_comment is not None: - pulumi.set(__self__, "ack_comment", ack_comment) - if ack_expiration_configured_at is not None: - pulumi.set(__self__, "ack_expiration_configured_at", ack_expiration_configured_at) - if ack_expiration_configured_by is not None: - pulumi.set(__self__, "ack_expiration_configured_by", ack_expiration_configured_by) - if ack_expiration_days is not None: - pulumi.set(__self__, "ack_expiration_days", ack_expiration_days) - if ack_scope is not None: - pulumi.set(__self__, "ack_scope", ack_scope) - if acknowledge_date is not None: - pulumi.set(__self__, "acknowledge_date", acknowledge_date) - if ancestor_pkg is not None: - pulumi.set(__self__, "ancestor_pkg", ancestor_pkg) - if aqua_score is not None: - pulumi.set(__self__, "aqua_score", aqua_score) - if aqua_score_classification is not None: - pulumi.set(__self__, "aqua_score_classification", aqua_score_classification) - if aqua_scoring_system is not None: - pulumi.set(__self__, "aqua_scoring_system", aqua_scoring_system) - if aqua_severity is not None: - pulumi.set(__self__, "aqua_severity", aqua_severity) - if aqua_severity_classification is not None: - pulumi.set(__self__, "aqua_severity_classification", aqua_severity_classification) - if aqua_vectors is not None: - pulumi.set(__self__, "aqua_vectors", aqua_vectors) - if audit_events_count is not None: - pulumi.set(__self__, "audit_events_count", audit_events_count) - if block_events_count is not None: - pulumi.set(__self__, "block_events_count", block_events_count) - if classification is not None: - pulumi.set(__self__, "classification", classification) + if author is not None: + pulumi.set(__self__, "author", author) if description is not None: pulumi.set(__self__, "description", description) - if digest is not None: - pulumi.set(__self__, "digest", digest) - if exploit_reference is not None: - pulumi.set(__self__, "exploit_reference", exploit_reference) - if exploit_type is not None: - pulumi.set(__self__, "exploit_type", exploit_type) - if first_found_date is not None: - pulumi.set(__self__, "first_found_date", first_found_date) - if fix_version is not None: - pulumi.set(__self__, "fix_version", fix_version) - if image_name is not None: - pulumi.set(__self__, "image_name", image_name) - if last_found_date is not None: - pulumi.set(__self__, "last_found_date", last_found_date) - if modification_date is not None: - pulumi.set(__self__, "modification_date", modification_date) + if engine is not None: + pulumi.set(__self__, "engine", engine) + if last_modified is not None: + pulumi.set(__self__, "last_modified", last_modified) if name is not None: pulumi.set(__self__, "name", name) - if nvd_cvss2_score is not None: - pulumi.set(__self__, "nvd_cvss2_score", nvd_cvss2_score) - if nvd_cvss2_vectors is not None: - pulumi.set(__self__, "nvd_cvss2_vectors", nvd_cvss2_vectors) - if nvd_cvss3_score is not None: - pulumi.set(__self__, "nvd_cvss3_score", nvd_cvss3_score) - if nvd_cvss3_severity is not None: - pulumi.set(__self__, "nvd_cvss3_severity", nvd_cvss3_severity) - if nvd_cvss3_vectors is not None: - pulumi.set(__self__, "nvd_cvss3_vectors", nvd_cvss3_vectors) - if nvd_severity is not None: - pulumi.set(__self__, "nvd_severity", nvd_severity) - if nvd_url is not None: - pulumi.set(__self__, "nvd_url", nvd_url) - if os is not None: - pulumi.set(__self__, "os", os) - if os_version is not None: - pulumi.set(__self__, "os_version", os_version) - if permission is not None: - pulumi.set(__self__, "permission", permission) - if publish_date is not None: - pulumi.set(__self__, "publish_date", publish_date) - if registry is not None: - pulumi.set(__self__, "registry", registry) - if repository is not None: - pulumi.set(__self__, "repository", repository) - if resource_architecture is not None: - pulumi.set(__self__, "resource_architecture", resource_architecture) - if resource_cpe is not None: - pulumi.set(__self__, "resource_cpe", resource_cpe) - if resource_format is not None: - pulumi.set(__self__, "resource_format", resource_format) - if resource_hash is not None: - pulumi.set(__self__, "resource_hash", resource_hash) - if resource_licenses is not None: - pulumi.set(__self__, "resource_licenses", resource_licenses) - if resource_name is not None: - pulumi.set(__self__, "resource_name", resource_name) - if resource_path is not None: - pulumi.set(__self__, "resource_path", resource_path) - if resource_type is not None: - pulumi.set(__self__, "resource_type", resource_type) - if resource_version is not None: - pulumi.set(__self__, "resource_version", resource_version) - if severity_classification is not None: - pulumi.set(__self__, "severity_classification", severity_classification) - if solution is not None: - pulumi.set(__self__, "solution", solution) - if temporal_vector is not None: - pulumi.set(__self__, "temporal_vector", temporal_vector) - if v_patch_applied_by is not None: - pulumi.set(__self__, "v_patch_applied_by", v_patch_applied_by) - if v_patch_applied_on is not None: - pulumi.set(__self__, "v_patch_applied_on", v_patch_applied_on) - if v_patch_enforced_by is not None: - pulumi.set(__self__, "v_patch_enforced_by", v_patch_enforced_by) - if v_patch_enforced_on is not None: - pulumi.set(__self__, "v_patch_enforced_on", v_patch_enforced_on) - if v_patch_policy_enforce is not None: - pulumi.set(__self__, "v_patch_policy_enforce", v_patch_policy_enforce) - if v_patch_policy_name is not None: - pulumi.set(__self__, "v_patch_policy_name", v_patch_policy_name) - if v_patch_reverted_by is not None: - pulumi.set(__self__, "v_patch_reverted_by", v_patch_reverted_by) - if v_patch_reverted_on is not None: - pulumi.set(__self__, "v_patch_reverted_on", v_patch_reverted_on) - if v_patch_status is not None: - pulumi.set(__self__, "v_patch_status", v_patch_status) - if vendor_cvss2_score is not None: - pulumi.set(__self__, "vendor_cvss2_score", vendor_cvss2_score) - if vendor_cvss2_vectors is not None: - pulumi.set(__self__, "vendor_cvss2_vectors", vendor_cvss2_vectors) - if vendor_severity is not None: - pulumi.set(__self__, "vendor_severity", vendor_severity) - if vendor_statement is not None: - pulumi.set(__self__, "vendor_statement", vendor_statement) - if vendor_url is not None: - pulumi.set(__self__, "vendor_url", vendor_url) + if path is not None: + pulumi.set(__self__, "path", path) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) + if snippet is not None: + pulumi.set(__self__, "snippet", snippet) + + @property + @pulumi.getter + def author(self) -> Optional[str]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + @property + @pulumi.getter + def engine(self) -> Optional[str]: + return pulumi.get(self, "engine") + + @property + @pulumi.getter(name="lastModified") + def last_modified(self) -> Optional[int]: + return pulumi.get(self, "last_modified") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def path(self) -> Optional[str]: + return pulumi.get(self, "path") + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[bool]: + return pulumi.get(self, "read_only") @property - @pulumi.getter(name="ackAuthor") - def ack_author(self) -> Optional[str]: - return pulumi.get(self, "ack_author") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[str]: + return pulumi.get(self, "script_id") @property - @pulumi.getter(name="ackComment") - def ack_comment(self) -> Optional[str]: - return pulumi.get(self, "ack_comment") + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") @property - @pulumi.getter(name="ackExpirationConfiguredAt") - def ack_expiration_configured_at(self) -> Optional[str]: - return pulumi.get(self, "ack_expiration_configured_at") + @pulumi.getter + def snippet(self) -> Optional[str]: + return pulumi.get(self, "snippet") + + +@pulumi.output_type +class KubernetesAssurancePolicyForbiddenLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="ackExpirationConfiguredBy") - def ack_expiration_configured_by(self) -> Optional[str]: - return pulumi.get(self, "ack_expiration_configured_by") + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") @property - @pulumi.getter(name="ackExpirationDays") - def ack_expiration_days(self) -> Optional[int]: - return pulumi.get(self, "ack_expiration_days") + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class KubernetesAssurancePolicyKubernetesControl(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "avdId": + suggest = "avd_id" + elif key == "scriptId": + suggest = "script_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyKubernetesControl. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + KubernetesAssurancePolicyKubernetesControl.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + KubernetesAssurancePolicyKubernetesControl.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + avd_id: Optional[str] = None, + description: Optional[str] = None, + enabled: Optional[bool] = None, + kind: Optional[str] = None, + name: Optional[str] = None, + ootb: Optional[bool] = None, + script_id: Optional[int] = None, + severity: Optional[str] = None): + """ + :param str avd_id: AVD ID. + :param str description: Description of the control. + :param bool enabled: Is the control enabled? + :param str kind: Kind of the control. + :param str name: Name of the control. + :param bool ootb: Out-of-the-box status of the control. + :param int script_id: Script ID. + :param str severity: Severity of the control. + """ + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if name is not None: + pulumi.set(__self__, "name", name) + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) @property - @pulumi.getter(name="ackScope") - def ack_scope(self) -> Optional[str]: - return pulumi.get(self, "ack_scope") + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[str]: + """ + AVD ID. + """ + return pulumi.get(self, "avd_id") @property - @pulumi.getter(name="acknowledgeDate") - def acknowledge_date(self) -> Optional[str]: - return pulumi.get(self, "acknowledge_date") + @pulumi.getter + def description(self) -> Optional[str]: + """ + Description of the control. + """ + return pulumi.get(self, "description") @property - @pulumi.getter(name="ancestorPkg") - def ancestor_pkg(self) -> Optional[str]: - return pulumi.get(self, "ancestor_pkg") + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Is the control enabled? + """ + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="aquaScore") - def aqua_score(self) -> Optional[float]: - return pulumi.get(self, "aqua_score") + @pulumi.getter + def kind(self) -> Optional[str]: + """ + Kind of the control. + """ + return pulumi.get(self, "kind") @property - @pulumi.getter(name="aquaScoreClassification") - def aqua_score_classification(self) -> Optional[str]: - return pulumi.get(self, "aqua_score_classification") + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name of the control. + """ + return pulumi.get(self, "name") @property - @pulumi.getter(name="aquaScoringSystem") - def aqua_scoring_system(self) -> Optional[str]: - return pulumi.get(self, "aqua_scoring_system") + @pulumi.getter + def ootb(self) -> Optional[bool]: + """ + Out-of-the-box status of the control. + """ + return pulumi.get(self, "ootb") + + @property + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[int]: + """ + Script ID. + """ + return pulumi.get(self, "script_id") + + @property + @pulumi.getter + def severity(self) -> Optional[str]: + """ + Severity of the control. + """ + return pulumi.get(self, "severity") + + +@pulumi.output_type +class KubernetesAssurancePolicyPackagesBlackList(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "versionRange": + suggest = "version_range" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + KubernetesAssurancePolicyPackagesBlackList.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + KubernetesAssurancePolicyPackagesBlackList.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) + + @property + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") + + @property + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") + + @property + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") + + @property + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") + + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") + + @property + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") + + +@pulumi.output_type +class KubernetesAssurancePolicyPackagesWhiteList(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "versionRange": + suggest = "version_range" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + KubernetesAssurancePolicyPackagesWhiteList.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + KubernetesAssurancePolicyPackagesWhiteList.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property - @pulumi.getter(name="aquaSeverity") - def aqua_severity(self) -> Optional[str]: - return pulumi.get(self, "aqua_severity") + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") @property - @pulumi.getter(name="aquaSeverityClassification") - def aqua_severity_classification(self) -> Optional[str]: - return pulumi.get(self, "aqua_severity_classification") + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") @property - @pulumi.getter(name="aquaVectors") - def aqua_vectors(self) -> Optional[str]: - return pulumi.get(self, "aqua_vectors") + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") @property - @pulumi.getter(name="auditEventsCount") - def audit_events_count(self) -> Optional[int]: - return pulumi.get(self, "audit_events_count") + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") @property - @pulumi.getter(name="blockEventsCount") - def block_events_count(self) -> Optional[int]: - return pulumi.get(self, "block_events_count") + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") @property @pulumi.getter - def classification(self) -> Optional[str]: - return pulumi.get(self, "classification") + def name(self) -> Optional[str]: + return pulumi.get(self, "name") @property @pulumi.getter - def description(self) -> Optional[str]: - return pulumi.get(self, "description") + def release(self) -> Optional[str]: + return pulumi.get(self, "release") @property @pulumi.getter - def digest(self) -> Optional[str]: - """ - The content digest of the image. - """ - return pulumi.get(self, "digest") + def version(self) -> Optional[str]: + return pulumi.get(self, "version") @property - @pulumi.getter(name="exploitReference") - def exploit_reference(self) -> Optional[str]: - return pulumi.get(self, "exploit_reference") + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") - @property - @pulumi.getter(name="exploitType") - def exploit_type(self) -> Optional[str]: - return pulumi.get(self, "exploit_type") - @property - @pulumi.getter(name="firstFoundDate") - def first_found_date(self) -> Optional[str]: - return pulumi.get(self, "first_found_date") +@pulumi.output_type +class KubernetesAssurancePolicyPolicySettings(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isAuditChecked": + suggest = "is_audit_checked" + elif key == "warningMessage": + suggest = "warning_message" - @property - @pulumi.getter(name="fixVersion") - def fix_version(self) -> Optional[str]: - return pulumi.get(self, "fix_version") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyPolicySettings. Access the value via the '{suggest}' property getter instead.") - @property - @pulumi.getter(name="imageName") - def image_name(self) -> Optional[str]: - return pulumi.get(self, "image_name") + def __getitem__(self, key: str) -> Any: + KubernetesAssurancePolicyPolicySettings.__key_warning(key) + return super().__getitem__(key) - @property - @pulumi.getter(name="lastFoundDate") - def last_found_date(self) -> Optional[str]: - return pulumi.get(self, "last_found_date") + def get(self, key: str, default = None) -> Any: + KubernetesAssurancePolicyPolicySettings.__key_warning(key) + return super().get(key, default) - @property - @pulumi.getter(name="modificationDate") - def modification_date(self) -> Optional[str]: - return pulumi.get(self, "modification_date") + def __init__(__self__, *, + enforce: Optional[bool] = None, + is_audit_checked: Optional[bool] = None, + warn: Optional[bool] = None, + warning_message: Optional[str] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) @property @pulumi.getter - def name(self) -> Optional[str]: - """ - The name of the image. - """ - return pulumi.get(self, "name") + def enforce(self) -> Optional[bool]: + return pulumi.get(self, "enforce") @property - @pulumi.getter(name="nvdCvss2Score") - def nvd_cvss2_score(self) -> Optional[float]: - return pulumi.get(self, "nvd_cvss2_score") + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[bool]: + return pulumi.get(self, "is_audit_checked") @property - @pulumi.getter(name="nvdCvss2Vectors") - def nvd_cvss2_vectors(self) -> Optional[str]: - return pulumi.get(self, "nvd_cvss2_vectors") + @pulumi.getter + def warn(self) -> Optional[bool]: + return pulumi.get(self, "warn") @property - @pulumi.getter(name="nvdCvss3Score") - def nvd_cvss3_score(self) -> Optional[float]: - return pulumi.get(self, "nvd_cvss3_score") + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[str]: + return pulumi.get(self, "warning_message") + + +@pulumi.output_type +class KubernetesAssurancePolicyRequiredLabel(dict): + def __init__(__self__, *, + key: Optional[str] = None, + value: Optional[str] = None): + if key is not None: + pulumi.set(__self__, "key", key) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="nvdCvss3Severity") - def nvd_cvss3_severity(self) -> Optional[str]: - return pulumi.get(self, "nvd_cvss3_severity") + @pulumi.getter + def key(self) -> Optional[str]: + return pulumi.get(self, "key") @property - @pulumi.getter(name="nvdCvss3Vectors") - def nvd_cvss3_vectors(self) -> Optional[str]: - return pulumi.get(self, "nvd_cvss3_vectors") + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class KubernetesAssurancePolicyScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.KubernetesAssurancePolicyScopeVariable']] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) @property - @pulumi.getter(name="nvdSeverity") - def nvd_severity(self) -> Optional[str]: - return pulumi.get(self, "nvd_severity") + @pulumi.getter + def expression(self) -> Optional[str]: + return pulumi.get(self, "expression") @property - @pulumi.getter(name="nvdUrl") - def nvd_url(self) -> Optional[str]: - return pulumi.get(self, "nvd_url") + @pulumi.getter + def variables(self) -> Optional[Sequence['outputs.KubernetesAssurancePolicyScopeVariable']]: + return pulumi.get(self, "variables") + + +@pulumi.output_type +class KubernetesAssurancePolicyScopeVariable(dict): + def __init__(__self__, *, + attribute: Optional[str] = None, + name: Optional[str] = None, + value: Optional[str] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) @property @pulumi.getter - def os(self) -> Optional[str]: - """ - The operating system detected in the image - """ - return pulumi.get(self, "os") + def attribute(self) -> Optional[str]: + return pulumi.get(self, "attribute") @property - @pulumi.getter(name="osVersion") - def os_version(self) -> Optional[str]: - """ - The version of the OS detected in the image. - """ - return pulumi.get(self, "os_version") + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") @property @pulumi.getter - def permission(self) -> Optional[str]: - """ - Permission of the image. - """ - return pulumi.get(self, "permission") + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class KubernetesAssurancePolicyTrustedBaseImage(dict): + def __init__(__self__, *, + imagename: Optional[str] = None, + registry: Optional[str] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) @property - @pulumi.getter(name="publishDate") - def publish_date(self) -> Optional[str]: - return pulumi.get(self, "publish_date") + @pulumi.getter + def imagename(self) -> Optional[str]: + return pulumi.get(self, "imagename") @property @pulumi.getter def registry(self) -> Optional[str]: - """ - The name of the registry where the image is stored. - """ return pulumi.get(self, "registry") - @property - @pulumi.getter - def repository(self) -> Optional[str]: - """ - The name of the image's repository. - """ - return pulumi.get(self, "repository") - @property - @pulumi.getter(name="resourceArchitecture") - def resource_architecture(self) -> Optional[str]: - return pulumi.get(self, "resource_architecture") +@pulumi.output_type +class RoleMappingLdap(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "roleMapping": + suggest = "role_mapping" - @property - @pulumi.getter(name="resourceCpe") - def resource_cpe(self) -> Optional[str]: - return pulumi.get(self, "resource_cpe") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleMappingLdap. Access the value via the '{suggest}' property getter instead.") - @property - @pulumi.getter(name="resourceFormat") - def resource_format(self) -> Optional[str]: - return pulumi.get(self, "resource_format") + def __getitem__(self, key: str) -> Any: + RoleMappingLdap.__key_warning(key) + return super().__getitem__(key) - @property - @pulumi.getter(name="resourceHash") - def resource_hash(self) -> Optional[str]: - return pulumi.get(self, "resource_hash") + def get(self, key: str, default = None) -> Any: + RoleMappingLdap.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + role_mapping: Mapping[str, str]): + """ + :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) @property - @pulumi.getter(name="resourceLicenses") - def resource_licenses(self) -> Optional[Sequence[str]]: - return pulumi.get(self, "resource_licenses") + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> Mapping[str, str]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") - @property - @pulumi.getter(name="resourceName") - def resource_name(self) -> Optional[str]: - return pulumi.get(self, "resource_name") - @property - @pulumi.getter(name="resourcePath") - def resource_path(self) -> Optional[str]: - return pulumi.get(self, "resource_path") +@pulumi.output_type +class RoleMappingOauth2(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "roleMapping": + suggest = "role_mapping" - @property - @pulumi.getter(name="resourceType") - def resource_type(self) -> Optional[str]: - return pulumi.get(self, "resource_type") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleMappingOauth2. Access the value via the '{suggest}' property getter instead.") - @property - @pulumi.getter(name="resourceVersion") - def resource_version(self) -> Optional[str]: - return pulumi.get(self, "resource_version") + def __getitem__(self, key: str) -> Any: + RoleMappingOauth2.__key_warning(key) + return super().__getitem__(key) - @property - @pulumi.getter(name="severityClassification") - def severity_classification(self) -> Optional[str]: - return pulumi.get(self, "severity_classification") + def get(self, key: str, default = None) -> Any: + RoleMappingOauth2.__key_warning(key) + return super().get(key, default) - @property - @pulumi.getter - def solution(self) -> Optional[str]: - return pulumi.get(self, "solution") + def __init__(__self__, *, + role_mapping: Mapping[str, str]): + """ + :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) @property - @pulumi.getter(name="temporalVector") - def temporal_vector(self) -> Optional[str]: - return pulumi.get(self, "temporal_vector") + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> Mapping[str, str]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") - @property - @pulumi.getter(name="vPatchAppliedBy") - def v_patch_applied_by(self) -> Optional[str]: - return pulumi.get(self, "v_patch_applied_by") - @property - @pulumi.getter(name="vPatchAppliedOn") - def v_patch_applied_on(self) -> Optional[str]: - return pulumi.get(self, "v_patch_applied_on") +@pulumi.output_type +class RoleMappingOpenid(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "roleMapping": + suggest = "role_mapping" - @property - @pulumi.getter(name="vPatchEnforcedBy") - def v_patch_enforced_by(self) -> Optional[str]: - return pulumi.get(self, "v_patch_enforced_by") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleMappingOpenid. Access the value via the '{suggest}' property getter instead.") - @property - @pulumi.getter(name="vPatchEnforcedOn") - def v_patch_enforced_on(self) -> Optional[str]: - return pulumi.get(self, "v_patch_enforced_on") + def __getitem__(self, key: str) -> Any: + RoleMappingOpenid.__key_warning(key) + return super().__getitem__(key) - @property - @pulumi.getter(name="vPatchPolicyEnforce") - def v_patch_policy_enforce(self) -> Optional[bool]: - return pulumi.get(self, "v_patch_policy_enforce") + def get(self, key: str, default = None) -> Any: + RoleMappingOpenid.__key_warning(key) + return super().get(key, default) - @property - @pulumi.getter(name="vPatchPolicyName") - def v_patch_policy_name(self) -> Optional[str]: - return pulumi.get(self, "v_patch_policy_name") + def __init__(__self__, *, + role_mapping: Mapping[str, str]): + """ + :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) @property - @pulumi.getter(name="vPatchRevertedBy") - def v_patch_reverted_by(self) -> Optional[str]: - return pulumi.get(self, "v_patch_reverted_by") + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> Mapping[str, str]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") - @property - @pulumi.getter(name="vPatchRevertedOn") - def v_patch_reverted_on(self) -> Optional[str]: - return pulumi.get(self, "v_patch_reverted_on") - @property - @pulumi.getter(name="vPatchStatus") - def v_patch_status(self) -> Optional[str]: - return pulumi.get(self, "v_patch_status") +@pulumi.output_type +class RoleMappingSaml(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "roleMapping": + suggest = "role_mapping" - @property - @pulumi.getter(name="vendorCvss2Score") - def vendor_cvss2_score(self) -> Optional[float]: - return pulumi.get(self, "vendor_cvss2_score") + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleMappingSaml. Access the value via the '{suggest}' property getter instead.") - @property - @pulumi.getter(name="vendorCvss2Vectors") - def vendor_cvss2_vectors(self) -> Optional[str]: - return pulumi.get(self, "vendor_cvss2_vectors") + def __getitem__(self, key: str) -> Any: + RoleMappingSaml.__key_warning(key) + return super().__getitem__(key) - @property - @pulumi.getter(name="vendorSeverity") - def vendor_severity(self) -> Optional[str]: - return pulumi.get(self, "vendor_severity") + def get(self, key: str, default = None) -> Any: + RoleMappingSaml.__key_warning(key) + return super().get(key, default) - @property - @pulumi.getter(name="vendorStatement") - def vendor_statement(self) -> Optional[str]: - return pulumi.get(self, "vendor_statement") + def __init__(__self__, *, + role_mapping: Mapping[str, str]): + """ + :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + pulumi.set(__self__, "role_mapping", role_mapping) @property - @pulumi.getter(name="vendorUrl") - def vendor_url(self) -> Optional[str]: - return pulumi.get(self, "vendor_url") + @pulumi.getter(name="roleMapping") + def role_mapping(self) -> Mapping[str, str]: + """ + Role Mapping is used to define the IdP role that the user will assume in Aqua. Use '|' as a separator for multiple roles. + """ + return pulumi.get(self, "role_mapping") @pulumi.output_type -class IntegrationRegistryOption(dict): +class ServiceScopeVariable(dict): def __init__(__self__, *, - option: Optional[str] = None, + attribute: Optional[str] = None, + name: Optional[str] = None, value: Optional[str] = None): - if option is not None: - pulumi.set(__self__, "option", option) + """ + :param str attribute: Class of supported scope. + :param str name: Name assigned to the attribute. + :param str value: Value assigned to the attribute. + """ + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) + if name is not None: + pulumi.set(__self__, "name", name) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def option(self) -> Optional[str]: - return pulumi.get(self, "option") + def attribute(self) -> Optional[str]: + """ + Class of supported scope. + """ + return pulumi.get(self, "attribute") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Name assigned to the attribute. + """ + return pulumi.get(self, "name") @property @pulumi.getter def value(self) -> Optional[str]: + """ + Value assigned to the attribute. + """ return pulumi.get(self, "value") @pulumi.output_type -class IntegrationRegistryWebhook(dict): +class UserSaasGroup(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "authToken": - suggest = "auth_token" - elif key == "unQuarantine": - suggest = "un_quarantine" + if key == "groupAdmin": + suggest = "group_admin" if suggest: - pulumi.log.warn(f"Key '{key}' not found in IntegrationRegistryWebhook. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in UserSaasGroup. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - IntegrationRegistryWebhook.__key_warning(key) + UserSaasGroup.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - IntegrationRegistryWebhook.__key_warning(key) + UserSaasGroup.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - auth_token: Optional[str] = None, - enabled: Optional[bool] = None, - un_quarantine: Optional[bool] = None, - url: Optional[str] = None): - """ - :param str url: The URL, address or region of the registry - """ - if auth_token is not None: - pulumi.set(__self__, "auth_token", auth_token) - if enabled is not None: - pulumi.set(__self__, "enabled", enabled) - if un_quarantine is not None: - pulumi.set(__self__, "un_quarantine", un_quarantine) - if url is not None: - pulumi.set(__self__, "url", url) + group_admin: Optional[bool] = None, + name: Optional[str] = None): + if group_admin is not None: + pulumi.set(__self__, "group_admin", group_admin) + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter(name="groupAdmin") + def group_admin(self) -> Optional[bool]: + return pulumi.get(self, "group_admin") + + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") + + +@pulumi.output_type +class UserSaasLogin(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ipAddress": + suggest = "ip_address" + elif key == "userId": + suggest = "user_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in UserSaasLogin. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + UserSaasLogin.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + UserSaasLogin.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + created: Optional[str] = None, + id: Optional[int] = None, + ip_address: Optional[str] = None, + user_id: Optional[int] = None): + if created is not None: + pulumi.set(__self__, "created", created) + if id is not None: + pulumi.set(__self__, "id", id) + if ip_address is not None: + pulumi.set(__self__, "ip_address", ip_address) + if user_id is not None: + pulumi.set(__self__, "user_id", user_id) @property - @pulumi.getter(name="authToken") - def auth_token(self) -> Optional[str]: - return pulumi.get(self, "auth_token") + @pulumi.getter + def created(self) -> Optional[str]: + return pulumi.get(self, "created") @property @pulumi.getter - def enabled(self) -> Optional[bool]: - return pulumi.get(self, "enabled") + def id(self) -> Optional[int]: + return pulumi.get(self, "id") @property - @pulumi.getter(name="unQuarantine") - def un_quarantine(self) -> Optional[bool]: - return pulumi.get(self, "un_quarantine") + @pulumi.getter(name="ipAddress") + def ip_address(self) -> Optional[str]: + return pulumi.get(self, "ip_address") @property - @pulumi.getter - def url(self) -> Optional[str]: - """ - The URL, address or region of the registry - """ - return pulumi.get(self, "url") + @pulumi.getter(name="userId") + def user_id(self) -> Optional[int]: + return pulumi.get(self, "user_id") @pulumi.output_type -class KubernetesAssurancePolicyAutoScanTime(dict): +class VmwareAssurancePolicyAutoScanTime(dict): @staticmethod def __key_warning(key: str): suggest = None @@ -4537,14 +10693,14 @@ def __key_warning(key: str): suggest = "week_days" if suggest: - pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in VmwareAssurancePolicyAutoScanTime. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - KubernetesAssurancePolicyAutoScanTime.__key_warning(key) + VmwareAssurancePolicyAutoScanTime.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - KubernetesAssurancePolicyAutoScanTime.__key_warning(key) + VmwareAssurancePolicyAutoScanTime.__key_warning(key) return super().get(key, default) def __init__(__self__, *, @@ -4583,7 +10739,7 @@ def week_days(self) -> Optional[Sequence[str]]: @pulumi.output_type -class KubernetesAssurancePolicyCustomCheck(dict): +class VmwareAssurancePolicyCustomCheck(dict): @staticmethod def __key_warning(key: str): suggest = None @@ -4595,14 +10751,14 @@ def __key_warning(key: str): suggest = "script_id" if suggest: - pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in VmwareAssurancePolicyCustomCheck. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - KubernetesAssurancePolicyCustomCheck.__key_warning(key) + VmwareAssurancePolicyCustomCheck.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - KubernetesAssurancePolicyCustomCheck.__key_warning(key) + VmwareAssurancePolicyCustomCheck.__key_warning(key) return super().get(key, default) def __init__(__self__, *, @@ -4695,7 +10851,7 @@ def snippet(self) -> Optional[str]: @pulumi.output_type -class KubernetesAssurancePolicyForbiddenLabel(dict): +class VmwareAssurancePolicyForbiddenLabel(dict): def __init__(__self__, *, key: Optional[str] = None, value: Optional[str] = None): @@ -4716,77 +10872,71 @@ def value(self) -> Optional[str]: @pulumi.output_type -class KubernetesAssurancePolicyPackagesBlackList(dict): +class VmwareAssurancePolicyKubernetesControl(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "versionRange": - suggest = "version_range" + if key == "avdId": + suggest = "avd_id" + elif key == "scriptId": + suggest = "script_id" if suggest: - pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in VmwareAssurancePolicyKubernetesControl. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - KubernetesAssurancePolicyPackagesBlackList.__key_warning(key) + VmwareAssurancePolicyKubernetesControl.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - KubernetesAssurancePolicyPackagesBlackList.__key_warning(key) + VmwareAssurancePolicyKubernetesControl.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - arch: Optional[str] = None, - display: Optional[str] = None, - epoch: Optional[str] = None, - format: Optional[str] = None, - license: Optional[str] = None, + avd_id: Optional[str] = None, + description: Optional[str] = None, + enabled: Optional[bool] = None, + kind: Optional[str] = None, name: Optional[str] = None, - release: Optional[str] = None, - version: Optional[str] = None, - version_range: Optional[str] = None): - if arch is not None: - pulumi.set(__self__, "arch", arch) - if display is not None: - pulumi.set(__self__, "display", display) - if epoch is not None: - pulumi.set(__self__, "epoch", epoch) - if format is not None: - pulumi.set(__self__, "format", format) - if license is not None: - pulumi.set(__self__, "license", license) + ootb: Optional[bool] = None, + script_id: Optional[int] = None, + severity: Optional[str] = None): + if avd_id is not None: + pulumi.set(__self__, "avd_id", avd_id) + if description is not None: + pulumi.set(__self__, "description", description) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if kind is not None: + pulumi.set(__self__, "kind", kind) if name is not None: pulumi.set(__self__, "name", name) - if release is not None: - pulumi.set(__self__, "release", release) - if version is not None: - pulumi.set(__self__, "version", version) - if version_range is not None: - pulumi.set(__self__, "version_range", version_range) - - @property - @pulumi.getter - def arch(self) -> Optional[str]: - return pulumi.get(self, "arch") + if ootb is not None: + pulumi.set(__self__, "ootb", ootb) + if script_id is not None: + pulumi.set(__self__, "script_id", script_id) + if severity is not None: + pulumi.set(__self__, "severity", severity) @property - @pulumi.getter - def display(self) -> Optional[str]: - return pulumi.get(self, "display") + @pulumi.getter(name="avdId") + def avd_id(self) -> Optional[str]: + return pulumi.get(self, "avd_id") @property @pulumi.getter - def epoch(self) -> Optional[str]: - return pulumi.get(self, "epoch") + def description(self) -> Optional[str]: + return pulumi.get(self, "description") @property @pulumi.getter - def format(self) -> Optional[str]: - return pulumi.get(self, "format") + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") @property @pulumi.getter - def license(self) -> Optional[str]: - return pulumi.get(self, "license") + def kind(self) -> Optional[str]: + return pulumi.get(self, "kind") @property @pulumi.getter @@ -4795,22 +10945,22 @@ def name(self) -> Optional[str]: @property @pulumi.getter - def release(self) -> Optional[str]: - return pulumi.get(self, "release") + def ootb(self) -> Optional[bool]: + return pulumi.get(self, "ootb") @property - @pulumi.getter - def version(self) -> Optional[str]: - return pulumi.get(self, "version") + @pulumi.getter(name="scriptId") + def script_id(self) -> Optional[int]: + return pulumi.get(self, "script_id") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") + @pulumi.getter + def severity(self) -> Optional[str]: + return pulumi.get(self, "severity") @pulumi.output_type -class KubernetesAssurancePolicyPackagesWhiteList(dict): +class VmwareAssurancePolicyPackagesBlackList(dict): @staticmethod def __key_warning(key: str): suggest = None @@ -4818,14 +10968,14 @@ def __key_warning(key: str): suggest = "version_range" if suggest: - pulumi.log.warn(f"Key '{key}' not found in KubernetesAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in VmwareAssurancePolicyPackagesBlackList. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - KubernetesAssurancePolicyPackagesWhiteList.__key_warning(key) + VmwareAssurancePolicyPackagesBlackList.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - KubernetesAssurancePolicyPackagesWhiteList.__key_warning(key) + VmwareAssurancePolicyPackagesBlackList.__key_warning(key) return super().get(key, default) def __init__(__self__, *, @@ -4898,384 +11048,251 @@ def version(self) -> Optional[str]: return pulumi.get(self, "version") @property - @pulumi.getter(name="versionRange") - def version_range(self) -> Optional[str]: - return pulumi.get(self, "version_range") - - -@pulumi.output_type -class KubernetesAssurancePolicyRequiredLabel(dict): - def __init__(__self__, *, - key: Optional[str] = None, - value: Optional[str] = None): - if key is not None: - pulumi.set(__self__, "key", key) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def key(self) -> Optional[str]: - return pulumi.get(self, "key") - - @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") - - -@pulumi.output_type -class KubernetesAssurancePolicyScope(dict): - def __init__(__self__, *, - expression: Optional[str] = None, - variables: Optional[Sequence['outputs.KubernetesAssurancePolicyScopeVariable']] = None): - if expression is not None: - pulumi.set(__self__, "expression", expression) - if variables is not None: - pulumi.set(__self__, "variables", variables) - - @property - @pulumi.getter - def expression(self) -> Optional[str]: - return pulumi.get(self, "expression") - - @property - @pulumi.getter - def variables(self) -> Optional[Sequence['outputs.KubernetesAssurancePolicyScopeVariable']]: - return pulumi.get(self, "variables") - - -@pulumi.output_type -class KubernetesAssurancePolicyScopeVariable(dict): - def __init__(__self__, *, - attribute: Optional[str] = None, - name: Optional[str] = None, - value: Optional[str] = None): - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) - if value is not None: - pulumi.set(__self__, "value", value) - - @property - @pulumi.getter - def attribute(self) -> Optional[str]: - return pulumi.get(self, "attribute") - - @property - @pulumi.getter - def name(self) -> Optional[str]: - return pulumi.get(self, "name") - - @property - @pulumi.getter - def value(self) -> Optional[str]: - return pulumi.get(self, "value") - - -@pulumi.output_type -class KubernetesAssurancePolicyTrustedBaseImage(dict): - def __init__(__self__, *, - imagename: Optional[str] = None, - registry: Optional[str] = None): - if imagename is not None: - pulumi.set(__self__, "imagename", imagename) - if registry is not None: - pulumi.set(__self__, "registry", registry) - - @property - @pulumi.getter - def imagename(self) -> Optional[str]: - return pulumi.get(self, "imagename") - - @property - @pulumi.getter - def registry(self) -> Optional[str]: - return pulumi.get(self, "registry") - - -@pulumi.output_type -class RoleMappingLdap(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "roleMapping": - suggest = "role_mapping" - - if suggest: - pulumi.log.warn(f"Key '{key}' not found in RoleMappingLdap. Access the value via the '{suggest}' property getter instead.") - - def __getitem__(self, key: str) -> Any: - RoleMappingLdap.__key_warning(key) - return super().__getitem__(key) - - def get(self, key: str, default = None) -> Any: - RoleMappingLdap.__key_warning(key) - return super().get(key, default) - - def __init__(__self__, *, - role_mapping: Mapping[str, str]): - """ - :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - pulumi.set(__self__, "role_mapping", role_mapping) - - @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> Mapping[str, str]: - """ - Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - return pulumi.get(self, "role_mapping") + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") @pulumi.output_type -class RoleMappingOauth2(dict): +class VmwareAssurancePolicyPackagesWhiteList(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "roleMapping": - suggest = "role_mapping" + if key == "versionRange": + suggest = "version_range" if suggest: - pulumi.log.warn(f"Key '{key}' not found in RoleMappingOauth2. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in VmwareAssurancePolicyPackagesWhiteList. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - RoleMappingOauth2.__key_warning(key) + VmwareAssurancePolicyPackagesWhiteList.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - RoleMappingOauth2.__key_warning(key) + VmwareAssurancePolicyPackagesWhiteList.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - role_mapping: Mapping[str, str]): - """ - :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - pulumi.set(__self__, "role_mapping", role_mapping) + arch: Optional[str] = None, + display: Optional[str] = None, + epoch: Optional[str] = None, + format: Optional[str] = None, + license: Optional[str] = None, + name: Optional[str] = None, + release: Optional[str] = None, + version: Optional[str] = None, + version_range: Optional[str] = None): + if arch is not None: + pulumi.set(__self__, "arch", arch) + if display is not None: + pulumi.set(__self__, "display", display) + if epoch is not None: + pulumi.set(__self__, "epoch", epoch) + if format is not None: + pulumi.set(__self__, "format", format) + if license is not None: + pulumi.set(__self__, "license", license) + if name is not None: + pulumi.set(__self__, "name", name) + if release is not None: + pulumi.set(__self__, "release", release) + if version is not None: + pulumi.set(__self__, "version", version) + if version_range is not None: + pulumi.set(__self__, "version_range", version_range) @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> Mapping[str, str]: - """ - Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - return pulumi.get(self, "role_mapping") + @pulumi.getter + def arch(self) -> Optional[str]: + return pulumi.get(self, "arch") + @property + @pulumi.getter + def display(self) -> Optional[str]: + return pulumi.get(self, "display") -@pulumi.output_type -class RoleMappingOpenid(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "roleMapping": - suggest = "role_mapping" + @property + @pulumi.getter + def epoch(self) -> Optional[str]: + return pulumi.get(self, "epoch") - if suggest: - pulumi.log.warn(f"Key '{key}' not found in RoleMappingOpenid. Access the value via the '{suggest}' property getter instead.") + @property + @pulumi.getter + def format(self) -> Optional[str]: + return pulumi.get(self, "format") - def __getitem__(self, key: str) -> Any: - RoleMappingOpenid.__key_warning(key) - return super().__getitem__(key) + @property + @pulumi.getter + def license(self) -> Optional[str]: + return pulumi.get(self, "license") - def get(self, key: str, default = None) -> Any: - RoleMappingOpenid.__key_warning(key) - return super().get(key, default) + @property + @pulumi.getter + def name(self) -> Optional[str]: + return pulumi.get(self, "name") - def __init__(__self__, *, - role_mapping: Mapping[str, str]): - """ - :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - pulumi.set(__self__, "role_mapping", role_mapping) + @property + @pulumi.getter + def release(self) -> Optional[str]: + return pulumi.get(self, "release") @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> Mapping[str, str]: - """ - Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - return pulumi.get(self, "role_mapping") + @pulumi.getter + def version(self) -> Optional[str]: + return pulumi.get(self, "version") + + @property + @pulumi.getter(name="versionRange") + def version_range(self) -> Optional[str]: + return pulumi.get(self, "version_range") @pulumi.output_type -class RoleMappingSaml(dict): +class VmwareAssurancePolicyPolicySettings(dict): @staticmethod def __key_warning(key: str): suggest = None - if key == "roleMapping": - suggest = "role_mapping" + if key == "isAuditChecked": + suggest = "is_audit_checked" + elif key == "warningMessage": + suggest = "warning_message" if suggest: - pulumi.log.warn(f"Key '{key}' not found in RoleMappingSaml. Access the value via the '{suggest}' property getter instead.") + pulumi.log.warn(f"Key '{key}' not found in VmwareAssurancePolicyPolicySettings. Access the value via the '{suggest}' property getter instead.") def __getitem__(self, key: str) -> Any: - RoleMappingSaml.__key_warning(key) + VmwareAssurancePolicyPolicySettings.__key_warning(key) return super().__getitem__(key) def get(self, key: str, default = None) -> Any: - RoleMappingSaml.__key_warning(key) + VmwareAssurancePolicyPolicySettings.__key_warning(key) return super().get(key, default) def __init__(__self__, *, - role_mapping: Mapping[str, str]): - """ - :param Mapping[str, str] role_mapping: Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - pulumi.set(__self__, "role_mapping", role_mapping) + enforce: Optional[bool] = None, + is_audit_checked: Optional[bool] = None, + warn: Optional[bool] = None, + warning_message: Optional[str] = None): + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if is_audit_checked is not None: + pulumi.set(__self__, "is_audit_checked", is_audit_checked) + if warn is not None: + pulumi.set(__self__, "warn", warn) + if warning_message is not None: + pulumi.set(__self__, "warning_message", warning_message) @property - @pulumi.getter(name="roleMapping") - def role_mapping(self) -> Mapping[str, str]: - """ - Role Mapping is used to define the IdP role that the user will assume in Aqua - """ - return pulumi.get(self, "role_mapping") + @pulumi.getter + def enforce(self) -> Optional[bool]: + return pulumi.get(self, "enforce") + + @property + @pulumi.getter(name="isAuditChecked") + def is_audit_checked(self) -> Optional[bool]: + return pulumi.get(self, "is_audit_checked") + + @property + @pulumi.getter + def warn(self) -> Optional[bool]: + return pulumi.get(self, "warn") + + @property + @pulumi.getter(name="warningMessage") + def warning_message(self) -> Optional[str]: + return pulumi.get(self, "warning_message") @pulumi.output_type -class ServiceScopeVariable(dict): +class VmwareAssurancePolicyRequiredLabel(dict): def __init__(__self__, *, - attribute: Optional[str] = None, - name: Optional[str] = None, + key: Optional[str] = None, value: Optional[str] = None): - """ - :param str attribute: Class of supported scope. - :param str name: Name assigned to the attribute. - :param str value: Value assigned to the attribute. - """ - if attribute is not None: - pulumi.set(__self__, "attribute", attribute) - if name is not None: - pulumi.set(__self__, "name", name) + if key is not None: + pulumi.set(__self__, "key", key) if value is not None: pulumi.set(__self__, "value", value) @property @pulumi.getter - def attribute(self) -> Optional[str]: - """ - Class of supported scope. - """ - return pulumi.get(self, "attribute") - - @property - @pulumi.getter - def name(self) -> Optional[str]: - """ - Name assigned to the attribute. - """ - return pulumi.get(self, "name") + def key(self) -> Optional[str]: + return pulumi.get(self, "key") @property @pulumi.getter def value(self) -> Optional[str]: - """ - Value assigned to the attribute. - """ return pulumi.get(self, "value") @pulumi.output_type -class UserSaasGroup(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "groupAdmin": - suggest = "group_admin" +class VmwareAssurancePolicyScope(dict): + def __init__(__self__, *, + expression: Optional[str] = None, + variables: Optional[Sequence['outputs.VmwareAssurancePolicyScopeVariable']] = None): + if expression is not None: + pulumi.set(__self__, "expression", expression) + if variables is not None: + pulumi.set(__self__, "variables", variables) - if suggest: - pulumi.log.warn(f"Key '{key}' not found in UserSaasGroup. Access the value via the '{suggest}' property getter instead.") + @property + @pulumi.getter + def expression(self) -> Optional[str]: + return pulumi.get(self, "expression") - def __getitem__(self, key: str) -> Any: - UserSaasGroup.__key_warning(key) - return super().__getitem__(key) + @property + @pulumi.getter + def variables(self) -> Optional[Sequence['outputs.VmwareAssurancePolicyScopeVariable']]: + return pulumi.get(self, "variables") - def get(self, key: str, default = None) -> Any: - UserSaasGroup.__key_warning(key) - return super().get(key, default) +@pulumi.output_type +class VmwareAssurancePolicyScopeVariable(dict): def __init__(__self__, *, - group_admin: Optional[bool] = None, - name: Optional[str] = None): - if group_admin is not None: - pulumi.set(__self__, "group_admin", group_admin) + attribute: Optional[str] = None, + name: Optional[str] = None, + value: Optional[str] = None): + if attribute is not None: + pulumi.set(__self__, "attribute", attribute) if name is not None: pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) @property - @pulumi.getter(name="groupAdmin") - def group_admin(self) -> Optional[bool]: - return pulumi.get(self, "group_admin") + @pulumi.getter + def attribute(self) -> Optional[str]: + return pulumi.get(self, "attribute") @property @pulumi.getter def name(self) -> Optional[str]: return pulumi.get(self, "name") + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") -@pulumi.output_type -class UserSaasLogin(dict): - @staticmethod - def __key_warning(key: str): - suggest = None - if key == "ipAddress": - suggest = "ip_address" - elif key == "userId": - suggest = "user_id" - - if suggest: - pulumi.log.warn(f"Key '{key}' not found in UserSaasLogin. Access the value via the '{suggest}' property getter instead.") - - def __getitem__(self, key: str) -> Any: - UserSaasLogin.__key_warning(key) - return super().__getitem__(key) - - def get(self, key: str, default = None) -> Any: - UserSaasLogin.__key_warning(key) - return super().get(key, default) +@pulumi.output_type +class VmwareAssurancePolicyTrustedBaseImage(dict): def __init__(__self__, *, - created: Optional[str] = None, - id: Optional[int] = None, - ip_address: Optional[str] = None, - user_id: Optional[int] = None): - """ - :param int id: The ID of this resource. - """ - if created is not None: - pulumi.set(__self__, "created", created) - if id is not None: - pulumi.set(__self__, "id", id) - if ip_address is not None: - pulumi.set(__self__, "ip_address", ip_address) - if user_id is not None: - pulumi.set(__self__, "user_id", user_id) + imagename: Optional[str] = None, + registry: Optional[str] = None): + if imagename is not None: + pulumi.set(__self__, "imagename", imagename) + if registry is not None: + pulumi.set(__self__, "registry", registry) @property @pulumi.getter - def created(self) -> Optional[str]: - return pulumi.get(self, "created") + def imagename(self) -> Optional[str]: + return pulumi.get(self, "imagename") @property @pulumi.getter - def id(self) -> Optional[int]: - """ - The ID of this resource. - """ - return pulumi.get(self, "id") - - @property - @pulumi.getter(name="ipAddress") - def ip_address(self) -> Optional[str]: - return pulumi.get(self, "ip_address") - - @property - @pulumi.getter(name="userId") - def user_id(self) -> Optional[int]: - return pulumi.get(self, "user_id") + def registry(self) -> Optional[str]: + return pulumi.get(self, "registry") @pulumi.output_type @@ -5946,109 +11963,578 @@ def name(self) -> str: return pulumi.get(self, "name") +@pulumi.output_type +class GetContainerRuntimePolicyAllowedExecutableResult(dict): + def __init__(__self__, *, + allow_executables: Optional[Sequence[str]] = None, + allow_root_executables: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + separate_executables: Optional[bool] = None): + """ + :param Sequence[str] allow_executables: List of allowed executables. + :param Sequence[str] allow_root_executables: List of allowed root executables. + :param bool enabled: Whether allowed executables configuration is enabled. + :param bool separate_executables: Whether to treat executables separately. + """ + if allow_executables is not None: + pulumi.set(__self__, "allow_executables", allow_executables) + if allow_root_executables is not None: + pulumi.set(__self__, "allow_root_executables", allow_root_executables) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if separate_executables is not None: + pulumi.set(__self__, "separate_executables", separate_executables) + + @property + @pulumi.getter(name="allowExecutables") + def allow_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed executables. + """ + return pulumi.get(self, "allow_executables") + + @property + @pulumi.getter(name="allowRootExecutables") + def allow_root_executables(self) -> Optional[Sequence[str]]: + """ + List of allowed root executables. + """ + return pulumi.get(self, "allow_root_executables") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether allowed executables configuration is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="separateExecutables") + def separate_executables(self) -> Optional[bool]: + """ + Whether to treat executables separately. + """ + return pulumi.get(self, "separate_executables") + + +@pulumi.output_type +class GetContainerRuntimePolicyAllowedRegistryResult(dict): + def __init__(__self__, *, + allowed_registries: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + """ + :param Sequence[str] allowed_registries: List of allowed registries. + :param bool enabled: Whether allowed registries are enabled. + """ + if allowed_registries is not None: + pulumi.set(__self__, "allowed_registries", allowed_registries) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="allowedRegistries") + def allowed_registries(self) -> Optional[Sequence[str]]: + """ + List of allowed registries. + """ + return pulumi.get(self, "allowed_registries") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether allowed registries are enabled. + """ + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class GetContainerRuntimePolicyAuditingResult(dict): + def __init__(__self__, *, + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") + + @property + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") + + @property + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class GetContainerRuntimePolicyContainerExecResult(dict): + def __init__(__self__, *, + block_container_exec: Optional[bool] = None, + container_exec_proc_white_lists: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + reverse_shell_ip_white_lists: Optional[Sequence[str]] = None): + if block_container_exec is not None: + pulumi.set(__self__, "block_container_exec", block_container_exec) + if container_exec_proc_white_lists is not None: + pulumi.set(__self__, "container_exec_proc_white_lists", container_exec_proc_white_lists) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if reverse_shell_ip_white_lists is not None: + pulumi.set(__self__, "reverse_shell_ip_white_lists", reverse_shell_ip_white_lists) + + @property + @pulumi.getter(name="blockContainerExec") + def block_container_exec(self) -> Optional[bool]: + return pulumi.get(self, "block_container_exec") + + @property + @pulumi.getter(name="containerExecProcWhiteLists") + def container_exec_proc_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "container_exec_proc_white_lists") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="reverseShellIpWhiteLists") + def reverse_shell_ip_white_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "reverse_shell_ip_white_lists") + + +@pulumi.output_type +class GetContainerRuntimePolicyFileBlockResult(dict): + def __init__(__self__, *, + block_files_processes: Optional[Sequence[str]] = None, + block_files_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_files: Optional[Sequence[str]] = None, + exceptional_block_files_processes: Optional[Sequence[str]] = None, + exceptional_block_files_users: Optional[Sequence[str]] = None, + filename_block_lists: Optional[Sequence[str]] = None): + if block_files_processes is not None: + pulumi.set(__self__, "block_files_processes", block_files_processes) + if block_files_users is not None: + pulumi.set(__self__, "block_files_users", block_files_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_files is not None: + pulumi.set(__self__, "exceptional_block_files", exceptional_block_files) + if exceptional_block_files_processes is not None: + pulumi.set(__self__, "exceptional_block_files_processes", exceptional_block_files_processes) + if exceptional_block_files_users is not None: + pulumi.set(__self__, "exceptional_block_files_users", exceptional_block_files_users) + if filename_block_lists is not None: + pulumi.set(__self__, "filename_block_lists", filename_block_lists) + + @property + @pulumi.getter(name="blockFilesProcesses") + def block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_processes") + + @property + @pulumi.getter(name="blockFilesUsers") + def block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_files_users") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalBlockFiles") + def exceptional_block_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files") + + @property + @pulumi.getter(name="exceptionalBlockFilesProcesses") + def exceptional_block_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_processes") + + @property + @pulumi.getter(name="exceptionalBlockFilesUsers") + def exceptional_block_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_files_users") + + @property + @pulumi.getter(name="filenameBlockLists") + def filename_block_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "filename_block_lists") + + @pulumi.output_type class GetContainerRuntimePolicyFileIntegrityMonitoringResult(dict): def __init__(__self__, *, - excluded_paths: Sequence[str], - excluded_processes: Sequence[str], - excluded_users: Sequence[str], - monitor_attributes: bool, - monitor_create: bool, - monitor_delete: bool, - monitor_modify: bool, - monitor_read: bool, - monitored_paths: Sequence[str], - monitored_processes: Sequence[str], - monitored_users: Sequence[str]): - pulumi.set(__self__, "excluded_paths", excluded_paths) - pulumi.set(__self__, "excluded_processes", excluded_processes) - pulumi.set(__self__, "excluded_users", excluded_users) - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - pulumi.set(__self__, "monitor_create", monitor_create) - pulumi.set(__self__, "monitor_delete", monitor_delete) - pulumi.set(__self__, "monitor_modify", monitor_modify) - pulumi.set(__self__, "monitor_read", monitor_read) - pulumi.set(__self__, "monitored_paths", monitored_paths) - pulumi.set(__self__, "monitored_processes", monitored_processes) - pulumi.set(__self__, "monitored_users", monitored_users) + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Sequence[str]: - return pulumi.get(self, "excluded_paths") + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Sequence[str]: - return pulumi.get(self, "excluded_processes") + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Sequence[str]: - return pulumi.get(self, "excluded_users") + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> bool: - return pulumi.get(self, "monitor_attributes") + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> bool: - return pulumi.get(self, "monitor_create") + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> bool: - return pulumi.get(self, "monitor_delete") + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") + + @property + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") + + @property + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") + + @property + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") + + @property + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") + + @property + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") + + @property + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") + + +@pulumi.output_type +class GetContainerRuntimePolicyLimitContainerPrivilegeResult(dict): + def __init__(__self__, *, + block_add_capabilities: Optional[bool] = None, + enabled: Optional[bool] = None, + ipcmode: Optional[bool] = None, + netmode: Optional[bool] = None, + pidmode: Optional[bool] = None, + prevent_low_port_binding: Optional[bool] = None, + prevent_root_user: Optional[bool] = None, + privileged: Optional[bool] = None, + use_host_user: Optional[bool] = None, + usermode: Optional[bool] = None, + utsmode: Optional[bool] = None): + """ + :param bool block_add_capabilities: Whether to block adding capabilities. + :param bool enabled: Whether container privilege limitations are enabled. + :param bool ipcmode: Whether to limit IPC-related capabilities. + :param bool netmode: Whether to limit network-related capabilities. + :param bool pidmode: Whether to limit process-related capabilities. + :param bool prevent_low_port_binding: Whether to prevent low port binding. + :param bool prevent_root_user: Whether to prevent the use of the root user. + :param bool privileged: Whether the container is run in privileged mode. + :param bool use_host_user: Whether to use the host user. + :param bool usermode: Whether to limit user-related capabilities. + :param bool utsmode: Whether to limit UTS-related capabilities. + """ + if block_add_capabilities is not None: + pulumi.set(__self__, "block_add_capabilities", block_add_capabilities) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if ipcmode is not None: + pulumi.set(__self__, "ipcmode", ipcmode) + if netmode is not None: + pulumi.set(__self__, "netmode", netmode) + if pidmode is not None: + pulumi.set(__self__, "pidmode", pidmode) + if prevent_low_port_binding is not None: + pulumi.set(__self__, "prevent_low_port_binding", prevent_low_port_binding) + if prevent_root_user is not None: + pulumi.set(__self__, "prevent_root_user", prevent_root_user) + if privileged is not None: + pulumi.set(__self__, "privileged", privileged) + if use_host_user is not None: + pulumi.set(__self__, "use_host_user", use_host_user) + if usermode is not None: + pulumi.set(__self__, "usermode", usermode) + if utsmode is not None: + pulumi.set(__self__, "utsmode", utsmode) + + @property + @pulumi.getter(name="blockAddCapabilities") + def block_add_capabilities(self) -> Optional[bool]: + """ + Whether to block adding capabilities. + """ + return pulumi.get(self, "block_add_capabilities") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether container privilege limitations are enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def ipcmode(self) -> Optional[bool]: + """ + Whether to limit IPC-related capabilities. + """ + return pulumi.get(self, "ipcmode") + + @property + @pulumi.getter + def netmode(self) -> Optional[bool]: + """ + Whether to limit network-related capabilities. + """ + return pulumi.get(self, "netmode") + + @property + @pulumi.getter + def pidmode(self) -> Optional[bool]: + """ + Whether to limit process-related capabilities. + """ + return pulumi.get(self, "pidmode") + + @property + @pulumi.getter(name="preventLowPortBinding") + def prevent_low_port_binding(self) -> Optional[bool]: + """ + Whether to prevent low port binding. + """ + return pulumi.get(self, "prevent_low_port_binding") @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> bool: - return pulumi.get(self, "monitor_modify") + @pulumi.getter(name="preventRootUser") + def prevent_root_user(self) -> Optional[bool]: + """ + Whether to prevent the use of the root user. + """ + return pulumi.get(self, "prevent_root_user") @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> bool: - return pulumi.get(self, "monitor_read") + @pulumi.getter + def privileged(self) -> Optional[bool]: + """ + Whether the container is run in privileged mode. + """ + return pulumi.get(self, "privileged") @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Sequence[str]: - return pulumi.get(self, "monitored_paths") + @pulumi.getter(name="useHostUser") + def use_host_user(self) -> Optional[bool]: + """ + Whether to use the host user. + """ + return pulumi.get(self, "use_host_user") @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Sequence[str]: - return pulumi.get(self, "monitored_processes") + @pulumi.getter + def usermode(self) -> Optional[bool]: + """ + Whether to limit user-related capabilities. + """ + return pulumi.get(self, "usermode") @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Sequence[str]: - return pulumi.get(self, "monitored_users") + @pulumi.getter + def utsmode(self) -> Optional[bool]: + """ + Whether to limit UTS-related capabilities. + """ + return pulumi.get(self, "utsmode") @pulumi.output_type class GetContainerRuntimePolicyMalwareScanOptionResult(dict): def __init__(__self__, *, - action: str, - enabled: bool, - exclude_directories: Sequence[str], - exclude_processes: Sequence[str]): + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): """ :param str action: Set Action, Defaults to 'Alert' when empty :param bool enabled: Defines if enabled or not :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. """ - pulumi.set(__self__, "action", action) - pulumi.set(__self__, "enabled", enabled) - pulumi.set(__self__, "exclude_directories", exclude_directories) - pulumi.set(__self__, "exclude_processes", exclude_processes) + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) @property @pulumi.getter - def action(self) -> str: + def action(self) -> Optional[str]: """ Set Action, Defaults to 'Alert' when empty """ @@ -6056,7 +12542,7 @@ def action(self) -> str: @property @pulumi.getter - def enabled(self) -> bool: + def enabled(self) -> Optional[bool]: """ Defines if enabled or not """ @@ -6064,7 +12550,7 @@ def enabled(self) -> bool: @property @pulumi.getter(name="excludeDirectories") - def exclude_directories(self) -> Sequence[str]: + def exclude_directories(self) -> Optional[Sequence[str]]: """ List of registry paths to be excluded from being protected. """ @@ -6072,12 +12558,141 @@ def exclude_directories(self) -> Sequence[str]: @property @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Sequence[str]: + def exclude_processes(self) -> Optional[Sequence[str]]: """ List of registry processes to be excluded from being protected. """ return pulumi.get(self, "exclude_processes") + @property + @pulumi.getter(name="includeDirectories") + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "include_directories") + + +@pulumi.output_type +class GetContainerRuntimePolicyPortBlockResult(dict): + def __init__(__self__, *, + block_inbound_ports: Optional[Sequence[str]] = None, + block_outbound_ports: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None): + if block_inbound_ports is not None: + pulumi.set(__self__, "block_inbound_ports", block_inbound_ports) + if block_outbound_ports is not None: + pulumi.set(__self__, "block_outbound_ports", block_outbound_ports) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="blockInboundPorts") + def block_inbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_inbound_ports") + + @property + @pulumi.getter(name="blockOutboundPorts") + def block_outbound_ports(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_outbound_ports") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class GetContainerRuntimePolicyReadonlyFilesResult(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + exceptional_readonly_files: Optional[Sequence[str]] = None, + exceptional_readonly_files_processes: Optional[Sequence[str]] = None, + exceptional_readonly_files_users: Optional[Sequence[str]] = None, + readonly_files: Optional[Sequence[str]] = None, + readonly_files_processes: Optional[Sequence[str]] = None, + readonly_files_users: Optional[Sequence[str]] = None): + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_readonly_files is not None: + pulumi.set(__self__, "exceptional_readonly_files", exceptional_readonly_files) + if exceptional_readonly_files_processes is not None: + pulumi.set(__self__, "exceptional_readonly_files_processes", exceptional_readonly_files_processes) + if exceptional_readonly_files_users is not None: + pulumi.set(__self__, "exceptional_readonly_files_users", exceptional_readonly_files_users) + if readonly_files is not None: + pulumi.set(__self__, "readonly_files", readonly_files) + if readonly_files_processes is not None: + pulumi.set(__self__, "readonly_files_processes", readonly_files_processes) + if readonly_files_users is not None: + pulumi.set(__self__, "readonly_files_users", readonly_files_users) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalReadonlyFiles") + def exceptional_readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files") + + @property + @pulumi.getter(name="exceptionalReadonlyFilesProcesses") + def exceptional_readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_processes") + + @property + @pulumi.getter(name="exceptionalReadonlyFilesUsers") + def exceptional_readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_readonly_files_users") + + @property + @pulumi.getter(name="readonlyFiles") + def readonly_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files") + + @property + @pulumi.getter(name="readonlyFilesProcesses") + def readonly_files_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_processes") + + @property + @pulumi.getter(name="readonlyFilesUsers") + def readonly_files_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "readonly_files_users") + + +@pulumi.output_type +class GetContainerRuntimePolicyRestrictedVolumeResult(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + volumes: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether restricted volumes are enabled. + :param Sequence[str] volumes: List of restricted volumes. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if volumes is not None: + pulumi.set(__self__, "volumes", volumes) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether restricted volumes are enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def volumes(self) -> Optional[Sequence[str]]: + """ + List of restricted volumes. + """ + return pulumi.get(self, "volumes") + @pulumi.output_type class GetContainerRuntimePolicyScopeVariableResult(dict): @@ -6085,9 +12700,6 @@ def __init__(__self__, *, attribute: str, name: str, value: str): - """ - :param str name: Name of the container runtime policy - """ pulumi.set(__self__, "attribute", attribute) pulumi.set(__self__, "name", name) pulumi.set(__self__, "value", value) @@ -6100,9 +12712,6 @@ def attribute(self) -> str: @property @pulumi.getter def name(self) -> str: - """ - Name of the container runtime policy - """ return pulumi.get(self, "name") @property @@ -6151,9 +12760,6 @@ def __init__(__self__, *, namespace: str, service_account: str, type: str): - """ - :param str type: Enforcer Type. - """ pulumi.set(__self__, "master", master) pulumi.set(__self__, "namespace", namespace) pulumi.set(__self__, "service_account", service_account) @@ -6177,9 +12783,6 @@ def service_account(self) -> str: @property @pulumi.getter def type(self) -> str: - """ - Enforcer Type. - """ return pulumi.get(self, "type") @@ -6313,9 +12916,6 @@ def __init__(__self__, *, script_id: str, severity: str, snippet: str): - """ - :param str author: Name of user account that created the policy. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "description", description) pulumi.set(__self__, "engine", engine) @@ -6330,9 +12930,6 @@ def __init__(__self__, *, @property @pulumi.getter def author(self) -> str: - """ - Name of user account that created the policy. - """ return pulumi.get(self, "author") @property @@ -6620,15 +13217,98 @@ def registry(self) -> str: return pulumi.get(self, "registry") +@pulumi.output_type +class GetFunctionRuntimePolicyDriftPreventionResult(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + exec_lockdown: Optional[bool] = None, + exec_lockdown_white_lists: Optional[Sequence[str]] = None, + image_lockdown: Optional[bool] = None): + """ + :param bool enabled: Whether drift prevention is enabled. + :param bool exec_lockdown: Whether to lockdown execution drift. + :param Sequence[str] exec_lockdown_white_lists: List of items in the execution lockdown white list. + :param bool image_lockdown: Whether to lockdown image drift. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exec_lockdown is not None: + pulumi.set(__self__, "exec_lockdown", exec_lockdown) + if exec_lockdown_white_lists is not None: + pulumi.set(__self__, "exec_lockdown_white_lists", exec_lockdown_white_lists) + if image_lockdown is not None: + pulumi.set(__self__, "image_lockdown", image_lockdown) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether drift prevention is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="execLockdown") + def exec_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown execution drift. + """ + return pulumi.get(self, "exec_lockdown") + + @property + @pulumi.getter(name="execLockdownWhiteLists") + def exec_lockdown_white_lists(self) -> Optional[Sequence[str]]: + """ + List of items in the execution lockdown white list. + """ + return pulumi.get(self, "exec_lockdown_white_lists") + + @property + @pulumi.getter(name="imageLockdown") + def image_lockdown(self) -> Optional[bool]: + """ + Whether to lockdown image drift. + """ + return pulumi.get(self, "image_lockdown") + + +@pulumi.output_type +class GetFunctionRuntimePolicyExecutableBlacklistResult(dict): + def __init__(__self__, *, + enabled: Optional[bool] = None, + executables: Optional[Sequence[str]] = None): + """ + :param bool enabled: Whether the executable blacklist is enabled. + :param Sequence[str] executables: List of blacklisted executables. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if executables is not None: + pulumi.set(__self__, "executables", executables) + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Whether the executable blacklist is enabled. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def executables(self) -> Optional[Sequence[str]]: + """ + List of blacklisted executables. + """ + return pulumi.get(self, "executables") + + @pulumi.output_type class GetFunctionRuntimePolicyScopeVariableResult(dict): def __init__(__self__, *, attribute: str, name: str, value: str): - """ - :param str name: Name of the function runtime policy - """ pulumi.set(__self__, "attribute", attribute) pulumi.set(__self__, "name", name) pulumi.set(__self__, "value", value) @@ -6641,9 +13321,6 @@ def attribute(self) -> str: @property @pulumi.getter def name(self) -> str: - """ - Name of the function runtime policy - """ return pulumi.get(self, "name") @property @@ -6663,9 +13340,6 @@ def __init__(__self__, *, public_address: str, status: str, version: str): - """ - :param str id: The ID of this resource. - """ pulumi.set(__self__, "description", description) pulumi.set(__self__, "grpc_address", grpc_address) pulumi.set(__self__, "hostname", hostname) @@ -6693,9 +13367,6 @@ def hostname(self) -> str: @property @pulumi.getter def id(self) -> str: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -6791,9 +13462,6 @@ def __init__(__self__, *, script_id: str, severity: str, snippet: str): - """ - :param str author: Name of user account that created the policy. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "description", description) pulumi.set(__self__, "engine", engine) @@ -6808,9 +13476,6 @@ def __init__(__self__, *, @property @pulumi.getter def author(self) -> str: - """ - Name of user account that created the policy. - """ return pulumi.get(self, "author") @property @@ -7098,136 +13763,360 @@ def registry(self) -> str: return pulumi.get(self, "registry") +@pulumi.output_type +class GetHostRuntimePolicyAuditingResult(dict): + def __init__(__self__, *, + audit_all_network: Optional[bool] = None, + audit_all_processes: Optional[bool] = None, + audit_failed_login: Optional[bool] = None, + audit_os_user_activity: Optional[bool] = None, + audit_process_cmdline: Optional[bool] = None, + audit_success_login: Optional[bool] = None, + audit_user_account_management: Optional[bool] = None, + enabled: Optional[bool] = None): + if audit_all_network is not None: + pulumi.set(__self__, "audit_all_network", audit_all_network) + if audit_all_processes is not None: + pulumi.set(__self__, "audit_all_processes", audit_all_processes) + if audit_failed_login is not None: + pulumi.set(__self__, "audit_failed_login", audit_failed_login) + if audit_os_user_activity is not None: + pulumi.set(__self__, "audit_os_user_activity", audit_os_user_activity) + if audit_process_cmdline is not None: + pulumi.set(__self__, "audit_process_cmdline", audit_process_cmdline) + if audit_success_login is not None: + pulumi.set(__self__, "audit_success_login", audit_success_login) + if audit_user_account_management is not None: + pulumi.set(__self__, "audit_user_account_management", audit_user_account_management) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="auditAllNetwork") + def audit_all_network(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_network") + + @property + @pulumi.getter(name="auditAllProcesses") + def audit_all_processes(self) -> Optional[bool]: + return pulumi.get(self, "audit_all_processes") + + @property + @pulumi.getter(name="auditFailedLogin") + def audit_failed_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_failed_login") + + @property + @pulumi.getter(name="auditOsUserActivity") + def audit_os_user_activity(self) -> Optional[bool]: + return pulumi.get(self, "audit_os_user_activity") + + @property + @pulumi.getter(name="auditProcessCmdline") + def audit_process_cmdline(self) -> Optional[bool]: + return pulumi.get(self, "audit_process_cmdline") + + @property + @pulumi.getter(name="auditSuccessLogin") + def audit_success_login(self) -> Optional[bool]: + return pulumi.get(self, "audit_success_login") + + @property + @pulumi.getter(name="auditUserAccountManagement") + def audit_user_account_management(self) -> Optional[bool]: + return pulumi.get(self, "audit_user_account_management") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @pulumi.output_type class GetHostRuntimePolicyFileIntegrityMonitoringResult(dict): def __init__(__self__, *, - excluded_paths: Sequence[str], - excluded_processes: Sequence[str], - excluded_users: Sequence[str], - monitor_attributes: bool, - monitor_create: bool, - monitor_delete: bool, - monitor_modify: bool, - monitor_read: bool, - monitored_paths: Sequence[str], - monitored_processes: Sequence[str], - monitored_users: Sequence[str]): - pulumi.set(__self__, "excluded_paths", excluded_paths) - pulumi.set(__self__, "excluded_processes", excluded_processes) - pulumi.set(__self__, "excluded_users", excluded_users) - pulumi.set(__self__, "monitor_attributes", monitor_attributes) - pulumi.set(__self__, "monitor_create", monitor_create) - pulumi.set(__self__, "monitor_delete", monitor_delete) - pulumi.set(__self__, "monitor_modify", monitor_modify) - pulumi.set(__self__, "monitor_read", monitor_read) - pulumi.set(__self__, "monitored_paths", monitored_paths) - pulumi.set(__self__, "monitored_processes", monitored_processes) - pulumi.set(__self__, "monitored_users", monitored_users) + enabled: Optional[bool] = None, + exceptional_monitored_files: Optional[Sequence[str]] = None, + exceptional_monitored_files_processes: Optional[Sequence[str]] = None, + exceptional_monitored_files_users: Optional[Sequence[str]] = None, + monitored_files: Optional[Sequence[str]] = None, + monitored_files_attributes: Optional[bool] = None, + monitored_files_create: Optional[bool] = None, + monitored_files_delete: Optional[bool] = None, + monitored_files_modify: Optional[bool] = None, + monitored_files_processes: Optional[Sequence[str]] = None, + monitored_files_read: Optional[bool] = None, + monitored_files_users: Optional[Sequence[str]] = None): + """ + :param bool enabled: If true, file integrity monitoring is enabled. + :param Sequence[str] exceptional_monitored_files: List of paths to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_processes: List of processes to be excluded from monitoring. + :param Sequence[str] exceptional_monitored_files_users: List of users to be excluded from monitoring. + :param Sequence[str] monitored_files: List of paths to be monitored. + :param bool monitored_files_attributes: Whether to monitor file attribute operations. + :param bool monitored_files_create: Whether to monitor file create operations. + :param bool monitored_files_delete: Whether to monitor file delete operations. + :param bool monitored_files_modify: Whether to monitor file modify operations. + :param Sequence[str] monitored_files_processes: List of processes associated with monitored files. + :param bool monitored_files_read: Whether to monitor file read operations. + :param Sequence[str] monitored_files_users: List of users associated with monitored files. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_monitored_files is not None: + pulumi.set(__self__, "exceptional_monitored_files", exceptional_monitored_files) + if exceptional_monitored_files_processes is not None: + pulumi.set(__self__, "exceptional_monitored_files_processes", exceptional_monitored_files_processes) + if exceptional_monitored_files_users is not None: + pulumi.set(__self__, "exceptional_monitored_files_users", exceptional_monitored_files_users) + if monitored_files is not None: + pulumi.set(__self__, "monitored_files", monitored_files) + if monitored_files_attributes is not None: + pulumi.set(__self__, "monitored_files_attributes", monitored_files_attributes) + if monitored_files_create is not None: + pulumi.set(__self__, "monitored_files_create", monitored_files_create) + if monitored_files_delete is not None: + pulumi.set(__self__, "monitored_files_delete", monitored_files_delete) + if monitored_files_modify is not None: + pulumi.set(__self__, "monitored_files_modify", monitored_files_modify) + if monitored_files_processes is not None: + pulumi.set(__self__, "monitored_files_processes", monitored_files_processes) + if monitored_files_read is not None: + pulumi.set(__self__, "monitored_files_read", monitored_files_read) + if monitored_files_users is not None: + pulumi.set(__self__, "monitored_files_users", monitored_files_users) @property - @pulumi.getter(name="excludedPaths") - def excluded_paths(self) -> Sequence[str]: - return pulumi.get(self, "excluded_paths") + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + If true, file integrity monitoring is enabled. + """ + return pulumi.get(self, "enabled") @property - @pulumi.getter(name="excludedProcesses") - def excluded_processes(self) -> Sequence[str]: - return pulumi.get(self, "excluded_processes") + @pulumi.getter(name="exceptionalMonitoredFiles") + def exceptional_monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files") + + @property + @pulumi.getter(name="exceptionalMonitoredFilesProcesses") + def exceptional_monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_processes") @property - @pulumi.getter(name="excludedUsers") - def excluded_users(self) -> Sequence[str]: - return pulumi.get(self, "excluded_users") + @pulumi.getter(name="exceptionalMonitoredFilesUsers") + def exceptional_monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users to be excluded from monitoring. + """ + return pulumi.get(self, "exceptional_monitored_files_users") @property - @pulumi.getter(name="monitorAttributes") - def monitor_attributes(self) -> bool: - return pulumi.get(self, "monitor_attributes") + @pulumi.getter(name="monitoredFiles") + def monitored_files(self) -> Optional[Sequence[str]]: + """ + List of paths to be monitored. + """ + return pulumi.get(self, "monitored_files") @property - @pulumi.getter(name="monitorCreate") - def monitor_create(self) -> bool: - return pulumi.get(self, "monitor_create") + @pulumi.getter(name="monitoredFilesAttributes") + def monitored_files_attributes(self) -> Optional[bool]: + """ + Whether to monitor file attribute operations. + """ + return pulumi.get(self, "monitored_files_attributes") @property - @pulumi.getter(name="monitorDelete") - def monitor_delete(self) -> bool: - return pulumi.get(self, "monitor_delete") + @pulumi.getter(name="monitoredFilesCreate") + def monitored_files_create(self) -> Optional[bool]: + """ + Whether to monitor file create operations. + """ + return pulumi.get(self, "monitored_files_create") @property - @pulumi.getter(name="monitorModify") - def monitor_modify(self) -> bool: - return pulumi.get(self, "monitor_modify") + @pulumi.getter(name="monitoredFilesDelete") + def monitored_files_delete(self) -> Optional[bool]: + """ + Whether to monitor file delete operations. + """ + return pulumi.get(self, "monitored_files_delete") @property - @pulumi.getter(name="monitorRead") - def monitor_read(self) -> bool: - return pulumi.get(self, "monitor_read") + @pulumi.getter(name="monitoredFilesModify") + def monitored_files_modify(self) -> Optional[bool]: + """ + Whether to monitor file modify operations. + """ + return pulumi.get(self, "monitored_files_modify") @property - @pulumi.getter(name="monitoredPaths") - def monitored_paths(self) -> Sequence[str]: - return pulumi.get(self, "monitored_paths") + @pulumi.getter(name="monitoredFilesProcesses") + def monitored_files_processes(self) -> Optional[Sequence[str]]: + """ + List of processes associated with monitored files. + """ + return pulumi.get(self, "monitored_files_processes") @property - @pulumi.getter(name="monitoredProcesses") - def monitored_processes(self) -> Sequence[str]: - return pulumi.get(self, "monitored_processes") + @pulumi.getter(name="monitoredFilesRead") + def monitored_files_read(self) -> Optional[bool]: + """ + Whether to monitor file read operations. + """ + return pulumi.get(self, "monitored_files_read") @property - @pulumi.getter(name="monitoredUsers") - def monitored_users(self) -> Sequence[str]: - return pulumi.get(self, "monitored_users") + @pulumi.getter(name="monitoredFilesUsers") + def monitored_files_users(self) -> Optional[Sequence[str]]: + """ + List of users associated with monitored files. + """ + return pulumi.get(self, "monitored_files_users") @pulumi.output_type class GetHostRuntimePolicyMalwareScanOptionResult(dict): def __init__(__self__, *, - action: str, - enabled: bool, - exclude_processes: Sequence[str], - include_directories: Sequence[str]): + action: Optional[str] = None, + enabled: Optional[bool] = None, + exclude_directories: Optional[Sequence[str]] = None, + exclude_processes: Optional[Sequence[str]] = None, + include_directories: Optional[Sequence[str]] = None): """ - :param bool enabled: Indicates if the runtime policy is enabled or not. + :param str action: Set Action, Defaults to 'Alert' when empty + :param bool enabled: Defines if enabled or not + :param Sequence[str] exclude_directories: List of registry paths to be excluded from being protected. + :param Sequence[str] exclude_processes: List of registry processes to be excluded from being protected. + :param Sequence[str] include_directories: List of registry paths to be excluded from being protected. """ - pulumi.set(__self__, "action", action) - pulumi.set(__self__, "enabled", enabled) - pulumi.set(__self__, "exclude_processes", exclude_processes) - pulumi.set(__self__, "include_directories", include_directories) + if action is not None: + pulumi.set(__self__, "action", action) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exclude_directories is not None: + pulumi.set(__self__, "exclude_directories", exclude_directories) + if exclude_processes is not None: + pulumi.set(__self__, "exclude_processes", exclude_processes) + if include_directories is not None: + pulumi.set(__self__, "include_directories", include_directories) @property @pulumi.getter - def action(self) -> str: + def action(self) -> Optional[str]: + """ + Set Action, Defaults to 'Alert' when empty + """ return pulumi.get(self, "action") @property @pulumi.getter - def enabled(self) -> bool: + def enabled(self) -> Optional[bool]: """ - Indicates if the runtime policy is enabled or not. + Defines if enabled or not """ return pulumi.get(self, "enabled") + @property + @pulumi.getter(name="excludeDirectories") + def exclude_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ + return pulumi.get(self, "exclude_directories") + @property @pulumi.getter(name="excludeProcesses") - def exclude_processes(self) -> Sequence[str]: + def exclude_processes(self) -> Optional[Sequence[str]]: + """ + List of registry processes to be excluded from being protected. + """ return pulumi.get(self, "exclude_processes") @property @pulumi.getter(name="includeDirectories") - def include_directories(self) -> Sequence[str]: + def include_directories(self) -> Optional[Sequence[str]]: + """ + List of registry paths to be excluded from being protected. + """ return pulumi.get(self, "include_directories") +@pulumi.output_type +class GetHostRuntimePolicyPackageBlockResult(dict): + def __init__(__self__, *, + block_packages_processes: Optional[Sequence[str]] = None, + block_packages_users: Optional[Sequence[str]] = None, + enabled: Optional[bool] = None, + exceptional_block_packages_files: Optional[Sequence[str]] = None, + exceptional_block_packages_processes: Optional[Sequence[str]] = None, + exceptional_block_packages_users: Optional[Sequence[str]] = None, + packages_black_lists: Optional[Sequence[str]] = None): + if block_packages_processes is not None: + pulumi.set(__self__, "block_packages_processes", block_packages_processes) + if block_packages_users is not None: + pulumi.set(__self__, "block_packages_users", block_packages_users) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if exceptional_block_packages_files is not None: + pulumi.set(__self__, "exceptional_block_packages_files", exceptional_block_packages_files) + if exceptional_block_packages_processes is not None: + pulumi.set(__self__, "exceptional_block_packages_processes", exceptional_block_packages_processes) + if exceptional_block_packages_users is not None: + pulumi.set(__self__, "exceptional_block_packages_users", exceptional_block_packages_users) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + + @property + @pulumi.getter(name="blockPackagesProcesses") + def block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_processes") + + @property + @pulumi.getter(name="blockPackagesUsers") + def block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "block_packages_users") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="exceptionalBlockPackagesFiles") + def exceptional_block_packages_files(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_files") + + @property + @pulumi.getter(name="exceptionalBlockPackagesProcesses") + def exceptional_block_packages_processes(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_processes") + + @property + @pulumi.getter(name="exceptionalBlockPackagesUsers") + def exceptional_block_packages_users(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "exceptional_block_packages_users") + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[Sequence[str]]: + return pulumi.get(self, "packages_black_lists") + + @pulumi.output_type class GetHostRuntimePolicyScopeVariableResult(dict): def __init__(__self__, *, attribute: str, name: str, value: str): - """ - :param str name: Name of the host runtime policy - """ pulumi.set(__self__, "attribute", attribute) pulumi.set(__self__, "name", name) pulumi.set(__self__, "value", value) @@ -7240,9 +14129,6 @@ def attribute(self) -> str: @property @pulumi.getter def name(self) -> str: - """ - Name of the host runtime policy - """ return pulumi.get(self, "name") @property @@ -7390,10 +14276,6 @@ def __init__(__self__, *, dta_skipped_reason: str, failed: bool, policy_name: str): - """ - :param bool dta_skipped: If DTA was skipped. - :param str dta_skipped_reason: The reason why DTA was skipped. - """ pulumi.set(__self__, "assurance_type", assurance_type) pulumi.set(__self__, "blocking", blocking) pulumi.set(__self__, "control", control) @@ -7420,17 +14302,11 @@ def control(self) -> str: @property @pulumi.getter(name="dtaSkipped") def dta_skipped(self) -> bool: - """ - If DTA was skipped. - """ return pulumi.get(self, "dta_skipped") @property @pulumi.getter(name="dtaSkippedReason") def dta_skipped_reason(self) -> str: - """ - The reason why DTA was skipped. - """ return pulumi.get(self, "dta_skipped_reason") @property @@ -7490,9 +14366,6 @@ def __init__(__self__, *, script_id: str, severity: str, snippet: str): - """ - :param str author: Name of user account that created the policy. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "description", description) pulumi.set(__self__, "engine", engine) @@ -7507,9 +14380,6 @@ def __init__(__self__, *, @property @pulumi.getter def author(self) -> str: - """ - Name of user account that created the policy. - """ return pulumi.get(self, "author") @property @@ -7805,11 +14675,6 @@ def __init__(__self__, *, created_by: str, id: str, size: int): - """ - :param str comment: The image creation comment. - :param str created: The date and time when the image was registered. - :param str id: The ID of this resource. - """ pulumi.set(__self__, "comment", comment) pulumi.set(__self__, "created", created) pulumi.set(__self__, "created_by", created_by) @@ -7819,17 +14684,11 @@ def __init__(__self__, *, @property @pulumi.getter def comment(self) -> str: - """ - The image creation comment. - """ return pulumi.get(self, "comment") @property @pulumi.getter def created(self) -> str: - """ - The date and time when the image was registered. - """ return pulumi.get(self, "created") @property @@ -7840,9 +14699,6 @@ def created_by(self) -> str: @property @pulumi.getter def id(self) -> str: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -7920,15 +14776,6 @@ def __init__(__self__, *, vendor_severity: str, vendor_statement: str, vendor_url: str): - """ - :param str digest: The content digest of the image. - :param str name: The name of the image. - :param str os: The operating system detected in the image - :param str os_version: The version of the OS detected in the image. - :param str permission: Permission of the image. - :param str registry: The name of the registry where the image is stored. - :param str repository: The name of the image's repository. - """ pulumi.set(__self__, "ack_author", ack_author) pulumi.set(__self__, "ack_comment", ack_comment) pulumi.set(__self__, "ack_expiration_configured_at", ack_expiration_configured_at) @@ -8089,9 +14936,6 @@ def description(self) -> str: @property @pulumi.getter def digest(self) -> str: - """ - The content digest of the image. - """ return pulumi.get(self, "digest") @property @@ -8132,9 +14976,6 @@ def modification_date(self) -> str: @property @pulumi.getter def name(self) -> str: - """ - The name of the image. - """ return pulumi.get(self, "name") @property @@ -8175,25 +15016,16 @@ def nvd_url(self) -> str: @property @pulumi.getter def os(self) -> str: - """ - The operating system detected in the image - """ return pulumi.get(self, "os") @property @pulumi.getter(name="osVersion") def os_version(self) -> str: - """ - The version of the OS detected in the image. - """ return pulumi.get(self, "os_version") @property @pulumi.getter def permission(self) -> str: - """ - Permission of the image. - """ return pulumi.get(self, "permission") @property @@ -8204,17 +15036,11 @@ def publish_date(self) -> str: @property @pulumi.getter def registry(self) -> str: - """ - The name of the registry where the image is stored. - """ return pulumi.get(self, "registry") @property @pulumi.getter def repository(self) -> str: - """ - The name of the image's repository. - """ return pulumi.get(self, "repository") @property @@ -8348,6 +15174,64 @@ def vendor_url(self) -> str: return pulumi.get(self, "vendor_url") +@pulumi.output_type +class GetIntegrationRegistriesOptionResult(dict): + def __init__(__self__, *, + option: Optional[str] = None, + value: Optional[str] = None): + if option is not None: + pulumi.set(__self__, "option", option) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def option(self) -> Optional[str]: + return pulumi.get(self, "option") + + @property + @pulumi.getter + def value(self) -> Optional[str]: + return pulumi.get(self, "value") + + +@pulumi.output_type +class GetIntegrationRegistriesWebhookResult(dict): + def __init__(__self__, *, + auth_token: Optional[str] = None, + enabled: Optional[bool] = None, + un_quarantine: Optional[bool] = None, + url: Optional[str] = None): + if auth_token is not None: + pulumi.set(__self__, "auth_token", auth_token) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if un_quarantine is not None: + pulumi.set(__self__, "un_quarantine", un_quarantine) + if url is not None: + pulumi.set(__self__, "url", url) + + @property + @pulumi.getter(name="authToken") + def auth_token(self) -> Optional[str]: + return pulumi.get(self, "auth_token") + + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter(name="unQuarantine") + def un_quarantine(self) -> Optional[bool]: + return pulumi.get(self, "un_quarantine") + + @property + @pulumi.getter + def url(self) -> Optional[str]: + return pulumi.get(self, "url") + + @pulumi.output_type class GetIntegrationRegistryOptionResult(dict): def __init__(__self__, *, @@ -8376,9 +15260,6 @@ def __init__(__self__, *, enabled: Optional[bool] = None, un_quarantine: Optional[bool] = None, url: Optional[str] = None): - """ - :param str url: The URL, address or region of the registry - """ if auth_token is not None: pulumi.set(__self__, "auth_token", auth_token) if enabled is not None: @@ -8406,9 +15287,6 @@ def un_quarantine(self) -> Optional[bool]: @property @pulumi.getter def url(self) -> Optional[str]: - """ - The URL, address or region of the registry - """ return pulumi.get(self, "url") @@ -8458,9 +15336,6 @@ def __init__(__self__, *, script_id: str, severity: str, snippet: str): - """ - :param str author: Name of user account that created the policy. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "description", description) pulumi.set(__self__, "engine", engine) @@ -8475,9 +15350,6 @@ def __init__(__self__, *, @property @pulumi.getter def author(self) -> str: - """ - Name of user account that created the policy. - """ return pulumi.get(self, "author") @property @@ -8775,9 +15647,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -8794,9 +15663,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -8835,9 +15701,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -8854,9 +15717,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -8895,9 +15755,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -8914,9 +15771,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -8955,9 +15809,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -8974,9 +15825,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -9015,9 +15863,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -9034,9 +15879,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -9075,9 +15917,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -9094,9 +15933,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -9135,9 +15971,6 @@ def __init__(__self__, *, properties: Mapping[str, str], template: Mapping[str, str], type: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "author", author) pulumi.set(__self__, "id", id) pulumi.set(__self__, "last_updated", last_updated) @@ -9154,9 +15987,6 @@ def author(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -9283,9 +16113,6 @@ def __init__(__self__, *, csp_role: str, id: int, saml_groups: Sequence[str]): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "account_id", account_id) pulumi.set(__self__, "created", created) pulumi.set(__self__, "csp_role", csp_role) @@ -9310,9 +16137,6 @@ def csp_role(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -9379,9 +16203,6 @@ def __init__(__self__, *, attribute: str, name: str, value: str): - """ - :param str name: The name of the service. It is recommended not to use whitespace characters in the name. - """ pulumi.set(__self__, "attribute", attribute) pulumi.set(__self__, "name", name) pulumi.set(__self__, "value", value) @@ -9394,9 +16215,6 @@ def attribute(self) -> str: @property @pulumi.getter def name(self) -> str: - """ - The name of the service. It is recommended not to use whitespace characters in the name. - """ return pulumi.get(self, "name") @property @@ -9528,9 +16346,6 @@ def __init__(__self__, *, created: str, id: int, name: str): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "created", created) pulumi.set(__self__, "id", id) pulumi.set(__self__, "name", name) @@ -9543,9 +16358,6 @@ def created(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property @@ -9561,9 +16373,6 @@ def __init__(__self__, *, id: int, ip_address: str, user_id: int): - """ - :param int id: The ID of this resource. - """ pulumi.set(__self__, "created", created) pulumi.set(__self__, "id", id) pulumi.set(__self__, "ip_address", ip_address) @@ -9577,9 +16386,6 @@ def created(self) -> str: @property @pulumi.getter def id(self) -> int: - """ - The ID of this resource. - """ return pulumi.get(self, "id") @property diff --git a/sdk/python/pulumiverse_aquasec/provider.py b/sdk/python/pulumiverse_aquasec/provider.py index 35942b24..ed7c9acd 100644 --- a/sdk/python/pulumiverse_aquasec/provider.py +++ b/sdk/python/pulumiverse_aquasec/provider.py @@ -34,16 +34,28 @@ def __init__(__self__, *, :param pulumi.Input[bool] verify_tls: If true, server tls certificates will be verified by the client before making a connection. Defaults to true. Can alternatively be sourced from the `AQUA_TLS_VERIFY` environment variable. """ + if aqua_url is None: + aqua_url = _utilities.get_env('AQUA_URL') if aqua_url is not None: pulumi.set(__self__, "aqua_url", aqua_url) + if ca_certificate_path is None: + ca_certificate_path = _utilities.get_env('AQUA_CA_CERT_PATH') if ca_certificate_path is not None: pulumi.set(__self__, "ca_certificate_path", ca_certificate_path) + if config_path is None: + config_path = _utilities.get_env('AQUA_CONFIG') if config_path is not None: pulumi.set(__self__, "config_path", config_path) + if password is None: + password = _utilities.get_env('AQUA_PASSWORD') if password is not None: pulumi.set(__self__, "password", password) + if username is None: + username = _utilities.get_env('AQUA_USER') if username is not None: pulumi.set(__self__, "username", username) + if verify_tls is None: + verify_tls = (_utilities.get_env_bool('AQUA_TLS_VERIFY') or True) if verify_tls is not None: pulumi.set(__self__, "verify_tls", verify_tls) @@ -199,11 +211,23 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = ProviderArgs.__new__(ProviderArgs) + if aqua_url is None: + aqua_url = _utilities.get_env('AQUA_URL') __props__.__dict__["aqua_url"] = aqua_url + if ca_certificate_path is None: + ca_certificate_path = _utilities.get_env('AQUA_CA_CERT_PATH') __props__.__dict__["ca_certificate_path"] = ca_certificate_path + if config_path is None: + config_path = _utilities.get_env('AQUA_CONFIG') __props__.__dict__["config_path"] = config_path + if password is None: + password = _utilities.get_env('AQUA_PASSWORD') __props__.__dict__["password"] = None if password is None else pulumi.Output.secret(password) + if username is None: + username = _utilities.get_env('AQUA_USER') __props__.__dict__["username"] = None if username is None else pulumi.Output.secret(username) + if verify_tls is None: + verify_tls = (_utilities.get_env_bool('AQUA_TLS_VERIFY') or True) __props__.__dict__["verify_tls"] = pulumi.Output.from_input(verify_tls).apply(pulumi.runtime.to_json) if verify_tls is not None else None secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["password", "username"]) opts = pulumi.ResourceOptions.merge(opts, secret_opts) diff --git a/sdk/python/pulumiverse_aquasec/role_mapping.py b/sdk/python/pulumiverse_aquasec/role_mapping.py index 2259b139..bb39f9e0 100644 --- a/sdk/python/pulumiverse_aquasec/role_mapping.py +++ b/sdk/python/pulumiverse_aquasec/role_mapping.py @@ -177,6 +177,7 @@ def __init__(__self__, role_mapping_role_mapping = aquasec.RoleMapping("roleMappingRoleMapping", saml=aquasec.RoleMappingSamlArgs( role_mapping={ "Administrator": "group1", + "Scanner": "group2|group3", }, )) pulumi.export("roleMapping", role_mapping_role_mapping) @@ -205,6 +206,7 @@ def __init__(__self__, role_mapping_role_mapping = aquasec.RoleMapping("roleMappingRoleMapping", saml=aquasec.RoleMappingSamlArgs( role_mapping={ "Administrator": "group1", + "Scanner": "group2|group3", }, )) pulumi.export("roleMapping", role_mapping_role_mapping) diff --git a/sdk/python/pulumiverse_aquasec/service.py b/sdk/python/pulumiverse_aquasec/service.py index ea6a0678..c677c07d 100644 --- a/sdk/python/pulumiverse_aquasec/service.py +++ b/sdk/python/pulumiverse_aquasec/service.py @@ -34,7 +34,7 @@ def __init__(__self__, *, :param pulumi.Input[str] description: A textual description of the service record; maximum 500 characters. :param pulumi.Input[bool] enforce: Enforcement status of the service. :param pulumi.Input[bool] monitoring: Indicates if monitoring is enabled or not - :param pulumi.Input[str] name: The name of the service. It is recommended not to use whitespace characters in the name. + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[int] priority: Rules priority, must be between 1-100. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. :param pulumi.Input[Sequence[pulumi.Input['ServiceScopeVariableArgs']]] scope_variables: List of scope attributes. @@ -133,7 +133,7 @@ def monitoring(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The name of the service. It is recommended not to use whitespace characters in the name. + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -217,7 +217,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] is_registered: Indicates if registered or not. :param pulumi.Input[int] lastupdate: Timestamp of the last update in Unix time format. :param pulumi.Input[bool] monitoring: Indicates if monitoring is enabled or not - :param pulumi.Input[str] name: The name of the service. It is recommended not to use whitespace characters in the name. + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[int] not_evaluated_count: The number of container that are not evaluated. :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The service's policies; an array of container firewall policy names. :param pulumi.Input[int] priority: Rules priority, must be between 1-100. @@ -397,7 +397,7 @@ def monitoring(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: """ - The name of the service. It is recommended not to use whitespace characters in the name. + Name assigned to the attribute. """ return pulumi.get(self, "name") @@ -610,7 +610,7 @@ def __init__(__self__, :param pulumi.Input[str] description: A textual description of the service record; maximum 500 characters. :param pulumi.Input[bool] enforce: Enforcement status of the service. :param pulumi.Input[bool] monitoring: Indicates if monitoring is enabled or not - :param pulumi.Input[str] name: The name of the service. It is recommended not to use whitespace characters in the name. + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The service's policies; an array of container firewall policy names. :param pulumi.Input[int] priority: Rules priority, must be between 1-100. :param pulumi.Input[str] scope_expression: Logical expression of how to compute the dependency of the scope variables. @@ -741,7 +741,7 @@ def get(resource_name: str, :param pulumi.Input[bool] is_registered: Indicates if registered or not. :param pulumi.Input[int] lastupdate: Timestamp of the last update in Unix time format. :param pulumi.Input[bool] monitoring: Indicates if monitoring is enabled or not - :param pulumi.Input[str] name: The name of the service. It is recommended not to use whitespace characters in the name. + :param pulumi.Input[str] name: Name assigned to the attribute. :param pulumi.Input[int] not_evaluated_count: The number of container that are not evaluated. :param pulumi.Input[Sequence[pulumi.Input[str]]] policies: The service's policies; an array of container firewall policy names. :param pulumi.Input[int] priority: Rules priority, must be between 1-100. @@ -865,7 +865,7 @@ def monitoring(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter def name(self) -> pulumi.Output[str]: """ - The name of the service. It is recommended not to use whitespace characters in the name. + Name assigned to the attribute. """ return pulumi.get(self, "name") diff --git a/sdk/python/pulumiverse_aquasec/vmware_assurance_policy.py b/sdk/python/pulumiverse_aquasec/vmware_assurance_policy.py new file mode 100644 index 00000000..2267c06a --- /dev/null +++ b/sdk/python/pulumiverse_aquasec/vmware_assurance_policy.py @@ -0,0 +1,3833 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['VmwareAssurancePolicyArgs', 'VmwareAssurancePolicy'] + +@pulumi.input_type +class VmwareAssurancePolicyArgs: + def __init__(__self__, *, + application_scopes: pulumi.Input[Sequence[pulumi.Input[str]]], + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, + audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, + auto_scan_configured: Optional[pulumi.Input[bool]] = None, + auto_scan_enabled: Optional[pulumi.Input[bool]] = None, + auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyAutoScanTimeArgs']]]] = None, + blacklist_permissions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklist_permissions_enabled: Optional[pulumi.Input[bool]] = None, + blacklisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + block_failed: Optional[pulumi.Input[bool]] = None, + control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]]] = None, + custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, + custom_severity_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cves_white_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cvss_severity: Optional[pulumi.Input[str]] = None, + cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, + cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + disallow_malware: Optional[pulumi.Input[bool]] = None, + docker_cis_enabled: Optional[pulumi.Input[bool]] = None, + domain: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + dta_enabled: Optional[pulumi.Input[bool]] = None, + dta_severity: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, + forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyForbiddenLabelArgs']]]] = None, + forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, + force_microenforcer: Optional[pulumi.Input[bool]] = None, + function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, + ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, + ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, + malware_action: Optional[pulumi.Input[str]] = None, + maximum_score: Optional[pulumi.Input[float]] = None, + maximum_score_enabled: Optional[pulumi.Input[bool]] = None, + maximum_score_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]]] = None, + packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]]] = None, + partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['VmwareAssurancePolicyPolicySettingsArgs']] = None, + read_only: Optional[pulumi.Input[bool]] = None, + registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + registry: Optional[pulumi.Input[str]] = None, + required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyRequiredLabelArgs']]]] = None, + required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, + scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, + scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, + scap_enabled: Optional[pulumi.Input[bool]] = None, + scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeArgs']]]] = None, + trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]]] = None, + trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): + """ + The set of arguments for constructing a VmwareAssurancePolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. + :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. + :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. + :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses + :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. + :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. + :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. + :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. + :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. + :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]] kubernetes_controls: List of Kubernetes controls. + :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. + :param pulumi.Input[float] maximum_score: Value of allowed maximum score. + :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. + :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. + :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. + :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. + :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. + :param pulumi.Input[bool] scan_sensitive_data: Indicates if scan should include sensitive data in the image. + :param pulumi.Input[bool] scap_enabled: Indicates if scanning should include scap. + :param pulumi.Input[Sequence[pulumi.Input[str]]] scap_files: List of SCAP user scripts for checks. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]] trusted_base_images: List of trusted images. + :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. + :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + """ + pulumi.set(__self__, "application_scopes", application_scopes) + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) + if allowed_images is not None: + pulumi.set(__self__, "allowed_images", allowed_images) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) + if audit_on_failure is not None: + pulumi.set(__self__, "audit_on_failure", audit_on_failure) + if author is not None: + pulumi.set(__self__, "author", author) + if auto_scan_configured is not None: + pulumi.set(__self__, "auto_scan_configured", auto_scan_configured) + if auto_scan_enabled is not None: + pulumi.set(__self__, "auto_scan_enabled", auto_scan_enabled) + if auto_scan_times is not None: + pulumi.set(__self__, "auto_scan_times", auto_scan_times) + if blacklist_permissions is not None: + pulumi.set(__self__, "blacklist_permissions", blacklist_permissions) + if blacklist_permissions_enabled is not None: + pulumi.set(__self__, "blacklist_permissions_enabled", blacklist_permissions_enabled) + if blacklisted_licenses is not None: + pulumi.set(__self__, "blacklisted_licenses", blacklisted_licenses) + if blacklisted_licenses_enabled is not None: + pulumi.set(__self__, "blacklisted_licenses_enabled", blacklisted_licenses_enabled) + if block_failed is not None: + pulumi.set(__self__, "block_failed", block_failed) + if control_exclude_no_fix is not None: + pulumi.set(__self__, "control_exclude_no_fix", control_exclude_no_fix) + if custom_checks is not None: + pulumi.set(__self__, "custom_checks", custom_checks) + if custom_checks_enabled is not None: + pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) + if custom_severity_enabled is not None: + pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) + if cves_black_list_enabled is not None: + pulumi.set(__self__, "cves_black_list_enabled", cves_black_list_enabled) + if cves_black_lists is not None: + pulumi.set(__self__, "cves_black_lists", cves_black_lists) + if cves_white_list_enabled is not None: + pulumi.set(__self__, "cves_white_list_enabled", cves_white_list_enabled) + if cves_white_lists is not None: + pulumi.set(__self__, "cves_white_lists", cves_white_lists) + if cvss_severity is not None: + pulumi.set(__self__, "cvss_severity", cvss_severity) + if cvss_severity_enabled is not None: + pulumi.set(__self__, "cvss_severity_enabled", cvss_severity_enabled) + if cvss_severity_exclude_no_fix is not None: + pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) + if description is not None: + pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) + if disallow_malware is not None: + pulumi.set(__self__, "disallow_malware", disallow_malware) + if docker_cis_enabled is not None: + pulumi.set(__self__, "docker_cis_enabled", docker_cis_enabled) + if domain is not None: + pulumi.set(__self__, "domain", domain) + if domain_name is not None: + pulumi.set(__self__, "domain_name", domain_name) + if dta_enabled is not None: + pulumi.set(__self__, "dta_enabled", dta_enabled) + if dta_severity is not None: + pulumi.set(__self__, "dta_severity", dta_severity) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if enforce_after_days is not None: + pulumi.set(__self__, "enforce_after_days", enforce_after_days) + if enforce_excessive_permissions is not None: + pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) + if exceptional_monitored_malware_paths is not None: + pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if fail_cicd is not None: + pulumi.set(__self__, "fail_cicd", fail_cicd) + if forbidden_labels is not None: + pulumi.set(__self__, "forbidden_labels", forbidden_labels) + if forbidden_labels_enabled is not None: + pulumi.set(__self__, "forbidden_labels_enabled", forbidden_labels_enabled) + if force_microenforcer is not None: + pulumi.set(__self__, "force_microenforcer", force_microenforcer) + if function_integrity_enabled is not None: + pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) + if ignore_recently_published_vln is not None: + pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) + if ignore_recently_published_vln_period is not None: + pulumi.set(__self__, "ignore_recently_published_vln_period", ignore_recently_published_vln_period) + if ignore_risk_resources_enabled is not None: + pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) + if ignored_risk_resources is not None: + pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) + if images is not None: + pulumi.set(__self__, "images", images) + if kube_cis_enabled is not None: + pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) + if malware_action is not None: + pulumi.set(__self__, "malware_action", malware_action) + if maximum_score is not None: + pulumi.set(__self__, "maximum_score", maximum_score) + if maximum_score_enabled is not None: + pulumi.set(__self__, "maximum_score_enabled", maximum_score_enabled) + if maximum_score_exclude_no_fix is not None: + pulumi.set(__self__, "maximum_score_exclude_no_fix", maximum_score_exclude_no_fix) + if monitored_malware_paths is not None: + pulumi.set(__self__, "monitored_malware_paths", monitored_malware_paths) + if name is not None: + pulumi.set(__self__, "name", name) + if only_none_root_users is not None: + pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) + if packages_black_list_enabled is not None: + pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + if packages_white_list_enabled is not None: + pulumi.set(__self__, "packages_white_list_enabled", packages_white_list_enabled) + if packages_white_lists is not None: + pulumi.set(__self__, "packages_white_lists", packages_white_lists) + if partial_results_image_fail is not None: + pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if registries is not None: + pulumi.set(__self__, "registries", registries) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if required_labels is not None: + pulumi.set(__self__, "required_labels", required_labels) + if required_labels_enabled is not None: + pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) + if scan_nfs_mounts is not None: + pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) + if scan_sensitive_data is not None: + pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) + if scap_enabled is not None: + pulumi.set(__self__, "scap_enabled", scap_enabled) + if scap_files is not None: + pulumi.set(__self__, "scap_files", scap_files) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if trusted_base_images is not None: + pulumi.set(__self__, "trusted_base_images", trusted_base_images) + if trusted_base_images_enabled is not None: + pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) + if whitelisted_licenses is not None: + pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) + if whitelisted_licenses_enabled is not None: + pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + + @property + @pulumi.getter(name="applicationScopes") + def application_scopes(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + return pulumi.get(self, "application_scopes") + + @application_scopes.setter + def application_scopes(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "application_scopes", value) + + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + + @property + @pulumi.getter(name="allowedImages") + def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of explicitly allowed images. + """ + return pulumi.get(self, "allowed_images") + + @allowed_images.setter + def allowed_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowed_images", value) + + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + + @property + @pulumi.getter(name="auditOnFailure") + def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if auditing for failures. + """ + return pulumi.get(self, "audit_on_failure") + + @audit_on_failure.setter + def audit_on_failure(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_on_failure", value) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter(name="autoScanConfigured") + def auto_scan_configured(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "auto_scan_configured") + + @auto_scan_configured.setter + def auto_scan_configured(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "auto_scan_configured", value) + + @property + @pulumi.getter(name="autoScanEnabled") + def auto_scan_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "auto_scan_enabled") + + @auto_scan_enabled.setter + def auto_scan_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "auto_scan_enabled", value) + + @property + @pulumi.getter(name="autoScanTimes") + def auto_scan_times(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyAutoScanTimeArgs']]]]: + return pulumi.get(self, "auto_scan_times") + + @auto_scan_times.setter + def auto_scan_times(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyAutoScanTimeArgs']]]]): + pulumi.set(self, "auto_scan_times", value) + + @property + @pulumi.getter(name="blacklistPermissions") + def blacklist_permissions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of function's forbidden permissions. + """ + return pulumi.get(self, "blacklist_permissions") + + @blacklist_permissions.setter + def blacklist_permissions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "blacklist_permissions", value) + + @property + @pulumi.getter(name="blacklistPermissionsEnabled") + def blacklist_permissions_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if blacklist permissions is relevant. + """ + return pulumi.get(self, "blacklist_permissions_enabled") + + @blacklist_permissions_enabled.setter + def blacklist_permissions_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "blacklist_permissions_enabled", value) + + @property + @pulumi.getter(name="blacklistedLicenses") + def blacklisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of blacklisted licenses. + """ + return pulumi.get(self, "blacklisted_licenses") + + @blacklisted_licenses.setter + def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "blacklisted_licenses", value) + + @property + @pulumi.getter(name="blacklistedLicensesEnabled") + def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if license blacklist is relevant. + """ + return pulumi.get(self, "blacklisted_licenses_enabled") + + @blacklisted_licenses_enabled.setter + def blacklisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "blacklisted_licenses_enabled", value) + + @property + @pulumi.getter(name="blockFailed") + def block_failed(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if failed images are blocked. + """ + return pulumi.get(self, "block_failed") + + @block_failed.setter + def block_failed(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_failed", value) + + @property + @pulumi.getter(name="controlExcludeNoFix") + def control_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "control_exclude_no_fix") + + @control_exclude_no_fix.setter + def control_exclude_no_fix(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "control_exclude_no_fix", value) + + @property + @pulumi.getter(name="customChecks") + def custom_checks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]]]: + """ + List of Custom user scripts for checks. + """ + return pulumi.get(self, "custom_checks") + + @custom_checks.setter + def custom_checks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]]]): + pulumi.set(self, "custom_checks", value) + + @property + @pulumi.getter(name="customChecksEnabled") + def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if scanning should include custom checks. + """ + return pulumi.get(self, "custom_checks_enabled") + + @custom_checks_enabled.setter + def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "custom_checks_enabled", value) + + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + + @property + @pulumi.getter(name="customSeverityEnabled") + def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "custom_severity_enabled") + + @custom_severity_enabled.setter + def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "custom_severity_enabled", value) + + @property + @pulumi.getter(name="cvesBlackListEnabled") + def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if CVEs blacklist is relevant. + """ + return pulumi.get(self, "cves_black_list_enabled") + + @cves_black_list_enabled.setter + def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cves_black_list_enabled", value) + + @property + @pulumi.getter(name="cvesBlackLists") + def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of cves blacklisted items. + """ + return pulumi.get(self, "cves_black_lists") + + @cves_black_lists.setter + def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "cves_black_lists", value) + + @property + @pulumi.getter(name="cvesWhiteListEnabled") + def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if cves whitelist is relevant. + """ + return pulumi.get(self, "cves_white_list_enabled") + + @cves_white_list_enabled.setter + def cves_white_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cves_white_list_enabled", value) + + @property + @pulumi.getter(name="cvesWhiteLists") + def cves_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of cves whitelisted licenses + """ + return pulumi.get(self, "cves_white_lists") + + @cves_white_lists.setter + def cves_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "cves_white_lists", value) + + @property + @pulumi.getter(name="cvssSeverity") + def cvss_severity(self) -> Optional[pulumi.Input[str]]: + """ + Identifier of the cvss severity. + """ + return pulumi.get(self, "cvss_severity") + + @cvss_severity.setter + def cvss_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cvss_severity", value) + + @property + @pulumi.getter(name="cvssSeverityEnabled") + def cvss_severity_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if the cvss severity is scanned. + """ + return pulumi.get(self, "cvss_severity_enabled") + + @cvss_severity_enabled.setter + def cvss_severity_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cvss_severity_enabled", value) + + @property + @pulumi.getter(name="cvssSeverityExcludeNoFix") + def cvss_severity_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates that policy should ignore cvss cases that do not have a known fix. + """ + return pulumi.get(self, "cvss_severity_exclude_no_fix") + + @cvss_severity_exclude_no_fix.setter + def cvss_severity_exclude_no_fix(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cvss_severity_exclude_no_fix", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + + @property + @pulumi.getter(name="disallowMalware") + def disallow_malware(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if malware should block the image. + """ + return pulumi.get(self, "disallow_malware") + + @disallow_malware.setter + def disallow_malware(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disallow_malware", value) + + @property + @pulumi.getter(name="dockerCisEnabled") + def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ + return pulumi.get(self, "docker_cis_enabled") + + @docker_cis_enabled.setter + def docker_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "docker_cis_enabled", value) + + @property + @pulumi.getter + def domain(self) -> Optional[pulumi.Input[str]]: + """ + Name of the container image. + """ + return pulumi.get(self, "domain") + + @domain.setter + def domain(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "domain", value) + + @property + @pulumi.getter(name="domainName") + def domain_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "domain_name") + + @domain_name.setter + def domain_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "domain_name", value) + + @property + @pulumi.getter(name="dtaEnabled") + def dta_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "dta_enabled") + + @dta_enabled.setter + def dta_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "dta_enabled", value) + + @property + @pulumi.getter(name="dtaSeverity") + def dta_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "dta_severity") + + @dta_severity.setter + def dta_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "dta_severity", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="enforceAfterDays") + def enforce_after_days(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_after_days") + + @enforce_after_days.setter + def enforce_after_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_after_days", value) + + @property + @pulumi.getter(name="enforceExcessivePermissions") + def enforce_excessive_permissions(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce_excessive_permissions") + + @enforce_excessive_permissions.setter + def enforce_excessive_permissions(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce_excessive_permissions", value) + + @property + @pulumi.getter(name="exceptionalMonitoredMalwarePaths") + def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_malware_paths") + + @exceptional_monitored_malware_paths.setter + def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_malware_paths", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="failCicd") + def fail_cicd(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if cicd failures will fail the image. + """ + return pulumi.get(self, "fail_cicd") + + @fail_cicd.setter + def fail_cicd(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "fail_cicd", value) + + @property + @pulumi.getter(name="forbiddenLabels") + def forbidden_labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyForbiddenLabelArgs']]]]: + return pulumi.get(self, "forbidden_labels") + + @forbidden_labels.setter + def forbidden_labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyForbiddenLabelArgs']]]]): + pulumi.set(self, "forbidden_labels", value) + + @property + @pulumi.getter(name="forbiddenLabelsEnabled") + def forbidden_labels_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "forbidden_labels_enabled") + + @forbidden_labels_enabled.setter + def forbidden_labels_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "forbidden_labels_enabled", value) + + @property + @pulumi.getter(name="forceMicroenforcer") + def force_microenforcer(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "force_microenforcer") + + @force_microenforcer.setter + def force_microenforcer(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "force_microenforcer", value) + + @property + @pulumi.getter(name="functionIntegrityEnabled") + def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "function_integrity_enabled") + + @function_integrity_enabled.setter + def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "function_integrity_enabled", value) + + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + + @property + @pulumi.getter(name="ignoreRecentlyPublishedVln") + def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_recently_published_vln") + + @ignore_recently_published_vln.setter + def ignore_recently_published_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_recently_published_vln", value) + + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @ignore_recently_published_vln_period.setter + def ignore_recently_published_vln_period(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ignore_recently_published_vln_period", value) + + @property + @pulumi.getter(name="ignoreRiskResourcesEnabled") + def ignore_risk_resources_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if risk resources are ignored. + """ + return pulumi.get(self, "ignore_risk_resources_enabled") + + @ignore_risk_resources_enabled.setter + def ignore_risk_resources_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_risk_resources_enabled", value) + + @property + @pulumi.getter(name="ignoredRiskResources") + def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of ignored risk resources. + """ + return pulumi.get(self, "ignored_risk_resources") + + @ignored_risk_resources.setter + def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_risk_resources", value) + + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + + @property + @pulumi.getter + def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of images. + """ + return pulumi.get(self, "images") + + @images.setter + def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "images", value) + + @property + @pulumi.getter(name="kubeCisEnabled") + def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ + return pulumi.get(self, "kube_cis_enabled") + + @kube_cis_enabled.setter + def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "kube_cis_enabled", value) + + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of labels. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + + @property + @pulumi.getter(name="malwareAction") + def malware_action(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "malware_action") + + @malware_action.setter + def malware_action(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "malware_action", value) + + @property + @pulumi.getter(name="maximumScore") + def maximum_score(self) -> Optional[pulumi.Input[float]]: + """ + Value of allowed maximum score. + """ + return pulumi.get(self, "maximum_score") + + @maximum_score.setter + def maximum_score(self, value: Optional[pulumi.Input[float]]): + pulumi.set(self, "maximum_score", value) + + @property + @pulumi.getter(name="maximumScoreEnabled") + def maximum_score_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if exceeding the maximum score is scanned. + """ + return pulumi.get(self, "maximum_score_enabled") + + @maximum_score_enabled.setter + def maximum_score_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "maximum_score_enabled", value) + + @property + @pulumi.getter(name="maximumScoreExcludeNoFix") + def maximum_score_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "maximum_score_exclude_no_fix") + + @maximum_score_exclude_no_fix.setter + def maximum_score_exclude_no_fix(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "maximum_score_exclude_no_fix", value) + + @property + @pulumi.getter(name="monitoredMalwarePaths") + def monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_malware_paths") + + @monitored_malware_paths.setter + def monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_malware_paths", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="onlyNoneRootUsers") + def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if raise a warning for images that should only be run as root. + """ + return pulumi.get(self, "only_none_root_users") + + @only_none_root_users.setter + def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_none_root_users", value) + + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + + @property + @pulumi.getter(name="packagesBlackListEnabled") + def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if packages blacklist is relevant. + """ + return pulumi.get(self, "packages_black_list_enabled") + + @packages_black_list_enabled.setter + def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "packages_black_list_enabled", value) + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]]]: + """ + List of blacklisted images. + """ + return pulumi.get(self, "packages_black_lists") + + @packages_black_lists.setter + def packages_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]]]): + pulumi.set(self, "packages_black_lists", value) + + @property + @pulumi.getter(name="packagesWhiteListEnabled") + def packages_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if packages whitelist is relevant. + """ + return pulumi.get(self, "packages_white_list_enabled") + + @packages_white_list_enabled.setter + def packages_white_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "packages_white_list_enabled", value) + + @property + @pulumi.getter(name="packagesWhiteLists") + def packages_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]]]: + """ + List of whitelisted images. + """ + return pulumi.get(self, "packages_white_lists") + + @packages_white_lists.setter + def packages_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]]]): + pulumi.set(self, "packages_white_lists", value) + + @property + @pulumi.getter(name="partialResultsImageFail") + def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "partial_results_image_fail") + + @partial_results_image_fail.setter + def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "partial_results_image_fail", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['VmwareAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['VmwareAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") + + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) + + @property + @pulumi.getter + def registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registries. + """ + return pulumi.get(self, "registries") + + @registries.setter + def registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "registries", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="requiredLabels") + def required_labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyRequiredLabelArgs']]]]: + return pulumi.get(self, "required_labels") + + @required_labels.setter + def required_labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyRequiredLabelArgs']]]]): + pulumi.set(self, "required_labels", value) + + @property + @pulumi.getter(name="requiredLabelsEnabled") + def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "required_labels_enabled") + + @required_labels_enabled.setter + def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "required_labels_enabled", value) + + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + + @property + @pulumi.getter(name="scanNfsMounts") + def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_nfs_mounts") + + @scan_nfs_mounts.setter + def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_nfs_mounts", value) + + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + + @property + @pulumi.getter(name="scanSensitiveData") + def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if scan should include sensitive data in the image. + """ + return pulumi.get(self, "scan_sensitive_data") + + @scan_sensitive_data.setter + def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_sensitive_data", value) + + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + + @property + @pulumi.getter(name="scapEnabled") + def scap_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if scanning should include scap. + """ + return pulumi.get(self, "scap_enabled") + + @scap_enabled.setter + def scap_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scap_enabled", value) + + @property + @pulumi.getter(name="scapFiles") + def scap_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of SCAP user scripts for checks. + """ + return pulumi.get(self, "scap_files") + + @scap_files.setter + def scap_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "scap_files", value) + + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeArgs']]]]: + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + @property + @pulumi.getter(name="trustedBaseImages") + def trusted_base_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]]]: + """ + List of trusted images. + """ + return pulumi.get(self, "trusted_base_images") + + @trusted_base_images.setter + def trusted_base_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]]]): + pulumi.set(self, "trusted_base_images", value) + + @property + @pulumi.getter(name="trustedBaseImagesEnabled") + def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if list of trusted base images is relevant. + """ + return pulumi.get(self, "trusted_base_images_enabled") + + @trusted_base_images_enabled.setter + def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "trusted_base_images_enabled", value) + + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + + @property + @pulumi.getter(name="whitelistedLicenses") + def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of whitelisted licenses. + """ + return pulumi.get(self, "whitelisted_licenses") + + @whitelisted_licenses.setter + def whitelisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "whitelisted_licenses", value) + + @property + @pulumi.getter(name="whitelistedLicensesEnabled") + def whitelisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if license blacklist is relevant. + """ + return pulumi.get(self, "whitelisted_licenses_enabled") + + @whitelisted_licenses_enabled.setter + def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "whitelisted_licenses_enabled", value) + + +@pulumi.input_type +class _VmwareAssurancePolicyState: + def __init__(__self__, *, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, + audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, + auto_scan_configured: Optional[pulumi.Input[bool]] = None, + auto_scan_enabled: Optional[pulumi.Input[bool]] = None, + auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyAutoScanTimeArgs']]]] = None, + blacklist_permissions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklist_permissions_enabled: Optional[pulumi.Input[bool]] = None, + blacklisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + block_failed: Optional[pulumi.Input[bool]] = None, + control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]]] = None, + custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, + custom_severity_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cves_white_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cvss_severity: Optional[pulumi.Input[str]] = None, + cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, + cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + disallow_malware: Optional[pulumi.Input[bool]] = None, + docker_cis_enabled: Optional[pulumi.Input[bool]] = None, + domain: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + dta_enabled: Optional[pulumi.Input[bool]] = None, + dta_severity: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, + forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyForbiddenLabelArgs']]]] = None, + forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, + force_microenforcer: Optional[pulumi.Input[bool]] = None, + function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, + ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, + ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, + malware_action: Optional[pulumi.Input[str]] = None, + maximum_score: Optional[pulumi.Input[float]] = None, + maximum_score_enabled: Optional[pulumi.Input[bool]] = None, + maximum_score_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]]] = None, + packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]]] = None, + partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input['VmwareAssurancePolicyPolicySettingsArgs']] = None, + read_only: Optional[pulumi.Input[bool]] = None, + registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + registry: Optional[pulumi.Input[str]] = None, + required_labels: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyRequiredLabelArgs']]]] = None, + required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, + scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, + scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, + scap_enabled: Optional[pulumi.Input[bool]] = None, + scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeArgs']]]] = None, + trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]]] = None, + trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None): + """ + Input properties used for looking up and filtering VmwareAssurancePolicy resources. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. + :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. + :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]] custom_checks: List of Custom user scripts for checks. + :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses + :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. + :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. + :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. + :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. + :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. + :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]] kubernetes_controls: List of Kubernetes controls. + :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. + :param pulumi.Input[float] maximum_score: Value of allowed maximum score. + :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. + :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. + :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]] packages_black_lists: List of blacklisted images. + :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]] packages_white_lists: List of whitelisted images. + :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. + :param pulumi.Input[bool] scan_sensitive_data: Indicates if scan should include sensitive data in the image. + :param pulumi.Input[bool] scap_enabled: Indicates if scanning should include scap. + :param pulumi.Input[Sequence[pulumi.Input[str]]] scap_files: List of SCAP user scripts for checks. + :param pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]] trusted_base_images: List of trusted images. + :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. + :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + """ + if aggregated_vulnerability is not None: + pulumi.set(__self__, "aggregated_vulnerability", aggregated_vulnerability) + if allowed_images is not None: + pulumi.set(__self__, "allowed_images", allowed_images) + if application_scopes is not None: + pulumi.set(__self__, "application_scopes", application_scopes) + if assurance_type is not None: + pulumi.set(__self__, "assurance_type", assurance_type) + if audit_on_failure is not None: + pulumi.set(__self__, "audit_on_failure", audit_on_failure) + if author is not None: + pulumi.set(__self__, "author", author) + if auto_scan_configured is not None: + pulumi.set(__self__, "auto_scan_configured", auto_scan_configured) + if auto_scan_enabled is not None: + pulumi.set(__self__, "auto_scan_enabled", auto_scan_enabled) + if auto_scan_times is not None: + pulumi.set(__self__, "auto_scan_times", auto_scan_times) + if blacklist_permissions is not None: + pulumi.set(__self__, "blacklist_permissions", blacklist_permissions) + if blacklist_permissions_enabled is not None: + pulumi.set(__self__, "blacklist_permissions_enabled", blacklist_permissions_enabled) + if blacklisted_licenses is not None: + pulumi.set(__self__, "blacklisted_licenses", blacklisted_licenses) + if blacklisted_licenses_enabled is not None: + pulumi.set(__self__, "blacklisted_licenses_enabled", blacklisted_licenses_enabled) + if block_failed is not None: + pulumi.set(__self__, "block_failed", block_failed) + if control_exclude_no_fix is not None: + pulumi.set(__self__, "control_exclude_no_fix", control_exclude_no_fix) + if custom_checks is not None: + pulumi.set(__self__, "custom_checks", custom_checks) + if custom_checks_enabled is not None: + pulumi.set(__self__, "custom_checks_enabled", custom_checks_enabled) + if custom_severity is not None: + pulumi.set(__self__, "custom_severity", custom_severity) + if custom_severity_enabled is not None: + pulumi.set(__self__, "custom_severity_enabled", custom_severity_enabled) + if cves_black_list_enabled is not None: + pulumi.set(__self__, "cves_black_list_enabled", cves_black_list_enabled) + if cves_black_lists is not None: + pulumi.set(__self__, "cves_black_lists", cves_black_lists) + if cves_white_list_enabled is not None: + pulumi.set(__self__, "cves_white_list_enabled", cves_white_list_enabled) + if cves_white_lists is not None: + pulumi.set(__self__, "cves_white_lists", cves_white_lists) + if cvss_severity is not None: + pulumi.set(__self__, "cvss_severity", cvss_severity) + if cvss_severity_enabled is not None: + pulumi.set(__self__, "cvss_severity_enabled", cvss_severity_enabled) + if cvss_severity_exclude_no_fix is not None: + pulumi.set(__self__, "cvss_severity_exclude_no_fix", cvss_severity_exclude_no_fix) + if description is not None: + pulumi.set(__self__, "description", description) + if disallow_exploit_types is not None: + pulumi.set(__self__, "disallow_exploit_types", disallow_exploit_types) + if disallow_malware is not None: + pulumi.set(__self__, "disallow_malware", disallow_malware) + if docker_cis_enabled is not None: + pulumi.set(__self__, "docker_cis_enabled", docker_cis_enabled) + if domain is not None: + pulumi.set(__self__, "domain", domain) + if domain_name is not None: + pulumi.set(__self__, "domain_name", domain_name) + if dta_enabled is not None: + pulumi.set(__self__, "dta_enabled", dta_enabled) + if dta_severity is not None: + pulumi.set(__self__, "dta_severity", dta_severity) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if enforce is not None: + pulumi.set(__self__, "enforce", enforce) + if enforce_after_days is not None: + pulumi.set(__self__, "enforce_after_days", enforce_after_days) + if enforce_excessive_permissions is not None: + pulumi.set(__self__, "enforce_excessive_permissions", enforce_excessive_permissions) + if exceptional_monitored_malware_paths is not None: + pulumi.set(__self__, "exceptional_monitored_malware_paths", exceptional_monitored_malware_paths) + if exclude_application_scopes is not None: + pulumi.set(__self__, "exclude_application_scopes", exclude_application_scopes) + if fail_cicd is not None: + pulumi.set(__self__, "fail_cicd", fail_cicd) + if forbidden_labels is not None: + pulumi.set(__self__, "forbidden_labels", forbidden_labels) + if forbidden_labels_enabled is not None: + pulumi.set(__self__, "forbidden_labels_enabled", forbidden_labels_enabled) + if force_microenforcer is not None: + pulumi.set(__self__, "force_microenforcer", force_microenforcer) + if function_integrity_enabled is not None: + pulumi.set(__self__, "function_integrity_enabled", function_integrity_enabled) + if ignore_base_image_vln is not None: + pulumi.set(__self__, "ignore_base_image_vln", ignore_base_image_vln) + if ignore_recently_published_vln is not None: + pulumi.set(__self__, "ignore_recently_published_vln", ignore_recently_published_vln) + if ignore_recently_published_vln_period is not None: + pulumi.set(__self__, "ignore_recently_published_vln_period", ignore_recently_published_vln_period) + if ignore_risk_resources_enabled is not None: + pulumi.set(__self__, "ignore_risk_resources_enabled", ignore_risk_resources_enabled) + if ignored_risk_resources is not None: + pulumi.set(__self__, "ignored_risk_resources", ignored_risk_resources) + if ignored_sensitive_resources is not None: + pulumi.set(__self__, "ignored_sensitive_resources", ignored_sensitive_resources) + if images is not None: + pulumi.set(__self__, "images", images) + if kube_cis_enabled is not None: + pulumi.set(__self__, "kube_cis_enabled", kube_cis_enabled) + if kubernetes_controls is not None: + pulumi.set(__self__, "kubernetes_controls", kubernetes_controls) + if kubernetes_controls_avd_ids is not None: + pulumi.set(__self__, "kubernetes_controls_avd_ids", kubernetes_controls_avd_ids) + if kubernetes_controls_names is not None: + pulumi.set(__self__, "kubernetes_controls_names", kubernetes_controls_names) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if lastupdate is not None: + pulumi.set(__self__, "lastupdate", lastupdate) + if linux_cis_enabled is not None: + pulumi.set(__self__, "linux_cis_enabled", linux_cis_enabled) + if malware_action is not None: + pulumi.set(__self__, "malware_action", malware_action) + if maximum_score is not None: + pulumi.set(__self__, "maximum_score", maximum_score) + if maximum_score_enabled is not None: + pulumi.set(__self__, "maximum_score_enabled", maximum_score_enabled) + if maximum_score_exclude_no_fix is not None: + pulumi.set(__self__, "maximum_score_exclude_no_fix", maximum_score_exclude_no_fix) + if monitored_malware_paths is not None: + pulumi.set(__self__, "monitored_malware_paths", monitored_malware_paths) + if name is not None: + pulumi.set(__self__, "name", name) + if only_none_root_users is not None: + pulumi.set(__self__, "only_none_root_users", only_none_root_users) + if openshift_hardening_enabled is not None: + pulumi.set(__self__, "openshift_hardening_enabled", openshift_hardening_enabled) + if packages_black_list_enabled is not None: + pulumi.set(__self__, "packages_black_list_enabled", packages_black_list_enabled) + if packages_black_lists is not None: + pulumi.set(__self__, "packages_black_lists", packages_black_lists) + if packages_white_list_enabled is not None: + pulumi.set(__self__, "packages_white_list_enabled", packages_white_list_enabled) + if packages_white_lists is not None: + pulumi.set(__self__, "packages_white_lists", packages_white_lists) + if partial_results_image_fail is not None: + pulumi.set(__self__, "partial_results_image_fail", partial_results_image_fail) + if permission is not None: + pulumi.set(__self__, "permission", permission) + if policy_settings is not None: + pulumi.set(__self__, "policy_settings", policy_settings) + if read_only is not None: + pulumi.set(__self__, "read_only", read_only) + if registries is not None: + pulumi.set(__self__, "registries", registries) + if registry is not None: + pulumi.set(__self__, "registry", registry) + if required_labels is not None: + pulumi.set(__self__, "required_labels", required_labels) + if required_labels_enabled is not None: + pulumi.set(__self__, "required_labels_enabled", required_labels_enabled) + if scan_malware_in_archives is not None: + pulumi.set(__self__, "scan_malware_in_archives", scan_malware_in_archives) + if scan_nfs_mounts is not None: + pulumi.set(__self__, "scan_nfs_mounts", scan_nfs_mounts) + if scan_process_memory is not None: + pulumi.set(__self__, "scan_process_memory", scan_process_memory) + if scan_sensitive_data is not None: + pulumi.set(__self__, "scan_sensitive_data", scan_sensitive_data) + if scan_windows_registry is not None: + pulumi.set(__self__, "scan_windows_registry", scan_windows_registry) + if scap_enabled is not None: + pulumi.set(__self__, "scap_enabled", scap_enabled) + if scap_files is not None: + pulumi.set(__self__, "scap_files", scap_files) + if scopes is not None: + pulumi.set(__self__, "scopes", scopes) + if trusted_base_images is not None: + pulumi.set(__self__, "trusted_base_images", trusted_base_images) + if trusted_base_images_enabled is not None: + pulumi.set(__self__, "trusted_base_images_enabled", trusted_base_images_enabled) + if vulnerability_exploitability is not None: + pulumi.set(__self__, "vulnerability_exploitability", vulnerability_exploitability) + if vulnerability_score_ranges is not None: + pulumi.set(__self__, "vulnerability_score_ranges", vulnerability_score_ranges) + if whitelisted_licenses is not None: + pulumi.set(__self__, "whitelisted_licenses", whitelisted_licenses) + if whitelisted_licenses_enabled is not None: + pulumi.set(__self__, "whitelisted_licenses_enabled", whitelisted_licenses_enabled) + + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @aggregated_vulnerability.setter + def aggregated_vulnerability(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "aggregated_vulnerability", value) + + @property + @pulumi.getter(name="allowedImages") + def allowed_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of explicitly allowed images. + """ + return pulumi.get(self, "allowed_images") + + @allowed_images.setter + def allowed_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "allowed_images", value) + + @property + @pulumi.getter(name="applicationScopes") + def application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "application_scopes") + + @application_scopes.setter + def application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "application_scopes", value) + + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> Optional[pulumi.Input[str]]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @assurance_type.setter + def assurance_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assurance_type", value) + + @property + @pulumi.getter(name="auditOnFailure") + def audit_on_failure(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if auditing for failures. + """ + return pulumi.get(self, "audit_on_failure") + + @audit_on_failure.setter + def audit_on_failure(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "audit_on_failure", value) + + @property + @pulumi.getter + def author(self) -> Optional[pulumi.Input[str]]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @author.setter + def author(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "author", value) + + @property + @pulumi.getter(name="autoScanConfigured") + def auto_scan_configured(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "auto_scan_configured") + + @auto_scan_configured.setter + def auto_scan_configured(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "auto_scan_configured", value) + + @property + @pulumi.getter(name="autoScanEnabled") + def auto_scan_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "auto_scan_enabled") + + @auto_scan_enabled.setter + def auto_scan_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "auto_scan_enabled", value) + + @property + @pulumi.getter(name="autoScanTimes") + def auto_scan_times(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyAutoScanTimeArgs']]]]: + return pulumi.get(self, "auto_scan_times") + + @auto_scan_times.setter + def auto_scan_times(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyAutoScanTimeArgs']]]]): + pulumi.set(self, "auto_scan_times", value) + + @property + @pulumi.getter(name="blacklistPermissions") + def blacklist_permissions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of function's forbidden permissions. + """ + return pulumi.get(self, "blacklist_permissions") + + @blacklist_permissions.setter + def blacklist_permissions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "blacklist_permissions", value) + + @property + @pulumi.getter(name="blacklistPermissionsEnabled") + def blacklist_permissions_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if blacklist permissions is relevant. + """ + return pulumi.get(self, "blacklist_permissions_enabled") + + @blacklist_permissions_enabled.setter + def blacklist_permissions_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "blacklist_permissions_enabled", value) + + @property + @pulumi.getter(name="blacklistedLicenses") + def blacklisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of blacklisted licenses. + """ + return pulumi.get(self, "blacklisted_licenses") + + @blacklisted_licenses.setter + def blacklisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "blacklisted_licenses", value) + + @property + @pulumi.getter(name="blacklistedLicensesEnabled") + def blacklisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if license blacklist is relevant. + """ + return pulumi.get(self, "blacklisted_licenses_enabled") + + @blacklisted_licenses_enabled.setter + def blacklisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "blacklisted_licenses_enabled", value) + + @property + @pulumi.getter(name="blockFailed") + def block_failed(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if failed images are blocked. + """ + return pulumi.get(self, "block_failed") + + @block_failed.setter + def block_failed(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "block_failed", value) + + @property + @pulumi.getter(name="controlExcludeNoFix") + def control_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "control_exclude_no_fix") + + @control_exclude_no_fix.setter + def control_exclude_no_fix(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "control_exclude_no_fix", value) + + @property + @pulumi.getter(name="customChecks") + def custom_checks(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]]]: + """ + List of Custom user scripts for checks. + """ + return pulumi.get(self, "custom_checks") + + @custom_checks.setter + def custom_checks(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyCustomCheckArgs']]]]): + pulumi.set(self, "custom_checks", value) + + @property + @pulumi.getter(name="customChecksEnabled") + def custom_checks_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if scanning should include custom checks. + """ + return pulumi.get(self, "custom_checks_enabled") + + @custom_checks_enabled.setter + def custom_checks_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "custom_checks_enabled", value) + + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "custom_severity") + + @custom_severity.setter + def custom_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "custom_severity", value) + + @property + @pulumi.getter(name="customSeverityEnabled") + def custom_severity_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "custom_severity_enabled") + + @custom_severity_enabled.setter + def custom_severity_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "custom_severity_enabled", value) + + @property + @pulumi.getter(name="cvesBlackListEnabled") + def cves_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if CVEs blacklist is relevant. + """ + return pulumi.get(self, "cves_black_list_enabled") + + @cves_black_list_enabled.setter + def cves_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cves_black_list_enabled", value) + + @property + @pulumi.getter(name="cvesBlackLists") + def cves_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of cves blacklisted items. + """ + return pulumi.get(self, "cves_black_lists") + + @cves_black_lists.setter + def cves_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "cves_black_lists", value) + + @property + @pulumi.getter(name="cvesWhiteListEnabled") + def cves_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if cves whitelist is relevant. + """ + return pulumi.get(self, "cves_white_list_enabled") + + @cves_white_list_enabled.setter + def cves_white_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cves_white_list_enabled", value) + + @property + @pulumi.getter(name="cvesWhiteLists") + def cves_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of cves whitelisted licenses + """ + return pulumi.get(self, "cves_white_lists") + + @cves_white_lists.setter + def cves_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "cves_white_lists", value) + + @property + @pulumi.getter(name="cvssSeverity") + def cvss_severity(self) -> Optional[pulumi.Input[str]]: + """ + Identifier of the cvss severity. + """ + return pulumi.get(self, "cvss_severity") + + @cvss_severity.setter + def cvss_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "cvss_severity", value) + + @property + @pulumi.getter(name="cvssSeverityEnabled") + def cvss_severity_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if the cvss severity is scanned. + """ + return pulumi.get(self, "cvss_severity_enabled") + + @cvss_severity_enabled.setter + def cvss_severity_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cvss_severity_enabled", value) + + @property + @pulumi.getter(name="cvssSeverityExcludeNoFix") + def cvss_severity_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates that policy should ignore cvss cases that do not have a known fix. + """ + return pulumi.get(self, "cvss_severity_exclude_no_fix") + + @cvss_severity_exclude_no_fix.setter + def cvss_severity_exclude_no_fix(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "cvss_severity_exclude_no_fix", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "disallow_exploit_types") + + @disallow_exploit_types.setter + def disallow_exploit_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "disallow_exploit_types", value) + + @property + @pulumi.getter(name="disallowMalware") + def disallow_malware(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if malware should block the image. + """ + return pulumi.get(self, "disallow_malware") + + @disallow_malware.setter + def disallow_malware(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "disallow_malware", value) + + @property + @pulumi.getter(name="dockerCisEnabled") + def docker_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ + return pulumi.get(self, "docker_cis_enabled") + + @docker_cis_enabled.setter + def docker_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "docker_cis_enabled", value) + + @property + @pulumi.getter + def domain(self) -> Optional[pulumi.Input[str]]: + """ + Name of the container image. + """ + return pulumi.get(self, "domain") + + @domain.setter + def domain(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "domain", value) + + @property + @pulumi.getter(name="domainName") + def domain_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "domain_name") + + @domain_name.setter + def domain_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "domain_name", value) + + @property + @pulumi.getter(name="dtaEnabled") + def dta_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "dta_enabled") + + @dta_enabled.setter + def dta_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "dta_enabled", value) + + @property + @pulumi.getter(name="dtaSeverity") + def dta_severity(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "dta_severity") + + @dta_severity.setter + def dta_severity(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "dta_severity", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def enforce(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce") + + @enforce.setter + def enforce(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce", value) + + @property + @pulumi.getter(name="enforceAfterDays") + def enforce_after_days(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "enforce_after_days") + + @enforce_after_days.setter + def enforce_after_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "enforce_after_days", value) + + @property + @pulumi.getter(name="enforceExcessivePermissions") + def enforce_excessive_permissions(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "enforce_excessive_permissions") + + @enforce_excessive_permissions.setter + def enforce_excessive_permissions(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enforce_excessive_permissions", value) + + @property + @pulumi.getter(name="exceptionalMonitoredMalwarePaths") + def exceptional_monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exceptional_monitored_malware_paths") + + @exceptional_monitored_malware_paths.setter + def exceptional_monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exceptional_monitored_malware_paths", value) + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "exclude_application_scopes") + + @exclude_application_scopes.setter + def exclude_application_scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "exclude_application_scopes", value) + + @property + @pulumi.getter(name="failCicd") + def fail_cicd(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if cicd failures will fail the image. + """ + return pulumi.get(self, "fail_cicd") + + @fail_cicd.setter + def fail_cicd(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "fail_cicd", value) + + @property + @pulumi.getter(name="forbiddenLabels") + def forbidden_labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyForbiddenLabelArgs']]]]: + return pulumi.get(self, "forbidden_labels") + + @forbidden_labels.setter + def forbidden_labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyForbiddenLabelArgs']]]]): + pulumi.set(self, "forbidden_labels", value) + + @property + @pulumi.getter(name="forbiddenLabelsEnabled") + def forbidden_labels_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "forbidden_labels_enabled") + + @forbidden_labels_enabled.setter + def forbidden_labels_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "forbidden_labels_enabled", value) + + @property + @pulumi.getter(name="forceMicroenforcer") + def force_microenforcer(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "force_microenforcer") + + @force_microenforcer.setter + def force_microenforcer(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "force_microenforcer", value) + + @property + @pulumi.getter(name="functionIntegrityEnabled") + def function_integrity_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "function_integrity_enabled") + + @function_integrity_enabled.setter + def function_integrity_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "function_integrity_enabled", value) + + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @ignore_base_image_vln.setter + def ignore_base_image_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_base_image_vln", value) + + @property + @pulumi.getter(name="ignoreRecentlyPublishedVln") + def ignore_recently_published_vln(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "ignore_recently_published_vln") + + @ignore_recently_published_vln.setter + def ignore_recently_published_vln(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_recently_published_vln", value) + + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @ignore_recently_published_vln_period.setter + def ignore_recently_published_vln_period(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "ignore_recently_published_vln_period", value) + + @property + @pulumi.getter(name="ignoreRiskResourcesEnabled") + def ignore_risk_resources_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if risk resources are ignored. + """ + return pulumi.get(self, "ignore_risk_resources_enabled") + + @ignore_risk_resources_enabled.setter + def ignore_risk_resources_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_risk_resources_enabled", value) + + @property + @pulumi.getter(name="ignoredRiskResources") + def ignored_risk_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of ignored risk resources. + """ + return pulumi.get(self, "ignored_risk_resources") + + @ignored_risk_resources.setter + def ignored_risk_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_risk_resources", value) + + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @ignored_sensitive_resources.setter + def ignored_sensitive_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ignored_sensitive_resources", value) + + @property + @pulumi.getter + def images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of images. + """ + return pulumi.get(self, "images") + + @images.setter + def images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "images", value) + + @property + @pulumi.getter(name="kubeCisEnabled") + def kube_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ + return pulumi.get(self, "kube_cis_enabled") + + @kube_cis_enabled.setter + def kube_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "kube_cis_enabled", value) + + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @kubernetes_controls.setter + def kubernetes_controls(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyKubernetesControlArgs']]]]): + pulumi.set(self, "kubernetes_controls", value) + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @kubernetes_controls_avd_ids.setter + def kubernetes_controls_avd_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_avd_ids", value) + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @kubernetes_controls_names.setter + def kubernetes_controls_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "kubernetes_controls_names", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of labels. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def lastupdate(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "lastupdate") + + @lastupdate.setter + def lastupdate(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "lastupdate", value) + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @linux_cis_enabled.setter + def linux_cis_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "linux_cis_enabled", value) + + @property + @pulumi.getter(name="malwareAction") + def malware_action(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "malware_action") + + @malware_action.setter + def malware_action(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "malware_action", value) + + @property + @pulumi.getter(name="maximumScore") + def maximum_score(self) -> Optional[pulumi.Input[float]]: + """ + Value of allowed maximum score. + """ + return pulumi.get(self, "maximum_score") + + @maximum_score.setter + def maximum_score(self, value: Optional[pulumi.Input[float]]): + pulumi.set(self, "maximum_score", value) + + @property + @pulumi.getter(name="maximumScoreEnabled") + def maximum_score_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if exceeding the maximum score is scanned. + """ + return pulumi.get(self, "maximum_score_enabled") + + @maximum_score_enabled.setter + def maximum_score_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "maximum_score_enabled", value) + + @property + @pulumi.getter(name="maximumScoreExcludeNoFix") + def maximum_score_exclude_no_fix(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "maximum_score_exclude_no_fix") + + @maximum_score_exclude_no_fix.setter + def maximum_score_exclude_no_fix(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "maximum_score_exclude_no_fix", value) + + @property + @pulumi.getter(name="monitoredMalwarePaths") + def monitored_malware_paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + return pulumi.get(self, "monitored_malware_paths") + + @monitored_malware_paths.setter + def monitored_malware_paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "monitored_malware_paths", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter(name="onlyNoneRootUsers") + def only_none_root_users(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if raise a warning for images that should only be run as root. + """ + return pulumi.get(self, "only_none_root_users") + + @only_none_root_users.setter + def only_none_root_users(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "only_none_root_users", value) + + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @openshift_hardening_enabled.setter + def openshift_hardening_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "openshift_hardening_enabled", value) + + @property + @pulumi.getter(name="packagesBlackListEnabled") + def packages_black_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if packages blacklist is relevant. + """ + return pulumi.get(self, "packages_black_list_enabled") + + @packages_black_list_enabled.setter + def packages_black_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "packages_black_list_enabled", value) + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]]]: + """ + List of blacklisted images. + """ + return pulumi.get(self, "packages_black_lists") + + @packages_black_lists.setter + def packages_black_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesBlackListArgs']]]]): + pulumi.set(self, "packages_black_lists", value) + + @property + @pulumi.getter(name="packagesWhiteListEnabled") + def packages_white_list_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if packages whitelist is relevant. + """ + return pulumi.get(self, "packages_white_list_enabled") + + @packages_white_list_enabled.setter + def packages_white_list_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "packages_white_list_enabled", value) + + @property + @pulumi.getter(name="packagesWhiteLists") + def packages_white_lists(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]]]: + """ + List of whitelisted images. + """ + return pulumi.get(self, "packages_white_lists") + + @packages_white_lists.setter + def packages_white_lists(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyPackagesWhiteListArgs']]]]): + pulumi.set(self, "packages_white_lists", value) + + @property + @pulumi.getter(name="partialResultsImageFail") + def partial_results_image_fail(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "partial_results_image_fail") + + @partial_results_image_fail.setter + def partial_results_image_fail(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "partial_results_image_fail", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> Optional[pulumi.Input['VmwareAssurancePolicyPolicySettingsArgs']]: + return pulumi.get(self, "policy_settings") + + @policy_settings.setter + def policy_settings(self, value: Optional[pulumi.Input['VmwareAssurancePolicyPolicySettingsArgs']]): + pulumi.set(self, "policy_settings", value) + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "read_only") + + @read_only.setter + def read_only(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "read_only", value) + + @property + @pulumi.getter + def registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of registries. + """ + return pulumi.get(self, "registries") + + @registries.setter + def registries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "registries", value) + + @property + @pulumi.getter + def registry(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "registry") + + @registry.setter + def registry(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "registry", value) + + @property + @pulumi.getter(name="requiredLabels") + def required_labels(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyRequiredLabelArgs']]]]: + return pulumi.get(self, "required_labels") + + @required_labels.setter + def required_labels(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyRequiredLabelArgs']]]]): + pulumi.set(self, "required_labels", value) + + @property + @pulumi.getter(name="requiredLabelsEnabled") + def required_labels_enabled(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "required_labels_enabled") + + @required_labels_enabled.setter + def required_labels_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "required_labels_enabled", value) + + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @scan_malware_in_archives.setter + def scan_malware_in_archives(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_malware_in_archives", value) + + @property + @pulumi.getter(name="scanNfsMounts") + def scan_nfs_mounts(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_nfs_mounts") + + @scan_nfs_mounts.setter + def scan_nfs_mounts(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_nfs_mounts", value) + + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_process_memory") + + @scan_process_memory.setter + def scan_process_memory(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_process_memory", value) + + @property + @pulumi.getter(name="scanSensitiveData") + def scan_sensitive_data(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if scan should include sensitive data in the image. + """ + return pulumi.get(self, "scan_sensitive_data") + + @scan_sensitive_data.setter + def scan_sensitive_data(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_sensitive_data", value) + + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @scan_windows_registry.setter + def scan_windows_registry(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scan_windows_registry", value) + + @property + @pulumi.getter(name="scapEnabled") + def scap_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if scanning should include scap. + """ + return pulumi.get(self, "scap_enabled") + + @scap_enabled.setter + def scap_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "scap_enabled", value) + + @property + @pulumi.getter(name="scapFiles") + def scap_files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of SCAP user scripts for checks. + """ + return pulumi.get(self, "scap_files") + + @scap_files.setter + def scap_files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "scap_files", value) + + @property + @pulumi.getter + def scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeArgs']]]]: + return pulumi.get(self, "scopes") + + @scopes.setter + def scopes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyScopeArgs']]]]): + pulumi.set(self, "scopes", value) + + @property + @pulumi.getter(name="trustedBaseImages") + def trusted_base_images(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]]]: + """ + List of trusted images. + """ + return pulumi.get(self, "trusted_base_images") + + @trusted_base_images.setter + def trusted_base_images(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['VmwareAssurancePolicyTrustedBaseImageArgs']]]]): + pulumi.set(self, "trusted_base_images", value) + + @property + @pulumi.getter(name="trustedBaseImagesEnabled") + def trusted_base_images_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if list of trusted base images is relevant. + """ + return pulumi.get(self, "trusted_base_images_enabled") + + @trusted_base_images_enabled.setter + def trusted_base_images_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "trusted_base_images_enabled", value) + + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> Optional[pulumi.Input[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @vulnerability_exploitability.setter + def vulnerability_exploitability(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "vulnerability_exploitability", value) + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @vulnerability_score_ranges.setter + def vulnerability_score_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]]): + pulumi.set(self, "vulnerability_score_ranges", value) + + @property + @pulumi.getter(name="whitelistedLicenses") + def whitelisted_licenses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of whitelisted licenses. + """ + return pulumi.get(self, "whitelisted_licenses") + + @whitelisted_licenses.setter + def whitelisted_licenses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "whitelisted_licenses", value) + + @property + @pulumi.getter(name="whitelistedLicensesEnabled") + def whitelisted_licenses_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Indicates if license blacklist is relevant. + """ + return pulumi.get(self, "whitelisted_licenses_enabled") + + @whitelisted_licenses_enabled.setter + def whitelisted_licenses_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "whitelisted_licenses_enabled", value) + + +class VmwareAssurancePolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, + audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, + auto_scan_configured: Optional[pulumi.Input[bool]] = None, + auto_scan_enabled: Optional[pulumi.Input[bool]] = None, + auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyAutoScanTimeArgs']]]]] = None, + blacklist_permissions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklist_permissions_enabled: Optional[pulumi.Input[bool]] = None, + blacklisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + block_failed: Optional[pulumi.Input[bool]] = None, + control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyCustomCheckArgs']]]]] = None, + custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, + custom_severity_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cves_white_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cvss_severity: Optional[pulumi.Input[str]] = None, + cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, + cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + disallow_malware: Optional[pulumi.Input[bool]] = None, + docker_cis_enabled: Optional[pulumi.Input[bool]] = None, + domain: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + dta_enabled: Optional[pulumi.Input[bool]] = None, + dta_severity: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, + forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyForbiddenLabelArgs']]]]] = None, + forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, + force_microenforcer: Optional[pulumi.Input[bool]] = None, + function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, + ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, + ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, + malware_action: Optional[pulumi.Input[str]] = None, + maximum_score: Optional[pulumi.Input[float]] = None, + maximum_score_enabled: Optional[pulumi.Input[bool]] = None, + maximum_score_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesBlackListArgs']]]]] = None, + packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesWhiteListArgs']]]]] = None, + partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPolicySettingsArgs']]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + registry: Optional[pulumi.Input[str]] = None, + required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyRequiredLabelArgs']]]]] = None, + required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, + scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, + scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, + scap_enabled: Optional[pulumi.Input[bool]] = None, + scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyScopeArgs']]]]] = None, + trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyTrustedBaseImageArgs']]]]] = None, + trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + __props__=None): + """ + Create a VmwareAssurancePolicy resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. + :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. + :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. + :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses + :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. + :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. + :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. + :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. + :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. + :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyKubernetesControlArgs']]]] kubernetes_controls: List of Kubernetes controls. + :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. + :param pulumi.Input[float] maximum_score: Value of allowed maximum score. + :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. + :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. + :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. + :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. + :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. + :param pulumi.Input[bool] scan_sensitive_data: Indicates if scan should include sensitive data in the image. + :param pulumi.Input[bool] scap_enabled: Indicates if scanning should include scap. + :param pulumi.Input[Sequence[pulumi.Input[str]]] scap_files: List of SCAP user scripts for checks. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyTrustedBaseImageArgs']]]] trusted_base_images: List of trusted images. + :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. + :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: VmwareAssurancePolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Create a VmwareAssurancePolicy resource with the given unique name, props, and options. + :param str resource_name: The name of the resource. + :param VmwareAssurancePolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(VmwareAssurancePolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, + audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, + auto_scan_configured: Optional[pulumi.Input[bool]] = None, + auto_scan_enabled: Optional[pulumi.Input[bool]] = None, + auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyAutoScanTimeArgs']]]]] = None, + blacklist_permissions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklist_permissions_enabled: Optional[pulumi.Input[bool]] = None, + blacklisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + block_failed: Optional[pulumi.Input[bool]] = None, + control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyCustomCheckArgs']]]]] = None, + custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, + custom_severity_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cves_white_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cvss_severity: Optional[pulumi.Input[str]] = None, + cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, + cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + disallow_malware: Optional[pulumi.Input[bool]] = None, + docker_cis_enabled: Optional[pulumi.Input[bool]] = None, + domain: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + dta_enabled: Optional[pulumi.Input[bool]] = None, + dta_severity: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, + forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyForbiddenLabelArgs']]]]] = None, + forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, + force_microenforcer: Optional[pulumi.Input[bool]] = None, + function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, + ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, + ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, + malware_action: Optional[pulumi.Input[str]] = None, + maximum_score: Optional[pulumi.Input[float]] = None, + maximum_score_enabled: Optional[pulumi.Input[bool]] = None, + maximum_score_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesBlackListArgs']]]]] = None, + packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesWhiteListArgs']]]]] = None, + partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPolicySettingsArgs']]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + registry: Optional[pulumi.Input[str]] = None, + required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyRequiredLabelArgs']]]]] = None, + required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, + scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, + scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, + scap_enabled: Optional[pulumi.Input[bool]] = None, + scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyScopeArgs']]]]] = None, + trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyTrustedBaseImageArgs']]]]] = None, + trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = VmwareAssurancePolicyArgs.__new__(VmwareAssurancePolicyArgs) + + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability + __props__.__dict__["allowed_images"] = allowed_images + if application_scopes is None and not opts.urn: + raise TypeError("Missing required property 'application_scopes'") + __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type + __props__.__dict__["audit_on_failure"] = audit_on_failure + __props__.__dict__["author"] = author + __props__.__dict__["auto_scan_configured"] = auto_scan_configured + __props__.__dict__["auto_scan_enabled"] = auto_scan_enabled + __props__.__dict__["auto_scan_times"] = auto_scan_times + __props__.__dict__["blacklist_permissions"] = blacklist_permissions + __props__.__dict__["blacklist_permissions_enabled"] = blacklist_permissions_enabled + __props__.__dict__["blacklisted_licenses"] = blacklisted_licenses + __props__.__dict__["blacklisted_licenses_enabled"] = blacklisted_licenses_enabled + __props__.__dict__["block_failed"] = block_failed + __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix + __props__.__dict__["custom_checks"] = custom_checks + __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity + __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled + __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled + __props__.__dict__["cves_black_lists"] = cves_black_lists + __props__.__dict__["cves_white_list_enabled"] = cves_white_list_enabled + __props__.__dict__["cves_white_lists"] = cves_white_lists + __props__.__dict__["cvss_severity"] = cvss_severity + __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled + __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix + __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types + __props__.__dict__["disallow_malware"] = disallow_malware + __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled + __props__.__dict__["domain"] = domain + __props__.__dict__["domain_name"] = domain_name + __props__.__dict__["dta_enabled"] = dta_enabled + __props__.__dict__["dta_severity"] = dta_severity + __props__.__dict__["enabled"] = enabled + __props__.__dict__["enforce"] = enforce + __props__.__dict__["enforce_after_days"] = enforce_after_days + __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions + __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["fail_cicd"] = fail_cicd + __props__.__dict__["forbidden_labels"] = forbidden_labels + __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled + __props__.__dict__["force_microenforcer"] = force_microenforcer + __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln + __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln + __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period + __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled + __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources + __props__.__dict__["images"] = images + __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names + __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled + __props__.__dict__["malware_action"] = malware_action + __props__.__dict__["maximum_score"] = maximum_score + __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled + __props__.__dict__["maximum_score_exclude_no_fix"] = maximum_score_exclude_no_fix + __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths + __props__.__dict__["name"] = name + __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled + __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled + __props__.__dict__["packages_black_lists"] = packages_black_lists + __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled + __props__.__dict__["packages_white_lists"] = packages_white_lists + __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings + __props__.__dict__["read_only"] = read_only + __props__.__dict__["registries"] = registries + __props__.__dict__["registry"] = registry + __props__.__dict__["required_labels"] = required_labels + __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives + __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory + __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry + __props__.__dict__["scap_enabled"] = scap_enabled + __props__.__dict__["scap_files"] = scap_files + __props__.__dict__["scopes"] = scopes + __props__.__dict__["trusted_base_images"] = trusted_base_images + __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges + __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses + __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled + super(VmwareAssurancePolicy, __self__).__init__( + 'aquasec:index/vmwareAssurancePolicy:VmwareAssurancePolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + aggregated_vulnerability: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + allowed_images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + assurance_type: Optional[pulumi.Input[str]] = None, + audit_on_failure: Optional[pulumi.Input[bool]] = None, + author: Optional[pulumi.Input[str]] = None, + auto_scan_configured: Optional[pulumi.Input[bool]] = None, + auto_scan_enabled: Optional[pulumi.Input[bool]] = None, + auto_scan_times: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyAutoScanTimeArgs']]]]] = None, + blacklist_permissions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklist_permissions_enabled: Optional[pulumi.Input[bool]] = None, + blacklisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + blacklisted_licenses_enabled: Optional[pulumi.Input[bool]] = None, + block_failed: Optional[pulumi.Input[bool]] = None, + control_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + custom_checks: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyCustomCheckArgs']]]]] = None, + custom_checks_enabled: Optional[pulumi.Input[bool]] = None, + custom_severity: Optional[pulumi.Input[str]] = None, + custom_severity_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cves_white_list_enabled: Optional[pulumi.Input[bool]] = None, + cves_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + cvss_severity: Optional[pulumi.Input[str]] = None, + cvss_severity_enabled: Optional[pulumi.Input[bool]] = None, + cvss_severity_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + description: Optional[pulumi.Input[str]] = None, + disallow_exploit_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + disallow_malware: Optional[pulumi.Input[bool]] = None, + docker_cis_enabled: Optional[pulumi.Input[bool]] = None, + domain: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + dta_enabled: Optional[pulumi.Input[bool]] = None, + dta_severity: Optional[pulumi.Input[str]] = None, + enabled: Optional[pulumi.Input[bool]] = None, + enforce: Optional[pulumi.Input[bool]] = None, + enforce_after_days: Optional[pulumi.Input[int]] = None, + enforce_excessive_permissions: Optional[pulumi.Input[bool]] = None, + exceptional_monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + exclude_application_scopes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + fail_cicd: Optional[pulumi.Input[bool]] = None, + forbidden_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyForbiddenLabelArgs']]]]] = None, + forbidden_labels_enabled: Optional[pulumi.Input[bool]] = None, + force_microenforcer: Optional[pulumi.Input[bool]] = None, + function_integrity_enabled: Optional[pulumi.Input[bool]] = None, + ignore_base_image_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln: Optional[pulumi.Input[bool]] = None, + ignore_recently_published_vln_period: Optional[pulumi.Input[int]] = None, + ignore_risk_resources_enabled: Optional[pulumi.Input[bool]] = None, + ignored_risk_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + ignored_sensitive_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + images: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kube_cis_enabled: Optional[pulumi.Input[bool]] = None, + kubernetes_controls: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyKubernetesControlArgs']]]]] = None, + kubernetes_controls_avd_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kubernetes_controls_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + lastupdate: Optional[pulumi.Input[str]] = None, + linux_cis_enabled: Optional[pulumi.Input[bool]] = None, + malware_action: Optional[pulumi.Input[str]] = None, + maximum_score: Optional[pulumi.Input[float]] = None, + maximum_score_enabled: Optional[pulumi.Input[bool]] = None, + maximum_score_exclude_no_fix: Optional[pulumi.Input[bool]] = None, + monitored_malware_paths: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + only_none_root_users: Optional[pulumi.Input[bool]] = None, + openshift_hardening_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_black_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesBlackListArgs']]]]] = None, + packages_white_list_enabled: Optional[pulumi.Input[bool]] = None, + packages_white_lists: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesWhiteListArgs']]]]] = None, + partial_results_image_fail: Optional[pulumi.Input[bool]] = None, + permission: Optional[pulumi.Input[str]] = None, + policy_settings: Optional[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPolicySettingsArgs']]] = None, + read_only: Optional[pulumi.Input[bool]] = None, + registries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + registry: Optional[pulumi.Input[str]] = None, + required_labels: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyRequiredLabelArgs']]]]] = None, + required_labels_enabled: Optional[pulumi.Input[bool]] = None, + scan_malware_in_archives: Optional[pulumi.Input[bool]] = None, + scan_nfs_mounts: Optional[pulumi.Input[bool]] = None, + scan_process_memory: Optional[pulumi.Input[bool]] = None, + scan_sensitive_data: Optional[pulumi.Input[bool]] = None, + scan_windows_registry: Optional[pulumi.Input[bool]] = None, + scap_enabled: Optional[pulumi.Input[bool]] = None, + scap_files: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + scopes: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyScopeArgs']]]]] = None, + trusted_base_images: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyTrustedBaseImageArgs']]]]] = None, + trusted_base_images_enabled: Optional[pulumi.Input[bool]] = None, + vulnerability_exploitability: Optional[pulumi.Input[bool]] = None, + vulnerability_score_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[int]]]] = None, + whitelisted_licenses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + whitelisted_licenses_enabled: Optional[pulumi.Input[bool]] = None) -> 'VmwareAssurancePolicy': + """ + Get an existing VmwareAssurancePolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] aggregated_vulnerability: Aggregated vulnerability information. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_images: List of explicitly allowed images. + :param pulumi.Input[str] assurance_type: What type of assurance policy is described. + :param pulumi.Input[bool] audit_on_failure: Indicates if auditing for failures. + :param pulumi.Input[str] author: Name of user account that created the policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklist_permissions: List of function's forbidden permissions. + :param pulumi.Input[bool] blacklist_permissions_enabled: Indicates if blacklist permissions is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] blacklisted_licenses: List of blacklisted licenses. + :param pulumi.Input[bool] blacklisted_licenses_enabled: Indicates if license blacklist is relevant. + :param pulumi.Input[bool] block_failed: Indicates if failed images are blocked. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyCustomCheckArgs']]]] custom_checks: List of Custom user scripts for checks. + :param pulumi.Input[bool] custom_checks_enabled: Indicates if scanning should include custom checks. + :param pulumi.Input[bool] cves_black_list_enabled: Indicates if CVEs blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_black_lists: List of cves blacklisted items. + :param pulumi.Input[bool] cves_white_list_enabled: Indicates if cves whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] cves_white_lists: List of cves whitelisted licenses + :param pulumi.Input[str] cvss_severity: Identifier of the cvss severity. + :param pulumi.Input[bool] cvss_severity_enabled: Indicates if the cvss severity is scanned. + :param pulumi.Input[bool] cvss_severity_exclude_no_fix: Indicates that policy should ignore cvss cases that do not have a known fix. + :param pulumi.Input[bool] disallow_malware: Indicates if malware should block the image. + :param pulumi.Input[bool] docker_cis_enabled: Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + :param pulumi.Input[str] domain: Name of the container image. + :param pulumi.Input[bool] fail_cicd: Indicates if cicd failures will fail the image. + :param pulumi.Input[bool] ignore_risk_resources_enabled: Indicates if risk resources are ignored. + :param pulumi.Input[Sequence[pulumi.Input[str]]] ignored_risk_resources: List of ignored risk resources. + :param pulumi.Input[Sequence[pulumi.Input[str]]] images: List of images. + :param pulumi.Input[bool] kube_cis_enabled: Performs a Kubernetes CIS benchmark check for the host. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyKubernetesControlArgs']]]] kubernetes_controls: List of Kubernetes controls. + :param pulumi.Input[Sequence[pulumi.Input[str]]] labels: List of labels. + :param pulumi.Input[float] maximum_score: Value of allowed maximum score. + :param pulumi.Input[bool] maximum_score_enabled: Indicates if exceeding the maximum score is scanned. + :param pulumi.Input[bool] only_none_root_users: Indicates if raise a warning for images that should only be run as root. + :param pulumi.Input[bool] packages_black_list_enabled: Indicates if packages blacklist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesBlackListArgs']]]] packages_black_lists: List of blacklisted images. + :param pulumi.Input[bool] packages_white_list_enabled: Indicates if packages whitelist is relevant. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyPackagesWhiteListArgs']]]] packages_white_lists: List of whitelisted images. + :param pulumi.Input[Sequence[pulumi.Input[str]]] registries: List of registries. + :param pulumi.Input[bool] scan_sensitive_data: Indicates if scan should include sensitive data in the image. + :param pulumi.Input[bool] scap_enabled: Indicates if scanning should include scap. + :param pulumi.Input[Sequence[pulumi.Input[str]]] scap_files: List of SCAP user scripts for checks. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['VmwareAssurancePolicyTrustedBaseImageArgs']]]] trusted_base_images: List of trusted images. + :param pulumi.Input[bool] trusted_base_images_enabled: Indicates if list of trusted base images is relevant. + :param pulumi.Input[Sequence[pulumi.Input[str]]] whitelisted_licenses: List of whitelisted licenses. + :param pulumi.Input[bool] whitelisted_licenses_enabled: Indicates if license blacklist is relevant. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _VmwareAssurancePolicyState.__new__(_VmwareAssurancePolicyState) + + __props__.__dict__["aggregated_vulnerability"] = aggregated_vulnerability + __props__.__dict__["allowed_images"] = allowed_images + __props__.__dict__["application_scopes"] = application_scopes + __props__.__dict__["assurance_type"] = assurance_type + __props__.__dict__["audit_on_failure"] = audit_on_failure + __props__.__dict__["author"] = author + __props__.__dict__["auto_scan_configured"] = auto_scan_configured + __props__.__dict__["auto_scan_enabled"] = auto_scan_enabled + __props__.__dict__["auto_scan_times"] = auto_scan_times + __props__.__dict__["blacklist_permissions"] = blacklist_permissions + __props__.__dict__["blacklist_permissions_enabled"] = blacklist_permissions_enabled + __props__.__dict__["blacklisted_licenses"] = blacklisted_licenses + __props__.__dict__["blacklisted_licenses_enabled"] = blacklisted_licenses_enabled + __props__.__dict__["block_failed"] = block_failed + __props__.__dict__["control_exclude_no_fix"] = control_exclude_no_fix + __props__.__dict__["custom_checks"] = custom_checks + __props__.__dict__["custom_checks_enabled"] = custom_checks_enabled + __props__.__dict__["custom_severity"] = custom_severity + __props__.__dict__["custom_severity_enabled"] = custom_severity_enabled + __props__.__dict__["cves_black_list_enabled"] = cves_black_list_enabled + __props__.__dict__["cves_black_lists"] = cves_black_lists + __props__.__dict__["cves_white_list_enabled"] = cves_white_list_enabled + __props__.__dict__["cves_white_lists"] = cves_white_lists + __props__.__dict__["cvss_severity"] = cvss_severity + __props__.__dict__["cvss_severity_enabled"] = cvss_severity_enabled + __props__.__dict__["cvss_severity_exclude_no_fix"] = cvss_severity_exclude_no_fix + __props__.__dict__["description"] = description + __props__.__dict__["disallow_exploit_types"] = disallow_exploit_types + __props__.__dict__["disallow_malware"] = disallow_malware + __props__.__dict__["docker_cis_enabled"] = docker_cis_enabled + __props__.__dict__["domain"] = domain + __props__.__dict__["domain_name"] = domain_name + __props__.__dict__["dta_enabled"] = dta_enabled + __props__.__dict__["dta_severity"] = dta_severity + __props__.__dict__["enabled"] = enabled + __props__.__dict__["enforce"] = enforce + __props__.__dict__["enforce_after_days"] = enforce_after_days + __props__.__dict__["enforce_excessive_permissions"] = enforce_excessive_permissions + __props__.__dict__["exceptional_monitored_malware_paths"] = exceptional_monitored_malware_paths + __props__.__dict__["exclude_application_scopes"] = exclude_application_scopes + __props__.__dict__["fail_cicd"] = fail_cicd + __props__.__dict__["forbidden_labels"] = forbidden_labels + __props__.__dict__["forbidden_labels_enabled"] = forbidden_labels_enabled + __props__.__dict__["force_microenforcer"] = force_microenforcer + __props__.__dict__["function_integrity_enabled"] = function_integrity_enabled + __props__.__dict__["ignore_base_image_vln"] = ignore_base_image_vln + __props__.__dict__["ignore_recently_published_vln"] = ignore_recently_published_vln + __props__.__dict__["ignore_recently_published_vln_period"] = ignore_recently_published_vln_period + __props__.__dict__["ignore_risk_resources_enabled"] = ignore_risk_resources_enabled + __props__.__dict__["ignored_risk_resources"] = ignored_risk_resources + __props__.__dict__["ignored_sensitive_resources"] = ignored_sensitive_resources + __props__.__dict__["images"] = images + __props__.__dict__["kube_cis_enabled"] = kube_cis_enabled + __props__.__dict__["kubernetes_controls"] = kubernetes_controls + __props__.__dict__["kubernetes_controls_avd_ids"] = kubernetes_controls_avd_ids + __props__.__dict__["kubernetes_controls_names"] = kubernetes_controls_names + __props__.__dict__["labels"] = labels + __props__.__dict__["lastupdate"] = lastupdate + __props__.__dict__["linux_cis_enabled"] = linux_cis_enabled + __props__.__dict__["malware_action"] = malware_action + __props__.__dict__["maximum_score"] = maximum_score + __props__.__dict__["maximum_score_enabled"] = maximum_score_enabled + __props__.__dict__["maximum_score_exclude_no_fix"] = maximum_score_exclude_no_fix + __props__.__dict__["monitored_malware_paths"] = monitored_malware_paths + __props__.__dict__["name"] = name + __props__.__dict__["only_none_root_users"] = only_none_root_users + __props__.__dict__["openshift_hardening_enabled"] = openshift_hardening_enabled + __props__.__dict__["packages_black_list_enabled"] = packages_black_list_enabled + __props__.__dict__["packages_black_lists"] = packages_black_lists + __props__.__dict__["packages_white_list_enabled"] = packages_white_list_enabled + __props__.__dict__["packages_white_lists"] = packages_white_lists + __props__.__dict__["partial_results_image_fail"] = partial_results_image_fail + __props__.__dict__["permission"] = permission + __props__.__dict__["policy_settings"] = policy_settings + __props__.__dict__["read_only"] = read_only + __props__.__dict__["registries"] = registries + __props__.__dict__["registry"] = registry + __props__.__dict__["required_labels"] = required_labels + __props__.__dict__["required_labels_enabled"] = required_labels_enabled + __props__.__dict__["scan_malware_in_archives"] = scan_malware_in_archives + __props__.__dict__["scan_nfs_mounts"] = scan_nfs_mounts + __props__.__dict__["scan_process_memory"] = scan_process_memory + __props__.__dict__["scan_sensitive_data"] = scan_sensitive_data + __props__.__dict__["scan_windows_registry"] = scan_windows_registry + __props__.__dict__["scap_enabled"] = scap_enabled + __props__.__dict__["scap_files"] = scap_files + __props__.__dict__["scopes"] = scopes + __props__.__dict__["trusted_base_images"] = trusted_base_images + __props__.__dict__["trusted_base_images_enabled"] = trusted_base_images_enabled + __props__.__dict__["vulnerability_exploitability"] = vulnerability_exploitability + __props__.__dict__["vulnerability_score_ranges"] = vulnerability_score_ranges + __props__.__dict__["whitelisted_licenses"] = whitelisted_licenses + __props__.__dict__["whitelisted_licenses_enabled"] = whitelisted_licenses_enabled + return VmwareAssurancePolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="aggregatedVulnerability") + def aggregated_vulnerability(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Aggregated vulnerability information. + """ + return pulumi.get(self, "aggregated_vulnerability") + + @property + @pulumi.getter(name="allowedImages") + def allowed_images(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of explicitly allowed images. + """ + return pulumi.get(self, "allowed_images") + + @property + @pulumi.getter(name="applicationScopes") + def application_scopes(self) -> pulumi.Output[Sequence[str]]: + return pulumi.get(self, "application_scopes") + + @property + @pulumi.getter(name="assuranceType") + def assurance_type(self) -> pulumi.Output[str]: + """ + What type of assurance policy is described. + """ + return pulumi.get(self, "assurance_type") + + @property + @pulumi.getter(name="auditOnFailure") + def audit_on_failure(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if auditing for failures. + """ + return pulumi.get(self, "audit_on_failure") + + @property + @pulumi.getter + def author(self) -> pulumi.Output[str]: + """ + Name of user account that created the policy. + """ + return pulumi.get(self, "author") + + @property + @pulumi.getter(name="autoScanConfigured") + def auto_scan_configured(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "auto_scan_configured") + + @property + @pulumi.getter(name="autoScanEnabled") + def auto_scan_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "auto_scan_enabled") + + @property + @pulumi.getter(name="autoScanTimes") + def auto_scan_times(self) -> pulumi.Output[Sequence['outputs.VmwareAssurancePolicyAutoScanTime']]: + return pulumi.get(self, "auto_scan_times") + + @property + @pulumi.getter(name="blacklistPermissions") + def blacklist_permissions(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of function's forbidden permissions. + """ + return pulumi.get(self, "blacklist_permissions") + + @property + @pulumi.getter(name="blacklistPermissionsEnabled") + def blacklist_permissions_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if blacklist permissions is relevant. + """ + return pulumi.get(self, "blacklist_permissions_enabled") + + @property + @pulumi.getter(name="blacklistedLicenses") + def blacklisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of blacklisted licenses. + """ + return pulumi.get(self, "blacklisted_licenses") + + @property + @pulumi.getter(name="blacklistedLicensesEnabled") + def blacklisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if license blacklist is relevant. + """ + return pulumi.get(self, "blacklisted_licenses_enabled") + + @property + @pulumi.getter(name="blockFailed") + def block_failed(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if failed images are blocked. + """ + return pulumi.get(self, "block_failed") + + @property + @pulumi.getter(name="controlExcludeNoFix") + def control_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "control_exclude_no_fix") + + @property + @pulumi.getter(name="customChecks") + def custom_checks(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyCustomCheck']]]: + """ + List of Custom user scripts for checks. + """ + return pulumi.get(self, "custom_checks") + + @property + @pulumi.getter(name="customChecksEnabled") + def custom_checks_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if scanning should include custom checks. + """ + return pulumi.get(self, "custom_checks_enabled") + + @property + @pulumi.getter(name="customSeverity") + def custom_severity(self) -> pulumi.Output[str]: + return pulumi.get(self, "custom_severity") + + @property + @pulumi.getter(name="customSeverityEnabled") + def custom_severity_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "custom_severity_enabled") + + @property + @pulumi.getter(name="cvesBlackListEnabled") + def cves_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if CVEs blacklist is relevant. + """ + return pulumi.get(self, "cves_black_list_enabled") + + @property + @pulumi.getter(name="cvesBlackLists") + def cves_black_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of cves blacklisted items. + """ + return pulumi.get(self, "cves_black_lists") + + @property + @pulumi.getter(name="cvesWhiteListEnabled") + def cves_white_list_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if cves whitelist is relevant. + """ + return pulumi.get(self, "cves_white_list_enabled") + + @property + @pulumi.getter(name="cvesWhiteLists") + def cves_white_lists(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of cves whitelisted licenses + """ + return pulumi.get(self, "cves_white_lists") + + @property + @pulumi.getter(name="cvssSeverity") + def cvss_severity(self) -> pulumi.Output[Optional[str]]: + """ + Identifier of the cvss severity. + """ + return pulumi.get(self, "cvss_severity") + + @property + @pulumi.getter(name="cvssSeverityEnabled") + def cvss_severity_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if the cvss severity is scanned. + """ + return pulumi.get(self, "cvss_severity_enabled") + + @property + @pulumi.getter(name="cvssSeverityExcludeNoFix") + def cvss_severity_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates that policy should ignore cvss cases that do not have a known fix. + """ + return pulumi.get(self, "cvss_severity_exclude_no_fix") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="disallowExploitTypes") + def disallow_exploit_types(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "disallow_exploit_types") + + @property + @pulumi.getter(name="disallowMalware") + def disallow_malware(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if malware should block the image. + """ + return pulumi.get(self, "disallow_malware") + + @property + @pulumi.getter(name="dockerCisEnabled") + def docker_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Checks the host according to the Docker CIS benchmark, if Docker is found on the host. + """ + return pulumi.get(self, "docker_cis_enabled") + + @property + @pulumi.getter + def domain(self) -> pulumi.Output[Optional[str]]: + """ + Name of the container image. + """ + return pulumi.get(self, "domain") + + @property + @pulumi.getter(name="domainName") + def domain_name(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "domain_name") + + @property + @pulumi.getter(name="dtaEnabled") + def dta_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "dta_enabled") + + @property + @pulumi.getter(name="dtaSeverity") + def dta_severity(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "dta_severity") + + @property + @pulumi.getter + def enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def enforce(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enforce") + + @property + @pulumi.getter(name="enforceAfterDays") + def enforce_after_days(self) -> pulumi.Output[Optional[int]]: + return pulumi.get(self, "enforce_after_days") + + @property + @pulumi.getter(name="enforceExcessivePermissions") + def enforce_excessive_permissions(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "enforce_excessive_permissions") + + @property + @pulumi.getter(name="exceptionalMonitoredMalwarePaths") + def exceptional_monitored_malware_paths(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "exceptional_monitored_malware_paths") + + @property + @pulumi.getter(name="excludeApplicationScopes") + def exclude_application_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "exclude_application_scopes") + + @property + @pulumi.getter(name="failCicd") + def fail_cicd(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if cicd failures will fail the image. + """ + return pulumi.get(self, "fail_cicd") + + @property + @pulumi.getter(name="forbiddenLabels") + def forbidden_labels(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyForbiddenLabel']]]: + return pulumi.get(self, "forbidden_labels") + + @property + @pulumi.getter(name="forbiddenLabelsEnabled") + def forbidden_labels_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "forbidden_labels_enabled") + + @property + @pulumi.getter(name="forceMicroenforcer") + def force_microenforcer(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "force_microenforcer") + + @property + @pulumi.getter(name="functionIntegrityEnabled") + def function_integrity_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "function_integrity_enabled") + + @property + @pulumi.getter(name="ignoreBaseImageVln") + def ignore_base_image_vln(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "ignore_base_image_vln") + + @property + @pulumi.getter(name="ignoreRecentlyPublishedVln") + def ignore_recently_published_vln(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "ignore_recently_published_vln") + + @property + @pulumi.getter(name="ignoreRecentlyPublishedVlnPeriod") + def ignore_recently_published_vln_period(self) -> pulumi.Output[int]: + return pulumi.get(self, "ignore_recently_published_vln_period") + + @property + @pulumi.getter(name="ignoreRiskResourcesEnabled") + def ignore_risk_resources_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if risk resources are ignored. + """ + return pulumi.get(self, "ignore_risk_resources_enabled") + + @property + @pulumi.getter(name="ignoredRiskResources") + def ignored_risk_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of ignored risk resources. + """ + return pulumi.get(self, "ignored_risk_resources") + + @property + @pulumi.getter(name="ignoredSensitiveResources") + def ignored_sensitive_resources(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "ignored_sensitive_resources") + + @property + @pulumi.getter + def images(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of images. + """ + return pulumi.get(self, "images") + + @property + @pulumi.getter(name="kubeCisEnabled") + def kube_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Performs a Kubernetes CIS benchmark check for the host. + """ + return pulumi.get(self, "kube_cis_enabled") + + @property + @pulumi.getter(name="kubernetesControls") + def kubernetes_controls(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyKubernetesControl']]]: + """ + List of Kubernetes controls. + """ + return pulumi.get(self, "kubernetes_controls") + + @property + @pulumi.getter(name="kubernetesControlsAvdIds") + def kubernetes_controls_avd_ids(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_avd_ids") + + @property + @pulumi.getter(name="kubernetesControlsNames") + def kubernetes_controls_names(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "kubernetes_controls_names") + + @property + @pulumi.getter + def labels(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of labels. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter + def lastupdate(self) -> pulumi.Output[str]: + return pulumi.get(self, "lastupdate") + + @property + @pulumi.getter(name="linuxCisEnabled") + def linux_cis_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "linux_cis_enabled") + + @property + @pulumi.getter(name="malwareAction") + def malware_action(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "malware_action") + + @property + @pulumi.getter(name="maximumScore") + def maximum_score(self) -> pulumi.Output[Optional[float]]: + """ + Value of allowed maximum score. + """ + return pulumi.get(self, "maximum_score") + + @property + @pulumi.getter(name="maximumScoreEnabled") + def maximum_score_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if exceeding the maximum score is scanned. + """ + return pulumi.get(self, "maximum_score_enabled") + + @property + @pulumi.getter(name="maximumScoreExcludeNoFix") + def maximum_score_exclude_no_fix(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "maximum_score_exclude_no_fix") + + @property + @pulumi.getter(name="monitoredMalwarePaths") + def monitored_malware_paths(self) -> pulumi.Output[Optional[Sequence[str]]]: + return pulumi.get(self, "monitored_malware_paths") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="onlyNoneRootUsers") + def only_none_root_users(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if raise a warning for images that should only be run as root. + """ + return pulumi.get(self, "only_none_root_users") + + @property + @pulumi.getter(name="openshiftHardeningEnabled") + def openshift_hardening_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "openshift_hardening_enabled") + + @property + @pulumi.getter(name="packagesBlackListEnabled") + def packages_black_list_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if packages blacklist is relevant. + """ + return pulumi.get(self, "packages_black_list_enabled") + + @property + @pulumi.getter(name="packagesBlackLists") + def packages_black_lists(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyPackagesBlackList']]]: + """ + List of blacklisted images. + """ + return pulumi.get(self, "packages_black_lists") + + @property + @pulumi.getter(name="packagesWhiteListEnabled") + def packages_white_list_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if packages whitelist is relevant. + """ + return pulumi.get(self, "packages_white_list_enabled") + + @property + @pulumi.getter(name="packagesWhiteLists") + def packages_white_lists(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyPackagesWhiteList']]]: + """ + List of whitelisted images. + """ + return pulumi.get(self, "packages_white_lists") + + @property + @pulumi.getter(name="partialResultsImageFail") + def partial_results_image_fail(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "partial_results_image_fail") + + @property + @pulumi.getter + def permission(self) -> pulumi.Output[str]: + return pulumi.get(self, "permission") + + @property + @pulumi.getter(name="policySettings") + def policy_settings(self) -> pulumi.Output['outputs.VmwareAssurancePolicyPolicySettings']: + return pulumi.get(self, "policy_settings") + + @property + @pulumi.getter(name="readOnly") + def read_only(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "read_only") + + @property + @pulumi.getter + def registries(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of registries. + """ + return pulumi.get(self, "registries") + + @property + @pulumi.getter + def registry(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "registry") + + @property + @pulumi.getter(name="requiredLabels") + def required_labels(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyRequiredLabel']]]: + return pulumi.get(self, "required_labels") + + @property + @pulumi.getter(name="requiredLabelsEnabled") + def required_labels_enabled(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "required_labels_enabled") + + @property + @pulumi.getter(name="scanMalwareInArchives") + def scan_malware_in_archives(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_malware_in_archives") + + @property + @pulumi.getter(name="scanNfsMounts") + def scan_nfs_mounts(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_nfs_mounts") + + @property + @pulumi.getter(name="scanProcessMemory") + def scan_process_memory(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_process_memory") + + @property + @pulumi.getter(name="scanSensitiveData") + def scan_sensitive_data(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if scan should include sensitive data in the image. + """ + return pulumi.get(self, "scan_sensitive_data") + + @property + @pulumi.getter(name="scanWindowsRegistry") + def scan_windows_registry(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "scan_windows_registry") + + @property + @pulumi.getter(name="scapEnabled") + def scap_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if scanning should include scap. + """ + return pulumi.get(self, "scap_enabled") + + @property + @pulumi.getter(name="scapFiles") + def scap_files(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of SCAP user scripts for checks. + """ + return pulumi.get(self, "scap_files") + + @property + @pulumi.getter + def scopes(self) -> pulumi.Output[Sequence['outputs.VmwareAssurancePolicyScope']]: + return pulumi.get(self, "scopes") + + @property + @pulumi.getter(name="trustedBaseImages") + def trusted_base_images(self) -> pulumi.Output[Optional[Sequence['outputs.VmwareAssurancePolicyTrustedBaseImage']]]: + """ + List of trusted images. + """ + return pulumi.get(self, "trusted_base_images") + + @property + @pulumi.getter(name="trustedBaseImagesEnabled") + def trusted_base_images_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if list of trusted base images is relevant. + """ + return pulumi.get(self, "trusted_base_images_enabled") + + @property + @pulumi.getter(name="vulnerabilityExploitability") + def vulnerability_exploitability(self) -> pulumi.Output[Optional[bool]]: + return pulumi.get(self, "vulnerability_exploitability") + + @property + @pulumi.getter(name="vulnerabilityScoreRanges") + def vulnerability_score_ranges(self) -> pulumi.Output[Optional[Sequence[int]]]: + return pulumi.get(self, "vulnerability_score_ranges") + + @property + @pulumi.getter(name="whitelistedLicenses") + def whitelisted_licenses(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of whitelisted licenses. + """ + return pulumi.get(self, "whitelisted_licenses") + + @property + @pulumi.getter(name="whitelistedLicensesEnabled") + def whitelisted_licenses_enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Indicates if license blacklist is relevant. + """ + return pulumi.get(self, "whitelisted_licenses_enabled") +